Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/S6SCkSuSJXnMC9O7btAy1tkWxQA.roa
File:                     S6SCkSuSJXnMC9O7btAy1tkWxQA.roa (raw, json)
Hash identifier:          fMltvV0yeLeXpkZRnOyfVnBirfGJ0mAvKTWM5ttH2dM=
Subject key identifier:   4B:A4:82:91:2B:92:25:79:CC:0B:D3:BB:6E:D0:32:D6:D9:16:C5:00
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348B0C5BE66C6528E749B0F5B3FA407
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/S6SCkSuSJXnMC9O7btAy1tkWxQA.roa
Signing time:             Mon 01 Jan 2024 04:29:30 +0000
ROA not before:           Mon 01 Jan 2024 04:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        45.134.20.0/24 maxlen: 24
                          2a0e:d787::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 22 Oct 2024 14:39:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b0:c5:be:66:c6:52:8e:74:9b:0f:5b:3f:a4:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ba482912b922579cc0bd3bb6ed032d6d916c500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:55:1f:1a:5d:bb:3a:d7:8a:0c:ba:48:2e:bc:
                    29:e1:25:ab:e9:91:2a:de:85:33:89:c4:76:e0:a3:
                    62:23:32:08:28:a0:5f:33:78:42:fe:e5:af:59:60:
                    b8:de:86:17:2c:e0:7d:be:b6:93:ff:dc:be:f2:ea:
                    d7:c0:a3:5c:18:b3:54:8b:bd:15:6b:61:e5:ad:80:
                    0d:eb:8a:e5:85:e4:ee:ae:04:cb:0f:de:ed:2d:bb:
                    43:fc:e3:de:6b:77:fd:90:c2:64:64:5b:fa:40:26:
                    ec:cf:ba:4f:4e:9b:3f:9c:5b:21:d8:f4:55:7a:fc:
                    d5:05:d7:6f:bb:eb:09:da:ea:98:b1:b6:11:43:d0:
                    a9:45:05:7f:b4:e9:b4:a1:e1:5c:b7:e3:1a:28:cd:
                    55:02:98:93:20:22:f3:fa:3d:59:59:35:5a:62:bf:
                    26:3c:3b:f3:76:a8:ea:ae:56:1d:be:de:ce:6e:78:
                    6f:dc:77:9d:8f:bb:41:b1:39:c2:7d:a6:39:5a:c9:
                    1b:b3:cb:59:35:83:82:18:5b:93:a5:39:be:ae:24:
                    6d:dd:9c:c8:b2:07:67:61:91:90:7b:d8:bc:8a:e7:
                    67:80:e0:29:9a:a6:70:ae:ab:35:18:26:0e:1e:52:
                    2a:cf:34:70:a5:d2:2a:68:ab:12:e1:fc:a3:82:e7:
                    2c:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:A4:82:91:2B:92:25:79:CC:0B:D3:BB:6E:D0:32:D6:D9:16:C5:00
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/S6SCkSuSJXnMC9O7btAy1tkWxQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.20.0/24
                IPv6:
                  2a0e:d787::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:cb:c5:b7:71:83:78:bc:a3:3b:b4:78:34:b4:c9:76:cd:e7:
         89:17:29:fc:3a:4f:f6:ed:69:48:2c:39:de:de:7b:79:03:2d:
         aa:c1:34:ec:94:1a:ae:50:d5:ec:18:aa:66:6a:83:22:90:e0:
         12:3e:19:d5:cb:c8:3a:8f:5a:d1:be:37:e5:5d:31:dc:55:ce:
         fd:7f:d4:76:98:97:db:69:25:85:ec:51:37:86:7c:45:5b:45:
         3e:84:f4:d7:04:9d:10:b8:d8:93:fc:cf:ab:39:ec:b0:56:b7:
         6f:ed:3f:e1:b6:2a:42:3c:02:1f:7d:6d:c1:aa:c2:0e:8e:be:
         a1:a8:ad:9a:9e:a9:56:16:30:72:c1:88:ed:c6:42:ef:dc:c6:
         62:8b:3e:04:b7:3b:bc:f1:21:8c:e8:ad:7f:26:72:be:36:e5:
         58:79:33:7b:9c:8e:1d:00:40:be:cb:4f:c5:27:f5:dd:69:b3:
         24:fa:c0:5a:41:51:97:93:48:bf:fe:61:57:50:4a:34:d7:a3:
         59:47:db:4c:a0:ca:99:49:f0:5a:1e:c7:35:d4:a9:ec:75:b3:
         4a:9a:ae:f0:b2:9d:6a:8e:e0:f5:16:e5:90:a7:1f:ee:76:cd:
         4c:19:16:f2:ea:88:c3:dd:0f:6a:5f:31:21:d9:d7:12:49:14:
         27:29:cb:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSLDFvmbGUo50mw9bP6QHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmE0ODI5MTJiOTIyNTc5Y2MwYmQzYmI2ZWQwMzJkNmQ5MTZjNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFUfGl27OteKDLpILrwp4SWr6ZEq
3oUzicR24KNiIzIIKKBfM3hC/uWvWWC43oYXLOB9vraT/9y+8urXwKNcGLNUi70V
a2HlrYAN64rlheTurgTLD97tLbtD/OPea3f9kMJkZFv6QCbsz7pPTps/nFsh2PRV
evzVBddvu+sJ2uqYsbYRQ9CpRQV/tOm0oeFct+MaKM1VApiTICLz+j1ZWTVaYr8m
PDvzdqjqrlYdvt7Obnhv3Hedj7tBsTnCfaY5Wskbs8tZNYOCGFuTpTm+riRt3ZzI
sgdnYZGQe9i8iudngOApmqZwrqs1GCYOHlIqzzRwpdIqaKsS4fyjgucsLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEukgpErkiV5zAvTu27QMtbZFsUAMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvUzZTQ2tTdVNKWG5NQzlPN2J0QXkxdGtXeFFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYYUMA0E
AgACMAcDBQAqDteHMA0GCSqGSIb3DQEBCwUAA4IBAQBGy8W3cYN4vKM7tHg0tMl2
zeeJFyn8Ok/27WlILDne3nt5Ay2qwTTslBquUNXsGKpmaoMikOASPhnVy8g6j1rR
vjflXTHcVc79f9R2mJfbaSWF7FE3hnxFW0U+hPTXBJ0QuNiT/M+rOeywVrdv7T/h
tipCPAIffW3BqsIOjr6hqK2anqlWFjBywYjtxkLv3MZiiz4Etzu88SGM6K1/JnK+
NuVYeTN7nI4dAEC+y0/FJ/XdabMk+sBaQVGXk0i//mFXUEo016NZR9tMoMqZSfBa
Hsc11KnsdbNKmq7wsp1qjuD1FuWQpx/uds1MGRby6ojD3Q9qXzEh2dcSSRQnKcs3
-----END CERTIFICATE-----
Generated at Tue Oct 22 17:30:59 2024 by rpki-client on console-fra.rpki-client.org