Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/wdscZXa3z3onQx8gSsUm1uvKKbQ.roa
File:                     wdscZXa3z3onQx8gSsUm1uvKKbQ.roa (raw, json)
Hash identifier:          50k043KyAJ/NPrCk+n/jWF/KugAzAIozCmZcFPTAuKE=
Subject key identifier:   C1:DB:1C:65:76:B7:CF:7A:27:43:1F:20:4A:C5:26:D6:EB:CA:29:B4
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       0189B5C5AE34A16307F0CA0AD6CF67B67646
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/wdscZXa3z3onQx8gSsUm1uvKKbQ.roa
Signing time:             Wed 02 Aug 2023 10:22:58 +0000
ROA not before:           Wed 02 Aug 2023 10:22:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206837
IP address blocks:        46.25.127.0/24 maxlen: 24
                          77.224.174.0/24 maxlen: 24
                          77.224.180.0/24 maxlen: 24
                          46.25.145.0/24 maxlen: 24
                          46.25.159.0/24 maxlen: 24
                          77.224.201.0/24 maxlen: 24
                          77.224.218.0/24 maxlen: 24
                          46.25.185.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 23 Aug 2023 08:22:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b5:c5:ae:34:a1:63:07:f0:ca:0a:d6:cf:67:b6:76:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Aug  2 10:22:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c1db1c6576b7cf7a27431f204ac526d6ebca29b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:fe:8d:a8:20:dd:81:50:74:6b:6e:c4:2a:27:
                    53:69:91:ae:d5:56:e5:51:03:a0:77:c5:76:b2:2e:
                    20:ed:18:47:a1:a2:21:df:ed:ad:97:8c:31:ae:e7:
                    68:bd:7d:d9:82:dc:6e:f7:d1:5d:4a:fd:96:5a:9a:
                    6d:12:74:2e:75:6e:88:9c:15:f6:f2:e3:35:20:11:
                    40:6f:e9:e0:ce:66:0f:e3:7b:8e:3c:44:65:0e:3c:
                    ed:cb:c7:f0:e9:7e:21:d1:b7:04:78:0b:1c:ea:38:
                    af:9c:b6:6c:b8:f2:9b:bd:2f:5e:a0:de:33:bd:58:
                    82:f3:ad:6b:b1:87:a3:3d:c6:5e:e8:58:b2:0b:b2:
                    a8:b2:08:b3:2f:24:54:12:80:c1:5a:a7:aa:40:65:
                    8d:11:f8:21:5f:2f:06:dc:47:9f:75:05:89:65:e5:
                    c1:25:7b:0c:1d:7e:4b:33:5a:72:89:e1:ad:91:13:
                    87:b4:f7:92:d0:45:be:ad:27:64:8b:c1:f3:7a:12:
                    8c:2a:36:98:9b:8c:9a:29:68:5f:fd:6e:5f:db:ce:
                    b1:2b:3a:01:a5:31:40:74:9d:b4:73:53:46:ef:18:
                    f8:59:57:0a:60:8f:46:ab:00:f9:3b:fe:ba:97:85:
                    e4:f8:46:7e:60:58:1d:03:44:ea:52:c3:41:16:31:
                    f6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:DB:1C:65:76:B7:CF:7A:27:43:1F:20:4A:C5:26:D6:EB:CA:29:B4
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/wdscZXa3z3onQx8gSsUm1uvKKbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.25.127.0/24
                  46.25.145.0/24
                  46.25.159.0/24
                  46.25.185.0/24
                  77.224.174.0/24
                  77.224.180.0/24
                  77.224.201.0/24
                  77.224.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:3c:20:11:3a:d1:e3:ba:52:8e:d7:79:1b:96:be:18:1f:67:
         31:ed:2d:d0:ba:d5:3c:ac:bd:c5:98:56:b2:0c:98:59:f2:d0:
         7f:a8:ec:0e:27:3f:ba:13:ed:e5:ee:f8:0e:f9:47:3b:e7:ec:
         57:50:38:68:ed:30:c2:6d:80:fd:4b:41:dd:b4:f8:1a:36:9f:
         4e:f7:dc:a1:47:aa:42:12:2e:10:6b:81:23:26:e9:a9:76:d6:
         6d:50:0f:36:85:49:5b:99:54:75:e0:f1:b5:76:d2:1a:69:d6:
         e1:2e:eb:05:16:2b:22:df:71:61:ea:39:14:31:6a:a7:c9:e4:
         d5:4a:7f:91:f7:34:bb:08:d2:8e:db:3e:24:dc:87:55:78:b6:
         57:0f:fd:42:a4:5d:64:ec:fd:dc:58:c9:41:9f:ac:6b:da:2f:
         ec:b9:33:81:46:b4:de:54:45:3c:95:aa:6a:fe:11:60:ad:0e:
         23:8c:c7:b8:2c:3a:0d:86:98:1d:b5:1d:9d:20:4d:b8:56:8d:
         00:5f:7b:7a:52:41:c5:05:4a:8a:b8:11:0f:d9:54:b1:9b:7f:
         07:fd:30:48:90:a3:34:d1:b8:09:d7:24:2d:a5:b8:6c:90:31:
         10:53:35:97:37:22:c7:cf:ef:2b:28:e2:ab:52:5b:4c:a9:32:
         48:16:d2:de
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYm1xa40oWMH8MoK1s9ntnZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjMwODAyMTAyMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWRiMWM2NTc2YjdjZjdhMjc0MzFmMjA0YWM1MjZkNmViY2EyOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8/6NqCDdgVB0a27EKidTaZGu1Vbl
UQOgd8V2si4g7RhHoaIh3+2tl4wxrudovX3Zgtxu99FdSv2WWpptEnQudW6InBX2
8uM1IBFAb+ngzmYP43uOPERlDjzty8fw6X4h0bcEeAsc6jivnLZsuPKbvS9eoN4z
vViC861rsYejPcZe6FiyC7KosgizLyRUEoDBWqeqQGWNEfghXy8G3EefdQWJZeXB
JXsMHX5LM1pyieGtkROHtPeS0EW+rSdki8HzehKMKjaYm4yaKWhf/W5f286xKzoB
pTFAdJ20c1NG7xj4WVcKYI9GqwD5O/66l4Xk+EZ+YFgdA0TqUsNBFjH29QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMHbHGV2t896J0MfIErFJtbryim0MB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvd2RzY1pYYTN6M29uUXg4Z1NzVW0xdXZLS2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALhl/AwQA
LhmRAwQALhmfAwQALhm5AwQATeCuAwQATeC0AwQATeDJAwQATeDaMA0GCSqGSIb3
DQEBCwUAA4IBAQANPCAROtHjulKO13kblr4YH2cx7S3QutU8rL3FmFayDJhZ8tB/
qOwOJz+6E+3l7vgO+Uc75+xXUDho7TDCbYD9S0HdtPgaNp9O99yhR6pCEi4Qa4Ej
JumpdtZtUA82hUlbmVR14PG1dtIaadbhLusFFisi33Fh6jkUMWqnyeTVSn+R9zS7
CNKO2z4k3IdVeLZXD/1CpF1k7P3cWMlBn6xr2i/suTOBRrTeVEU8lapq/hFgrQ4j
jMe4LDoNhpgdtR2dIE24Vo0AX3t6UkHFBUqKuBEP2VSxm38H/TBIkKM00bgJ1yQt
pbhskDEQUzWXNyLHz+8rKOKrUltMqTJIFtLe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:01 2024 by rpki-client on console-fra.rpki-client.org