Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Tg19nvq-YCuWh48pXBCqPRo3kRk.roa
File:                     Tg19nvq-YCuWh48pXBCqPRo3kRk.roa (raw, json)
Hash identifier:          c0wF/VkJVAwY2CiMhRpKUjK7rB5b9mVT/yY/+QXvoOU=
Subject key identifier:   4E:0D:7D:9E:FA:BE:60:2B:96:87:8F:29:5C:10:AA:3D:1A:37:91:19
Certificate issuer:       /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial:       018DE9E7F0BEF48E2D3A5C5ABF15FF45C4C9
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Tg19nvq-YCuWh48pXBCqPRo3kRk.roa
Signing time:             Tue 27 Feb 2024 09:31:48 +0000
ROA not before:           Tue 27 Feb 2024 09:31:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206509
IP address blocks:        62.164.128.0/18 maxlen: 18
                          193.108.169.0/24 maxlen: 24
                          194.164.97.0/24 maxlen: 24
                          194.164.114.0/24 maxlen: 24
                          194.164.181.0/24 maxlen: 24
                          195.200.0.0/19 maxlen: 19
                          213.254.171.0/24 maxlen: 24
                          213.254.178.0/24 maxlen: 24
                          213.254.185.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 13:47:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e9:e7:f0:be:f4:8e:2d:3a:5c:5a:bf:15:ff:45:c4:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
        Validity
            Not Before: Feb 27 09:31:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e0d7d9efabe602b96878f295c10aa3d1a379119
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fc:98:f1:6b:ab:d6:bc:ad:e4:0b:b9:78:3a:
                    1a:ce:64:a3:04:28:02:6f:ad:50:7a:63:20:50:6c:
                    b9:56:f1:16:1b:3c:05:b0:49:d3:70:86:68:5b:08:
                    f5:df:9b:88:98:0e:51:02:c2:87:01:d9:8f:98:78:
                    24:ca:ba:36:ed:89:2d:c8:41:be:65:98:33:1b:a7:
                    89:7a:17:fe:23:76:16:c2:f1:85:14:f6:d9:31:ab:
                    27:e9:32:90:4c:80:e7:71:48:3b:75:b6:c6:4e:18:
                    63:7a:f9:18:3f:0e:9f:c5:61:39:66:40:91:60:75:
                    f4:55:fa:ae:df:c3:76:50:fc:18:b6:0b:9a:34:c4:
                    16:dc:b4:dd:a0:c9:99:8d:61:55:75:fb:17:44:d1:
                    ac:5f:74:85:25:54:2c:d7:b2:29:c8:c1:cb:b0:61:
                    fa:35:d4:cc:de:2c:b7:d2:d8:cc:6b:4b:35:a2:4c:
                    68:37:d6:c0:5a:1f:66:d1:62:4d:77:b8:58:75:60:
                    62:d3:6e:ed:fd:37:91:a8:80:73:30:43:52:5e:c6:
                    3f:62:71:06:09:1e:c6:32:40:88:cd:4c:3a:10:6b:
                    fb:32:46:c5:36:67:24:d9:ef:64:5b:c9:d9:c2:cb:
                    5f:62:f1:fd:8d:0f:ff:ab:c5:b3:45:cc:00:d2:b7:
                    30:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:0D:7D:9E:FA:BE:60:2B:96:87:8F:29:5C:10:AA:3D:1A:37:91:19
