Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/qUzmzt-lLhnw1sY3DGQYobTmhE4.roa
File:                     qUzmzt-lLhnw1sY3DGQYobTmhE4.roa (raw, json)
Hash identifier:          xlDDwX+kNvyvQAhe2pmrhOzfgLJFaKo897VQWWBYy/s=
Subject key identifier:   A9:4C:E6:CE:DF:A5:2E:19:F0:D6:C6:37:0C:64:18:A1:B4:E6:84:4E
Certificate issuer:       /CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
Certificate serial:       018CC2DABC3A71B9D6D2E326D601C97CF2DF
Authority key identifier: B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/qUzmzt-lLhnw1sY3DGQYobTmhE4.roa
Signing time:             Mon 01 Jan 2024 02:29:24 +0000
ROA not before:           Mon 01 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216154
IP address blocks:        45.10.172.0/23 maxlen: 23
                          84.252.102.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Wed 14 Feb 2024 11:08:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:bc:3a:71:b9:d6:d2:e3:26:d6:01:c9:7c:f2:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b21a3f4af94a580eb9e7b58542a0084b21c2b09b
        Validity
            Not Before: Jan  1 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a94ce6cedfa52e19f0d6c6370c6418a1b4e6844e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:49:dc:d9:25:5d:8a:ee:a7:47:f3:16:90:ee:
                    1f:25:3f:8c:43:04:7c:82:dd:ff:8b:fa:99:75:5f:
                    bb:03:ce:fa:f4:c2:cf:ae:8a:48:b1:83:e2:1d:68:
                    30:38:1a:27:78:6b:45:a5:97:01:80:e9:ae:8e:30:
                    c1:0b:fe:6f:ba:ec:d6:f3:e1:09:13:f3:4f:a9:f9:
                    9e:1c:fa:97:94:5d:fe:e9:29:ea:5e:66:4d:84:49:
                    03:a6:d8:51:a9:c3:a2:72:6f:1f:b9:45:6f:c5:e8:
                    8a:85:c4:e1:02:b5:dc:04:43:12:e0:bd:4b:ef:9e:
                    80:ff:6b:21:7e:c6:36:bf:9a:5c:77:92:28:c2:66:
                    af:a7:0c:af:e4:45:98:01:1d:54:88:4d:2a:77:73:
                    33:70:ac:c6:57:e8:44:ee:f5:cf:50:ed:42:25:2a:
                    df:c9:5a:1c:10:c8:4e:b7:90:04:91:26:67:f9:59:
                    9a:99:50:a6:9e:e2:8a:28:ba:64:2c:ee:95:60:02:
                    36:cc:38:12:46:c5:1b:94:69:83:28:0b:e2:bc:9b:
                    72:8a:d9:04:81:ad:0b:9a:72:4e:19:75:61:c5:51:
                    63:b2:19:6d:f9:28:0e:78:26:84:ba:f7:7d:7f:60:
                    f5:9e:c1:6b:3a:af:72:1e:53:ff:0c:b0:39:07:86:
                    d3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4C:E6:CE:DF:A5:2E:19:F0:D6:C6:37:0C:64:18:A1:B4:E6:84:4E
            X509v3 Authority Key Identifier:
                keyid:B2:1A:3F:4A:F9:4A:58:0E:B9:E7:B5:85:42:A0:08:4B:21:C2:B0:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sho_SvlKWA6557WFQqAISyHCsJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/qUzmzt-lLhnw1sY3DGQYobTmhE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/991f1c-999b-4f75-b0bf-5129172b6966/1/sho_SvlKWA6557WFQqAISyHCsJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.172.0/23
