Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/9gu7RP-WhqsC1Wpx4FHMet7CqIQ.roa
File:                     9gu7RP-WhqsC1Wpx4FHMet7CqIQ.roa (raw, json)
Hash identifier:          qAZ2Fy2iZmq0PKWFF7jTAZiFEY78LrQlISAq3cXLWa8=
Subject key identifier:   F6:0B:BB:44:FF:96:86:AB:02:D5:6A:71:E0:51:CC:7A:DE:C2:A8:84
Certificate issuer:       /CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
Certificate serial:       01942521CB67A0C918CAE4185D8F8CEBBDE4
Authority key identifier: 5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/9gu7RP-WhqsC1Wpx4FHMet7CqIQ.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39386
IP address blocks:        37.224.192.0/24 maxlen: 24
                          84.235.0.0/17 maxlen: 17
                          84.235.0.0/24 maxlen: 24
                          84.235.14.0/24 maxlen: 24
                          84.235.56.0/23 maxlen: 23
                          84.235.95.0/24 maxlen: 24
                          84.235.108.0/24 maxlen: 24
                          84.235.109.0/24 maxlen: 24
                          84.235.110.0/24 maxlen: 24
                          84.235.111.0/24 maxlen: 24
                          84.235.120.0/22 maxlen: 22
                          178.86.50.0/24 maxlen: 24
                          193.19.244.0/24 maxlen: 24
                          212.118.154.0/24 maxlen: 24
                          2001:16a0::/29 maxlen: 29
Validation:               Failed, certificate revoked on Sun 12 Jan 2025 10:42:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cb:67:a0:c9:18:ca:e4:18:5d:8f:8c:eb:bd:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e1bf6a319da2489816aedba1b4fd0cc7ddf3e1e
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f60bbb44ff9686ab02d56a71e051cc7adec2a884
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:82:e0:3c:f5:b3:d3:10:3c:e8:b5:c2:12:68:
                    54:a7:bc:33:26:ef:7d:98:b2:2e:51:e9:52:43:14:
                    59:76:88:62:01:3a:8a:f8:63:96:04:a9:6f:33:c6:
                    d9:8d:4e:0b:14:74:34:c7:95:ae:a7:51:4f:b5:2f:
                    67:81:82:f8:69:8a:cb:03:a1:3b:bd:46:8b:36:24:
                    55:90:b6:c6:0d:4d:0b:85:0b:29:ed:4f:d1:38:2a:
                    80:a1:e5:85:eb:49:f5:ef:7d:87:5e:8e:77:6c:55:
                    fd:58:e1:cf:fd:7d:af:80:18:fc:1c:c2:8b:e6:b6:
                    36:2e:b4:6f:ad:e2:b5:32:1c:e7:a6:67:05:c0:c4:
                    ed:b3:67:c1:a0:12:cd:93:16:ca:c1:3a:2d:7e:14:
                    a0:1a:f8:08:15:70:a7:e3:e5:f9:b1:d1:1f:79:17:
                    54:8c:a3:25:92:f6:f6:b8:73:93:be:39:da:3b:12:
                    63:aa:30:db:5b:86:a5:ff:db:b5:54:b4:ef:ae:93:
                    5e:bf:2f:86:8c:f3:b5:98:c4:47:07:28:39:fd:ce:
                    93:46:3a:aa:19:b6:12:b0:8b:98:0c:b5:25:50:69:
                    aa:35:cf:cb:18:3d:3f:63:0e:77:4f:12:ce:0a:c1:
                    4e:ab:b0:29:0f:ce:ab:41:0a:cb:15:f3:f3:e7:7b:
                    42:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:0B:BB:44:FF:96:86:AB:02:D5:6A:71:E0:51:CC:7A:DE:C2:A8:84
            X509v3 Authority Key Identifier:
                keyid:5E:1B:F6:A3:19:DA:24:89:81:6A:ED:BA:1B:4F:D0:CC:7D:DF:3E:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xhv2oxnaJImBau26G0_QzH3fPh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/9gu7RP-WhqsC1Wpx4FHMet7CqIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/88fdd1-8b7b-4101-ac66-b590957d9415/1/Xhv2oxnaJImBau26G0_QzH3fPh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.224.192.0/24
                  84.235.0.0/17
                  178.86.50.0/24
                  193.19.244.0/24
                  212.118.154.0/24
                IPv6:
                  2001:16a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:21:65:d2:ce:b4:44:25:b7:1b:cd:63:b4:db:9d:e9:37:de:
         8f:91:54:de:25:40:00:6b:79:dd:48:ff:e6:83:9c:da:97:2c:
         2c:b9:12:6d:08:6e:03:88:78:61:5b:db:2a:b2:cf:8e:54:78:
         14:3a:00:6b:85:4a:81:01:1e:e1:4d:66:ca:10:3c:ff:64:31:
         b0:85:c9:27:6d:01:54:88:d2:15:7e:62:89:fb:71:53:ed:32:
         ce:e3:bb:80:6d:f1:04:9d:33:f9:e0:55:3c:19:c0:f9:4f:55:
         1c:fd:61:c9:ce:ec:b6:14:fc:a1:21:8d:b7:54:be:98:22:c3:
         9c:2f:ee:1c:3b:15:b2:6b:6a:5d:2b:09:ec:c2:ab:85:d9:a2:
         8b:ea:7d:b5:f7:c6:6b:d3:d9:7b:2b:c8:93:b4:9d:53:cd:f5:
         46:64:01:d8:85:7a:d6:36:43:f8:8d:42:7d:bf:3b:ca:e7:11:
         dd:fd:29:b6:d4:cb:cf:98:16:55:08:5c:8d:2c:89:90:8a:25:
         04:33:a2:99:ed:e1:0e:33:06:6a:36:fb:b8:39:1c:5b:68:bb:
         ae:f2:fd:27:df:a8:b3:37:61:e0:d4:9c:21:50:8b:50:90:fb:
         02:ac:15:38:09:48:61:49:cb:95:30:b6:c8:f9:5b:94:c6:b0:
         80:21:3d:d5
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZQlIctnoMkYyuQYXY+M673kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMWJmNmEzMTlkYTI0ODk4MTZhZWRiYTFiNGZkMGNjN2Rk
ZjNlMWUwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjBiYmI0NGZmOTY4NmFiMDJkNTZhNzFlMDUxY2M3YWRlYzJhODg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooLgPPWz0xA86LXCEmhUp7wzJu99
mLIuUelSQxRZdohiATqK+GOWBKlvM8bZjU4LFHQ0x5Wup1FPtS9ngYL4aYrLA6E7
vUaLNiRVkLbGDU0LhQsp7U/ROCqAoeWF60n1732HXo53bFX9WOHP/X2vgBj8HMKL
5rY2LrRvreK1MhznpmcFwMTts2fBoBLNkxbKwTotfhSgGvgIFXCn4+X5sdEfeRdU
jKMlkvb2uHOTvjnaOxJjqjDbW4al/9u1VLTvrpNevy+GjPO1mMRHByg5/c6TRjqq
GbYSsIuYDLUlUGmqNc/LGD0/Yw53TxLOCsFOq7ApD86rQQrLFfPz53tCvwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFPYLu0T/loarAtVqceBRzHrewqiEMB8GA1UdIwQY
MBaAFF4b9qMZ2iSJgWrtuhtP0Mx93z4eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYt
YjU5MDk1N2Q5NDE1LzEvOWd1N1JQLVdocXNDMVdweDRGSE1ldDdDcUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84OGZkZDEtOGI3Yi00MTAxLWFjNjYtYjU5MDk1N2Q5NDE1
LzEvWGh2Mm94bmFKSW1CYXUyNkcwX1F6SDNmUGg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQAJeDAAwQH
VOsAAwQAslYyAwQAwRP0AwQA1HaaMA0EAgACMAcDBQMgARagMA0GCSqGSIb3DQEB
CwUAA4IBAQBFIWXSzrREJbcbzWO0253pN96PkVTeJUAAa3ndSP/mg5zalywsuRJt
CG4DiHhhW9sqss+OVHgUOgBrhUqBAR7hTWbKEDz/ZDGwhcknbQFUiNIVfmKJ+3FT
7TLO47uAbfEEnTP54FU8GcD5T1Uc/WHJzuy2FPyhIY23VL6YIsOcL+4cOxWya2pd
KwnswquF2aKL6n2198Zr09l7K8iTtJ1TzfVGZAHYhXrWNkP4jUJ9vzvK5xHd/Sm2
1MvPmBZVCFyNLImQiiUEM6KZ7eEOMwZqNvu4ORxbaLuu8v0n36izN2Hg1JwhUItQ
kPsCrBU4CUhhScuVMLbI+VuUxrCAIT3V
-----END CERTIFICATE-----