Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cQVRRy0sdkzCO_D-8-li-T2aiEc.roa
File:                     cQVRRy0sdkzCO_D-8-li-T2aiEc.roa (raw, json)
Hash identifier:          6JSEmcvj8boKAyE1xRyYT4jqs+iyxdL71xFxXRhcklg=
Subject key identifier:   71:05:51:47:2D:2C:76:4C:C2:3B:F0:FE:F3:E9:62:F9:3D:9A:88:47
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018E7940FA1EA16A0AFE2DB50BA34EDB5C7B
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cQVRRy0sdkzCO_D-8-li-T2aiEc.roa
Signing time:             Tue 26 Mar 2024 05:34:45 +0000
ROA not before:           Tue 26 Mar 2024 05:34:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        85.204.18.0/24 maxlen: 24
                          89.34.106.0/24 maxlen: 24
                          89.35.129.0/24 maxlen: 24
                          89.37.192.0/24 maxlen: 24
                          89.40.215.0/24 maxlen: 24
                          89.46.42.0/24 maxlen: 24
                          89.47.36.0/24 maxlen: 24
                          94.198.171.0/24 maxlen: 24
                          128.0.41.0/24 maxlen: 24
                          185.198.233.0/24 maxlen: 24
                          188.212.121.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 05:35:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:40:fa:1e:a1:6a:0a:fe:2d:b5:0b:a3:4e:db:5c:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Mar 26 05:34:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=710551472d2c764cc23bf0fef3e962f93d9a8847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:18:b0:97:25:ee:04:ae:52:95:8f:5f:23:d1:
                    8c:0c:40:2b:38:c4:ba:5f:1d:3e:b6:05:bd:c1:bf:
                    85:ab:17:53:ac:0e:02:b7:55:75:21:65:1b:5d:f8:
                    7e:e0:9c:93:96:12:91:1b:61:62:c4:62:2c:39:3c:
                    85:a6:f7:f8:fe:49:94:7b:a5:e0:9e:ed:06:6f:69:
                    ad:7c:9f:25:d0:c0:9f:b3:33:ea:e6:a6:2c:7b:c3:
                    85:f7:34:57:87:ed:73:86:4a:c2:b0:eb:1f:bd:4c:
                    56:73:d8:a3:33:e3:be:fd:06:7c:df:36:bd:e2:ae:
                    39:a2:92:2f:4d:bf:61:10:e8:de:9b:d4:03:9d:bf:
                    bf:fb:33:7d:0b:6d:bf:b5:97:cf:63:eb:82:6c:6a:
                    f0:3d:16:91:2a:db:fb:0d:76:be:37:41:27:a1:66:
                    88:d2:17:00:72:37:92:cd:08:bc:c9:a8:71:e8:e2:
                    13:21:5c:e8:9b:b3:55:b0:c6:4f:ba:b1:b8:3d:22:
                    9a:e1:94:ec:d8:cb:0e:11:4d:1f:e9:e7:d5:1c:1a:
                    62:5f:71:71:db:a3:34:48:88:3e:07:5f:e4:e8:f7:
                    af:ed:d1:b3:4f:f2:42:79:b3:28:b3:e7:36:4f:4f:
                    e3:86:9b:55:a7:35:5c:e9:9d:21:77:40:bb:5d:57:
                    5e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:05:51:47:2D:2C:76:4C:C2:3B:F0:FE:F3:E9:62:F9:3D:9A:88:47
