Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/OdfLh2o9af9qza2lGcIQmx-DE3U.roa
File:                     OdfLh2o9af9qza2lGcIQmx-DE3U.roa (raw, json)
Hash identifier:          Bm7NmtfZDHKD/fsa0VPPmKK2+gQ7uAruIXRUBS55ksI=
Subject key identifier:   39:D7:CB:87:6A:3D:69:FF:6A:CD:AD:A5:19:C2:10:9B:1F:83:13:75
Certificate issuer:       /CN=29be02dea0a086e9880f564c86872bbc597cc672
Certificate serial:       018CC79446CADDD5DD2114BB1DDCA93D6623
Authority key identifier: 29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/OdfLh2o9af9qza2lGcIQmx-DE3U.roa
Signing time:             Tue 02 Jan 2024 00:30:32 +0000
ROA not before:           Tue 02 Jan 2024 00:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9002
IP address blocks:        139.45.192.0/19 maxlen: 19
                          87.245.208.0/20 maxlen: 20
                          87.245.208.0/21 maxlen: 21
                          185.82.8.0/22 maxlen: 22
                          87.245.224.0/19 maxlen: 19
                          2a02:2d8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 28 May 2024 15:45:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:46:ca:dd:d5:dd:21:14:bb:1d:dc:a9:3d:66:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29be02dea0a086e9880f564c86872bbc597cc672
        Validity
            Not Before: Jan  2 00:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39d7cb876a3d69ff6acdada519c2109b1f831375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:73:c9:61:60:96:8f:28:61:05:85:b3:6d:a0:
                    5e:31:33:14:e7:cd:a7:c0:f5:02:93:07:76:75:12:
                    7a:2b:3e:69:2b:6b:70:7b:d3:25:94:fc:55:dc:7e:
                    de:2d:01:ce:22:46:8d:17:59:61:0a:cd:ec:6c:9b:
                    82:64:49:33:57:7b:22:c8:50:27:74:2b:c4:15:29:
                    7a:fd:1e:86:65:78:ac:82:0e:47:a0:70:e1:31:40:
                    27:ed:49:80:9f:e1:d1:83:89:83:4a:10:eb:6f:6d:
                    36:08:65:bd:e4:77:fb:03:1c:ae:2f:bd:8f:1c:ef:
                    cc:07:d8:65:8a:46:35:ed:23:bd:8c:af:5a:fd:7c:
                    33:99:29:75:79:af:e3:75:c1:dd:64:cb:38:13:a2:
                    14:00:54:81:5b:94:47:27:b5:3d:74:ec:3a:30:39:
                    25:f7:6b:e0:d2:3f:ee:a5:6f:c6:43:8c:41:d0:bf:
                    4a:b4:18:e1:25:13:56:95:91:9a:55:ca:29:94:78:
                    95:fb:e7:fb:a4:82:2e:89:2e:05:55:55:ca:8d:5a:
                    b5:b1:82:00:58:d6:0b:93:01:11:0b:39:06:f7:a9:
                    06:53:3a:14:53:bc:ba:95:b1:7c:0e:45:eb:95:a3:
                    53:66:2b:cb:3f:82:e9:e0:aa:3f:b8:c8:e6:e5:fe:
                    39:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D7:CB:87:6A:3D:69:FF:6A:CD:AD:A5:19:C2:10:9B:1F:83:13:75
            X509v3 Authority Key Identifier:
                keyid:29:BE:02:DE:A0:A0:86:E9:88:0F:56:4C:86:87:2B:BC:59:7C:C6:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kb4C3qCghumID1ZMhocrvFl8xnI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/OdfLh2o9af9qza2lGcIQmx-DE3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/ea1cff-ae8f-4719-89b3-003a1568bf3f/1/Kb4C3qCghumID1ZMhocrvFl8xnI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.245.208.0-87.245.255.255
                  139.45.192.0/19
                  185.82.8.0/22
                IPv6:
                  2a02:2d8::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:c7:c6:98:cb:23:15:6e:7b:3d:40:df:2c:f7:db:37:5f:b3:
         38:ec:78:b2:bf:17:9f:f6:1d:a4:7c:82:ed:9a:7e:e9:2c:ea:
         cd:37:68:a6:21:b3:08:f3:43:c5:d3:04:64:87:bc:79:70:20:
         b5:9c:3e:19:2a:db:dc:98:73:c2:f9:fd:76:71:67:ce:af:3a:
         03:c7:6e:3c:d5:1f:76:9a:94:e9:30:02:b3:8a:fe:9a:cd:7a:
         68:a2:3d:36:04:41:04:bb:b9:89:c9:59:4b:12:23:00:a5:79:
         c0:c3:25:75:19:05:94:c1:70:93:79:51:d8:29:b6:0f:e7:af:
         90:fe:c3:51:6c:05:4c:69:5d:fb:7c:be:fd:f6:60:d6:ca:1d:
         78:9c:6c:bc:3f:a0:94:0f:cf:89:83:ae:ee:cb:13:c6:8f:5d:
         c0:ae:1c:bd:b7:8b:b2:53:ca:0c:43:ee:7b:df:83:cf:8a:2f:
         e4:ad:c3:81:45:db:f2:70:44:3d:1f:6b:e7:0b:bf:8d:8f:6b:
         46:77:92:d8:6f:40:d8:bc:50:dd:0c:a7:b3:f2:42:2d:70:22:
         8c:96:f9:38:94:54:25:72:00:3b:37:cb:ce:3a:4c:85:02:b7:
         2a:c6:cf:7b:b3:4c:31:7a:f0:31:6b:02:0f:1a:27:47:5a:7f:
         41:e8:ea:34
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzHlEbK3dXdIRS7HdypPWYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmUwMmRlYTBhMDg2ZTk4ODBmNTY0Yzg2ODcyYmJjNTk3
Y2M2NzIwHhcNMjQwMTAyMDAzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ3Y2I4NzZhM2Q2OWZmNmFjZGFkYTUxOWMyMTA5YjFmODMxMzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXPJYWCWjyhhBYWzbaBeMTMU582n
wPUCkwd2dRJ6Kz5pK2twe9MllPxV3H7eLQHOIkaNF1lhCs3sbJuCZEkzV3siyFAn
dCvEFSl6/R6GZXisgg5HoHDhMUAn7UmAn+HRg4mDShDrb202CGW95Hf7AxyuL72P
HO/MB9hlikY17SO9jK9a/XwzmSl1ea/jdcHdZMs4E6IUAFSBW5RHJ7U9dOw6MDkl
92vg0j/upW/GQ4xB0L9KtBjhJRNWlZGaVcoplHiV++f7pIIuiS4FVVXKjVq1sYIA
WNYLkwERCzkG96kGUzoUU7y6lbF8DkXrlaNTZivLP4Lp4Ko/uMjm5f45NwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDnXy4dqPWn/as2tpRnCEJsfgxN1MB8GA1UdIwQY
MBaAFCm+At6goIbpiA9WTIaHK7xZfMZyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMt
MDAzYTE1NjhiZjNmLzEvT2RmTGgybzlhZjlxemEybEdjSVFteC1ERTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYTFjZmYtYWU4Zi00NzE5LTg5YjMtMDAzYTE1NjhiZjNm
LzEvS2I0QzNxQ2dodW1JRDFaTWhvY3J2Rmw4eG5JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAfBAIAATAZMAsDBARX9dAD
AwFX9AMEBYstwAMEArlSCDANBAIAAjAHAwUAKgIC2DANBgkqhkiG9w0BAQsFAAOC
AQEAc8fGmMsjFW57PUDfLPfbN1+zOOx4sr8Xn/YdpHyC7Zp+6SzqzTdopiGzCPND
xdMEZIe8eXAgtZw+GSrb3Jhzwvn9dnFnzq86A8duPNUfdpqU6TACs4r+ms16aKI9
NgRBBLu5iclZSxIjAKV5wMMldRkFlMFwk3lR2Cm2D+evkP7DUWwFTGld+3y+/fZg
1sodeJxsvD+glA/PiYOu7ssTxo9dwK4cvbeLslPKDEPue9+Dz4ov5K3DgUXb8nBE
PR9r5wu/jY9rRneS2G9A2LxQ3Qyns/JCLXAijJb5OJRUJXIAOzfLzjpMhQK3KsbP
e7NMMXrwMWsCDxonR1p/QejqNA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:17 2024 by rpki-client on console-fra.rpki-client.org