Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/6ycQCZrv5aXE8jbwfltGD9dgjgo.roa
File:                     6ycQCZrv5aXE8jbwfltGD9dgjgo.roa (raw, json)
Hash identifier:          l6JmymA82782YJzbTWRm5Ezk35QuVxZmh1ncMFLyIzs=
Subject key identifier:   EB:27:10:09:9A:EF:E5:A5:C4:F2:36:F0:7E:5B:46:0F:D7:60:8E:0A
Certificate issuer:       /CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
Certificate serial:       0185704BCA97FF6AD8DB452B1449C4D6FC65
Authority key identifier: 40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/6ycQCZrv5aXE8jbwfltGD9dgjgo.roa
Signing time:             Mon 02 Jan 2023 02:24:53 +0000
ROA not before:           Mon 02 Jan 2023 02:24:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43090
IP address blocks:        45.129.192.0/24 maxlen: 24
                          2a0e:4dc0::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:4b:ca:97:ff:6a:d8:db:45:2b:14:49:c4:d6:fc:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40d55b78836a93fb6f9ec9fa7a79ed9b8bea2ba1
        Validity
            Not Before: Jan  2 02:24:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=eb2710099aefe5a5c4f236f07e5b460fd7608e0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:91:8b:38:ac:5b:19:bc:45:46:52:fe:62:d3:
                    6e:16:84:2c:88:f7:48:5f:5d:e1:7e:ad:f6:64:5e:
                    f4:6a:2e:a4:67:c6:9d:f2:ca:ba:a4:ab:e3:bb:72:
                    56:74:fb:a5:22:83:29:21:7d:b5:47:21:8f:41:5c:
                    44:85:17:6b:da:3e:d9:29:5f:1a:6e:db:de:04:5a:
                    72:ff:c2:59:47:62:c7:f9:1e:d3:71:0c:87:e0:fc:
                    56:cc:3f:de:91:b1:59:97:0f:36:df:25:6d:b6:c1:
                    91:14:1d:36:27:53:7a:62:93:b1:30:37:b9:50:b3:
                    fc:ed:44:e9:bb:15:b4:91:35:48:34:91:01:f6:9c:
                    2f:bd:3b:bf:a2:5c:90:f7:ab:87:f0:73:4b:c5:f8:
                    3d:c5:41:d6:da:58:ee:e4:b7:b6:1e:76:c0:c8:53:
                    7f:af:c0:ac:ef:96:23:8f:b8:4b:b1:e6:ab:dd:4d:
                    4d:f7:c9:e7:f5:14:b1:26:97:f9:dd:77:2c:13:0f:
                    05:d6:63:08:47:b1:48:66:b5:18:e9:20:5e:26:e7:
                    80:09:cb:d7:09:ee:98:6b:81:84:81:ca:83:04:28:
                    1c:49:90:06:d7:18:96:4b:de:1e:a2:a1:ba:8d:6c:
                    1b:44:ca:3c:fa:1f:6e:81:a0:dd:59:f2:46:67:d5:
                    85:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:27:10:09:9A:EF:E5:A5:C4:F2:36:F0:7E:5B:46:0F:D7:60:8E:0A
            X509v3 Authority Key Identifier:
                keyid:40:D5:5B:78:83:6A:93:FB:6F:9E:C9:FA:7A:79:ED:9B:8B:EA:2B:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNVbeINqk_tvnsn6enntm4vqK6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/6ycQCZrv5aXE8jbwfltGD9dgjgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c76d85-6864-4b37-bdb3-92e8be6279bb/1/QNVbeINqk_tvnsn6enntm4vqK6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.192.0/24
