Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/elW677my0grQHiCJbatOEFS7VYM.roa
File:                     elW677my0grQHiCJbatOEFS7VYM.roa (raw, json)
Hash identifier:          LVI9hfWw1CZGBoKgIRUFijRhrbr7T9pm89uTTbqJEDc=
Subject key identifier:   7A:55:BA:EF:B9:B2:D2:0A:D0:1E:20:89:6D:AB:4E:10:54:BB:55:83
Certificate issuer:       /CN=d50697943676399ac5cac6a3e476545af0df49dd
Certificate serial:       018899F68D5FA9C94D55030E42712F6A7418
Authority key identifier: D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/elW677my0grQHiCJbatOEFS7VYM.roa
Signing time:             Thu 08 Jun 2023 07:44:11 +0000
ROA not before:           Thu 08 Jun 2023 07:44:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     375
IP address blocks:        131.207.0.0/17 maxlen: 17
                          192.49.100.0/23 maxlen: 23
                          192.49.103.0/24 maxlen: 24
                          192.49.104.0/24 maxlen: 24
                          192.49.106.0/23 maxlen: 23
                          192.49.0.0/21 maxlen: 21
                          192.49.108.0/22 maxlen: 22
                          192.49.10.0/24 maxlen: 24
                          2a03:9b80::/34 maxlen: 34

Validation:               Failed, certificate revoked on Thu 08 Jun 2023 08:02:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:99:f6:8d:5f:a9:c9:4d:55:03:0e:42:71:2f:6a:74:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d50697943676399ac5cac6a3e476545af0df49dd
        Validity
            Not Before: Jun  8 07:44:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7a55baefb9b2d20ad01e20896dab4e1054bb5583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:36:05:dd:94:38:14:1a:1d:d1:9f:f4:7b:c7:
                    0c:9c:fd:c8:1d:59:ae:b5:b5:90:f4:b5:e9:19:b6:
                    77:94:b2:fc:a6:de:19:25:fb:62:88:e2:e7:c4:39:
                    e1:bd:c8:09:1d:24:ad:a2:42:6b:e8:d8:9b:0f:31:
                    4f:2e:76:1e:b5:03:06:d4:94:4b:57:69:81:7c:da:
                    84:dd:49:a3:29:32:87:de:2d:58:74:21:3a:d4:c9:
                    59:9e:7c:ee:47:aa:5d:be:8f:9f:e9:37:22:2a:d4:
                    14:90:78:9c:54:5a:0b:46:a8:52:56:c4:c9:85:31:
                    f9:05:8b:bc:25:d6:fb:fc:01:86:15:81:1c:6a:a5:
                    9a:6a:a5:c8:6e:d8:fa:90:f9:6e:b0:c0:93:b9:5e:
                    f3:86:28:04:d0:00:1f:65:80:1b:52:38:b7:b3:12:
                    20:7e:9e:95:a3:09:0c:8c:a2:c9:c8:03:c0:14:fa:
                    2d:b7:9f:c4:40:02:a6:a9:9d:be:12:fb:94:13:dd:
                    5a:55:89:bb:a0:e3:36:50:4c:c5:cf:cc:4e:cd:fd:
                    66:82:16:3b:68:5a:a1:43:fe:c1:4c:9e:19:a3:3f:
                    8d:4e:24:79:bd:5d:51:67:fc:6c:e5:65:42:54:6a:
                    bf:ba:b5:57:54:5b:64:a1:e9:b6:cf:e3:ae:55:1a:
                    3d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:55:BA:EF:B9:B2:D2:0A:D0:1E:20:89:6D:AB:4E:10:54:BB:55:83
            X509v3 Authority Key Identifier:
                keyid:D5:06:97:94:36:76:39:9A:C5:CA:C6:A3:E4:76:54:5A:F0:DF:49:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1QaXlDZ2OZrFysaj5HZUWvDfSd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/elW677my0grQHiCJbatOEFS7VYM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f6aff-13bb-4db8-957f-8d23ac5cb502/1/1QaXlDZ2OZrFysaj5HZUWvDfSd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.207.0.0/17
                  192.49.0.0/21
                  192.49.10.0/24
                  192.49.100.0/23
                  192.49.103.0-192.49.104.255
                  192.49.106.0-192.49.111.255
                IPv6:
                  2a03:9b80::/34

    Signature Algorithm: sha256WithRSAEncryption
         62:42:4c:b5:63:13:33:08:2b:a2:44:e8:5e:12:2e:9c:a0:dc:
         df:35:b2:87:5c:bf:8e:6c:72:66:56:f9:02:0b:49:6b:24:54:
         10:00:c8:da:0a:bb:1c:7a:ef:26:21:e4:be:09:ce:1e:bf:83:
         b1:c4:ac:79:b5:4c:83:06:f9:81:80:60:e9:24:cb:20:e9:18:
         1b:1a:d3:57:a5:bc:51:7d:47:a4:c6:35:fc:ed:aa:38:02:1d:
         92:fe:8a:68:6e:84:44:67:2e:56:b6:4e:c8:3d:11:84:ad:4e:
         97:e8:8d:d6:7e:73:77:2f:8f:24:3d:67:86:bb:94:dc:b0:a9:
         92:9f:8e:f9:e0:5b:ce:a8:54:67:32:e0:67:85:09:d4:67:5b:
         e5:b1:c7:ca:ea:c1:4b:9b:21:ce:9f:3e:9a:0c:29:9a:d6:69:
         1f:a5:f3:2b:6f:6f:28:7e:bb:74:65:5b:51:1f:f9:37:b0:07:
         6e:6b:1c:36:cc:7a:0d:5f:4d:19:45:7c:94:7e:5d:b6:09:3b:
         21:00:3f:e0:e1:71:22:6a:ea:23:5b:7e:3d:a2:2b:72:8b:6e:
         23:b4:dc:f4:3b:52:db:18:18:76:e0:0b:47:b9:2e:4f:82:c3:
         c5:cf:90:47:07:a4:9a:ca:57:90:5a:51:71:d9:1d:16:13:b2:
         5c:54:51:1c
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYiZ9o1fqclNVQMOQnEvanQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MDY5Nzk0MzY3NjM5OWFjNWNhYzZhM2U0NzY1NDVhZjBk
ZjQ5ZGQwHhcNMjMwNjA4MDc0NDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTU1YmFlZmI5YjJkMjBhZDAxZTIwODk2ZGFiNGUxMDU0YmI1NTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDYF3ZQ4FBod0Z/0e8cMnP3IHVmu
tbWQ9LXpGbZ3lLL8pt4ZJftiiOLnxDnhvcgJHSStokJr6NibDzFPLnYetQMG1JRL
V2mBfNqE3UmjKTKH3i1YdCE61MlZnnzuR6pdvo+f6TciKtQUkHicVFoLRqhSVsTJ
hTH5BYu8Jdb7/AGGFYEcaqWaaqXIbtj6kPlusMCTuV7zhigE0AAfZYAbUji3sxIg
fp6VowkMjKLJyAPAFPott5/EQAKmqZ2+EvuUE91aVYm7oOM2UEzFz8xOzf1mghY7
aFqhQ/7BTJ4Zoz+NTiR5vV1RZ/xs5WVCVGq/urVXVFtkoem2z+OuVRo9BwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHpVuu+5stIK0B4giW2rThBUu1WDMB8GA1UdIwQY
MBaAFNUGl5Q2djmaxcrGo+R2VFrw30ndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2Yt
OGQyM2FjNWNiNTAyLzEvZWxXNjc3bXkwZ3JRSGlDSmJhdE9FRlM3VllNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjZhZmYtMTNiYi00ZGI4LTk1N2YtOGQyM2FjNWNiNTAy
LzEvMVFhWGxEWjJPWnJGeXNhajVIWlVXdkRmU2QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA6BAIAATA0AwQHg88AAwQD
wDEAAwQAwDEKAwQBwDFkMAwDBADAMWcDBADAMWgwDAMEAcAxagMEBMAxYDAOBAIA
AjAIAwYGKgObgAAwDQYJKoZIhvcNAQELBQADggEBAGJCTLVjEzMIK6JE6F4SLpyg
3N81sodcv45scmZW+QILSWskVBAAyNoKuxx67yYh5L4Jzh6/g7HErHm1TIMG+YGA
YOkkyyDpGBsa01elvFF9R6TGNfztqjgCHZL+imhuhERnLla2Tsg9EYStTpfojdZ+
c3cvjyQ9Z4a7lNywqZKfjvngW86oVGcy4GeFCdRnW+Wxx8rqwUubIc6fPpoMKZrW
aR+l8ytvbyh+u3RlW1Ef+TewB25rHDbMeg1fTRlFfJR+XbYJOyEAP+DhcSJq6iNb
fj2iK3KLbiO03PQ7UtsYGHbgC0e5Lk+Cw8XPkEcHpJrKV5BaUXHZHRYTslxUURw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:01 2024 by rpki-client on console-fra.rpki-client.org