Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/iaZlPNKkdcFpHrTs9QMhk7q6Pss.roa
File:                     iaZlPNKkdcFpHrTs9QMhk7q6Pss.roa (raw, json)
Hash identifier:          Ctv+d0AkC6L5mQg1a+fP2iFWW4uDinbqJ1p+8p0buR0=
Subject key identifier:   89:A6:65:3C:D2:A4:75:C1:69:1E:B4:EC:F5:03:21:93:BA:BA:3E:CB
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018C30032580061AB9EE8F86325F4480F074
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/iaZlPNKkdcFpHrTs9QMhk7q6Pss.roa
Signing time:             Sun 03 Dec 2023 14:09:21 +0000
ROA not before:           Sun 03 Dec 2023 14:09:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210837
IP address blocks:        45.89.62.0/24 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:30:03:25:80:06:1a:b9:ee:8f:86:32:5f:44:80:f0:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Dec  3 14:09:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89a6653cd2a475c1691eb4ecf5032193baba3ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ea:ba:87:a1:99:d6:54:c5:e9:f2:59:20:3d:
                    24:e5:34:43:e8:ee:4c:58:e4:01:94:d2:b6:a8:dc:
                    e0:fa:80:12:fc:cd:cb:b0:21:8b:eb:1c:33:81:b3:
                    82:6e:c0:a0:f4:6e:54:91:32:56:9a:5f:a9:3f:89:
                    01:45:78:51:91:da:76:4c:45:25:b7:cc:95:1c:ac:
                    88:34:14:f5:fa:57:67:e9:d0:84:3a:4a:5d:47:3d:
                    f1:c7:6f:4e:52:6b:26:2b:e3:a1:e9:a4:04:e1:95:
                    e6:4d:27:9f:96:db:71:41:e8:d7:62:66:13:be:a9:
                    05:8d:77:a4:44:ac:e0:36:88:f7:4b:20:98:8c:fb:
                    8e:d4:6f:97:7d:c2:b9:18:4a:79:71:6c:6b:28:78:
                    c2:50:04:e7:fa:eb:0a:0f:3d:06:82:d0:bf:e8:aa:
                    48:3a:f6:ce:0f:07:74:c5:9a:f0:c3:27:00:62:6d:
                    96:40:0e:6b:ea:10:80:af:2a:c9:b4:e1:fa:8e:3d:
                    50:ef:7e:dd:2a:e1:c4:8b:d1:8f:bd:08:61:26:69:
                    c3:a0:0c:79:18:49:f4:4a:6e:df:3e:5c:ed:a9:9e:
                    27:f8:a1:11:ed:b9:42:84:c6:0d:9b:fd:6a:a4:8e:
                    83:a1:6a:7e:c9:15:42:4b:86:4c:26:3b:8d:96:09:
                    66:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:A6:65:3C:D2:A4:75:C1:69:1E:B4:EC:F5:03:21:93:BA:BA:3E:CB
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/iaZlPNKkdcFpHrTs9QMhk7q6Pss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:58:73:f8:4b:7d:25:72:a2:e3:cc:f4:6b:cd:08:aa:fc:ef:
         f5:2c:06:82:f0:a6:c8:1d:fb:7c:6f:c2:e9:a1:de:f4:d6:a8:
         e1:d7:91:a7:94:21:f0:20:e8:50:7b:4b:4c:ae:33:8d:de:a0:
         88:35:b4:2e:db:bc:3a:7e:f6:91:a7:df:5b:0a:d1:11:82:05:
         16:69:7f:f5:5c:80:eb:29:5b:dd:73:9b:c8:8d:a5:dc:75:ec:
         43:90:b5:d0:8c:8c:d1:72:b9:c5:b5:97:34:ba:cc:6c:38:2d:
         ac:b1:79:0c:a9:10:81:6b:de:81:cd:bf:d8:be:4e:b9:a9:8c:
         c9:10:44:8f:70:4a:ad:78:74:73:d1:df:10:d7:17:48:52:2e:
         9a:80:01:ab:f4:68:e1:ad:f3:23:ff:01:05:72:e9:4c:89:28:
         76:07:bf:43:60:19:90:c1:66:94:60:9f:28:a6:48:06:81:63:
         a1:60:3f:3e:b4:e7:e2:12:6c:6e:f5:2a:9c:7a:f2:b0:ac:d8:
         70:01:58:e0:95:5f:34:e4:3d:05:d9:68:42:f8:a6:73:66:df:
         23:1b:ea:11:41:14:32:c9:1c:ca:ea:a1:96:47:db:9c:f5:fb:
         e1:03:d8:df:63:ef:f9:1f:ec:da:4d:de:c6:c4:35:cd:3c:50:
         c4:95:ae:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYwwAyWABhq57o+GMl9EgPB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjMxMjAzMTQwOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWE2NjUzY2QyYTQ3NWMxNjkxZWI0ZWNmNTAzMjE5M2JhYmEzZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguq6h6GZ1lTF6fJZID0k5TRD6O5M
WOQBlNK2qNzg+oAS/M3LsCGL6xwzgbOCbsCg9G5UkTJWml+pP4kBRXhRkdp2TEUl
t8yVHKyINBT1+ldn6dCEOkpdRz3xx29OUmsmK+Oh6aQE4ZXmTSeflttxQejXYmYT
vqkFjXekRKzgNoj3SyCYjPuO1G+XfcK5GEp5cWxrKHjCUATn+usKDz0GgtC/6KpI
OvbODwd0xZrwwycAYm2WQA5r6hCAryrJtOH6jj1Q737dKuHEi9GPvQhhJmnDoAx5
GEn0Sm7fPlztqZ4n+KER7blChMYNm/1qpI6DoWp+yRVCS4ZMJjuNlglmcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImmZTzSpHXBaR607PUDIZO6uj7LMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvaWFabFBOS2tkY0ZwSHJUczlRTWhrN3E2UHNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVk+MA0G
CSqGSIb3DQEBCwUAA4IBAQDRWHP4S30lcqLjzPRrzQiq/O/1LAaC8KbIHft8b8Lp
od701qjh15GnlCHwIOhQe0tMrjON3qCINbQu27w6fvaRp99bCtERggUWaX/1XIDr
KVvdc5vIjaXcdexDkLXQjIzRcrnFtZc0usxsOC2ssXkMqRCBa96Bzb/Yvk65qYzJ
EESPcEqteHRz0d8Q1xdIUi6agAGr9GjhrfMj/wEFculMiSh2B79DYBmQwWaUYJ8o
pkgGgWOhYD8+tOfiEmxu9SqcevKwrNhwAVjglV805D0F2WhC+KZzZt8jG+oRQRQy
yRzK6qGWR9uc9fvhA9jfY+/5H+zaTd7GxDXNPFDEla4t
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:38 2024 by rpki-client on console-fra.rpki-client.org