Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/xZsw16dcBQ59gM7XYzF5ePgipJY.roa
File:                     xZsw16dcBQ59gM7XYzF5ePgipJY.roa (raw, json)
Hash identifier:          /wbqTE16kw/diG/IjnuXB2mzL6KU0CexoN5l0CP5SWs=
Subject key identifier:   C5:9B:30:D7:A7:5C:05:0E:7D:80:CE:D7:63:31:79:78:F8:22:A4:96
Certificate issuer:       /CN=5188dedacdc240b4b2f786f12342e0a83d8ae80f
Certificate serial:       01856F7972BF2FD076631BED71A97E2A1F0E
Authority key identifier: 51:88:DE:DA:CD:C2:40:B4:B2:F7:86:F1:23:42:E0:A8:3D:8A:E8:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UYje2s3CQLSy94bxI0LgqD2K6A8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/xZsw16dcBQ59gM7XYzF5ePgipJY.roa
Signing time:             Sun 01 Jan 2023 22:35:08 +0000
ROA not before:           Sun 01 Jan 2023 22:35:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208366
IP address blocks:        45.142.220.0/22 maxlen: 22
                          45.142.221.0/24 maxlen: 24
                          45.142.223.0/24 maxlen: 24
                          45.142.220.0/24 maxlen: 24
                          45.142.222.0/24 maxlen: 24
                          2a0e:dbc0::/48 maxlen: 48
                          2a0e:dbc0:3::/48 maxlen: 48
                          2a0e:dbc0:1::/48 maxlen: 48
                          2a0e:dbc0::/29 maxlen: 29
                          2a0e:dbc0:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:79:72:bf:2f:d0:76:63:1b:ed:71:a9:7e:2a:1f:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5188dedacdc240b4b2f786f12342e0a83d8ae80f
        Validity
            Not Before: Jan  1 22:35:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c59b30d7a75c050e7d80ced763317978f822a496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:31:2c:53:d6:b1:dd:d2:74:02:71:7e:b4:72:
                    c7:0b:ad:f1:a0:13:2a:c4:a4:e8:4c:83:53:1e:56:
                    93:6c:fb:d9:06:02:58:b8:0e:00:ab:c5:15:45:d0:
                    01:5d:34:89:38:1f:cc:5e:b2:9e:07:40:e4:4a:65:
                    19:63:df:2b:c8:c8:90:06:ba:77:ac:a0:92:83:eb:
                    84:62:c7:46:25:49:b2:5e:3b:1b:60:a6:6e:42:f8:
                    ec:a3:16:66:92:79:c1:54:db:ff:9f:54:57:e2:7f:
                    d9:e0:d6:7a:2c:61:20:0c:15:52:48:05:a4:ea:49:
                    8f:61:66:ad:81:a5:40:5f:6a:ba:65:e7:cf:ed:c7:
                    1a:ec:89:1f:b6:8e:70:9d:a8:5c:59:12:b8:09:60:
                    ea:c1:75:4e:a8:ed:cb:40:38:68:88:a3:fc:d2:d9:
                    78:10:d4:98:52:25:67:c6:f5:a9:fe:10:c4:56:11:
                    e3:b4:31:27:66:31:bf:d2:d4:82:38:03:56:d4:7d:
                    20:97:ff:09:02:d8:db:86:c9:54:a6:34:3b:56:ae:
                    bd:d0:9d:aa:49:d4:91:cc:78:43:43:41:8a:fa:50:
                    b1:b9:ad:17:7a:6e:b1:19:a2:55:56:da:11:52:ff:
                    08:fc:36:e4:6f:04:e0:62:27:fa:54:46:99:98:ed:
                    9c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:9B:30:D7:A7:5C:05:0E:7D:80:CE:D7:63:31:79:78:F8:22:A4:96
            X509v3 Authority Key Identifier:
                keyid:51:88:DE:DA:CD:C2:40:B4:B2:F7:86:F1:23:42:E0:A8:3D:8A:E8:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UYje2s3CQLSy94bxI0LgqD2K6A8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/xZsw16dcBQ59gM7XYzF5ePgipJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/UYje2s3CQLSy94bxI0LgqD2K6A8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.220.0/22
                IPv6:
                  2a0e:dbc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:76:1d:83:ae:09:6b:fc:1a:56:d0:fb:21:70:28:67:cb:b5:
         a6:9a:f5:d7:54:18:64:a3:0e:05:ca:24:4a:62:9d:87:1a:30:
         83:d8:d9:3b:f5:ea:ef:21:44:bc:db:fd:21:99:a6:b6:9c:35:
         13:e8:96:cb:ac:d2:3d:9a:8a:c6:91:84:fa:30:b1:4e:f2:3d:
         46:a8:c8:b4:79:48:2b:96:24:55:f0:dc:8a:f5:7d:e7:88:30:
         a7:50:9b:82:a2:91:07:98:9d:c6:16:f9:36:f5:03:af:86:0f:
         8e:5f:21:1b:3b:12:fe:db:3f:e7:03:f2:a1:c4:a7:36:bd:70:
         2e:db:21:f5:82:6c:2b:30:f6:5a:63:24:bd:cf:01:c9:e7:f4:
         ed:58:76:c5:49:3f:dd:cd:64:85:b8:43:2c:c5:8f:81:2f:52:
         8d:f4:16:f6:fe:74:57:b6:b3:c6:f8:6e:52:c2:f8:ef:be:4c:
         cb:f4:cc:c8:e7:1b:d1:69:be:0a:86:0c:bd:52:2f:f2:22:dd:
         57:a6:ce:f4:25:ed:e9:54:d5:d4:87:f4:9d:8e:2f:2b:27:ef:
         6a:4c:ed:29:21:89:36:ab:27:aa:07:ef:04:c5:93:07:a9:34:
         e7:fe:09:70:a5:0c:ef:e8:82:2b:c8:e4:b2:cf:fe:6c:64:16:
         f0:39:d5:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVveXK/L9B2Yxvtcal+Kh8OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxODhkZWRhY2RjMjQwYjRiMmY3ODZmMTIzNDJlMGE4M2Q4
YWU4MGYwHhcNMjMwMTAxMjIzNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTliMzBkN2E3NWMwNTBlN2Q4MGNlZDc2MzMxNzk3OGY4MjJhNDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDEsU9ax3dJ0AnF+tHLHC63xoBMq
xKToTINTHlaTbPvZBgJYuA4Aq8UVRdABXTSJOB/MXrKeB0DkSmUZY98ryMiQBrp3
rKCSg+uEYsdGJUmyXjsbYKZuQvjsoxZmknnBVNv/n1RX4n/Z4NZ6LGEgDBVSSAWk
6kmPYWatgaVAX2q6ZefP7cca7Ikfto5wnahcWRK4CWDqwXVOqO3LQDhoiKP80tl4
ENSYUiVnxvWp/hDEVhHjtDEnZjG/0tSCOANW1H0gl/8JAtjbhslUpjQ7Vq690J2q
SdSRzHhDQ0GK+lCxua0Xem6xGaJVVtoRUv8I/DbkbwTgYif6VEaZmO2cvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMWbMNenXAUOfYDO12MxeXj4IqSWMB8GA1UdIwQY
MBaAFFGI3trNwkC0sveG8SNC4Kg9iugPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVlqZTJzM0NRTFN5OTRieEkwTGdxRDJLNkE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xZmFhM2UtODg0Yy00NDVmLTg0NWQt
NzliM2RiNjU5ZGZjLzEveFpzdzE2ZGNCUTU5Z003WFl6RjVlUGdpcEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xZmFhM2UtODg0Yy00NDVmLTg0NWQtNzliM2RiNjU5ZGZj
LzEvVVlqZTJzM0NRTFN5OTRieEkwTGdxRDJLNkE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY7cMA0E
AgACMAcDBQMqDtvAMA0GCSqGSIb3DQEBCwUAA4IBAQCJdh2Drglr/BpW0PshcChn
y7WmmvXXVBhkow4FyiRKYp2HGjCD2Nk79ervIUS82/0hmaa2nDUT6JbLrNI9morG
kYT6MLFO8j1GqMi0eUgrliRV8NyK9X3niDCnUJuCopEHmJ3GFvk29QOvhg+OXyEb
OxL+2z/nA/KhxKc2vXAu2yH1gmwrMPZaYyS9zwHJ5/TtWHbFST/dzWSFuEMsxY+B
L1KN9Bb2/nRXtrPG+G5SwvjvvkzL9MzI5xvRab4Khgy9Ui/yIt1Xps70Je3pVNXU
h/Sdji8rJ+9qTO0pIYk2qyeqB+8ExZMHqTTn/glwpQzv6IIryOSyz/5sZBbwOdWW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:47 2024 by rpki-client on console-fra.rpki-client.org