Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/xEKgfnPAMjHyi2bYYmKV4HfFR3g.roa
File:                     xEKgfnPAMjHyi2bYYmKV4HfFR3g.roa (raw, json)
Hash identifier:          PP+fIQMmJq85L/1XQ1Gxq86jktOiTsPJdzHqPhIypfk=
Subject key identifier:   C4:42:A0:7E:73:C0:32:31:F2:8B:66:D8:62:62:95:E0:77:C5:47:78
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018A4C5838687DCD78BD11028EE7D40318F7
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/xEKgfnPAMjHyi2bYYmKV4HfFR3g.roa
Signing time:             Thu 31 Aug 2023 16:06:04 +0000
ROA not before:           Thu 31 Aug 2023 16:06:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200482
IP address blocks:        43.251.163.0/24 maxlen: 24
                          43.251.162.0/24 maxlen: 24
                          37.114.60.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Oct 2023 08:49:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4c:58:38:68:7d:cd:78:bd:11:02:8e:e7:d4:03:18:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Aug 31 16:06:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c442a07e73c03231f28b66d8626295e077c54778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:ea:fc:73:89:f3:46:39:17:5d:af:ba:ba:58:
                    0e:11:da:6d:9c:10:df:7b:df:1e:ab:7d:26:0e:b7:
                    6d:91:47:0b:a3:18:5a:4c:48:3a:32:aa:7e:be:42:
                    a9:dd:d8:68:f5:52:f6:ed:1b:41:98:62:ad:17:4d:
                    27:38:08:aa:f1:a9:30:ca:9e:59:8a:68:ea:fb:e8:
                    97:a9:e3:05:4e:16:ae:bd:4c:b7:b1:f2:be:1f:a1:
                    36:a3:d2:be:c2:a3:2a:75:14:6f:3d:f7:b5:66:a2:
                    ba:e3:94:88:00:33:6c:d3:0d:d4:9e:5e:e1:46:34:
                    bc:7a:fd:0f:6c:dd:72:9b:3b:c1:c5:6f:86:b8:ba:
                    cb:cd:1f:8f:a0:ad:37:9e:5b:fa:d9:0a:ac:e9:e8:
                    3a:80:a0:4c:cd:6c:f2:13:b2:3a:c9:54:67:b7:8b:
                    70:d3:3d:d9:77:4b:82:24:ea:c8:04:5a:fe:06:c8:
                    0e:e5:21:b7:e4:69:32:2f:24:e5:a1:47:30:a8:bd:
                    41:a2:50:99:00:b3:30:e9:e7:a0:81:0b:a4:61:31:
                    cf:30:c2:6c:92:0a:0d:cf:e6:cc:49:e0:21:f9:37:
                    77:27:e1:ae:33:bf:df:af:fa:75:bc:e9:28:64:b8:
                    52:f7:43:32:62:78:c8:4f:71:a9:91:02:ad:30:d2:
                    2c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:42:A0:7E:73:C0:32:31:F2:8B:66:D8:62:62:95:E0:77:C5:47:78
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/xEKgfnPAMjHyi2bYYmKV4HfFR3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.60.0/24
                  43.251.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:1b:e0:0b:09:d6:6b:73:fb:79:bb:99:6a:6e:b6:20:5b:ea:
         2f:48:d4:cb:3f:cc:b1:3a:dc:f6:49:6d:dd:16:69:bd:61:a7:
         6a:eb:a3:2a:2e:05:9a:70:72:bc:1f:5b:fb:f4:3a:b9:a5:0e:
         84:08:7d:92:4c:d3:88:01:f8:9b:da:f9:cd:0f:1c:f7:85:09:
         62:db:c9:4a:08:df:78:8a:8f:1b:04:01:92:15:0d:41:e2:dc:
         26:c4:91:ee:66:83:7e:3f:93:0e:a6:6e:bf:7e:9c:d6:6f:10:
         c3:6c:91:c3:23:b0:37:32:78:7a:03:eb:3e:09:5f:53:5a:a7:
         d5:da:4e:8b:46:9c:41:42:bf:da:09:de:03:aa:ed:07:88:43:
         40:59:e2:c8:2d:3f:c2:20:b9:b3:0a:5c:d8:e6:00:6d:b4:b2:
         90:51:12:64:bc:d3:9c:9b:ae:df:43:e5:bc:3c:61:6b:bc:96:
         c9:6b:ae:e5:7a:08:64:7a:b5:29:37:fb:af:ed:fa:f5:1a:a0:
         e5:a3:a0:88:74:59:56:ee:ef:8e:4d:4d:be:08:2b:00:86:d5:
         4f:50:e9:57:b9:54:66:0e:95:13:cf:c7:dc:5d:68:f3:14:57:
         74:aa:06:f4:3c:44:a0:86:55:2b:b1:66:bd:32:0a:3e:c1:29:
         05:17:a1:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYpMWDhofc14vRECjufUAxj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjMwODMxMTYwNjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQyYTA3ZTczYzAzMjMxZjI4YjY2ZDg2MjYyOTVlMDc3YzU0Nzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAier8c4nzRjkXXa+6ulgOEdptnBDf
e98eq30mDrdtkUcLoxhaTEg6Mqp+vkKp3dho9VL27RtBmGKtF00nOAiq8akwyp5Z
imjq++iXqeMFThauvUy3sfK+H6E2o9K+wqMqdRRvPfe1ZqK645SIADNs0w3Unl7h
RjS8ev0PbN1ymzvBxW+GuLrLzR+PoK03nlv62Qqs6eg6gKBMzWzyE7I6yVRnt4tw
0z3Zd0uCJOrIBFr+BsgO5SG35GkyLyTloUcwqL1BolCZALMw6eeggQukYTHPMMJs
kgoNz+bMSeAh+Td3J+GuM7/fr/p1vOkoZLhS90MyYnjIT3GpkQKtMNIsnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMRCoH5zwDIx8otm2GJileB3xUd4MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEveEVLZ2ZuUEFNakh5aTJiWVltS1Y0SGZGUjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAJXI8AwQB
K/uiMA0GCSqGSIb3DQEBCwUAA4IBAQBTG+ALCdZrc/t5u5lqbrYgW+ovSNTLP8yx
Otz2SW3dFmm9Yadq66MqLgWacHK8H1v79Dq5pQ6ECH2STNOIAfib2vnNDxz3hQli
28lKCN94io8bBAGSFQ1B4twmxJHuZoN+P5MOpm6/fpzWbxDDbJHDI7A3Mnh6A+s+
CV9TWqfV2k6LRpxBQr/aCd4Dqu0HiENAWeLILT/CILmzClzY5gBttLKQURJkvNOc
m67fQ+W8PGFrvJbJa67leghkerUpN/uv7fr1GqDlo6CIdFlW7u+OTU2+CCsAhtVP
UOlXuVRmDpUTz8fcXWjzFFd0qgb0PESghlUrsWa9Mgo+wSkFF6Gf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:18 2024 by rpki-client on console-ams.rpki-client.org