Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/ak2_KVOpHneN6Dtgh8nyE08u7L4.roa
File:                     ak2_KVOpHneN6Dtgh8nyE08u7L4.roa (raw, json)
Hash identifier:          320s2ZIwcGSQITFc8TxICvIoR/pHOU5aIRLKwz+nZKI=
Subject key identifier:   6A:4D:BF:29:53:A9:1E:77:8D:E8:3B:60:87:C9:F2:13:4F:2E:EC:BE
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC5012051FA506464AF7A976F9E6599AF
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/ak2_KVOpHneN6Dtgh8nyE08u7L4.roa
Signing time:             Mon 01 Jan 2024 12:30:34 +0000
ROA not before:           Mon 01 Jan 2024 12:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212826
IP address blocks:        185.232.84.0/23 maxlen: 24
                          45.154.238.0/23 maxlen: 24
                          45.152.11.0/24 maxlen: 24
                          45.157.32.0/23 maxlen: 24
                          213.185.86.0/23 maxlen: 24
                          45.130.52.0/24 maxlen: 24
                          194.40.246.0/23 maxlen: 24
                          46.161.208.0/23 maxlen: 23
                          45.128.158.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 02 Sep 2024 12:04:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:20:51:fa:50:64:64:af:7a:97:6f:9e:65:99:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a4dbf2953a91e778de83b6087c9f2134f2eecbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:dc:7e:5b:1e:f1:c7:b8:1b:93:09:70:58:56:
                    34:b7:d4:bd:bd:7b:60:20:d0:33:2d:72:a7:77:94:
                    bc:6f:46:68:e4:68:94:54:c5:e1:54:bd:d0:05:e6:
                    16:d3:7e:5a:a9:90:84:32:89:c1:fa:c8:80:c2:4a:
                    0b:7d:45:22:50:90:b9:38:fe:c7:4c:be:75:98:4a:
                    78:d0:cd:cb:e3:9c:c4:a3:44:55:b7:51:fe:55:ee:
                    b0:ee:24:21:bd:7c:45:a7:20:5e:dc:38:20:79:c3:
                    c7:b1:dd:b9:ef:30:43:40:6f:0e:06:be:3d:80:80:
                    c8:4b:52:af:c3:d5:a5:ce:96:8a:b3:67:f2:63:d0:
                    bc:0a:ae:b0:6d:cf:1d:86:79:1c:20:d1:dd:85:22:
                    9b:81:31:b5:33:f8:0e:9d:98:55:dd:00:f9:cb:d8:
                    dc:23:80:f2:21:9c:ba:40:65:84:3b:f0:3e:b5:1e:
                    d7:2a:b8:b3:00:a7:13:62:0a:23:2d:e4:7d:e8:eb:
                    42:de:93:f5:6e:2b:ed:d0:34:61:95:c8:cb:d9:e7:
                    08:7c:87:22:b6:c8:87:5e:5f:e1:46:76:25:fd:45:
                    41:ba:b2:60:be:24:2e:5f:d5:1b:30:59:52:31:07:
                    0c:79:88:7b:ba:d5:e8:5e:ab:35:59:af:09:94:30:
                    66:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:4D:BF:29:53:A9:1E:77:8D:E8:3B:60:87:C9:F2:13:4F:2E:EC:BE
