Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/U9xhfVlUZy-dC9pUyAnhn-sjme0.roa
File:                     U9xhfVlUZy-dC9pUyAnhn-sjme0.roa (raw, json)
Hash identifier:          nOqk9bUnE3RlFXSVILeDmJE0GOTXxwdkulJa3D2bt54=
Subject key identifier:   53:DC:61:7D:59:54:67:2F:9D:0B:DA:54:C8:09:E1:9F:EB:23:99:ED
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       018D1383B19DEC7C51DE3FDE1AA1A632C151
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/U9xhfVlUZy-dC9pUyAnhn-sjme0.roa
Signing time:             Tue 16 Jan 2024 18:23:34 +0000
ROA not before:           Tue 16 Jan 2024 18:23:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216200
IP address blocks:        45.143.4.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 16 May 2024 08:43:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:13:83:b1:9d:ec:7c:51:de:3f:de:1a:a1:a6:32:c1:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Jan 16 18:23:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53dc617d5954672f9d0bda54c809e19feb2399ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:57:71:f1:69:6f:e4:5c:06:02:ee:18:b4:86:
                    3a:fa:c4:67:ec:27:44:30:ee:68:50:0e:58:20:e4:
                    f4:b2:55:86:bb:81:52:d4:d4:aa:da:cb:c1:8d:9e:
                    c8:25:b6:5d:93:e2:d7:65:fe:01:18:8a:db:04:03:
                    de:b4:24:20:6b:1d:ac:c8:64:d1:13:fe:c6:8c:46:
                    89:9c:26:42:77:c0:a5:c5:79:10:f7:41:cd:6b:ba:
                    ef:34:23:fa:3c:5c:24:e2:a0:87:67:cc:cd:e8:be:
                    1b:f7:bf:c8:2a:30:e3:2d:e2:1b:fa:f7:c0:86:1c:
                    a9:27:b8:a6:ac:4d:78:5b:20:30:a6:f8:e2:b0:26:
                    e6:a7:05:52:38:6e:27:35:93:70:ce:6a:1d:8f:ac:
                    ac:41:70:a8:c1:62:c2:e4:7d:a8:11:5f:d6:d8:01:
                    3e:b7:9a:bb:e5:19:bb:cd:a7:a1:f5:98:3b:0f:e0:
                    f8:4f:de:00:15:34:c8:0e:22:bd:77:a8:47:06:7b:
                    80:39:80:ef:e9:dc:e8:20:c9:7c:4a:a4:9b:60:4b:
                    d0:ca:62:ee:8d:59:9d:73:e8:ad:03:61:5d:03:65:
                    69:0d:55:ed:d6:99:64:b4:7e:42:5a:8b:f6:0f:53:
                    95:fa:d5:67:2b:64:bd:5e:c3:0e:8c:0d:b2:d9:ab:
                    3f:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:DC:61:7D:59:54:67:2F:9D:0B:DA:54:C8:09:E1:9F:EB:23:99:ED
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/U9xhfVlUZy-dC9pUyAnhn-sjme0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:38:e5:21:5e:c9:52:53:61:77:88:2b:10:33:aa:4d:ae:68:
         58:3f:a7:c2:83:1c:f4:5c:15:28:ac:f1:fc:28:f1:7e:88:04:
         73:a0:aa:66:6f:44:51:89:8b:99:83:a9:6c:27:fc:1f:b5:f2:
         89:11:dd:ba:02:0a:20:b7:04:43:99:69:d3:da:b9:bc:fe:7f:
         f3:41:7b:1d:50:5f:77:b6:06:24:f4:43:33:6b:34:09:89:48:
         b4:14:5c:ed:fb:18:03:86:bf:78:27:91:7f:e6:65:f0:69:ec:
         4e:2e:e8:2b:c0:09:b6:50:d0:28:31:e3:6e:9d:ba:30:25:30:
         2d:15:2e:e8:aa:50:b6:5c:df:61:24:2a:3f:46:d9:fa:86:13:
         14:10:40:6d:fd:4e:2b:cd:82:42:20:ce:c4:2e:e5:b4:42:13:
         de:17:b9:6f:7f:ea:fe:65:c0:2a:63:5e:71:42:d6:44:ca:05:
         5c:fa:de:25:25:dc:c3:80:25:dd:bf:f6:bf:69:a6:77:82:e4:
         fa:40:e8:d2:5b:d2:3f:62:c1:0d:d2:3f:5a:c0:08:22:a9:86:
         73:03:64:aa:aa:1a:5f:09:f4:cd:9d:39:a8:f5:5c:b3:c5:c4:
         37:55:91:71:60:08:cf:cd:be:df:4b:5d:37:29:28:2c:0d:2a:
         e9:5b:74:10
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY0Tg7Gd7HxR3j/eGqGmMsFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjQwMTE2MTgyMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2RjNjE3ZDU5NTQ2NzJmOWQwYmRhNTRjODA5ZTE5ZmViMjM5OWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1dx8Wlv5FwGAu4YtIY6+sRn7CdE
MO5oUA5YIOT0slWGu4FS1NSq2svBjZ7IJbZdk+LXZf4BGIrbBAPetCQgax2syGTR
E/7GjEaJnCZCd8ClxXkQ90HNa7rvNCP6PFwk4qCHZ8zN6L4b97/IKjDjLeIb+vfA
hhypJ7imrE14WyAwpvjisCbmpwVSOG4nNZNwzmodj6ysQXCowWLC5H2oEV/W2AE+
t5q75Rm7zaeh9Zg7D+D4T94AFTTIDiK9d6hHBnuAOYDv6dzoIMl8SqSbYEvQymLu
jVmdc+itA2FdA2VpDVXt1plktH5CWov2D1OV+tVnK2S9XsMOjA2y2as/EQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFPcYX1ZVGcvnQvaVMgJ4Z/rI5ntMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL1U5eGhmVmxVWnktZEM5cFV5QW5obi1zam1lMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjwQw
DQYJKoZIhvcNAQELBQADggEBACA45SFeyVJTYXeIKxAzqk2uaFg/p8KDHPRcFSis
8fwo8X6IBHOgqmZvRFGJi5mDqWwn/B+18okR3boCCiC3BEOZadPaubz+f/NBex1Q
X3e2BiT0QzNrNAmJSLQUXO37GAOGv3gnkX/mZfBp7E4u6CvACbZQ0Cgx426dujAl
MC0VLuiqULZc32EkKj9G2fqGExQQQG39TivNgkIgzsQu5bRCE94XuW9/6v5lwCpj
XnFC1kTKBVz63iUl3MOAJd2/9r9ppneC5PpA6NJb0j9iwQ3SP1rACCKphnMDZKqq
Gl8J9M2dOaj1XLPFxDdVkXFgCM/Nvt9LXTcpKCwNKulbdBA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:55 2024 by rpki-client on console-fra.rpki-client.org