Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/XGUhCP3RCGSICgxASYXp3tfpTx0.roa
File:                     XGUhCP3RCGSICgxASYXp3tfpTx0.roa (raw, json)
Hash identifier:          Hx9tVFePpJksORyxZQxBCuTQAD51mUnf2ht6zn8RmEU=
Subject key identifier:   5C:65:21:08:FD:D1:08:64:88:0A:0C:40:49:85:E9:DE:D7:E9:4F:1D
Certificate issuer:       /CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
Certificate serial:       018C6D1F716A019738B75E9E61E27110D7E7
Authority key identifier: 99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/XGUhCP3RCGSICgxASYXp3tfpTx0.roa
Signing time:             Fri 15 Dec 2023 10:57:06 +0000
ROA not before:           Fri 15 Dec 2023 10:57:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210732
IP address blocks:        45.95.114.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:6d:1f:71:6a:01:97:38:b7:5e:9e:61:e2:71:10:d7:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99fee7cbd8e78d1f14a453a04b916f7c1581d204
        Validity
            Not Before: Dec 15 10:57:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c652108fdd10864880a0c404985e9ded7e94f1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:67:3a:1e:71:e2:b7:e2:e1:e0:fb:72:2f:d5:
                    3d:c9:22:be:42:9c:17:42:02:f7:84:7b:ea:8c:f6:
                    67:bc:a5:e7:41:e0:81:b8:ba:6a:bb:bf:99:ba:28:
                    c9:15:eb:7b:6f:8b:98:b3:c5:75:ff:1a:d7:41:7a:
                    c4:61:b3:12:a0:04:4e:6f:3d:f7:c0:85:c9:63:f5:
                    21:2f:ca:61:48:2f:cb:b6:d0:39:58:12:76:9f:2b:
                    e1:3f:e9:f5:2b:87:8f:32:f8:bb:3f:05:69:ab:36:
                    9f:97:aa:15:ec:54:6f:b9:c5:c7:ab:14:a6:a1:0b:
                    b5:1c:1e:cb:5b:3d:8c:d4:f9:0e:29:e5:87:5f:9a:
                    2e:a1:90:cb:04:66:f4:8e:4b:bd:51:fb:ae:12:38:
                    c6:f7:c5:1c:d4:8c:23:9f:0d:0c:40:5d:8f:81:1e:
                    15:64:1f:5d:24:b3:60:dd:d7:73:82:74:53:72:a0:
                    83:d7:3f:4e:75:60:e6:12:61:78:cb:5e:fb:4c:3d:
                    25:79:99:6e:30:be:a3:5e:24:30:d8:0f:e4:19:be:
                    55:98:ac:97:7e:f0:0c:e3:0e:14:0d:a9:41:fc:bd:
                    64:1c:9e:07:4e:1c:1b:0d:3d:92:06:53:b6:c5:db:
                    bb:2b:b1:43:e0:e5:3a:8b:88:79:38:13:9d:6b:46:
                    e1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:65:21:08:FD:D1:08:64:88:0A:0C:40:49:85:E9:DE:D7:E9:4F:1D
            X509v3 Authority Key Identifier:
                keyid:99:FE:E7:CB:D8:E7:8D:1F:14:A4:53:A0:4B:91:6F:7C:15:81:D2:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/XGUhCP3RCGSICgxASYXp3tfpTx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/0dd4cb-1f72-40ed-a657-1c22eff72818/1/mf7ny9jnjR8UpFOgS5FvfBWB0gQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:22:ae:c2:90:bb:7b:7e:ae:03:60:4d:af:87:73:4b:d7:c0:
         de:cd:6c:60:1c:62:f8:ab:bf:69:a9:2f:9b:ce:85:50:67:93:
         12:f4:b0:69:e5:14:8d:af:9b:80:0c:f4:6e:64:37:8b:48:e0:
         ec:da:e2:73:8f:bd:48:17:78:56:49:9b:a7:5e:95:e2:5e:87:
         4d:fd:f1:5f:d8:57:6e:91:f0:1f:cd:86:85:9e:7d:ff:aa:36:
         6f:1a:6a:ed:12:75:56:8b:16:00:5d:1d:c0:1f:b6:68:27:c7:
         40:fd:7a:51:54:26:b5:2d:e4:5f:3e:4c:b1:df:8e:20:e1:29:
         84:ea:48:47:ac:08:86:e3:f3:73:c1:c8:a8:4a:a4:cb:28:17:
         35:79:3a:93:8f:e6:ca:8b:21:95:ad:6c:d0:17:1e:1f:06:de:
         41:b6:f1:61:56:20:0a:c6:39:79:11:ee:b7:0b:6d:30:4d:1e:
         a9:87:d5:65:79:cb:ad:88:2b:11:f6:5d:8d:a7:3d:9f:65:eb:
         bb:d2:7b:4c:50:5d:d6:49:41:17:d5:79:d5:cd:4f:05:75:4c:
         5f:c5:59:59:db:df:9c:0d:1f:10:20:06:b4:7a:2e:30:0a:47:
         b2:14:43:1e:15:f6:71:e9:8c:02:87:ab:10:90:5b:01:bb:81:
         fe:7d:25:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxtH3FqAZc4t16eYeJxENfnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5ZmVlN2NiZDhlNzhkMWYxNGE0NTNhMDRiOTE2ZjdjMTU4
MWQyMDQwHhcNMjMxMjE1MTA1NzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzY1MjEwOGZkZDEwODY0ODgwYTBjNDA0OTg1ZTlkZWQ3ZTk0ZjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWc6HnHit+Lh4PtyL9U9ySK+QpwX
QgL3hHvqjPZnvKXnQeCBuLpqu7+ZuijJFet7b4uYs8V1/xrXQXrEYbMSoARObz33
wIXJY/UhL8phSC/LttA5WBJ2nyvhP+n1K4ePMvi7PwVpqzafl6oV7FRvucXHqxSm
oQu1HB7LWz2M1PkOKeWHX5ouoZDLBGb0jku9UfuuEjjG98Uc1Iwjnw0MQF2PgR4V
ZB9dJLNg3ddzgnRTcqCD1z9OdWDmEmF4y177TD0leZluML6jXiQw2A/kGb5VmKyX
fvAM4w4UDalB/L1kHJ4HThwbDT2SBlO2xdu7K7FD4OU6i4h5OBOda0bhAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxlIQj90QhkiAoMQEmF6d7X6U8dMB8GA1UdIwQY
MBaAFJn+58vY540fFKRToEuRb3wVgdIEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTct
MWMyMmVmZjcyODE4LzEvWEdVaENQM1JDR1NJQ2d4QVNZWHAzdGZwVHgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8wZGQ0Y2ItMWY3Mi00MGVkLWE2NTctMWMyMmVmZjcyODE4
LzEvbWY3bnk5am5qUjhVcEZPZ1M1RnZmQldCMGdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9yMA0G
CSqGSIb3DQEBCwUAA4IBAQATIq7CkLt7fq4DYE2vh3NL18DezWxgHGL4q79pqS+b
zoVQZ5MS9LBp5RSNr5uADPRuZDeLSODs2uJzj71IF3hWSZunXpXiXodN/fFf2Fdu
kfAfzYaFnn3/qjZvGmrtEnVWixYAXR3AH7ZoJ8dA/XpRVCa1LeRfPkyx344g4SmE
6khHrAiG4/NzwcioSqTLKBc1eTqTj+bKiyGVrWzQFx4fBt5BtvFhViAKxjl5Ee63
C20wTR6ph9VlecutiCsR9l2Npz2fZeu70ntMUF3WSUEX1XnVzU8FdUxfxVlZ29+c
DR8QIAa0ei4wCkeyFEMeFfZx6YwCh6sQkFsBu4H+fSUI
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:37 2024 by rpki-client on console-ams.rpki-client.org