Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/TdcRo-M6dJXKHNXUn-QTd6WK5hg.roa
File:                     TdcRo-M6dJXKHNXUn-QTd6WK5hg.roa (raw, json)
Hash identifier:          fRjYDlMQQhecHg3nZ452/nEvrX+V9d0u3TeBTFuXGGM=
Subject key identifier:   4D:D7:11:A3:E3:3A:74:95:CA:1C:D5:D4:9F:E4:13:77:A5:8A:E6:18
Certificate issuer:       /CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
Certificate serial:       018B1E18AE6D2D92F41E221BB433B472BF15
Authority key identifier: 94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/TdcRo-M6dJXKHNXUn-QTd6WK5hg.roa
Signing time:             Wed 11 Oct 2023 09:36:55 +0000
ROA not before:           Wed 11 Oct 2023 09:36:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        86.62.31.0/24 maxlen: 24
                          86.62.28.0/24 maxlen: 24
                          86.62.29.0/24 maxlen: 24
                          86.62.30.0/24 maxlen: 24
                          185.81.127.0/24 maxlen: 24
                          194.107.162.0/24 maxlen: 24
                          194.36.32.0/23 maxlen: 23
                          45.80.28.0/24 maxlen: 24
                          45.80.30.0/24 maxlen: 24
                          45.80.31.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 11 Oct 2023 13:36:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1e:18:ae:6d:2d:92:f4:1e:22:1b:b4:33:b4:72:bf:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94e59d245d150dc38c4896263dcbdcbbd67470a7
        Validity
            Not Before: Oct 11 09:36:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4dd711a3e33a7495ca1cd5d49fe41377a58ae618
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1f:40:33:78:0f:b8:c9:46:53:bb:e4:fa:4c:
                    3c:fa:d0:91:73:b2:14:a5:bc:ca:af:30:0b:14:3e:
                    bf:da:d7:ec:37:a6:5b:d9:53:e4:0b:58:e4:5f:ec:
                    9a:4f:d3:bd:2f:c3:6d:1a:f0:75:ca:a2:18:31:7e:
                    dc:95:8e:89:51:58:c0:c7:51:cb:5d:5a:09:b0:db:
                    2b:74:dd:76:35:b0:2a:ee:e4:6d:04:e1:35:94:ff:
                    4f:77:e9:b0:20:89:0a:d3:e3:c7:fe:09:4e:f6:e7:
                    4c:8a:b3:b3:d6:1c:e2:af:db:ec:c8:1f:4f:88:8a:
                    93:3d:12:8c:b0:dd:c9:e6:f7:29:92:9c:bb:04:86:
                    e7:8f:cc:cd:47:4f:d4:28:ff:60:2c:e8:bd:6b:a5:
                    d3:ac:df:66:43:4a:3b:25:ce:a1:4c:96:c1:40:a7:
                    37:de:5a:2b:4f:52:5d:3e:07:0e:de:fd:1b:2f:b1:
                    d3:77:d3:ef:6a:84:8a:d4:19:51:c6:33:39:8d:8b:
                    d6:ff:f1:f9:d5:5b:ce:17:2b:84:f4:f4:86:20:65:
                    fb:6a:0d:e4:e9:11:7a:9a:e5:73:5c:62:b4:e8:4b:
                    ba:27:c5:e8:bb:5b:29:9e:20:4d:c0:16:bc:54:1c:
                    4f:0f:bd:85:18:24:df:c2:16:2d:15:e9:b6:f7:b2:
                    af:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:D7:11:A3:E3:3A:74:95:CA:1C:D5:D4:9F:E4:13:77:A5:8A:E6:18
            X509v3 Authority Key Identifier:
