Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/0ab167-3094-4103-8131-064414d0340f/1/dDvLFBaW0aBvLDHu8DBk1xHMGmc.roa
File:                     dDvLFBaW0aBvLDHu8DBk1xHMGmc.roa (raw, json)
Hash identifier:          Iu8lkNhIkBp+YeazIlfkHoBA3d3MkaJ9TjQewdOu3b4=
Subject key identifier:   74:3B:CB:14:16:96:D1:A0:6F:2C:31:EE:F0:30:64:D7:11:CC:1A:67
Certificate issuer:       /CN=1232303d1638e0735240491aaa9e42b1887adaca
Certificate serial:       01856EAFCCC0686FA2B84A27ABBAAFA84295
Authority key identifier: 12:32:30:3D:16:38:E0:73:52:40:49:1A:AA:9E:42:B1:88:7A:DA:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EjIwPRY44HNSQEkaqp5CsYh62so.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/0ab167-3094-4103-8131-064414d0340f/1/dDvLFBaW0aBvLDHu8DBk1xHMGmc.roa
Signing time:             Sun 01 Jan 2023 18:54:52 +0000
ROA not before:           Sun 01 Jan 2023 18:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51440
IP address blocks:        46.28.136.0/24 maxlen: 24
                          46.28.140.0/24 maxlen: 24
                          95.215.130.0/24 maxlen: 24
                          95.215.129.0/24 maxlen: 24
                          195.35.85.0/24 maxlen: 24
                          46.32.222.0/24 maxlen: 24
                          5.34.160.0/24 maxlen: 24
                          2a03:2940::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:af:cc:c0:68:6f:a2:b8:4a:27:ab:ba:af:a8:42:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1232303d1638e0735240491aaa9e42b1887adaca
        Validity
            Not Before: Jan  1 18:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=743bcb141696d1a06f2c31eef03064d711cc1a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c6:e0:ef:a3:f9:25:58:11:f3:82:c9:4c:b1:
                    83:03:ee:be:4a:cc:3d:a7:18:70:a8:ef:3b:78:e8:
                    86:40:9a:a8:88:c6:f2:dd:41:9b:16:cc:47:3c:a5:
                    b9:0b:d3:a0:3e:76:f8:87:0e:6e:b7:df:64:96:cc:
                    47:cd:93:7d:fc:34:1d:25:ca:dc:bf:ab:bf:08:f3:
                    e0:dc:98:2c:af:4e:25:f4:5e:46:67:e4:da:e1:7f:
                    5f:7d:c9:98:f7:7c:ba:e4:a6:cf:5d:b4:f3:78:69:
                    44:c9:5e:fd:8e:42:c1:16:d1:59:b3:b5:be:91:22:
                    f2:a1:a6:ed:cc:70:db:76:7b:7e:cc:f6:74:aa:36:
                    bd:a5:16:f8:60:17:3b:fe:b8:6e:27:20:5c:3b:4c:
                    6a:bc:b1:88:24:43:48:44:6b:e9:db:67:f5:d8:6a:
                    2a:9f:bf:e7:5e:52:95:5a:8b:9f:cd:a5:7d:db:2f:
                    1d:5e:13:9b:f0:c9:7a:96:8f:58:46:e1:12:9a:c6:
                    70:da:4f:6b:1d:cf:e2:be:d3:73:01:91:e3:a7:71:
                    5a:36:fd:ee:9e:ad:1f:76:0f:0c:97:41:17:23:76:
                    cb:05:d7:7d:16:06:2e:bf:c7:74:6c:84:bb:46:f3:
                    f7:1b:10:ab:ea:a1:17:61:1d:b7:4f:cc:81:68:1a:
                    f9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:3B:CB:14:16:96:D1:A0:6F:2C:31:EE:F0:30:64:D7:11:CC:1A:67
            X509v3 Authority Key Identifier:
                keyid:12:32:30:3D:16:38:E0:73:52:40:49:1A:AA:9E:42:B1:88:7A:DA:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EjIwPRY44HNSQEkaqp5CsYh62so.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/0ab167-3094-4103-8131-064414d0340f/1/dDvLFBaW0aBvLDHu8DBk1xHMGmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/0ab167-3094-4103-8131-064414d0340f/1/EjIwPRY44HNSQEkaqp5CsYh62so.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.34.160.0/24
                  46.28.136.0/24
                  46.28.140.0/24
                  46.32.222.0/24
                  95.215.129.0-95.215.130.255
                  195.35.85.0/24
                IPv6:
                  2a03:2940::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:15:7a:4f:31:58:aa:c6:b7:5f:cc:9b:fd:ab:5c:ad:ba:a5:
         f8:a4:ed:d3:4c:0b:9d:91:fa:94:5e:c3:b8:a4:1e:bb:0b:61:
         51:c6:07:a1:4e:07:18:08:5b:88:f9:69:69:bd:fb:9b:61:da:
         29:02:85:77:23:6b:a2:0f:69:7b:f0:69:e5:61:e2:40:a3:48:
         d7:31:2d:70:f8:74:41:e5:fe:b0:5d:b3:a7:c0:10:39:92:c7:
         e7:55:d9:77:6c:3f:9b:b6:ad:7a:55:95:6e:5f:7f:a6:08:8c:
         dd:a9:7c:d4:53:5c:7b:4f:90:9f:8c:5b:6b:ac:c0:d9:d1:c7:
         c8:2e:3e:09:da:3b:15:cd:f3:da:e8:c6:b4:49:5a:9d:60:5b:
         49:b3:ea:09:a1:3c:16:52:6c:6a:ea:da:ef:fb:21:80:ff:37:
         30:d7:96:f6:e0:7f:07:0e:66:70:ae:53:b1:8b:a0:a6:3d:2a:
         a8:02:0a:88:dd:1e:c9:a4:f7:88:3c:cf:0a:70:bd:81:2c:90:
         b5:29:e1:64:fc:b6:5e:73:ec:9b:6a:93:bd:56:cc:1a:04:5e:
         1b:de:a8:6c:2d:14:12:5f:29:80:0e:d5:34:b6:96:45:c9:d4:
         10:b9:e1:ff:ff:8c:2e:6c:1b:36:4a:0b:22:c9:d0:f0:3d:fe:
         2c:0c:ec:1b
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVur8zAaG+iuEonq7qvqEKVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMzIzMDNkMTYzOGUwNzM1MjQwNDkxYWFhOWU0MmIxODg3
YWRhY2EwHhcNMjMwMTAxMTg1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDNiY2IxNDE2OTZkMWEwNmYyYzMxZWVmMDMwNjRkNzExY2MxYTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsbg76P5JVgR84LJTLGDA+6+Ssw9
pxhwqO87eOiGQJqoiMby3UGbFsxHPKW5C9OgPnb4hw5ut99klsxHzZN9/DQdJcrc
v6u/CPPg3Jgsr04l9F5GZ+Ta4X9ffcmY93y65KbPXbTzeGlEyV79jkLBFtFZs7W+
kSLyoabtzHDbdnt+zPZ0qja9pRb4YBc7/rhuJyBcO0xqvLGIJENIRGvp22f12Goq
n7/nXlKVWoufzaV92y8dXhOb8Ml6lo9YRuESmsZw2k9rHc/ivtNzAZHjp3FaNv3u
nq0fdg8Ml0EXI3bLBdd9FgYuv8d0bIS7RvP3GxCr6qEXYR23T8yBaBr5DwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFHQ7yxQWltGgbywx7vAwZNcRzBpnMB8GA1UdIwQY
MBaAFBIyMD0WOOBzUkBJGqqeQrGIetrKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWpJd1BSWTQ0SE5TUUVrYXFwNUNzWWg2MnNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi8wYWIxNjctMzA5NC00MTAzLTgxMzEt
MDY0NDE0ZDAzNDBmLzEvZER2TEZCYVcwYUJ2TERIdThEQmsxeEhNR21jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi8wYWIxNjctMzA5NC00MTAzLTgxMzEtMDY0NDE0ZDAzNDBm
LzEvRWpJd1BSWTQ0SE5TUUVrYXFwNUNzWWg2MnNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQABSKgAwQA
LhyIAwQALhyMAwQALiDeMAwDBABf14EDBABf14IDBADDI1UwDQQCAAIwBwMFACoD
KUAwDQYJKoZIhvcNAQELBQADggEBAHgVek8xWKrGt1/Mm/2rXK26pfik7dNMC52R
+pRew7ikHrsLYVHGB6FOBxgIW4j5aWm9+5th2ikChXcja6IPaXvwaeVh4kCjSNcx
LXD4dEHl/rBds6fAEDmSx+dV2XdsP5u2rXpVlW5ff6YIjN2pfNRTXHtPkJ+MW2us
wNnRx8guPgnaOxXN89roxrRJWp1gW0mz6gmhPBZSbGrq2u/7IYD/NzDXlvbgfwcO
ZnCuU7GLoKY9KqgCCojdHsmk94g8zwpwvYEskLUp4WT8tl5z7Jtqk71WzBoEXhve
qGwtFBJfKYAO1TS2lkXJ1BC54f//jC5sGzZKCyLJ0PA9/iwM7Bs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:21 2024 by rpki-client on console-ams.rpki-client.org