Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/PCQb5tlN9cYXqLVuzrZW_1DNh2c.roa
File:                     PCQb5tlN9cYXqLVuzrZW_1DNh2c.roa (raw, json)
Hash identifier:          SjE452+nw06RfZX9bl747g7tgrx0JjQGzo8MgEMNiyk=
Subject key identifier:   3C:24:1B:E6:D9:4D:F5:C6:17:A8:B5:6E:CE:B6:56:FF:50:CD:87:67
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       0186A3810EAEA21B796C15EFE02B57998B8A
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/PCQb5tlN9cYXqLVuzrZW_1DNh2c.roa
Signing time:             Thu 02 Mar 2023 18:06:29 +0000
ROA not before:           Thu 02 Mar 2023 18:06:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6134
IP address blocks:        45.131.179.0/24 maxlen: 24
                          91.217.160.0/24 maxlen: 24
                          193.227.103.0/24 maxlen: 24
                          193.227.109.0/24 maxlen: 24
                          193.227.114.0/24 maxlen: 24
                          193.200.149.0/24 maxlen: 24
                          193.200.152.0/24 maxlen: 24
                          45.132.238.0/24 maxlen: 24
                          45.132.239.0/24 maxlen: 24
                          91.238.207.0/24 maxlen: 24
                          45.128.146.0/24 maxlen: 24
                          45.128.147.0/24 maxlen: 24
                          45.137.11.0/24 maxlen: 24
                          45.137.10.0/24 maxlen: 24
                          2a12:a380::/48 maxlen: 48
                          2a12:a380::/29 maxlen: 48

Validation:               Failed, certificate revoked on Sat 22 Apr 2023 14:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a3:81:0e:ae:a2:1b:79:6c:15:ef:e0:2b:57:99:8b:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Mar  2 18:06:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3c241be6d94df5c617a8b56eceb656ff50cd8767
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:00:70:53:d0:c5:15:8f:c5:d5:bb:53:8e:44:
                    29:9b:45:9d:8c:dd:dc:e2:91:66:31:c5:08:80:96:
                    10:a1:3c:59:1a:6a:ff:32:81:f1:f4:7f:38:a5:fc:
                    a7:f0:7a:34:34:e2:4c:48:fd:27:13:e7:67:31:6e:
                    aa:69:6c:8c:27:18:c3:54:ed:60:91:4a:5c:1e:6d:
                    ec:15:96:ed:65:cc:b8:ad:04:f9:f4:d0:ea:36:db:
                    21:98:eb:e0:d2:92:3e:98:3c:ec:1c:c0:e4:e4:94:
                    44:46:40:d8:66:40:fc:27:99:51:15:ae:e3:78:46:
                    ca:34:40:61:d8:d8:15:50:f8:c5:2a:58:11:7f:84:
                    0e:80:a4:04:36:91:6f:a6:cb:35:71:86:10:67:cc:
                    72:2e:f6:12:40:64:c4:e3:9f:f8:ef:13:fe:7b:9d:
                    e5:4c:b1:81:37:98:20:da:67:e3:4e:5c:d9:ea:14:
                    6e:33:f9:86:09:24:58:ea:a3:38:63:e6:5e:6f:82:
                    2d:a8:a1:3c:9a:24:ed:5a:09:27:cf:52:de:bd:d0:
                    bf:aa:22:78:05:6e:8d:25:71:db:ff:09:7b:fc:d2:
                    86:b9:42:34:7e:10:29:a1:89:d9:9e:d7:87:5f:f6:
                    44:7d:65:40:1e:d8:4d:10:b1:ae:1b:1f:53:af:64:
