Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/vVbcWwbswty30VfkF2SFTUNEFKI.roa
File:                     vVbcWwbswty30VfkF2SFTUNEFKI.roa (raw, json)
Hash identifier:          sQ4tWrJVAYvwbpNoy5QbQK56lvUQuUx7VO7hIigKkwE=
Subject key identifier:   BD:56:DC:5B:06:EC:C2:DC:B7:D1:57:E4:17:64:85:4D:43:44:14:A2
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018B8F72A173DB8F2C83B0BB5C6062C220DC
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/vVbcWwbswty30VfkF2SFTUNEFKI.roa
Signing time:             Thu 02 Nov 2023 09:52:15 +0000
ROA not before:           Thu 02 Nov 2023 09:52:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2895
IP address blocks:        147.45.194.0/23 maxlen: 23
                          147.45.0.0/19 maxlen: 19
                          147.45.0.0/16 maxlen: 16
                          147.45.32.0/23 maxlen: 23
                          193.233.4.0/24 maxlen: 24
                          193.233.0.0/22 maxlen: 22
                          147.45.64.0/24 maxlen: 24
                          193.233.10.0/23 maxlen: 23
                          193.233.8.0/24 maxlen: 24
                          2001:640::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 17:27:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8f:72:a1:73:db:8f:2c:83:b0:bb:5c:60:62:c2:20:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov  2 09:52:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bd56dc5b06ecc2dcb7d157e41764854d434414a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:97:47:01:26:cb:c7:84:b0:27:b1:76:86:d6:
                    37:d9:9e:cc:23:29:5f:b2:30:80:c6:c7:f5:4a:86:
                    a6:1e:31:34:e3:a5:8e:15:eb:2b:c5:67:db:bb:00:
                    76:3a:56:36:9e:82:f4:98:51:9e:bf:f6:31:e1:e3:
                    6e:f7:dd:9e:dd:14:5d:f7:1c:f1:75:cf:c8:84:15:
                    6e:b0:49:ba:85:29:4d:63:e4:c8:57:88:26:78:91:
                    b0:ba:3f:5e:57:87:4a:14:de:07:97:7f:eb:dd:51:
                    fa:11:d7:55:a2:b6:09:26:3e:2c:22:b2:59:97:ac:
                    83:05:59:1c:27:7d:1d:4c:7e:72:b8:ab:f1:9d:10:
                    8c:1d:51:36:5d:0e:46:ee:39:4e:5c:1b:67:15:db:
                    5a:01:79:66:a1:a7:2a:78:b4:40:31:b7:5a:7d:93:
                    09:88:c2:39:37:c7:ef:8a:a8:e7:13:3f:f8:f8:ef:
                    99:92:66:bb:33:ea:25:cd:3d:c1:c7:28:b8:d9:e0:
                    a8:32:10:2f:29:4f:da:9c:0d:50:6f:cf:f9:ee:eb:
                    bd:7c:f3:97:3f:7f:ab:69:02:93:70:06:c1:31:e9:
                    4e:58:ef:89:e6:b0:33:2d:0f:04:17:6f:6b:ff:43:
                    a0:cd:82:c5:3d:66:4f:ea:51:95:c2:8d:08:aa:71:
                    62:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:56:DC:5B:06:EC:C2:DC:B7:D1:57:E4:17:64:85:4D:43:44:14:A2
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/vVbcWwbswty30VfkF2SFTUNEFKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.0.0/16
                  193.233.0.0-193.233.4.255
                  193.233.8.0/24
                  193.233.10.0/23
                IPv6:
                  2001:640::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:2e:49:74:f6:08:df:7e:07:03:a8:ef:3a:30:d1:84:65:93:
         fa:26:10:7d:6f:d1:ec:35:c7:7b:c2:65:a5:f0:09:05:9a:56:
         cb:b0:1d:ea:32:b6:c0:b8:be:15:c3:c6:08:ba:68:e7:90:cc:
         9a:c5:a1:53:4b:35:79:d1:81:d0:6f:89:3c:6d:2e:5b:07:f8:
         01:61:30:46:4d:39:e2:8b:dd:4c:a6:2e:35:b9:5d:ed:88:fb:
         62:41:34:ae:0a:0c:a0:35:95:63:d9:28:49:94:34:ba:4b:a0:
         3a:bb:4e:14:cf:bc:c3:aa:5a:01:1b:41:4c:c7:91:aa:e5:a5:
         75:88:04:e2:46:90:78:0c:77:66:21:c7:60:90:c6:46:2d:ce:
         1d:f3:99:b2:5e:77:03:e5:65:f9:f0:39:d8:7d:6c:97:c9:a2:
         e9:23:93:6a:48:a4:92:80:37:0d:fc:ca:34:47:e4:64:c5:71:
         bf:22:40:0e:d1:af:02:55:e9:65:46:33:2d:36:e3:7e:59:3e:
         d2:b0:74:3e:18:23:3c:e5:d6:55:cf:03:41:e4:05:27:be:95:
         c5:32:be:e7:c3:dd:45:b0:e9:e7:c8:01:e2:f3:18:29:85:af:
         45:c8:32:64:a9:36:31:ef:b0:c1:82:e9:12:21:ef:ec:72:f3:
         45:cc:50:2f
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYuPcqFz248sg7C7XGBiwiDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjMxMTAyMDk1MjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDU2ZGM1YjA2ZWNjMmRjYjdkMTU3ZTQxNzY0ODU0ZDQzNDQxNGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJdHASbLx4SwJ7F2htY32Z7MIylf
sjCAxsf1SoamHjE046WOFesrxWfbuwB2OlY2noL0mFGev/Yx4eNu992e3RRd9xzx
dc/IhBVusEm6hSlNY+TIV4gmeJGwuj9eV4dKFN4Hl3/r3VH6EddVorYJJj4sIrJZ
l6yDBVkcJ30dTH5yuKvxnRCMHVE2XQ5G7jlOXBtnFdtaAXlmoacqeLRAMbdafZMJ
iMI5N8fviqjnEz/4+O+Zkma7M+olzT3Bxyi42eCoMhAvKU/anA1Qb8/57uu9fPOX
P3+raQKTcAbBMelOWO+J5rAzLQ8EF29r/0OgzYLFPWZP6lGVwo0IqnFiowIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFL1W3FsG7MLct9FX5BdkhU1DRBSiMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvdlZiY1d3YnN3dHkzMFZma0YyU0ZUVU5FRktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwMAky0wCwMD
AMHpAwQAwekEAwQAwekIAwQBwekKMA0EAgACMAcDBQAgAQZAMA0GCSqGSIb3DQEB
CwUAA4IBAQB3Lkl09gjffgcDqO86MNGEZZP6JhB9b9HsNcd7wmWl8AkFmlbLsB3q
MrbAuL4Vw8YIumjnkMyaxaFTSzV50YHQb4k8bS5bB/gBYTBGTTnii91Mpi41uV3t
iPtiQTSuCgygNZVj2ShJlDS6S6A6u04Uz7zDqloBG0FMx5Gq5aV1iATiRpB4DHdm
IcdgkMZGLc4d85myXncD5WX58DnYfWyXyaLpI5NqSKSSgDcN/Mo0R+RkxXG/IkAO
0a8CVellRjMtNuN+WT7SsHQ+GCM85dZVzwNB5AUnvpXFMr7nw91FsOnnyAHi8xgp
ha9FyDJkqTYx77DBgukSIe/scvNFzFAv
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:33 2024 by rpki-client on console-ams.rpki-client.org