Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/IBd-z-0ExIyDvRPxM3-cQYngVto.roa
File:                     IBd-z-0ExIyDvRPxM3-cQYngVto.roa (raw, json)
Hash identifier:          vVMSHz5Hpt9hK3DFQu9PVcG5WWzGyBNFmlSk7fip6JA=
Subject key identifier:   20:17:7E:CF:ED:04:C4:8C:83:BD:13:F1:33:7F:9C:41:89:E0:56:DA
Certificate issuer:       /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial:       01856ECB965459CB99680736518780F4432E
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/IBd-z-0ExIyDvRPxM3-cQYngVto.roa
Signing time:             Sun 01 Jan 2023 19:25:14 +0000
ROA not before:           Sun 01 Jan 2023 19:25:14 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     399641
IP address blocks:        45.155.67.0/24 maxlen: 24
                          45.155.66.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:cb:96:54:59:cb:99:68:07:36:51:87:80:f4:43:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
        Validity
            Not Before: Jan  1 19:25:14 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20177ecfed04c48c83bd13f1337f9c4189e056da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:14:dc:aa:9f:c9:a3:79:f6:e1:36:78:31:8f:
                    8d:a9:e0:b4:fd:6c:4b:df:5d:5b:18:5f:27:b1:f3:
                    37:91:af:2b:f3:77:09:e8:4d:b6:7f:72:88:8e:b7:
                    48:bf:77:6c:49:26:96:db:b1:bb:3d:c1:a0:00:21:
                    3f:56:36:93:d8:1e:b2:b5:84:48:7e:40:f3:9e:6a:
                    fe:0f:b3:99:62:6f:81:02:b0:cf:f4:06:1b:02:e0:
                    25:c6:6a:ad:ca:2e:9a:5c:89:4d:f4:6d:ec:c9:7f:
                    ed:da:8a:69:4f:c8:79:5d:76:fe:2d:61:96:3f:a6:
                    36:02:5f:a2:4f:22:10:f2:6d:5a:6f:00:fd:1e:c0:
                    87:a1:98:26:86:7c:7f:8e:82:33:55:66:c3:1e:c9:
                    4c:4e:0a:7c:60:4e:e5:7c:79:63:94:87:12:e2:b0:
                    cc:d7:91:71:8f:b6:da:da:20:ce:bc:8c:92:1f:fd:
                    80:f4:55:fd:12:64:5d:b0:68:9f:78:dc:17:d7:c2:
                    e9:49:54:1e:b6:80:8e:03:82:61:cb:74:ab:ab:51:
                    09:4b:92:49:31:d0:00:3b:2f:de:f4:c8:70:20:04:
                    8c:89:9b:05:04:a5:1e:34:8a:f5:01:a8:b7:3f:8e:
                    8f:29:50:1b:f0:4c:9a:38:a1:fd:56:1c:fa:8f:76:
                    50:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:17:7E:CF:ED:04:C4:8C:83:BD:13:F1:33:7F:9C:41:89:E0:56:DA
            X509v3 Authority Key Identifier:
                keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/IBd-z-0ExIyDvRPxM3-cQYngVto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:bb:1d:61:12:33:7c:d0:16:0b:cc:5c:24:a1:d0:26:81:95:
         73:33:f5:65:af:46:97:32:9b:01:c9:53:92:ad:ad:42:3e:16:
         68:b8:eb:8f:69:36:36:b9:54:f4:7d:2c:ee:8b:d5:e0:1c:d0:
         08:83:b8:59:c3:d3:ee:56:5b:0a:4e:7e:bf:00:92:8e:c6:d7:
         5e:4c:8f:70:13:63:da:30:43:50:8c:10:d8:18:92:68:6f:da:
         08:41:70:f5:dd:c6:39:55:66:34:ef:5f:74:c2:a8:8e:2f:06:
         9e:00:4b:5d:16:c6:a9:44:2e:c6:8e:ff:06:32:f8:e0:01:f2:
         2e:72:43:1f:b6:1f:14:30:ce:5d:73:bc:b6:07:fe:e1:18:a6:
         24:63:95:50:4b:d7:45:b5:ae:5d:2e:b4:5f:fd:ad:a9:2d:72:
         b0:bf:5c:76:80:90:2a:20:7a:8c:80:87:87:83:3b:ca:f5:a8:
         16:cd:f8:a8:a3:30:1c:16:bc:2b:f3:65:78:73:d5:f5:2b:be:
         94:00:1a:8e:f4:8d:ef:46:b4:51:81:78:9f:3c:0a:46:05:b6:
         b7:c5:03:8a:7a:9e:79:d5:e5:e8:3c:c6:9a:ea:03:82:40:b5:
         ab:b6:1f:15:8a:a3:62:1b:74:bd:14:04:c4:5f:ac:ec:fc:a0:
         60:8d:d3:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuy5ZUWcuZaAc2UYeA9EMuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjMwMTAxMTkyNTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDE3N2VjZmVkMDRjNDhjODNiZDEzZjEzMzdmOWM0MTg5ZTA1NmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RTcqp/Jo3n24TZ4MY+NqeC0/WxL
311bGF8nsfM3ka8r83cJ6E22f3KIjrdIv3dsSSaW27G7PcGgACE/VjaT2B6ytYRI
fkDznmr+D7OZYm+BArDP9AYbAuAlxmqtyi6aXIlN9G3syX/t2oppT8h5XXb+LWGW
P6Y2Al+iTyIQ8m1abwD9HsCHoZgmhnx/joIzVWbDHslMTgp8YE7lfHljlIcS4rDM
15Fxj7ba2iDOvIySH/2A9FX9EmRdsGifeNwX18LpSVQetoCOA4Jhy3Srq1EJS5JJ
MdAAOy/e9MhwIASMiZsFBKUeNIr1Aai3P46PKVAb8EyaOKH9Vhz6j3ZQ9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAXfs/tBMSMg70T8TN/nEGJ4FbaMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvSUJkLXotMEV4SXlEdlJQeE0zLWNRWW5nVnRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZtCMA0G
CSqGSIb3DQEBCwUAA4IBAQBMux1hEjN80BYLzFwkodAmgZVzM/Vlr0aXMpsByVOS
ra1CPhZouOuPaTY2uVT0fSzui9XgHNAIg7hZw9PuVlsKTn6/AJKOxtdeTI9wE2Pa
MENQjBDYGJJob9oIQXD13cY5VWY07190wqiOLwaeAEtdFsapRC7Gjv8GMvjgAfIu
ckMfth8UMM5dc7y2B/7hGKYkY5VQS9dFta5dLrRf/a2pLXKwv1x2gJAqIHqMgIeH
gzvK9agWzfioozAcFrwr82V4c9X1K76UABqO9I3vRrRRgXifPApGBba3xQOKep55
1eXoPMaa6gOCQLWrth8ViqNiG3S9FATEX6zs/KBgjdOo
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:49:57 2024 by rpki-client on console-fra.rpki-client.org