            X509v3 Authority Key Identifier:
                keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/Tg19nvq-YCuWh48pXBCqPRo3kRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.128.0/18
                  193.108.169.0/24
                  194.164.97.0/24
                  194.164.114.0/24
                  194.164.181.0/24
                  195.200.0.0/19
                  213.254.171.0/24
                  213.254.178.0/24
                  213.254.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:99:17:d0:f7:40:55:a0:fa:2d:8a:61:21:75:a7:08:7c:d2:
         f1:06:66:36:d2:b6:33:11:a4:c8:8d:90:d7:21:41:e1:38:25:
         b9:58:e6:c8:e4:f4:9c:90:df:6c:33:3b:6f:ab:07:42:8f:a3:
         9d:7c:e2:c6:7d:ed:64:14:18:66:02:0e:20:4e:5d:31:dc:a2:
         c3:91:53:9a:73:6b:91:e7:a0:43:e7:74:c5:9a:0a:5e:db:94:
         8e:f3:5e:31:75:1a:fd:40:19:d0:c1:2b:74:3b:1e:96:5d:3c:
         f7:80:ae:86:91:4c:4b:f0:af:a5:f3:10:a3:7f:66:f8:aa:ad:
         4c:02:ac:96:fc:ef:10:62:89:9f:41:78:45:a4:c0:85:6d:e9:
         b3:99:7a:15:04:67:ee:cc:f6:51:8b:24:79:a5:d2:e4:e6:f0:
         92:61:ab:83:20:fb:7f:59:6a:5d:84:10:3b:11:75:05:cf:d6:
         c8:0b:19:fc:85:e9:e3:63:a6:38:34:40:2d:59:d0:0a:36:6d:
         f7:ff:cf:ea:98:d2:b0:b8:fd:5e:15:4b:5d:c0:a0:b1:f1:10:
         2a:3e:b5:b5:01:51:7d:01:0f:a1:e2:f5:11:4a:bd:b6:ff:93:
         f3:ef:49:6d:49:74:8b:f8:d7:5d:65:fb:09:97:92:fe:5b:1d:
         fd:fd:58:18
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY3p5/C+9I4tOlxavxX/RcTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjI3MDkzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTBkN2Q5ZWZhYmU2MDJiOTY4NzhmMjk1YzEwYWEzZDFhMzc5MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfyY8Wur1ryt5Au5eDoazmSjBCgC
b61QemMgUGy5VvEWGzwFsEnTcIZoWwj135uImA5RAsKHAdmPmHgkyro27YktyEG+
ZZgzG6eJehf+I3YWwvGFFPbZMasn6TKQTIDncUg7dbbGThhjevkYPw6fxWE5ZkCR
YHX0Vfqu38N2UPwYtguaNMQW3LTdoMmZjWFVdfsXRNGsX3SFJVQs17IpyMHLsGH6
NdTM3iy30tjMa0s1okxoN9bAWh9m0WJNd7hYdWBi027t/TeRqIBzMENSXsY/YnEG
CR7GMkCIzUw6EGv7MkbFNmck2e9kW8nZwstfYvH9jQ//q8WzRcwA0rcwLwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFE4NfZ76vmArloePKVwQqj0aN5EZMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvVGcxOW52cS1ZQ3VXaDQ4cFhCQ3FQUm8za1JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQGPqSAAwQA
wWypAwQAwqRhAwQAwqRyAwQAwqS1AwQFw8gAAwQA1f6rAwQA1f6yAwQA1f65MA0G
CSqGSIb3DQEBCwUAA4IBAQAemRfQ90BVoPotimEhdacIfNLxBmY20rYzEaTIjZDX
IUHhOCW5WObI5PSckN9sMztvqwdCj6OdfOLGfe1kFBhmAg4gTl0x3KLDkVOac2uR
56BD53TFmgpe25SO814xdRr9QBnQwSt0Ox6WXTz3gK6GkUxL8K+l8xCjf2b4qq1M
AqyW/O8QYomfQXhFpMCFbemzmXoVBGfuzPZRiyR5pdLk5vCSYauDIPt/WWpdhBA7
EXUFz9bICxn8henjY6Y4NEAtWdAKNm33/8/qmNKwuP1eFUtdwKCx8RAqPrW1AVF9
AQ+h4vURSr22/5Pz70ltSXSL+NddZfsJl5L+Wx39/VgY
-----END CERTIFICATE-----