Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/am2UGic-Z05ugMe6UwQkWA36GNk.roa
File:                     am2UGic-Z05ugMe6UwQkWA36GNk.roa (raw, json)
Hash identifier:          ezqcVmNbZlWE080+eg95dukNYsjv5NprXJ8RJHUhznI=
Subject key identifier:   6A:6D:94:1A:27:3E:67:4E:6E:80:C7:BA:53:04:24:58:0D:FA:18:D9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D2499C12A8E7B388CB31140E293A0B61E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/am2UGic-Z05ugMe6UwQkWA36GNk.roa
Signing time:             Sat 20 Jan 2024 02:01:12 +0000
ROA not before:           Sat 20 Jan 2024 02:01:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.148.116.0/22 maxlen: 24
                          185.238.188.0/22 maxlen: 24
                          2a06:de01:d0::/44 maxlen: 48
                          2a0c:3b87:ff00::/40 maxlen: 48
                          2a0c:3b87:ffff::/48 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:97c0:791::/48 maxlen: 48
                          2a0e:97c0:792::/48 maxlen: 48
                          2a0e:97c4:ac00::/38 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a0e:b107:1870::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:b107:278b::/48 maxlen: 48
                          2a10:cc40:cc46::/48 maxlen: 48
                          2a10:ccc0:110::/44 maxlen: 48
                          2a10:ccc3:ccce::/48 maxlen: 48
                          2a10:ccc7:9000::/38 maxlen: 48

Validation:               Failed, certificate revoked on Sun 21 Jan 2024 05:41:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:24:99:c1:2a:8e:7b:38:8c:b3:11:40:e2:93:a0:b6:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 20 02:01:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a6d941a273e674e6e80c7ba530424580dfa18d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9a:18:bd:94:e3:33:8f:a4:4c:9f:87:8e:d7:
                    66:71:88:39:a9:e2:57:d2:b4:c6:36:ee:fa:b7:4c:
                    30:94:61:9f:72:60:9a:7f:3a:db:9d:05:59:ae:43:
                    5f:14:6e:66:0b:f5:36:d1:e6:af:f3:7f:14:12:68:
                    86:59:b9:8f:e3:9c:6f:b1:17:e0:30:fb:0d:0e:fd:
                    96:c2:65:f5:4c:34:7a:6c:7b:70:21:46:68:17:7b:
                    75:43:a2:6e:97:97:f1:83:27:33:eb:40:67:62:51:
                    4e:fb:15:ae:3f:34:81:b9:d9:72:03:2c:4e:8c:ff:
                    3e:8b:64:02:5a:99:98:18:1e:5b:36:fe:b4:92:34:
                    6f:07:8d:37:95:38:20:9b:7c:bb:c1:af:2b:64:b3:
                    60:9f:41:3b:0d:3d:a9:9d:c2:9d:fb:14:5d:00:6b:
                    a0:be:af:78:b9:84:64:51:b1:7c:bc:c4:56:b6:7d:
                    21:26:aa:65:8a:70:9f:74:30:25:6c:d6:e6:4e:46:
                    1d:0b:bd:c5:64:27:53:3a:99:63:6e:d7:2b:cb:2e:
                    86:6c:ec:0b:f5:0c:cb:23:31:e0:7f:a6:6e:96:d4:
                    b6:99:2a:63:6e:00:ae:30:93:cf:08:9b:06:79:c6:
                    a4:f9:c4:4e:9b:1f:49:e2:c4:8b:12:a6:e5:f1:b3:
                    d9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:6D:94:1A:27:3E:67:4E:6E:80:C7:BA:53:04:24:58:0D:FA:18:D9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/am2UGic-Z05ugMe6UwQkWA36GNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.116.0/22
