Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/2PVpy-XylRZz8HgpaX-q3B-VM2M.roa
File:                     2PVpy-XylRZz8HgpaX-q3B-VM2M.roa (raw, json)
Hash identifier:          70aOAnKoXmnnGEQky2C4EGyq+5jZ+ZaYNSjwP72Q1XM=
Subject key identifier:   D8:F5:69:CB:E5:F2:95:16:73:F0:78:29:69:7F:AA:DC:1F:95:33:63
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018C3F48F42CD1DF9D5FF27A1783F1222825
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/2PVpy-XylRZz8HgpaX-q3B-VM2M.roa
Signing time:             Wed 06 Dec 2023 13:19:54 +0000
ROA not before:           Wed 06 Dec 2023 13:19:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5650
IP address blocks:        45.81.160.0/24 maxlen: 24
                          2.56.32.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:3f:48:f4:2c:d1:df:9d:5f:f2:7a:17:83:f1:22:28:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Dec  6 13:19:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d8f569cbe5f2951673f07829697faadc1f953363
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:f0:2b:5f:da:4f:18:ee:c5:3c:a4:36:52:18:
                    39:e1:e8:f9:e7:37:e3:c3:a1:c2:ae:35:92:98:dc:
                    33:0a:f4:e6:a7:b8:90:69:b3:47:08:65:ea:73:f2:
                    c2:70:41:98:8a:55:5d:6e:86:c9:16:29:e2:7b:a7:
                    b4:e2:f4:0a:be:af:02:2d:f6:a2:13:bb:dc:b7:73:
                    b6:0b:12:92:98:03:a6:80:21:27:de:d7:6a:1c:b5:
                    e3:9e:d1:86:fb:2c:fe:06:6a:69:35:b5:87:cd:10:
                    96:8c:a0:bd:79:5f:e7:3c:d7:ae:60:29:f5:26:9e:
                    04:5c:ac:9b:2a:e8:4b:12:75:57:ea:09:b9:7e:c4:
                    71:dd:f3:a4:97:82:31:4c:35:89:9f:43:25:d7:ec:
                    d9:a6:ed:6c:8e:6d:19:4f:d9:16:a9:19:bb:6e:ab:
                    9b:6b:27:63:ed:59:5d:59:d0:06:66:d4:03:4b:a0:
                    11:9a:11:e3:16:5b:ff:3b:60:7a:f5:37:a2:a5:0b:
                    b7:e2:d2:2c:b5:c5:58:73:92:b1:4a:c6:e1:2f:b3:
                    9c:79:c5:ef:e7:55:89:11:38:12:d5:1e:c7:c1:fd:
                    38:74:1d:4e:0f:d1:d6:0b:20:6e:90:cc:68:77:42:
                    b5:40:ff:e3:f2:eb:20:fe:ad:10:0f:30:8d:4f:35:
                    f0:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:F5:69:CB:E5:F2:95:16:73:F0:78:29:69:7F:AA:DC:1F:95:33:63
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/2PVpy-XylRZz8HgpaX-q3B-VM2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.32.0/22
                  45.81.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:e6:fb:3a:cd:bb:7a:30:12:43:3f:5b:6c:b2:4e:ff:8f:fb:
         3b:07:70:30:00:23:2a:bd:19:98:05:06:c6:4b:1c:8f:8e:9d:
         e7:e4:a3:ce:9d:76:8c:bc:53:89:e3:31:8c:c8:b0:3a:a4:30:
         f3:21:1d:dc:5d:5e:58:b3:bd:3e:2b:2f:69:5a:0e:44:2d:b2:
         b1:f8:17:15:64:40:84:6e:2c:aa:64:12:80:29:83:f0:9a:56:
         ce:6f:95:34:bf:4f:ca:1e:3f:32:c0:12:42:32:60:6e:f2:85:
         3e:0b:e0:50:1f:19:55:72:49:ab:ef:40:fa:d4:09:38:47:75:
         9a:e5:af:4f:cc:84:27:81:ea:68:e1:b7:43:1c:e3:6f:01:0c:
         da:06:b1:3a:a6:c8:d4:96:a6:82:cc:37:10:06:8e:37:b5:7b:
         e3:3f:e9:bf:26:88:35:94:2a:ac:12:67:b0:55:23:db:ea:28:
         92:a9:b4:32:18:aa:5f:be:c8:26:16:ac:7e:e7:dd:7a:bd:95:
         7e:14:bf:76:3f:0b:91:f4:e3:fd:bb:60:b1:26:e8:fc:69:76:
         43:b4:41:57:c2:59:cd:fc:46:3d:fe:5f:54:dd:38:2a:1d:dc:
         f8:61:a5:5d:6a:e9:91:28:3e:f3:94:7f:e4:36:51:4a:4c:62:
         08:b9:0b:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYw/SPQs0d+dX/J6F4PxIiglMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjMxMjA2MTMxOTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGY1NjljYmU1ZjI5NTE2NzNmMDc4Mjk2OTdmYWFkYzFmOTUzMzYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+/ArX9pPGO7FPKQ2Uhg54ej55zfj
w6HCrjWSmNwzCvTmp7iQabNHCGXqc/LCcEGYilVdbobJFinie6e04vQKvq8CLfai
E7vct3O2CxKSmAOmgCEn3tdqHLXjntGG+yz+BmppNbWHzRCWjKC9eV/nPNeuYCn1
Jp4EXKybKuhLEnVX6gm5fsRx3fOkl4IxTDWJn0Ml1+zZpu1sjm0ZT9kWqRm7bqub
aydj7VldWdAGZtQDS6ARmhHjFlv/O2B69TeipQu34tIstcVYc5KxSsbhL7OcecXv
51WJETgS1R7Hwf04dB1OD9HWCyBukMxod0K1QP/j8usg/q0QDzCNTzXwxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNj1acvl8pUWc/B4KWl/qtwflTNjMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvMlBWcHktWHlsUlp6OEhncGFYLXEzQi1WTTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAjggAwQA
LVGgMA0GCSqGSIb3DQEBCwUAA4IBAQBX5vs6zbt6MBJDP1tssk7/j/s7B3AwACMq
vRmYBQbGSxyPjp3n5KPOnXaMvFOJ4zGMyLA6pDDzIR3cXV5Ys70+Ky9pWg5ELbKx
+BcVZECEbiyqZBKAKYPwmlbOb5U0v0/KHj8ywBJCMmBu8oU+C+BQHxlVckmr70D6
1Ak4R3Wa5a9PzIQngepo4bdDHONvAQzaBrE6psjUlqaCzDcQBo43tXvjP+m/Jog1
lCqsEmewVSPb6iiSqbQyGKpfvsgmFqx+5916vZV+FL92PwuR9OP9u2CxJuj8aXZD
tEFXwlnN/EY9/l9U3TgqHdz4YaVdaumRKD7zlH/kNlFKTGIIuQsa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:16 2024 by rpki-client on console-fra.rpki-client.org