                IPv6:
                  2a0e:4dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:b1:a4:b3:97:20:f8:43:40:e4:90:d7:d8:95:04:ec:94:db:
         4a:5f:4b:7f:83:5e:e6:74:83:08:97:8a:00:b9:28:a4:30:0d:
         bd:97:75:05:df:31:ab:c4:7b:7d:07:8e:ac:cd:0c:80:00:67:
         80:1c:4a:14:01:bc:c9:c3:b2:c5:22:24:70:74:e7:0f:7d:b2:
         ec:1c:19:6e:ca:d7:d1:12:f0:7f:9c:a6:e6:fe:1b:04:65:2a:
         b0:23:26:68:77:d7:6f:db:7d:ef:95:85:a6:12:7c:c6:5a:f1:
         16:ad:23:2a:b9:4a:ec:6b:fd:7d:c9:37:75:3a:2e:ea:aa:f1:
         f9:05:55:88:a6:95:5f:6d:5e:ab:7d:af:cf:f1:ee:1d:72:12:
         31:8a:b4:c6:fb:89:8b:8b:d3:58:38:d1:bc:d2:f4:9d:d5:ea:
         b6:33:e6:b0:3a:8a:4e:f5:42:58:9f:bd:a0:0c:59:87:7e:9a:
         f0:42:70:7b:a2:a7:27:3d:76:07:0d:5b:52:f3:50:f2:82:09:
         07:2d:72:87:b0:af:d6:51:e3:c7:79:04:5a:5f:b9:f9:1c:df:
         dc:b0:85:cd:31:1b:23:5a:c4:5f:86:b6:c1:b2:ed:ed:9a:c6:
         0b:38:c4:e5:e5:50:b2:24:33:b5:b6:30:4f:f6:40:90:37:56:
         08:bf:6d:79
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVwS8qX/2rY20UrFEnE1vxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDU1Yjc4ODM2YTkzZmI2ZjllYzlmYTdhNzllZDliOGJl
YTJiYTEwHhcNMjMwMTAyMDIyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjI3MTAwOTlhZWZlNWE1YzRmMjM2ZjA3ZTViNDYwZmQ3NjA4ZTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJGLOKxbGbxFRlL+YtNuFoQsiPdI
X13hfq32ZF70ai6kZ8ad8sq6pKvju3JWdPulIoMpIX21RyGPQVxEhRdr2j7ZKV8a
btveBFpy/8JZR2LH+R7TcQyH4PxWzD/ekbFZlw823yVttsGRFB02J1N6YpOxMDe5
ULP87UTpuxW0kTVINJEB9pwvvTu/olyQ96uH8HNLxfg9xUHW2lju5Le2HnbAyFN/
r8Cs75Yjj7hLsear3U1N98nn9RSxJpf53XcsEw8F1mMIR7FIZrUY6SBeJueACcvX
Ce6Ya4GEgcqDBCgcSZAG1xiWS94eoqG6jWwbRMo8+h9ugaDdWfJGZ9WFAwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOsnEAma7+WlxPI28H5bRg/XYI4KMB8GA1UdIwQY
MBaAFEDVW3iDapP7b57J+np57ZuL6iuhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMt
OTJlOGJlNjI3OWJiLzEvNnljUUNacnY1YVhFOGpid2ZsdEdEOWRnamdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNzZkODUtNjg2NC00YjM3LWJkYjMtOTJlOGJlNjI3OWJi
LzEvUU5WYmVJTnFrX3R2bnNuNmVubnRtNHZxSzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALYHAMA0E
AgACMAcDBQMqDk3AMA0GCSqGSIb3DQEBCwUAA4IBAQBOsaSzlyD4Q0DkkNfYlQTs
lNtKX0t/g17mdIMIl4oAuSikMA29l3UF3zGrxHt9B46szQyAAGeAHEoUAbzJw7LF
IiRwdOcPfbLsHBluytfREvB/nKbm/hsEZSqwIyZod9dv233vlYWmEnzGWvEWrSMq
uUrsa/19yTd1Oi7qqvH5BVWIppVfbV6rfa/P8e4dchIxirTG+4mLi9NYONG80vSd
1eq2M+awOopO9UJYn72gDFmHfprwQnB7oqcnPXYHDVtS81DyggkHLXKHsK/WUePH
eQRaX7n5HN/csIXNMRsjWsRfhrbBsu3tmsYLOMTl5VCyJDO1tjBP9kCQN1YIv215
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:57 2024 by rpki-client on console-fra.rpki-client.org