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/ak2_KVOpHneN6Dtgh8nyE08u7L4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.158.0/23
                  45.130.52.0/24
                  45.152.11.0/24
                  45.154.238.0/23
                  45.157.32.0/23
                  46.161.208.0/23
                  185.232.84.0/23
                  194.40.246.0/23
                  213.185.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:ef:7d:23:77:1a:62:ec:e4:14:cd:67:c1:d1:7b:2a:67:0b:
         e4:bd:d0:f8:2a:f9:0e:79:1b:bf:d6:ae:f3:70:0b:21:aa:5c:
         ae:5d:80:17:47:94:f6:91:6c:46:55:a3:51:b2:6c:bc:23:f3:
         6c:9a:05:4a:69:14:d7:18:61:0f:b9:37:cf:89:44:69:34:b6:
         bb:a0:b6:13:fa:ad:e6:9b:73:2b:6a:9d:4f:2d:a2:25:fd:18:
         2f:1a:84:a0:f7:f6:18:63:34:a4:14:48:f6:f9:c3:66:6d:9b:
         0f:55:f1:91:fa:5d:01:15:fd:7f:33:e8:b9:cf:29:9d:07:a2:
         67:06:d8:1c:d4:12:64:f3:3d:6c:cb:02:0c:8f:19:19:9d:17:
         d1:f3:6b:3d:6b:19:b7:3c:90:6c:0a:1d:66:38:62:ae:2f:83:
         52:97:f3:7d:60:c3:2a:69:79:75:83:e2:75:0a:05:9f:c4:0f:
         5c:f3:4a:7c:52:3a:26:3c:b0:f7:41:84:d8:cc:97:66:8c:14:
         46:1f:23:8a:53:8f:62:7c:74:99:66:68:f5:6b:8e:44:ae:0e:
         f4:4b:1d:bc:57:bf:ca:e8:e2:1b:2c:0b:30:37:c7:53:14:8c:
         6c:4c:eb:7b:f3:bd:aa:fc:05:c4:a9:b5:a7:62:47:10:3c:26:
         67:f8:5e:c0
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzFASBR+lBkZK96l2+eZZmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTRkYmYyOTUzYTkxZTc3OGRlODNiNjA4N2M5ZjIxMzRmMmVlY2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtx+Wx7xx7gbkwlwWFY0t9S9vXtg
INAzLXKnd5S8b0Zo5GiUVMXhVL3QBeYW035aqZCEMonB+siAwkoLfUUiUJC5OP7H
TL51mEp40M3L45zEo0RVt1H+Ve6w7iQhvXxFpyBe3DggecPHsd257zBDQG8OBr49
gIDIS1Kvw9WlzpaKs2fyY9C8Cq6wbc8dhnkcINHdhSKbgTG1M/gOnZhV3QD5y9jc
I4DyIZy6QGWEO/A+tR7XKrizAKcTYgojLeR96OtC3pP1bivt0DRhlcjL2ecIfIci
tsiHXl/hRnYl/UVBurJgviQuX9UbMFlSMQcMeYh7utXoXqs1Wa8JlDBmJwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFGpNvylTqR53jeg7YIfJ8hNPLuy+MB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvYWsyX0tWT3BIbmVONkR0Z2g4bnlFMDh1N0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQBLYCeAwQA
LYI0AwQALZgLAwQBLZruAwQBLZ0gAwQBLqHQAwQBuehUAwQBwij2AwQB1blWMA0G
CSqGSIb3DQEBCwUAA4IBAQCs730jdxpi7OQUzWfB0XsqZwvkvdD4KvkOeRu/1q7z
cAshqlyuXYAXR5T2kWxGVaNRsmy8I/NsmgVKaRTXGGEPuTfPiURpNLa7oLYT+q3m
m3Mrap1PLaIl/RgvGoSg9/YYYzSkFEj2+cNmbZsPVfGR+l0BFf1/M+i5zymdB6Jn
Btgc1BJk8z1sywIMjxkZnRfR82s9axm3PJBsCh1mOGKuL4NSl/N9YMMqaXl1g+J1
CgWfxA9c80p8UjomPLD3QYTYzJdmjBRGHyOKU49ifHSZZmj1a45Erg70Sx28V7/K
6OIbLAswN8dTFIxsTOt7872q/AXEqbWnYkcQPCZn+F7A
-----END CERTIFICATE-----
Generated at Mon Sep 2 15:35:04 2024 by rpki-client on console-ams.rpki-client.org