                    71:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:24:1B:E6:D9:4D:F5:C6:17:A8:B5:6E:CE:B6:56:FF:50:CD:87:67
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/PCQb5tlN9cYXqLVuzrZW_1DNh2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.146.0/23
                  45.131.179.0/24
                  45.132.238.0/23
                  45.137.10.0/23
                  91.217.160.0/24
                  91.238.207.0/24
                  193.200.149.0/24
                  193.200.152.0/24
                  193.227.103.0/24
                  193.227.109.0/24
                  193.227.114.0/24
                IPv6:
                  2a12:a380::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:3f:41:f5:bc:70:58:59:42:57:4e:3f:3a:ee:24:b0:eb:ab:
         96:28:bb:ab:ff:82:1d:cc:aa:1b:58:ab:8a:ef:6b:6b:69:e2:
         e4:13:54:5b:03:b5:06:6f:5e:92:ad:1e:32:a9:1c:a7:a9:1d:
         79:65:6e:4a:58:c5:f5:0f:1c:b7:5c:e4:6c:eb:71:12:ea:68:
         78:ef:a2:a5:52:b2:07:b3:9c:3c:fe:19:f0:e3:3d:52:ce:19:
         47:65:1d:3f:cd:b2:db:4e:5f:7c:0f:cd:e6:62:d2:63:40:39:
         1b:0c:6e:a7:eb:ea:90:01:69:d4:1b:d8:4f:ec:a1:31:fd:c3:
         43:0d:64:8d:b6:dc:50:0f:21:7b:9f:3f:59:ee:28:70:80:f1:
         50:9a:f4:8e:48:1b:0f:61:94:b1:64:8a:c0:0f:22:0a:e1:f6:
         d7:1e:78:aa:28:55:1c:32:6e:08:79:ef:d6:ee:ed:7e:4d:df:
         ab:52:82:1a:b5:b5:76:e9:11:6b:e4:3e:5d:71:48:f2:ea:81:
         75:eb:81:50:61:73:42:0c:c8:99:15:92:9a:be:9c:7a:3a:f6:
         a2:76:e7:d0:dc:25:7c:59:8e:87:9f:99:21:17:90:af:12:6d:
         bc:76:f6:22:d4:04:94:e6:0b:ac:fb:0b:4f:9a:6a:30:f0:7e:
         ef:ca:d9:85
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYajgQ6uoht5bBXv4CtXmYuKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjMwMzAyMTgwNjI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzI0MWJlNmQ5NGRmNWM2MTdhOGI1NmVjZWI2NTZmZjUwY2Q4NzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8wBwU9DFFY/F1btTjkQpm0WdjN3c
4pFmMcUIgJYQoTxZGmr/MoHx9H84pfyn8Ho0NOJMSP0nE+dnMW6qaWyMJxjDVO1g
kUpcHm3sFZbtZcy4rQT59NDqNtshmOvg0pI+mDzsHMDk5JRERkDYZkD8J5lRFa7j
eEbKNEBh2NgVUPjFKlgRf4QOgKQENpFvpss1cYYQZ8xyLvYSQGTE45/47xP+e53l
TLGBN5gg2mfjTlzZ6hRuM/mGCSRY6qM4Y+Zeb4ItqKE8miTtWgknz1LevdC/qiJ4
BW6NJXHb/wl7/NKGuUI0fhApoYnZnteHX/ZEfWVAHthNELGuGx9Tr2RxzwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFDwkG+bZTfXGF6i1bs62Vv9QzYdnMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvUENRYjV0bE45Y1lYcUxWdXpyWldfMUROaDJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQBLYCSAwQA
LYOzAwQBLYTuAwQBLYkKAwQAW9mgAwQAW+7PAwQAwciVAwQAwciYAwQAweNnAwQA
weNtAwQAweNyMA0EAgACMAcDBQMqEqOAMA0GCSqGSIb3DQEBCwUAA4IBAQAUP0H1
vHBYWUJXTj867iSw66uWKLur/4IdzKobWKuK72traeLkE1RbA7UGb16SrR4yqRyn
qR15ZW5KWMX1Dxy3XORs63ES6mh476KlUrIHs5w8/hnw4z1SzhlHZR0/zbLbTl98
D83mYtJjQDkbDG6n6+qQAWnUG9hP7KEx/cNDDWSNttxQDyF7nz9Z7ihwgPFQmvSO
SBsPYZSxZIrADyIK4fbXHniqKFUcMm4Iee/W7u1+Td+rUoIatbV26RFr5D5dcUjy
6oF164FQYXNCDMiZFZKavpx6OvaidufQ3CV8WY6Hn5khF5CvEm28dvYi1ASU5gus
+wtPmmow8H7vytmF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:11 2024 by rpki-client on console-ams.rpki-client.org