Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vtm0ByDZ_Qrc_3BzrM27CkiyYaQ.roa
File:                     vtm0ByDZ_Qrc_3BzrM27CkiyYaQ.roa (raw, json)
Hash identifier:          h/cIX9H42EvrcpnULc9XHptYoDa+QR8kSEOEVPIp21c=
Subject key identifier:   BE:D9:B4:07:20:D9:FD:0A:DC:FF:70:73:AC:CD:BB:0A:48:B2:61:A4
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01903B35BA06018CDF5C6C0240EEDEABA5EE
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vtm0ByDZ_Qrc_3BzrM27CkiyYaQ.roa
Signing time:             Fri 21 Jun 2024 14:31:35 +0000
ROA not before:           Fri 21 Jun 2024 14:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        81.168.96.0/24 maxlen: 24
                          82.153.51.0/24 maxlen: 24
                          82.153.148.0/24 maxlen: 24
                          89.213.107.0/24 maxlen: 24
                          89.213.112.0/24 maxlen: 24
                          89.213.113.0/24 maxlen: 24
                          89.213.114.0/24 maxlen: 24
                          89.213.116.0/24 maxlen: 24
                          89.213.121.0/24 maxlen: 24
                          89.213.157.0/24 maxlen: 24
                          89.213.227.0/24 maxlen: 24
                          109.176.201.0/24 maxlen: 24
                          213.130.137.0/24 maxlen: 24
                          213.130.152.0/24 maxlen: 24
                          213.130.153.0/24 maxlen: 24
                          213.130.154.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 17 Jul 2024 16:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:35:ba:06:01:8c:df:5c:6c:02:40:ee:de:ab:a5:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 21 14:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bed9b40720d9fd0adcff7073accdbb0a48b261a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:de:a7:53:b1:3a:f5:74:c7:31:f6:ba:3a:98:
                    1c:59:15:d6:12:62:ed:53:36:2b:70:cf:27:81:2a:
                    32:3c:c3:af:89:c4:b8:b7:f2:7a:71:ea:e0:1e:94:
                    b3:e3:6a:84:a2:e2:f5:12:68:c8:c6:5d:e8:08:d2:
                    ea:3a:4c:41:c4:3f:cf:17:41:a6:aa:a7:06:fd:23:
                    ab:ea:38:e6:9f:1c:fd:7a:32:72:28:5e:0c:85:ff:
                    79:71:95:04:26:87:ba:bc:fb:4d:50:e2:a9:18:f6:
                    69:44:10:c6:ee:8a:54:87:4c:1d:41:c3:ce:8e:5f:
                    59:59:09:1e:3a:d0:d4:c3:8f:44:8d:c7:51:71:40:
                    a7:ae:dc:98:a4:fb:14:a9:48:c8:48:8b:73:1f:fc:
                    7b:76:b9:f8:4e:34:ef:5d:70:21:13:3f:ef:57:0b:
                    c1:84:d5:aa:58:68:c2:4c:41:54:b0:52:ab:1e:88:
                    60:e9:0e:a4:74:e6:42:4c:4f:8d:70:03:3f:13:ff:
                    2d:e5:03:99:67:1a:ec:fe:57:fe:c7:3c:44:7c:f3:
                    69:da:d9:f7:4f:19:e3:ab:10:38:d0:1d:60:7b:9c:
                    f6:d3:e9:4c:e5:a9:f5:1d:ee:cc:57:b5:2e:4d:f4:
                    07:b2:61:ad:0d:f4:77:87:ed:e5:10:66:bb:83:6a:
                    b3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D9:B4:07:20:D9:FD:0A:DC:FF:70:73:AC:CD:BB:0A:48:B2:61:A4
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/vtm0ByDZ_Qrc_3BzrM27CkiyYaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.96.0/24
                  82.153.51.0/24
                  82.153.148.0/24
                  89.213.107.0/24
                  89.213.112.0-89.213.114.255
                  89.213.116.0/24
                  89.213.121.0/24
                  89.213.157.0/24
                  89.213.227.0/24
                  109.176.201.0/24
                  213.130.137.0/24
                  213.130.152.0-213.130.154.255

    Signature Algorithm: sha256WithRSAEncryption
         a0:2c:e0:17:bb:8e:68:cc:8f:e8:e7:fe:d0:2e:fd:78:39:f3:
         ad:e5:0a:49:4c:05:49:fa:1c:7e:7c:33:ae:62:96:8c:42:41:
         6c:17:87:db:00:36:b4:d5:22:2e:2e:f1:f0:98:ff:ef:bd:3f:
         c6:d8:5c:72:bc:a4:13:61:d1:63:2b:f5:e7:9c:87:82:ad:91:
         54:5a:72:c3:6f:72:80:8e:22:f7:1f:82:4b:b5:8a:24:ed:dd:
         22:6e:33:41:26:25:9b:c5:10:19:f4:5c:b7:c5:05:81:a4:1f:
         11:01:59:3a:6c:02:a8:f1:be:98:d1:3a:3a:8e:63:1c:27:0f:
         db:c6:dd:22:51:eb:82:d7:64:ea:26:fc:45:eb:80:00:1d:b8:
         13:6e:7b:0e:3c:0a:80:d5:9e:5f:56:d4:58:0c:a1:23:8f:4f:
         ef:02:33:ce:4f:89:1a:a2:05:ae:bb:35:46:1a:0d:c4:43:fa:
         ec:b2:a7:03:4c:d1:b5:24:05:35:dd:5d:c4:51:c1:7c:c2:a3:
         95:34:8a:2f:0a:02:a7:9b:dc:88:81:ac:d3:2c:7b:aa:32:97:
         ee:69:38:85:9b:ce:39:8f:67:57:7e:1f:32:f0:c2:61:2d:c0:
         64:ef:ff:22:20:3a:cb:00:e2:7a:9a:dc:fa:bc:2d:cd:58:2e:
         da:ea:76:dd
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAZA7NboGAYzfXGwCQO7eq6XuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNjIxMTQzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWQ5YjQwNzIwZDlmZDBhZGNmZjcwNzNhY2NkYmIwYTQ4YjI2MWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d6nU7E69XTHMfa6OpgcWRXWEmLt
UzYrcM8ngSoyPMOvicS4t/J6cergHpSz42qEouL1EmjIxl3oCNLqOkxBxD/PF0Gm
qqcG/SOr6jjmnxz9ejJyKF4Mhf95cZUEJoe6vPtNUOKpGPZpRBDG7opUh0wdQcPO
jl9ZWQkeOtDUw49EjcdRcUCnrtyYpPsUqUjISItzH/x7drn4TjTvXXAhEz/vVwvB
hNWqWGjCTEFUsFKrHohg6Q6kdOZCTE+NcAM/E/8t5QOZZxrs/lf+xzxEfPNp2tn3
TxnjqxA40B1ge5z20+lM5an1He7MV7UuTfQHsmGtDfR3h+3lEGa7g2qzCQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFL7ZtAcg2f0K3P9wc6zNuwpIsmGkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdnRtMEJ5RFpfUXJjXzNCenJNMjdDa2l5WWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBeBAIAATBYAwQAUahgAwQA
UpkzAwQAUpmUAwQAWdVrMAwDBARZ1XADBABZ1XIDBABZ1XQDBABZ1XkDBABZ1Z0D
BABZ1eMDBABtsMkDBADVgokwDAMEA9WCmAMEANWCmjANBgkqhkiG9w0BAQsFAAOC
AQEAoCzgF7uOaMyP6Of+0C79eDnzreUKSUwFSfocfnwzrmKWjEJBbBeH2wA2tNUi
Li7x8Jj/770/xthccrykE2HRYyv155yHgq2RVFpyw29ygI4i9x+CS7WKJO3dIm4z
QSYlm8UQGfRct8UFgaQfEQFZOmwCqPG+mNE6Oo5jHCcP28bdIlHrgtdk6ib8ReuA
AB24E257DjwKgNWeX1bUWAyhI49P7wIzzk+JGqIFrrs1RhoNxEP67LKnA0zRtSQF
Nd1dxFHBfMKjlTSKLwoCp5vciIGs0yx7qjKX7mk4hZvOOY9nV34fMvDCYS3AZO//
IiA6ywDieprc+rwtzVgu2up23Q==
-----END CERTIFICATE-----