Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/BlQ1n4UtPkn9GFb_TZAzTI10L-E.roa
File:                     BlQ1n4UtPkn9GFb_TZAzTI10L-E.roa (raw, json)
Hash identifier:          IYN8/iRUyixcEPyluFJJNeBezS6YnkUssGGqIDoctq0=
Subject key identifier:   06:54:35:9F:85:2D:3E:49:FD:18:56:FF:4D:90:33:4C:8D:74:2F:E1
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018D459F702354011B1851A4D52EA4C8784A
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/BlQ1n4UtPkn9GFb_TZAzTI10L-E.roa
Signing time:             Fri 26 Jan 2024 11:54:53 +0000
ROA not before:           Fri 26 Jan 2024 11:54:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        45.88.139.0/24 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          146.19.125.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 18:39:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:45:9f:70:23:54:01:1b:18:51:a4:d5:2e:a4:c8:78:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan 26 11:54:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0654359f852d3e49fd1856ff4d90334c8d742fe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e3:bf:4f:2f:9c:ae:84:52:cc:f9:e4:44:dd:
                    e0:24:d7:44:73:51:be:b9:6f:5f:3d:cf:09:49:88:
                    35:2e:ef:e8:94:dc:bb:43:5a:c5:57:33:6d:08:6c:
                    2f:56:6f:bd:44:82:3b:66:45:be:73:82:52:3a:a6:
                    ad:10:b1:a9:a3:18:a6:8e:60:d3:2a:da:a9:22:d7:
                    09:05:a1:6e:4c:44:10:95:b4:eb:9f:86:74:71:c4:
                    79:c7:e6:b1:1a:5f:cb:02:c3:30:cb:a7:a6:c3:bd:
                    03:b3:d3:5d:7a:ba:19:1c:d3:50:e4:df:3f:f4:72:
                    6e:90:2a:44:3f:84:c1:1e:72:cf:25:35:74:61:ef:
                    ca:9a:2e:9b:ff:0c:0a:ec:fe:c9:7a:ca:34:bc:57:
                    66:b8:87:75:58:6e:83:1c:99:bb:76:22:69:59:ec:
                    81:d2:4d:b8:48:b5:54:80:c2:35:c2:5f:62:3b:d1:
                    2b:87:d0:97:e8:23:68:bd:8c:67:d2:4f:ba:ed:88:
                    14:34:ad:81:aa:42:19:31:e1:cf:4e:2e:f5:99:59:
                    6b:d4:f2:94:e9:f5:11:58:f3:e1:67:7d:60:b3:8e:
                    3d:a7:0d:7a:fe:f6:a9:f7:a5:ca:31:67:ea:df:4a:
                    41:ea:6d:36:33:11:3c:99:90:98:57:5a:3b:3e:24:
                    2f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:54:35:9F:85:2D:3E:49:FD:18:56:FF:4D:90:33:4C:8D:74:2F:E1
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/BlQ1n4UtPkn9GFb_TZAzTI10L-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.139.0/24
                  45.94.171.0/24
                  85.209.120.0/23
                  146.19.125.0/24
                  193.30.241.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:78:41:a7:52:ca:f9:9b:04:d9:2f:e1:37:4a:35:7c:5b:65:
         0e:a7:0c:a3:84:e2:19:9b:2d:b0:0a:08:b0:16:0c:90:61:c4:
         f8:a2:85:b1:0e:5a:60:0d:a5:90:28:94:0b:03:63:fd:e8:af:
         49:70:5a:a2:6c:13:d5:65:86:31:d5:3b:80:78:44:d1:30:cc:
         d5:92:47:53:06:93:fc:63:36:2b:ce:be:fb:32:30:b5:05:85:
         f9:2a:fa:94:c9:f3:9c:22:bf:5d:7b:eb:2e:6f:f3:e3:08:d8:
         c8:c5:48:a3:1d:3b:62:87:53:e2:3f:b8:e0:19:ef:33:3b:fc:
         c1:0b:0d:96:03:89:e4:96:92:59:54:cf:fc:40:bd:0d:aa:c5:
         85:ef:a7:ed:63:7d:9c:31:c8:5d:25:6b:e2:a3:20:30:71:82:
         1e:23:e2:28:cb:5c:9b:fa:90:46:16:8c:17:ae:8a:c6:d8:1b:
         d6:45:01:72:d5:17:f8:8d:18:34:e5:53:f8:0d:66:7e:57:28:
         51:b9:4d:bc:db:f5:14:c5:15:20:51:04:ec:23:0d:3b:27:9f:
         5c:36:c8:c2:2a:c0:13:9f:be:6c:ae:c6:a2:f9:64:4c:a6:4d:
         ca:cd:af:87:63:9c:41:74:17:6f:86:be:d3:e8:c4:60:5f:b7:
         8b:eb:e1:fa
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY1Fn3AjVAEbGFGk1S6kyHhKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTI2MTE1NDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU0MzU5Zjg1MmQzZTQ5ZmQxODU2ZmY0ZDkwMzM0YzhkNzQyZmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoeO/Ty+croRSzPnkRN3gJNdEc1G+
uW9fPc8JSYg1Lu/olNy7Q1rFVzNtCGwvVm+9RII7ZkW+c4JSOqatELGpoximjmDT
KtqpItcJBaFuTEQQlbTrn4Z0ccR5x+axGl/LAsMwy6emw70Ds9NderoZHNNQ5N8/
9HJukCpEP4TBHnLPJTV0Ye/Kmi6b/wwK7P7Jeso0vFdmuId1WG6DHJm7diJpWeyB
0k24SLVUgMI1wl9iO9Erh9CX6CNovYxn0k+67YgUNK2BqkIZMeHPTi71mVlr1PKU
6fURWPPhZ31gs449pw16/vap96XKMWfq30pB6m02MxE8mZCYV1o7PiQvZQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFAZUNZ+FLT5J/RhW/02QM0yNdC/hMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvQmxRMW40VXRQa245R0ZiX1RaQXpUSTEwTC1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALViLAwQA
LV6rAwQBVdF4AwQAkhN9AwQAwR7xAwQAw7FfMA0GCSqGSIb3DQEBCwUAA4IBAQAY
eEGnUsr5mwTZL+E3SjV8W2UOpwyjhOIZmy2wCgiwFgyQYcT4ooWxDlpgDaWQKJQL
A2P96K9JcFqibBPVZYYx1TuAeETRMMzVkkdTBpP8YzYrzr77MjC1BYX5KvqUyfOc
Ir9de+sub/PjCNjIxUijHTtih1PiP7jgGe8zO/zBCw2WA4nklpJZVM/8QL0NqsWF
76ftY32cMchdJWvioyAwcYIeI+Ioy1yb+pBGFowXrorG2BvWRQFy1Rf4jRg05VP4
DWZ+VyhRuU282/UUxRUgUQTsIw07J59cNsjCKsATn75srsai+WRMpk3Kza+HY5xB
dBdvhr7T6MRgX7eL6+H6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:31 2024 by rpki-client on console-fra.rpki-client.org