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/cQVRRy0sdkzCO_D-8-li-T2aiEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.18.0/24
                  89.34.106.0/24
                  89.35.129.0/24
                  89.37.192.0/24
                  89.40.215.0/24
                  89.46.42.0/24
                  89.47.36.0/24
                  94.198.171.0/24
                  128.0.41.0/24
                  185.198.233.0/24
                  188.212.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:c4:8d:e3:3c:27:2e:97:29:6d:04:ef:58:55:45:76:16:33:
         88:29:97:90:30:9d:23:83:4f:e7:94:36:19:83:04:6d:20:01:
         2c:cc:d1:75:af:94:eb:fe:83:47:24:4b:f2:15:4f:49:aa:ee:
         ed:92:1e:88:b5:34:93:51:47:84:d1:d7:f5:ad:44:e8:c5:ac:
         07:86:5c:14:08:16:48:d8:68:13:34:8c:0e:be:53:1b:7a:21:
         9e:4d:d7:6f:de:3c:d6:45:ec:50:52:aa:61:51:5e:44:76:d5:
         d2:54:98:1f:af:d0:9f:0c:50:5a:62:71:e9:66:7c:eb:49:ca:
         fe:93:29:e1:27:a2:62:16:97:76:13:46:86:47:ca:93:70:c8:
         be:bb:99:1a:00:9a:fe:98:d9:e2:6a:95:3f:ba:c1:03:8d:f0:
         1f:ac:18:e6:a6:c8:d9:04:5a:44:ac:cf:2d:1b:b5:2f:4d:d0:
         a1:32:ae:ee:c4:dd:be:b9:26:45:3b:20:78:6d:08:0f:cf:0d:
         6f:f9:c6:ad:06:33:d4:1d:40:12:d5:17:28:d3:9e:0b:99:98:
         c8:3f:70:ac:2d:e7:0d:5b:7b:c9:b5:b2:56:35:81:5f:07:25:
         a7:37:ff:bb:af:3e:aa:bf:cb:d6:69:e5:9d:11:9e:58:23:0d:
         40:df:ab:bf
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAY55QPoeoWoK/i21C6NO21x7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwMzI2MDUzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTA1NTE0NzJkMmM3NjRjYzIzYmYwZmVmM2U5NjJmOTNkOWE4ODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRiwlyXuBK5SlY9fI9GMDEArOMS6
Xx0+tgW9wb+FqxdTrA4Ct1V1IWUbXfh+4JyTlhKRG2FixGIsOTyFpvf4/kmUe6Xg
nu0Gb2mtfJ8l0MCfszPq5qYse8OF9zRXh+1zhkrCsOsfvUxWc9ijM+O+/QZ83za9
4q45opIvTb9hEOjem9QDnb+/+zN9C22/tZfPY+uCbGrwPRaRKtv7DXa+N0EnoWaI
0hcAcjeSzQi8yahx6OITIVzom7NVsMZPurG4PSKa4ZTs2MsOEU0f6efVHBpiX3Fx
26M0SIg+B1/k6Pev7dGzT/JCebMos+c2T0/jhptVpzVc6Z0hd0C7XVdeiwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFHEFUUctLHZMwjvw/vPpYvk9mohHMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvY1FWUlJ5MHNka3pDT19ELTgtbGktVDJhaUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAVcwSAwQA
WSJqAwQAWSOBAwQAWSXAAwQAWSjXAwQAWS4qAwQAWS8kAwQAXsarAwQAgAApAwQA
ucbpAwQAvNR5MA0GCSqGSIb3DQEBCwUAA4IBAQCTxI3jPCculyltBO9YVUV2FjOI
KZeQMJ0jg0/nlDYZgwRtIAEszNF1r5Tr/oNHJEvyFU9Jqu7tkh6ItTSTUUeE0df1
rUToxawHhlwUCBZI2GgTNIwOvlMbeiGeTddv3jzWRexQUqphUV5EdtXSVJgfr9Cf
DFBaYnHpZnzrScr+kynhJ6JiFpd2E0aGR8qTcMi+u5kaAJr+mNniapU/usEDjfAf
rBjmpsjZBFpErM8tG7UvTdChMq7uxN2+uSZFOyB4bQgPzw1v+catBjPUHUAS1Rco
054LmZjIP3CsLecNW3vJtbJWNYFfByWnN/+7rz6qv8vWaeWdEZ5YIw1A36u/
-----END CERTIFICATE-----