                keyid:94:E5:9D:24:5D:15:0D:C3:8C:48:96:26:3D:CB:DC:BB:D6:74:70:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/TdcRo-M6dJXKHNXUn-QTd6WK5hg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/287cd2-f1d8-44a9-bed2-ee95b6cc3474/1/lOWdJF0VDcOMSJYmPcvcu9Z0cKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.28.0/24
                  45.80.30.0/23
                  86.62.28.0/22
                  185.81.127.0/24
                  194.36.32.0/23
                  194.107.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:8b:b4:dd:41:a5:59:4b:e9:4c:6d:7f:21:95:79:a9:9c:c3:
         c2:dd:1b:a8:21:4e:31:8f:91:14:92:2e:ea:03:83:36:d0:ab:
         64:80:a2:37:13:e7:9d:7e:d0:c6:be:61:fa:b4:6a:40:ee:32:
         5c:b3:6d:7b:34:9e:5d:3a:dc:d1:24:8c:c5:44:7a:30:2a:c3:
         32:32:7e:97:36:c8:6e:97:db:61:af:fe:32:ab:e1:98:04:d1:
         3d:62:c7:73:46:df:4f:3d:c0:5e:c4:ca:69:a8:f4:cc:4d:8b:
         00:96:67:86:9a:cb:b7:25:57:de:29:77:37:16:01:80:59:70:
         a8:f4:ec:54:1e:34:b3:ab:4f:db:79:39:eb:8d:5e:9d:4f:bf:
         23:20:42:92:03:9b:48:97:9c:02:b8:dd:1f:3c:c6:db:55:c2:
         57:6d:f2:e2:d7:21:6d:b3:bf:58:e0:3b:bc:45:8b:94:27:98:
         08:f5:0d:da:2a:b0:58:ec:f9:85:a8:80:f7:a6:89:78:f9:f2:
         6f:16:09:e7:05:29:29:3f:be:9e:66:55:51:92:74:89:c3:63:
         9d:bd:49:da:e2:25:13:41:9c:d5:aa:ed:ce:f3:4d:bb:04:61:
         4a:86:5f:10:cd:20:10:74:40:08:ef:8e:8c:46:98:31:c5:80:
         22:7d:92:9b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYseGK5tLZL0HiIbtDO0cr8VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZTU5ZDI0NWQxNTBkYzM4YzQ4OTYyNjNkY2JkY2JiZDY3
NDcwYTcwHhcNMjMxMDExMDkzNjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGQ3MTFhM2UzM2E3NDk1Y2ExY2Q1ZDQ5ZmU0MTM3N2E1OGFlNjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR9AM3gPuMlGU7vk+kw8+tCRc7IU
pbzKrzALFD6/2tfsN6Zb2VPkC1jkX+yaT9O9L8NtGvB1yqIYMX7clY6JUVjAx1HL
XVoJsNsrdN12NbAq7uRtBOE1lP9Pd+mwIIkK0+PH/glO9udMirOz1hzir9vsyB9P
iIqTPRKMsN3J5vcpkpy7BIbnj8zNR0/UKP9gLOi9a6XTrN9mQ0o7Jc6hTJbBQKc3
3lorT1JdPgcO3v0bL7HTd9PvaoSK1BlRxjM5jYvW//H51VvOFyuE9PSGIGX7ag3k
6RF6muVzXGK06Eu6J8Xou1spniBNwBa8VBxPD72FGCTfwhYtFem297KvGwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFE3XEaPjOnSVyhzV1J/kE3eliuYYMB8GA1UdIwQY
MBaAFJTlnSRdFQ3DjEiWJj3L3LvWdHCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDIt
ZWU5NWI2Y2MzNDc0LzEvVGRjUm8tTTZkSlhLSE5YVW4tUVRkNldLNWhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8yODdjZDItZjFkOC00NGE5LWJlZDItZWU5NWI2Y2MzNDc0
LzEvbE9XZEpGMFZEY09NU0pZbVBjdmN1OVowY0tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALVAcAwQB
LVAeAwQCVj4cAwQAuVF/AwQBwiQgAwQAwmuiMA0GCSqGSIb3DQEBCwUAA4IBAQBC
i7TdQaVZS+lMbX8hlXmpnMPC3RuoIU4xj5EUki7qA4M20KtkgKI3E+edftDGvmH6
tGpA7jJcs217NJ5dOtzRJIzFRHowKsMyMn6XNshul9thr/4yq+GYBNE9YsdzRt9P
PcBexMppqPTMTYsAlmeGmsu3JVfeKXc3FgGAWXCo9OxUHjSzq0/beTnrjV6dT78j
IEKSA5tIl5wCuN0fPMbbVcJXbfLi1yFts79Y4Du8RYuUJ5gI9Q3aKrBY7PmFqID3
pol4+fJvFgnnBSkpP76eZlVRknSJw2OdvUna4iUTQZzVqu3O8027BGFKhl8QzSAQ
dEAI746MRpgxxYAifZKb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:12 2024 by rpki-client on console-fra.rpki-client.org