Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/acXw9lqCUP5uvQZYyahMiAc6Kvg.roa
File:                     acXw9lqCUP5uvQZYyahMiAc6Kvg.roa (raw, json)
Hash identifier:          P/EdsQH1lG1CDshe7ESDF6so+luYVNnzUrVGC5IQfJM=
Subject key identifier:   69:C5:F0:F6:5A:82:50:FE:6E:BD:06:58:C9:A8:4C:88:07:3A:2A:F8
Certificate issuer:       /CN=c4eb34dda2f8094968494892063351ee0f10e91a
Certificate serial:       018C40FBD4658718F01D64EF93DA4B8DE81B
Authority key identifier: C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/acXw9lqCUP5uvQZYyahMiAc6Kvg.roa
Signing time:             Wed 06 Dec 2023 21:14:54 +0000
ROA not before:           Wed 06 Dec 2023 21:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5650
IP address blocks:        152.89.228.0/23 maxlen: 23
                          152.89.230.0/23 maxlen: 23
                          152.89.228.0/22 maxlen: 22
                          45.80.250.0/23 maxlen: 23
                          2.58.176.0/23 maxlen: 23
                          2.58.176.0/22 maxlen: 22
                          2.58.178.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:40:fb:d4:65:87:18:f0:1d:64:ef:93:da:4b:8d:e8:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4eb34dda2f8094968494892063351ee0f10e91a
        Validity
            Not Before: Dec  6 21:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69c5f0f65a8250fe6ebd0658c9a84c88073a2af8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:ba:9e:70:a0:64:57:7f:f1:48:64:39:d0:5e:
                    1f:ef:98:66:09:09:f7:d1:a0:00:30:94:4f:7d:3a:
                    1f:df:97:0b:b6:a1:b0:3f:64:39:be:60:73:bb:48:
                    9a:1f:33:33:97:03:35:6e:4c:4e:a9:02:06:a0:31:
                    0c:f5:12:88:ae:5c:67:b7:f1:6c:5c:64:14:01:f6:
                    b4:f1:9e:86:aa:c6:04:9c:c6:ea:f5:1a:ab:55:ae:
                    61:87:55:98:e9:78:2d:3d:32:2e:94:a5:e6:58:1a:
                    5c:47:61:23:e0:c0:76:5a:ec:e0:a9:ea:97:e0:e7:
                    bb:58:8f:40:3a:dc:6d:85:c6:e4:a3:6e:54:17:40:
                    19:c3:8a:5b:52:48:a0:39:22:15:3f:e0:61:2c:84:
                    38:26:1b:f0:f0:ed:4a:51:7a:4e:65:2a:7b:86:bd:
                    58:1a:eb:db:83:f0:05:42:00:38:2f:7e:38:6c:e9:
                    7f:fc:aa:b8:5b:7c:fe:50:16:b7:fa:ae:27:b0:ae:
                    84:6f:33:60:ca:fa:f4:84:63:b4:9c:6a:56:33:03:
                    bf:d7:21:aa:50:bd:61:e0:8d:e2:3d:1f:68:d5:4c:
                    76:83:20:a6:bf:9a:31:cd:30:fc:a4:b5:54:c6:5f:
                    da:70:8c:a0:95:93:c5:b0:0c:35:ad:2f:1e:02:d6:
                    43:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C5:F0:F6:5A:82:50:FE:6E:BD:06:58:C9:A8:4C:88:07:3A:2A:F8
            X509v3 Authority Key Identifier:
                keyid:C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/acXw9lqCUP5uvQZYyahMiAc6Kvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.176.0/22
                  45.80.250.0/23
                  152.89.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:74:f1:d0:3b:0b:21:8d:d7:87:37:b7:9b:2b:42:87:a9:fd:
         ce:00:29:9d:39:1b:5c:42:32:9f:fd:e1:31:7d:c7:c1:0f:26:
         dc:da:d3:ce:31:a8:91:e7:05:32:c8:8c:33:33:32:be:ac:e2:
         54:d3:fa:aa:91:70:9d:4a:66:4f:0b:ce:48:24:b8:0a:13:86:
         8f:10:96:93:a2:30:23:b2:b9:be:ae:f3:75:84:50:a0:7a:36:
         9b:48:75:0f:19:71:f1:9d:0e:71:cd:ad:64:3f:02:b4:18:4e:
         55:29:fc:06:e0:ec:a3:bf:ad:f7:0f:74:a7:ac:15:94:c1:db:
         ed:2e:91:c1:25:b4:07:2b:3a:1e:b6:29:c5:df:c8:55:ff:83:
         d0:76:5c:9f:79:bf:7f:98:7e:98:51:07:1b:1e:fa:20:eb:87:
         f0:9e:43:a1:19:5e:9c:33:ab:bb:51:3d:18:28:b1:c2:03:62:
         16:4a:05:b7:3c:f3:0b:64:b5:c3:b0:3c:35:02:bb:1a:94:86:
         2e:a6:a6:d8:ca:5e:66:bf:ca:76:f1:f5:7b:97:b8:1a:bd:cc:
         b8:34:cb:72:a0:21:5c:ae:c5:75:d4:3b:a8:32:7e:21:d1:b6:
         65:2a:9d:ec:08:15:28:12:be:2e:7f:1e:9a:54:28:dc:de:04:
         15:95:64:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYxA+9RlhxjwHWTvk9pLjegbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWIzNGRkYTJmODA5NDk2ODQ5NDg5MjA2MzM1MWVlMGYx
MGU5MWEwHhcNMjMxMjA2MjExNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWM1ZjBmNjVhODI1MGZlNmViZDA2NThjOWE4NGM4ODA3M2EyYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrqecKBkV3/xSGQ50F4f75hmCQn3
0aAAMJRPfTof35cLtqGwP2Q5vmBzu0iaHzMzlwM1bkxOqQIGoDEM9RKIrlxnt/Fs
XGQUAfa08Z6GqsYEnMbq9RqrVa5hh1WY6XgtPTIulKXmWBpcR2Ej4MB2WuzgqeqX
4Oe7WI9AOtxthcbko25UF0AZw4pbUkigOSIVP+BhLIQ4Jhvw8O1KUXpOZSp7hr1Y
Guvbg/AFQgA4L344bOl//Kq4W3z+UBa3+q4nsK6EbzNgyvr0hGO0nGpWMwO/1yGq
UL1h4I3iPR9o1Ux2gyCmv5oxzTD8pLVUxl/acIyglZPFsAw1rS8eAtZDfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGnF8PZaglD+br0GWMmoTIgHOir4MB8GA1UdIwQY
MBaAFMTrNN2i+AlJaElIkgYzUe4PEOkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEt
YTM0N2I1NmYzYjlhLzEvYWNYdzlscUNVUDV1dlFaWXlhaE1pQWM2S3ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEtYTM0N2I1NmYzYjlh
LzEveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjqwAwQB
LVD6AwQCmFnkMA0GCSqGSIb3DQEBCwUAA4IBAQBBdPHQOwshjdeHN7ebK0KHqf3O
ACmdORtcQjKf/eExfcfBDybc2tPOMaiR5wUyyIwzMzK+rOJU0/qqkXCdSmZPC85I
JLgKE4aPEJaTojAjsrm+rvN1hFCgejabSHUPGXHxnQ5xza1kPwK0GE5VKfwG4Oyj
v633D3SnrBWUwdvtLpHBJbQHKzoetinF38hV/4PQdlyfeb9/mH6YUQcbHvog64fw
nkOhGV6cM6u7UT0YKLHCA2IWSgW3PPMLZLXDsDw1ArsalIYupqbYyl5mv8p28fV7
l7gavcy4NMtyoCFcrsV11DuoMn4h0bZlKp3sCBUoEr4ufx6aVCjc3gQVlWTH
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:01 2024 by rpki-client on console-fra.rpki-client.org