Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2cXA2V6mpnLQ728gfzuaJJkBxmU.roa
File:                     2cXA2V6mpnLQ728gfzuaJJkBxmU.roa (raw, json)
Hash identifier:          g894wSLUKCMlpx24cVyLQvdjoJrzcIEckE7JOkLipUw=
Subject key identifier:   D9:C5:C0:D9:5E:A6:A6:72:D0:EF:6F:20:7F:3B:9A:24:99:01:C6:65
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CF499FADDC3B162753BD5C65C8F51DB7E
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2cXA2V6mpnLQ728gfzuaJJkBxmU.roa
Signing time:             Wed 10 Jan 2024 18:19:40 +0000
ROA not before:           Wed 10 Jan 2024 18:19:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203511
IP address blocks:        45.151.2.0/24 maxlen: 24
                          194.15.52.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 11:29:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f4:99:fa:dd:c3:b1:62:75:3b:d5:c6:5c:8f:51:db:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 10 18:19:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9c5c0d95ea6a672d0ef6f207f3b9a249901c665
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7a:74:fa:f2:69:ee:87:8b:70:fd:fb:d0:17:
                    68:f9:6c:b2:06:43:e9:ad:35:11:45:32:26:b6:36:
                    b8:b0:76:11:a7:92:01:47:2e:86:8b:62:5b:66:21:
                    ea:0f:8b:de:2f:48:9a:e5:97:2c:79:56:28:26:4e:
                    87:00:a9:df:52:72:d0:f7:5f:06:07:4e:58:16:20:
                    48:89:18:f7:3c:39:43:c8:5b:11:b9:bb:31:2a:bc:
                    7c:37:9a:8b:7b:9e:c3:1a:84:47:50:e5:7b:6f:61:
                    d3:a7:61:22:0e:64:47:4e:73:f3:93:69:ea:06:13:
                    37:4b:0f:40:d5:93:9d:f0:e7:5c:b5:e7:38:50:ce:
                    93:c8:5f:b2:cb:c2:78:35:c2:a9:df:dd:8a:52:a0:
                    96:20:67:5a:64:1e:e9:b3:0c:50:c2:66:40:ae:09:
                    73:c7:92:e9:95:9b:78:c5:7d:98:0d:73:3e:2f:a2:
                    0f:34:4e:2c:02:71:3f:2f:3e:0c:4f:e7:be:7e:bb:
                    11:94:05:64:a6:e5:aa:bb:7d:63:8a:43:9f:9d:51:
                    a9:74:47:cb:58:a1:5b:6b:92:ed:8e:6d:08:1c:e9:
                    f0:99:ba:4c:53:8e:18:28:31:40:a0:50:8e:eb:42:
                    ba:54:1f:c5:29:54:ea:b6:02:25:07:db:2b:53:6d:
                    1e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C5:C0:D9:5E:A6:A6:72:D0:EF:6F:20:7F:3B:9A:24:99:01:C6:65
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/2cXA2V6mpnLQ728gfzuaJJkBxmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.138.0/24
                  45.151.2.0/24
                  194.15.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:45:13:de:67:07:34:0d:c4:d5:34:89:26:a7:af:27:e1:be:
         7b:5e:e6:6b:c4:a0:a3:20:5d:0d:88:2b:46:68:04:23:c5:db:
         69:a2:63:21:93:1c:a1:39:27:ca:7b:8d:69:b0:d8:b4:5e:4c:
         22:0b:18:1f:11:7b:04:23:c7:5e:aa:f0:d5:6a:5c:29:09:15:
         51:1e:20:49:2b:81:3c:5f:f5:b3:b9:69:f2:bf:09:ca:88:c4:
         e4:53:7a:6c:35:60:95:4c:d4:bd:9a:ea:bc:70:60:64:8b:22:
         ad:a1:2b:cb:7f:13:0e:2f:f0:ad:11:ed:92:94:6d:a8:05:8c:
         04:57:da:0a:fb:e1:f6:ba:c7:97:b7:ba:77:e5:88:a7:76:fd:
         63:eb:e6:27:5b:fc:ea:96:f7:6a:76:d4:b6:e2:43:97:21:63:
         35:e6:3b:e8:de:ab:f2:9a:83:08:37:f7:c2:98:f1:83:46:53:
         f0:1d:df:84:ba:e1:d3:a3:d7:ac:0f:75:48:fa:b4:f1:f0:61:
         93:d5:39:67:db:12:58:b3:3e:f4:e3:11:d5:a8:fd:53:e6:d2:
         ea:7a:45:0a:85:e5:8a:68:65:31:07:d0:28:d0:13:9a:01:cb:
         58:25:a8:a6:86:87:bb:e0:99:3f:f1:97:cf:0f:9d:83:89:0b:
         47:fe:87:92
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYz0mfrdw7FidTvVxlyPUdt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTEwMTgxOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWM1YzBkOTVlYTZhNjcyZDBlZjZmMjA3ZjNiOWEyNDk5MDFjNjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXp0+vJp7oeLcP370Bdo+WyyBkPp
rTURRTImtja4sHYRp5IBRy6Gi2JbZiHqD4veL0ia5ZcseVYoJk6HAKnfUnLQ918G
B05YFiBIiRj3PDlDyFsRubsxKrx8N5qLe57DGoRHUOV7b2HTp2EiDmRHTnPzk2nq
BhM3Sw9A1ZOd8Odctec4UM6TyF+yy8J4NcKp392KUqCWIGdaZB7pswxQwmZArglz
x5LplZt4xX2YDXM+L6IPNE4sAnE/Lz4MT+e+frsRlAVkpuWqu31jikOfnVGpdEfL
WKFba5Ltjm0IHOnwmbpMU44YKDFAoFCO60K6VB/FKVTqtgIlB9srU20eVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNnFwNlepqZy0O9vIH87miSZAcZlMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMmNYQTJWNm1wbkxRNzI4Z2Z6dWFKSmtCeG1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALViKAwQA
LZcCAwQAwg80MA0GCSqGSIb3DQEBCwUAA4IBAQBcRRPeZwc0DcTVNIkmp68n4b57
XuZrxKCjIF0NiCtGaAQjxdtpomMhkxyhOSfKe41psNi0XkwiCxgfEXsEI8deqvDV
alwpCRVRHiBJK4E8X/WzuWnyvwnKiMTkU3psNWCVTNS9muq8cGBkiyKtoSvLfxMO
L/CtEe2SlG2oBYwEV9oK++H2useXt7p35Yindv1j6+YnW/zqlvdqdtS24kOXIWM1
5jvo3qvymoMIN/fCmPGDRlPwHd+EuuHTo9esD3VI+rTx8GGT1Tln2xJYsz704xHV
qP1T5tLqekUKheWKaGUxB9Ao0BOaActYJaimhoe74Jk/8ZfPD52DiQtH/oeS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:31 2024 by rpki-client on console-fra.rpki-client.org