Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/5x0cM_ozXjlK1KJUy6zJXtcREfE.roa
File:                     5x0cM_ozXjlK1KJUy6zJXtcREfE.roa (raw, json)
Hash identifier:          JtqMRJXpO314Zp2i81ywaO8+auYkA/fZcOxPpVu+D5c=
Subject key identifier:   E7:1D:1C:33:FA:33:5E:39:4A:D4:A2:54:CB:AC:C9:5E:D7:11:11:F1
Certificate issuer:       /CN=e32bcd40c6774677d2c3702ef59edf49d0b36c6c
Certificate serial:       018A7DDD57079D368E6E6FB3098A92560460
Authority key identifier: E3:2B:CD:40:C6:77:46:77:D2:C3:70:2E:F5:9E:DF:49:D0:B3:6C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/5x0cM_ozXjlK1KJUy6zJXtcREfE.roa
Signing time:             Sun 10 Sep 2023 06:52:52 +0000
ROA not before:           Sun 10 Sep 2023 06:52:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6453
IP address blocks:        89.148.0.0/18 maxlen: 18
                          185.165.176.0/22 maxlen: 22
                          88.201.37.0/24 maxlen: 24
                          77.69.128.0/17 maxlen: 17
                          82.194.32.0/19 maxlen: 19
                          77.69.148.0/24 maxlen: 24
                          88.201.99.0/24 maxlen: 24
                          88.201.0.0/17 maxlen: 17
                          193.188.96.0/19 maxlen: 19
                          217.17.224.0/19 maxlen: 19

Validation:               Failed, certificate revoked on Mon 25 Sep 2023 22:03:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:7d:dd:57:07:9d:36:8e:6e:6f:b3:09:8a:92:56:04:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e32bcd40c6774677d2c3702ef59edf49d0b36c6c
        Validity
            Not Before: Sep 10 06:52:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e71d1c33fa335e394ad4a254cbacc95ed71111f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b1:60:1b:f7:83:8b:f0:75:49:0d:d1:ad:42:
                    a4:4d:32:7a:bb:38:ab:3c:4f:e5:6c:9e:4e:a1:2d:
                    ed:0e:52:a3:ff:62:d7:35:40:06:65:00:ed:c0:0d:
                    c4:6d:fe:88:73:f5:b8:eb:1e:e2:6c:14:fd:d4:48:
                    f0:db:40:a1:a1:3c:af:1a:e1:ab:0d:34:05:61:65:
                    4b:b7:7a:7e:91:b6:90:47:6b:75:45:89:94:13:e6:
                    83:71:c6:24:ec:e3:08:86:26:80:e8:3f:c0:a6:42:
                    d7:a6:b6:d4:66:c8:94:68:aa:26:dd:da:c8:cf:25:
                    2f:2d:fa:6a:85:2c:8f:a7:92:e1:8b:a8:85:13:bf:
                    78:e6:1f:95:af:b8:50:06:1f:cc:59:5a:83:4d:ea:
                    4c:91:c3:c3:94:29:ee:5a:c3:78:d0:a3:07:29:20:
                    67:a2:62:e6:17:68:0e:1f:01:25:73:46:fa:72:4c:
                    93:fc:9a:8c:89:e8:a9:23:6a:8f:c8:63:a7:73:8e:
                    56:f2:56:14:fd:2b:50:9b:30:65:97:64:e9:66:46:
                    4e:b2:38:be:02:e1:35:75:90:b7:ca:6a:3c:9c:cb:
                    e1:0f:b0:56:fc:20:fc:96:df:ff:bc:f3:21:ad:e1:
                    b7:ad:13:14:fc:d7:41:95:fa:ef:59:98:40:44:f6:
                    c9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:1D:1C:33:FA:33:5E:39:4A:D4:A2:54:CB:AC:C9:5E:D7:11:11:F1
            X509v3 Authority Key Identifier:
                keyid:E3:2B:CD:40:C6:77:46:77:D2:C3:70:2E:F5:9E:DF:49:D0:B3:6C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/5x0cM_ozXjlK1KJUy6zJXtcREfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4b7ef8-8643-4dbb-92aa-0740115b5a52/1/4yvNQMZ3RnfSw3Au9Z7fSdCzbGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.69.128.0/17
                  82.194.32.0/19
                  88.201.0.0/17
                  89.148.0.0/18
                  185.165.176.0/22
                  193.188.96.0/19
                  217.17.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2f:7f:38:58:e7:89:21:72:55:82:80:5e:7c:29:f8:bb:d5:cc:
         5f:b2:bb:a6:a6:3e:6a:c6:c2:ef:31:56:b3:29:b9:ad:4d:e3:
         a1:70:e3:58:b2:10:88:1e:20:8c:40:c4:1c:55:b0:df:74:19:
         15:39:1a:85:c1:48:18:8d:9c:72:4d:2d:a0:99:2e:59:ca:47:
         b3:b6:e6:08:8b:67:99:69:1e:bb:33:9d:85:a7:e6:33:27:ea:
         0a:80:1c:70:1d:ce:62:e9:44:fb:f4:5d:08:11:2b:2f:fa:ca:
         e2:cd:6d:0b:99:13:4e:98:d8:bb:14:bb:de:83:06:44:10:0b:
         19:a6:82:dd:17:aa:e6:b0:65:b6:24:3f:93:5d:92:c6:45:f0:
         fb:b8:e6:c4:58:8b:75:69:91:ee:b9:56:04:a3:7b:ca:7c:90:
         3d:3a:6c:bd:12:d7:6f:8c:fb:b7:7f:d4:4d:61:71:27:1a:cb:
         45:f8:fc:03:b2:4b:aa:ea:76:9a:c6:a1:36:bb:73:e3:08:47:
         2d:a8:a9:0f:73:81:a3:59:eb:6e:54:98:07:11:69:52:84:97:
         33:49:a3:83:db:d6:28:20:94:24:c6:91:0f:09:b5:d8:11:65:
         d4:7d:73:ce:54:10:05:0b:47:04:f0:25:fa:4b:c7:bc:92:78:
         4f:4d:19:9b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYp93VcHnTaObm+zCYqSVgRgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMmJjZDQwYzY3NzQ2NzdkMmMzNzAyZWY1OWVkZjQ5ZDBi
MzZjNmMwHhcNMjMwOTEwMDY1MjUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzFkMWMzM2ZhMzM1ZTM5NGFkNGEyNTRjYmFjYzk1ZWQ3MTExMWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7FgG/eDi/B1SQ3RrUKkTTJ6uzir
PE/lbJ5OoS3tDlKj/2LXNUAGZQDtwA3Ebf6Ic/W46x7ibBT91Ejw20ChoTyvGuGr
DTQFYWVLt3p+kbaQR2t1RYmUE+aDccYk7OMIhiaA6D/ApkLXprbUZsiUaKom3drI
zyUvLfpqhSyPp5Lhi6iFE7945h+Vr7hQBh/MWVqDTepMkcPDlCnuWsN40KMHKSBn
omLmF2gOHwElc0b6ckyT/JqMieipI2qPyGOnc45W8lYU/StQmzBll2TpZkZOsji+
AuE1dZC3ymo8nMvhD7BW/CD8lt//vPMhreG3rRMU/NdBlfrvWZhARPbJfwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFOcdHDP6M145StSiVMusyV7XERHxMB8GA1UdIwQY
MBaAFOMrzUDGd0Z30sNwLvWe30nQs2xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHl2TlFNWjNSbmZTdzNBdTlaN2ZTZEN6Ykd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80YjdlZjgtODY0My00ZGJiLTkyYWEt
MDc0MDExNWI1YTUyLzEvNXgwY01fb3pYamxLMUtKVXk2ekpYdGNSRWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80YjdlZjgtODY0My00ZGJiLTkyYWEtMDc0MDExNWI1YTUy
LzEvNHl2TlFNWjNSbmZTdzNBdTlaN2ZTZEN6Ykd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQHTUWAAwQF
UsIgAwQHWMkAAwQGWZQAAwQCuaWwAwQFwbxgAwQF2RHgMA0GCSqGSIb3DQEBCwUA
A4IBAQAvfzhY54khclWCgF58Kfi71cxfsrumpj5qxsLvMVazKbmtTeOhcONYshCI
HiCMQMQcVbDfdBkVORqFwUgYjZxyTS2gmS5ZykeztuYIi2eZaR67M52Fp+YzJ+oK
gBxwHc5i6UT79F0IESsv+srizW0LmRNOmNi7FLvegwZEEAsZpoLdF6rmsGW2JD+T
XZLGRfD7uObEWIt1aZHuuVYEo3vKfJA9Omy9EtdvjPu3f9RNYXEnGstF+PwDskuq
6naaxqE2u3PjCEctqKkPc4GjWetuVJgHEWlShJczSaOD29YoIJQkxpEPCbXYEWXU
fXPOVBAFC0cE8CX6S8e8knhPTRmb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:10 2024 by rpki-client on console-fra.rpki-client.org