Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/VlpnQdSNAGE3OSKFHlrpGP-jAY4.roa
File:                     VlpnQdSNAGE3OSKFHlrpGP-jAY4.roa (raw, json)
Hash identifier:          wmBePwH1pK9+mSRCxpZQOVxn24Iz4bMvFZXMQ8RoPaA=
Subject key identifier:   56:5A:67:41:D4:8D:00:61:37:39:22:85:1E:5A:E9:18:FF:A3:01:8E
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018571B9EF6DC52C9294393CA817CAEFE790
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/VlpnQdSNAGE3OSKFHlrpGP-jAY4.roa
Signing time:             Mon 02 Jan 2023 09:04:48 +0000
ROA not before:           Mon 02 Jan 2023 09:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43754
IP address blocks:        2.188.80.0/24 maxlen: 24
                          2.188.81.0/24 maxlen: 24
                          2.188.80.0/21 maxlen: 21
                          2.188.80.0/20 maxlen: 20
                          2.188.88.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:b9:ef:6d:c5:2c:92:94:39:3c:a8:17:ca:ef:e7:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 09:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=565a6741d48d0061373922851e5ae918ffa3018e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a1:f2:c2:18:2d:c1:d0:f4:2c:37:e4:c9:ad:
                    af:34:1e:27:9a:66:7f:29:5e:1f:82:74:71:0d:6c:
                    26:35:d1:bd:34:de:e1:2d:17:74:6d:e9:2e:75:8e:
                    28:45:34:61:9a:55:31:d4:ba:9f:92:95:a9:08:f9:
                    a7:dd:71:32:50:46:74:3d:4d:7f:08:9f:97:40:dd:
                    54:91:86:fe:2e:b9:bc:a2:80:13:c3:c1:f8:e4:56:
                    03:2e:88:0a:3e:d7:f1:5d:ba:ed:a0:b2:8d:3a:70:
                    e1:a2:47:38:9b:da:df:08:d0:36:37:c5:a7:41:47:
                    30:64:d5:f2:d7:bb:d1:50:e4:97:d0:e4:cf:1d:82:
                    52:cf:0e:60:7d:b5:7f:6f:89:8f:b2:af:51:20:74:
                    8b:59:92:e3:ac:f8:17:5c:06:e9:f5:71:62:27:19:
                    5e:b4:27:5f:ad:8b:02:6c:10:65:19:ee:5f:e7:1e:
                    64:2f:d7:a1:2c:1a:f1:ab:31:57:ba:10:79:a7:30:
                    9b:aa:0c:eb:d5:ca:6a:11:dd:4d:05:64:64:3f:75:
                    4d:ef:ea:46:23:75:53:c2:47:59:30:b7:c9:d2:53:
                    3c:00:0d:17:2c:72:df:a2:fc:97:ae:7e:42:84:5c:
                    f4:4f:aa:e5:02:30:35:ee:71:88:c0:48:13:09:76:
                    d1:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:5A:67:41:D4:8D:00:61:37:39:22:85:1E:5A:E9:18:FF:A3:01:8E
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/VlpnQdSNAGE3OSKFHlrpGP-jAY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.80.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a5:81:21:62:98:bd:44:30:19:0b:0e:2a:c6:29:9c:00:c5:ff:
         f8:a5:43:da:ea:e6:6f:69:de:34:db:b4:5c:5b:36:c8:08:c3:
         a9:71:7a:42:cc:14:94:6e:20:2e:3e:ac:7b:66:64:be:96:e0:
         22:36:6d:94:49:40:74:9a:bd:e5:7a:b2:ee:bd:08:0e:01:94:
         5d:bb:95:6b:42:89:86:7d:1e:0e:12:d8:db:44:bc:6a:ef:89:
         52:ab:52:2c:3a:62:e3:04:4a:f2:47:cd:82:7e:b2:34:7e:86:
         c1:8c:f2:65:1e:2a:89:e2:33:9c:51:98:9e:a6:0c:8b:35:2c:
         a7:de:ae:f0:54:b0:10:0b:3e:c2:7b:ec:5b:d0:bd:a2:69:e7:
         d7:80:a8:ef:a8:30:a4:50:8e:89:99:8f:0d:83:fe:a0:55:b9:
         e2:58:cf:f5:3e:71:89:6e:b6:81:92:62:1d:db:1b:6b:1a:16:
         8c:0b:53:e7:0a:82:f6:48:ac:23:af:d3:a6:04:8d:2b:23:c9:
         31:5c:7c:ef:35:39:31:1b:d5:c3:7d:1a:ad:e0:5d:e4:b3:c7:
         ff:fb:d1:b2:22:1f:75:a7:a6:87:a5:73:34:68:d4:ee:f5:1c:
         cd:ae:b5:68:45:21:04:f1:12:88:f4:17:8b:57:b8:9f:b0:af:
         9a:e5:7d:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxue9txSySlDk8qBfK7+eQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMwMTAyMDkwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjVhNjc0MWQ0OGQwMDYxMzczOTIyODUxZTVhZTkxOGZmYTMwMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqaHywhgtwdD0LDfkya2vNB4nmmZ/
KV4fgnRxDWwmNdG9NN7hLRd0bekudY4oRTRhmlUx1LqfkpWpCPmn3XEyUEZ0PU1/
CJ+XQN1UkYb+Lrm8ooATw8H45FYDLogKPtfxXbrtoLKNOnDhokc4m9rfCNA2N8Wn
QUcwZNXy17vRUOSX0OTPHYJSzw5gfbV/b4mPsq9RIHSLWZLjrPgXXAbp9XFiJxle
tCdfrYsCbBBlGe5f5x5kL9ehLBrxqzFXuhB5pzCbqgzr1cpqEd1NBWRkP3VN7+pG
I3VTwkdZMLfJ0lM8AA0XLHLfovyXrn5ChFz0T6rlAjA17nGIwEgTCXbRxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFZaZ0HUjQBhNzkihR5a6Rj/owGOMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvVmxwblFkU05BR0UzT1NLRkhscnBHUC1qQVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEArxQMA0G
CSqGSIb3DQEBCwUAA4IBAQClgSFimL1EMBkLDirGKZwAxf/4pUPa6uZvad4027Rc
WzbICMOpcXpCzBSUbiAuPqx7ZmS+luAiNm2USUB0mr3lerLuvQgOAZRdu5VrQomG
fR4OEtjbRLxq74lSq1IsOmLjBEryR82CfrI0fobBjPJlHiqJ4jOcUZiepgyLNSyn
3q7wVLAQCz7Ce+xb0L2iaefXgKjvqDCkUI6JmY8Ng/6gVbniWM/1PnGJbraBkmId
2xtrGhaMC1PnCoL2SKwjr9OmBI0rI8kxXHzvNTkxG9XDfRqt4F3ks8f/+9GyIh91
p6aHpXM0aNTu9RzNrrVoRSEE8RKI9BeLV7ifsK+a5X0m
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:47 2024 by rpki-client on console-fra.rpki-client.org