Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/otc1oikAXi-stwJ8bbDC95musCM.roa
File:                     otc1oikAXi-stwJ8bbDC95musCM.roa (raw, json)
Hash identifier:          hW/5B1eyo8J0leS/UxNNa/tlpz9c2tGOWa90hj4BBE4=
Subject key identifier:   A2:D7:35:A2:29:00:5E:2F:AC:B7:02:7C:6D:B0:C2:F7:99:AE:B0:23
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018CC5011C1B00CD0F90D2FED065C5F848E4
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/otc1oikAXi-stwJ8bbDC95musCM.roa
Signing time:             Mon 01 Jan 2024 12:30:33 +0000
ROA not before:           Mon 01 Jan 2024 12:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204402
IP address blocks:        45.157.200.0/24 maxlen: 24
                          45.157.201.0/24 maxlen: 24
                          45.152.10.0/24 maxlen: 24
                          45.152.38.0/24 maxlen: 24
                          45.159.192.0/24 maxlen: 24
                          45.152.39.0/24 maxlen: 24
                          45.159.193.0/24 maxlen: 24
                          45.159.194.0/24 maxlen: 24
                          2a0b:3c40:24::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 07 May 2024 09:17:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:1c:1b:00:cd:0f:90:d2:fe:d0:65:c5:f8:48:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 12:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2d735a229005e2facb7027c6db0c2f799aeb023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e2:58:30:43:56:30:45:31:77:9c:9f:a0:3b:
                    2d:99:89:70:6f:ab:65:52:7e:ef:c4:57:9c:b2:2a:
                    25:37:9e:00:c8:d7:69:bf:6f:ef:ec:5d:73:aa:5a:
                    e1:68:20:98:db:6c:71:69:77:d5:58:2e:b6:84:bf:
                    d3:e8:af:65:01:f7:4e:62:6d:c2:60:64:25:f2:97:
                    81:de:8f:ad:ee:33:98:4b:eb:e3:be:2a:da:6f:02:
                    d0:b5:d9:9e:aa:72:e9:b4:27:d2:1d:fa:b5:c9:fe:
                    4b:cd:96:87:0e:31:f1:cd:be:9e:95:17:ad:0a:a7:
                    99:53:64:0a:79:de:01:e0:62:f9:c8:eb:f0:bd:d8:
                    92:93:76:c1:f4:2a:94:23:ff:10:67:6c:bb:4e:fb:
                    d3:78:a1:58:fc:ad:c6:31:09:8c:f6:5d:1b:aa:fe:
                    77:ce:bc:68:ab:ed:c7:b0:f7:84:64:da:fa:de:7b:
                    1e:9b:a8:b6:96:97:99:10:6a:22:6a:15:57:44:d6:
                    f0:7a:3e:d1:33:04:c7:27:10:84:da:9f:59:65:07:
                    92:3f:b0:e0:2a:72:59:02:a3:90:80:e4:eb:36:ae:
                    fc:89:55:89:6c:6d:e7:de:5c:fd:7a:70:ed:09:0b:
                    46:d0:03:20:de:99:a3:2b:54:ea:4d:b0:5a:ae:bd:
                    91:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D7:35:A2:29:00:5E:2F:AC:B7:02:7C:6D:B0:C2:F7:99:AE:B0:23
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/otc1oikAXi-stwJ8bbDC95musCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.10.0/24
                  45.152.38.0/23
                  45.157.200.0/23
                  45.159.192.0-45.159.194.255
                IPv6:
                  2a0b:3c40:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:23:4d:e5:eb:60:c8:02:f4:26:29:1a:2c:97:a4:e3:14:1a:
         61:05:39:2b:cc:73:b0:7b:fa:89:ec:70:ad:de:fe:db:23:57:
         81:3a:cf:e0:16:18:bd:46:9f:49:c8:47:f5:96:81:91:f3:40:
         22:ca:0e:d1:de:a2:de:d6:5c:23:70:dc:75:8f:1e:e0:a2:dd:
         62:e7:2c:8d:88:9b:a0:78:53:39:56:de:1b:22:57:e5:67:c7:
         44:68:f0:6b:07:db:a5:aa:5a:80:96:8c:a9:4d:88:aa:39:a1:
         f0:83:f8:22:e1:d4:0a:d6:1f:c3:ec:52:13:90:dd:02:05:60:
         e1:9e:20:ed:45:6b:ea:38:32:2e:4d:bc:7b:2a:f1:3d:5f:ef:
         a4:50:0d:ba:46:40:70:3b:85:8b:4d:dc:63:29:47:c2:0c:41:
         68:f8:63:f5:a2:ff:77:a6:67:a1:8d:a2:08:e4:91:c1:63:cb:
         7b:6b:c3:08:03:94:8c:6d:6d:b6:28:9b:b1:56:33:9f:87:7f:
         e7:5f:d5:36:f6:d1:13:79:fd:4f:1f:93:93:fc:07:3c:cf:bc:
         cf:19:b4:a0:0c:63:1e:d2:1e:30:c9:9f:b9:d2:eb:7c:e8:00:
         5c:4e:34:cb:e0:71:95:13:2f:b9:86:d6:08:80:a8:0d:ed:ee:
         b7:5a:8b:1c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzFARwbAM0PkNL+0GXF+EjkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQ3MzVhMjI5MDA1ZTJmYWNiNzAyN2M2ZGIwYzJmNzk5YWViMDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApuJYMENWMEUxd5yfoDstmYlwb6tl
Un7vxFecsiolN54AyNdpv2/v7F1zqlrhaCCY22xxaXfVWC62hL/T6K9lAfdOYm3C
YGQl8peB3o+t7jOYS+vjvirabwLQtdmeqnLptCfSHfq1yf5LzZaHDjHxzb6elRet
CqeZU2QKed4B4GL5yOvwvdiSk3bB9CqUI/8QZ2y7TvvTeKFY/K3GMQmM9l0bqv53
zrxoq+3HsPeEZNr63nsem6i2lpeZEGoiahVXRNbwej7RMwTHJxCE2p9ZZQeSP7Dg
KnJZAqOQgOTrNq78iVWJbG3n3lz9enDtCQtG0AMg3pmjK1TqTbBarr2RvQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFKLXNaIpAF4vrLcCfG2wwveZrrAjMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvb3RjMW9pa0FYaS1zdHdKOGJiREM5NW11c0NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQALZgKAwQB
LZgmAwQBLZ3IMAwDBAYtn8ADBAAtn8IwDwQCAAIwCQMHACoLPEAAJDANBgkqhkiG
9w0BAQsFAAOCAQEAeCNN5etgyAL0JikaLJek4xQaYQU5K8xzsHv6iexwrd7+2yNX
gTrP4BYYvUafSchH9ZaBkfNAIsoO0d6i3tZcI3DcdY8e4KLdYucsjYiboHhTOVbe
GyJX5WfHRGjwawfbpapagJaMqU2Iqjmh8IP4IuHUCtYfw+xSE5DdAgVg4Z4g7UVr
6jgyLk28eyrxPV/vpFANukZAcDuFi03cYylHwgxBaPhj9aL/d6ZnoY2iCOSRwWPL
e2vDCAOUjG1ttiibsVYzn4d/51/VNvbRE3n9Tx+Tk/wHPM+8zxm0oAxjHtIeMMmf
udLrfOgAXE40y+BxlRMvuYbWCICoDe3ut1qLHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:25 2024 by rpki-client on console-fra.rpki-client.org