Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/R8IxEA9B1spbsl1Hmjl0STX2yr0.roa
File:                     R8IxEA9B1spbsl1Hmjl0STX2yr0.roa (raw, json)
Hash identifier:          XSIxLURlZB6LABFIGxyw58+iTOi0a8s8pYKlzwhhxk8=
Subject key identifier:   47:C2:31:10:0F:41:D6:CA:5B:B2:5D:47:9A:39:74:49:35:F6:CA:BD
Certificate issuer:       /CN=d2b36ad28e521edab4b4dea349a27772d4b2a7be
Certificate serial:       0185730CBBD22872D6C6B7BAA12BA7455A16
Authority key identifier: D2:B3:6A:D2:8E:52:1E:DA:B4:B4:DE:A3:49:A2:77:72:D4:B2:A7:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/R8IxEA9B1spbsl1Hmjl0STX2yr0.roa
Signing time:             Mon 02 Jan 2023 15:14:52 +0000
ROA not before:           Mon 02 Jan 2023 15:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43487
IP address blocks:        91.240.182.0/24 maxlen: 24
                          91.240.181.0/24 maxlen: 24
                          91.240.180.0/22 maxlen: 22
                          91.240.180.0/24 maxlen: 24
                          91.240.183.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:0c:bb:d2:28:72:d6:c6:b7:ba:a1:2b:a7:45:5a:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2b36ad28e521edab4b4dea349a27772d4b2a7be
        Validity
            Not Before: Jan  2 15:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47c231100f41d6ca5bb25d479a39744935f6cabd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:42:ac:1a:a5:2f:5b:4e:cb:5b:69:4c:81:32:
                    d0:fe:ce:45:64:2d:a2:66:e3:aa:78:52:af:b2:5b:
                    9f:38:b8:86:38:59:60:6f:52:75:2b:5c:1f:ec:96:
                    68:12:36:b6:dd:b6:2d:31:1f:fb:ef:8f:a1:c9:de:
                    ac:db:77:ec:59:a7:10:a4:48:cc:dd:07:91:3a:5d:
                    24:8d:74:d4:28:66:4b:04:e4:05:08:74:14:21:b1:
                    08:70:b0:44:1e:d6:0e:4b:f6:47:f1:db:9a:b0:2c:
                    a2:83:38:ef:5e:34:40:aa:eb:d9:f8:3b:40:3e:a4:
                    e7:8f:a1:30:45:7b:12:60:92:12:79:fa:c0:1d:40:
                    e9:4a:23:69:7d:ae:bb:b3:7d:a1:e0:76:00:bf:5e:
                    78:91:42:6a:ed:19:95:a6:15:fd:b4:50:a3:0f:b5:
                    8a:e7:2b:34:c9:38:e5:c6:57:12:3f:20:78:0a:85:
                    9f:2e:29:ca:88:09:a8:46:b8:31:45:9a:8b:c1:f3:
                    8d:7f:61:a6:85:a0:5a:0c:c4:28:eb:1e:e6:78:73:
                    12:f2:0a:82:df:eb:f3:e2:c8:8b:4b:dc:1a:e0:44:
                    d7:e5:18:cd:43:0e:88:b1:6b:84:ce:47:22:95:77:
                    35:c5:2a:97:f2:4c:2e:6e:4b:84:5b:16:f0:5e:91:
                    03:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C2:31:10:0F:41:D6:CA:5B:B2:5D:47:9A:39:74:49:35:F6:CA:BD
            X509v3 Authority Key Identifier:
                keyid:D2:B3:6A:D2:8E:52:1E:DA:B4:B4:DE:A3:49:A2:77:72:D4:B2:A7:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0rNq0o5SHtq0tN6jSaJ3ctSyp74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/R8IxEA9B1spbsl1Hmjl0STX2yr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/3a9a0b-d424-4eca-a938-92a877bb19f7/1/0rNq0o5SHtq0tN6jSaJ3ctSyp74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.180.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:22:58:bc:6a:2b:e3:54:9f:18:4b:a4:7e:fd:6d:cf:d3:db:
         eb:fd:9b:36:ad:b7:18:e5:a4:f6:09:0e:87:de:69:8d:cc:19:
         93:b1:1b:85:0d:18:0f:c8:7a:0c:af:e7:34:2f:6d:b1:02:01:
         84:15:33:9e:f7:4e:8d:07:ad:c5:37:d9:6c:f4:35:50:96:b9:
         ac:50:45:d2:2e:f1:43:ed:3e:df:0e:2e:0b:d4:c8:5e:2e:88:
         56:89:76:7f:02:53:a7:cd:04:72:21:76:92:99:7c:12:a3:36:
         e7:e8:ad:c4:28:54:f4:bc:56:66:85:67:5a:1a:78:55:c9:c5:
         44:70:35:99:6e:09:6b:ff:45:d4:a6:af:1f:5b:92:60:a8:c0:
         79:3a:3a:95:a4:a3:d0:5c:06:44:87:22:c6:bc:5d:02:9d:ad:
         24:d1:18:e6:1e:af:09:41:9a:91:20:10:60:10:82:2a:7f:88:
         14:0a:4e:98:99:a8:3b:af:12:90:00:b0:b4:ac:8b:a1:ba:18:
         cf:57:83:e9:f0:29:8e:12:6f:41:14:5b:a3:bc:91:da:ef:e5:
         79:da:e7:5e:7a:47:d3:54:92:0f:66:32:b7:06:c1:d7:4a:a4:
         39:71:9b:97:96:29:19:01:9e:80:31:1f:8f:93:b4:48:94:b6:
         20:37:9a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVzDLvSKHLWxre6oSunRVoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYjM2YWQyOGU1MjFlZGFiNGI0ZGVhMzQ5YTI3NzcyZDRi
MmE3YmUwHhcNMjMwMTAyMTUxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2MyMzExMDBmNDFkNmNhNWJiMjVkNDc5YTM5NzQ0OTM1ZjZjYWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkKsGqUvW07LW2lMgTLQ/s5FZC2i
ZuOqeFKvslufOLiGOFlgb1J1K1wf7JZoEja23bYtMR/774+hyd6s23fsWacQpEjM
3QeROl0kjXTUKGZLBOQFCHQUIbEIcLBEHtYOS/ZH8duasCyigzjvXjRAquvZ+DtA
PqTnj6EwRXsSYJISefrAHUDpSiNpfa67s32h4HYAv154kUJq7RmVphX9tFCjD7WK
5ys0yTjlxlcSPyB4CoWfLinKiAmoRrgxRZqLwfONf2GmhaBaDMQo6x7meHMS8gqC
3+vz4siLS9wa4ETX5RjNQw6IsWuEzkcilXc1xSqX8kwubkuEWxbwXpEDzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfCMRAPQdbKW7JdR5o5dEk19sq9MB8GA1UdIwQY
MBaAFNKzatKOUh7atLTeo0mid3LUsqe+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHJOcTBvNVNIdHEwdE42alNhSjNjdFN5cDc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8zYTlhMGItZDQyNC00ZWNhLWE5Mzgt
OTJhODc3YmIxOWY3LzEvUjhJeEVBOUIxc3Bic2wxSG1qbDBTVFgyeXIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8zYTlhMGItZDQyNC00ZWNhLWE5MzgtOTJhODc3YmIxOWY3
LzEvMHJOcTBvNVNIdHEwdE42alNhSjNjdFN5cDc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW/C0MA0G
CSqGSIb3DQEBCwUAA4IBAQBpIli8aivjVJ8YS6R+/W3P09vr/Zs2rbcY5aT2CQ6H
3mmNzBmTsRuFDRgPyHoMr+c0L22xAgGEFTOe906NB63FN9ls9DVQlrmsUEXSLvFD
7T7fDi4L1MheLohWiXZ/AlOnzQRyIXaSmXwSozbn6K3EKFT0vFZmhWdaGnhVycVE
cDWZbglr/0XUpq8fW5JgqMB5OjqVpKPQXAZEhyLGvF0Cna0k0RjmHq8JQZqRIBBg
EIIqf4gUCk6Ymag7rxKQALC0rIuhuhjPV4Pp8CmOEm9BFFujvJHa7+V52udeekfT
VJIPZjK3BsHXSqQ5cZuXlikZAZ6AMR+Pk7RIlLYgN5rx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:23 2024 by rpki-client on console-ams.rpki-client.org