                  185.238.188.0/22
                IPv6:
                  2a06:de01:d0::/44
                  2a0c:3b87:ff00::/40
                  2a0e:97c0:750::/48
                  2a0e:97c0:791::-2a0e:97c0:792:ffff:ffff:ffff:ffff:ffff
                  2a0e:97c4:ac00::/38
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48
                  2a0e:b107:278b::/48
                  2a10:cc40:cc46::/48
                  2a10:ccc0:110::/44
                  2a10:ccc3:ccce::/48
                  2a10:ccc7:9000::/38

    Signature Algorithm: sha256WithRSAEncryption
         b0:a5:cc:81:48:bd:12:cb:97:d2:09:23:e0:3e:d7:e3:24:13:
         8b:98:a7:c4:29:94:06:9f:c5:9f:02:bf:44:fe:6f:d1:ac:a2:
         3c:2e:37:6e:b7:71:d0:2e:d0:ed:f6:c6:5c:9a:f5:10:a4:65:
         76:91:16:1d:dc:7a:14:0b:d5:80:8b:c1:6f:8b:62:4a:96:08:
         17:9e:47:09:66:06:28:cf:e5:b1:43:8e:ed:b8:0c:4c:2c:6f:
         33:ed:b8:e0:64:37:c7:84:4c:ee:90:d7:dc:f8:0f:e5:b2:16:
         c7:53:31:cd:0f:c0:d0:c2:cf:28:de:11:55:72:47:30:be:51:
         53:63:33:90:6d:1e:6f:58:76:fc:a4:6f:3e:b7:20:d1:d7:6b:
         d1:f7:d3:30:38:88:4d:07:6e:92:34:9d:fc:74:b2:da:3e:94:
         9c:55:4f:eb:53:e0:d1:13:4a:f2:a6:7e:66:72:fc:3e:fa:16:
         89:28:4e:7d:18:bf:4e:d6:e7:64:44:11:34:42:6b:42:5f:f2:
         4e:3b:a7:6b:51:82:1f:16:bb:83:a7:15:5d:6d:3f:86:ca:45:
         2d:70:37:98:80:f9:b6:f4:26:f9:e4:a8:f6:15:76:4e:f9:eb:
         fc:29:3e:74:cd:cb:8e:ed:01:7b:35:a1:dc:d0:4a:eb:5e:92:
         e8:ea:96:80
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgISAY0kmcEqjns4jLMRQOKToLYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTIwMDIwMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTZkOTQxYTI3M2U2NzRlNmU4MGM3YmE1MzA0MjQ1ODBkZmExOGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZoYvZTjM4+kTJ+HjtdmcYg5qeJX
0rTGNu76t0wwlGGfcmCafzrbnQVZrkNfFG5mC/U20eav838UEmiGWbmP45xvsRfg
MPsNDv2WwmX1TDR6bHtwIUZoF3t1Q6Jul5fxgycz60BnYlFO+xWuPzSBudlyAyxO
jP8+i2QCWpmYGB5bNv60kjRvB403lTggm3y7wa8rZLNgn0E7DT2pncKd+xRdAGug
vq94uYRkUbF8vMRWtn0hJqplinCfdDAlbNbmTkYdC73FZCdTOpljbtcryy6GbOwL
9QzLIzHgf6ZultS2mSpjbgCuMJPPCJsGecak+cROmx9J4sSLEqbl8bPZRQIDAQAB
o4ICqzCCAqcwHQYDVR0OBBYEFGptlBonPmdOboDHulMEJFgN+hjZMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvYW0yVUdpYy1aMDV1Z01lNlV3UWtXQTM2R05rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHABggrBgEFBQcBBwEB/wSBsDCBrTASBAIAATAMAwQCLZR0
AwQCue68MIGWBAIAAjCBjwMHBCoG3gEA0AMGACoMO4f/AwcAKg6XwAdQMBIDBwAq
DpfAB5EDBwAqDpfAB5IDBgIqDpfErAMHACoOsQcJ9AMHACoOsQcJ9gMHACoOsQcN
8gMHACoOsQcYcAMHACoOsQcbngMHACoOsQcniwMHACoQzEDMRgMHBCoQzMABEAMH
ACoQzMPMzgMGAioQzMeQMA0GCSqGSIb3DQEBCwUAA4IBAQCwpcyBSL0Sy5fSCSPg
PtfjJBOLmKfEKZQGn8WfAr9E/m/RrKI8Ljdut3HQLtDt9sZcmvUQpGV2kRYd3HoU
C9WAi8Fvi2JKlggXnkcJZgYoz+WxQ47tuAxMLG8z7bjgZDfHhEzukNfc+A/lshbH
UzHND8DQws8o3hFVckcwvlFTYzOQbR5vWHb8pG8+tyDR12vR99MwOIhNB26SNJ38
dLLaPpScVU/rU+DRE0rypn5mcvw++haJKE59GL9O1udkRBE0QmtCX/JOO6drUYIf
FruDpxVdbT+GykUtcDeYgPm29Cb55Kj2FXZO+ev8KT50zcuO7QF7NaHc0ErrXpLo
6paA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:07 2024 by rpki-client on console-ams.rpki-client.org