                  84.252.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         15:08:af:71:b6:7b:ca:63:12:15:80:11:a5:2f:75:bc:a1:81:
         74:34:d5:1a:ff:a6:12:e7:38:24:1e:f5:72:8c:5e:02:01:27:
         d5:1f:fa:4a:fd:a6:5d:0f:69:cb:ef:e4:63:0d:b8:73:de:20:
         7b:4c:bd:3b:68:5d:96:61:46:da:7a:82:a6:94:7f:94:58:a2:
         cf:dd:25:25:cb:e2:86:ad:5f:db:72:e4:8c:96:da:b4:b2:ef:
         92:f9:2b:73:3b:be:e6:85:f7:61:96:a4:95:f5:ac:5d:15:7a:
         83:fe:6e:a5:76:e3:7b:ce:dc:72:e1:ec:e9:b5:15:b9:d3:97:
         72:4b:64:48:c6:1a:ef:d1:d5:2e:f5:ce:3f:e4:95:97:4e:0a:
         05:2f:68:47:73:db:10:c4:8f:89:91:bc:54:ff:b7:93:93:58:
         aa:53:01:76:f9:b4:14:b0:bc:4f:57:68:c5:c9:ec:0f:06:b2:
         f1:6b:27:ea:11:d3:7f:8e:5c:ef:3c:e6:ed:9d:fd:44:ee:90:
         d8:f3:97:14:35:af:3a:76:6c:44:da:0a:8e:16:60:b3:b4:da:
         2f:95:f0:23:6e:66:f1:ef:60:73:37:a5:2e:12:ed:2f:2e:39:
         5b:a6:cf:d5:50:ec:46:35:32:6a:0a:33:fc:54:dc:9b:cb:57:
         af:d7:10:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2rw6cbnW0uMm1gHJfPLfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyMWEzZjRhZjk0YTU4MGViOWU3YjU4NTQyYTAwODRiMjFj
MmIwOWIwHhcNMjQwMTAxMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTRjZTZjZWRmYTUyZTE5ZjBkNmM2MzcwYzY0MThhMWI0ZTY4NDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEnc2SVdiu6nR/MWkO4fJT+MQwR8
gt3/i/qZdV+7A8769MLPropIsYPiHWgwOBoneGtFpZcBgOmujjDBC/5vuuzW8+EJ
E/NPqfmeHPqXlF3+6SnqXmZNhEkDpthRqcOicm8fuUVvxeiKhcThArXcBEMS4L1L
756A/2shfsY2v5pcd5Iowmavpwyv5EWYAR1UiE0qd3MzcKzGV+hE7vXPUO1CJSrf
yVocEMhOt5AEkSZn+VmamVCmnuKKKLpkLO6VYAI2zDgSRsUblGmDKAvivJtyitkE
ga0LmnJOGXVhxVFjshlt+SgOeCaEuvd9f2D1nsFrOq9yHlP/DLA5B4bTmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKlM5s7fpS4Z8NbGNwxkGKG05oROMB8GA1UdIwQY
MBaAFLIaP0r5SlgOuee1hUKgCEshwrCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYt
NTEyOTE3MmI2OTY2LzEvcVV6bXp0LWxMaG53MXNZM0RHUVlvYlRtaEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85OTFmMWMtOTk5Yi00Zjc1LWIwYmYtNTEyOTE3MmI2OTY2
LzEvc2hvX1N2bEtXQTY1NTdXRlFxQUlTeUhDc0pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQqsAwQB
VPxmMA0GCSqGSIb3DQEBCwUAA4IBAQAVCK9xtnvKYxIVgBGlL3W8oYF0NNUa/6YS
5zgkHvVyjF4CASfVH/pK/aZdD2nL7+RjDbhz3iB7TL07aF2WYUbaeoKmlH+UWKLP
3SUly+KGrV/bcuSMltq0su+S+StzO77mhfdhlqSV9axdFXqD/m6lduN7ztxy4ezp
tRW505dyS2RIxhrv0dUu9c4/5JWXTgoFL2hHc9sQxI+JkbxU/7eTk1iqUwF2+bQU
sLxPV2jFyewPBrLxayfqEdN/jlzvPObtnf1E7pDY85cUNa86dmxE2gqOFmCztNov
lfAjbmbx72BzN6UuEu0vLjlbps/VUOxGNTJqCjP8VNyby1ev1xBM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:18 2024 by rpki-client on console-fra.rpki-client.org