Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/BNSlSTomwBVtA1vmT43LnzQxAAE.roa
File:                     BNSlSTomwBVtA1vmT43LnzQxAAE.roa (raw, json)
Hash identifier:          AfJK91t9vKGKMIEGBF5mvM7w2a6UwME3fDl6HDNHL2o=
Subject key identifier:   04:D4:A5:49:3A:26:C0:15:6D:03:5B:E6:4F:8D:CB:9F:34:31:00:01
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01878F072101E2E9D7200324A3623E5AE718
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/BNSlSTomwBVtA1vmT43LnzQxAAE.roa
Signing time:             Mon 17 Apr 2023 11:43:41 +0000
ROA not before:           Mon 17 Apr 2023 11:43:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        64.137.29.0/24 maxlen: 24
                          64.137.34.0/23 maxlen: 23
                          64.137.40.0/23 maxlen: 23
                          84.246.108.0/24 maxlen: 24
                          64.137.114.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 27 Apr 2023 12:36:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:8f:07:21:01:e2:e9:d7:20:03:24:a3:62:3e:5a:e7:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr 17 11:43:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04d4a5493a26c0156d035be64f8dcb9f34310001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6f:88:7a:ed:27:61:05:34:28:5b:13:87:a1:
                    74:1c:10:2f:f6:58:b4:b2:28:6a:7f:44:ce:e0:ee:
                    46:4e:2b:b8:4c:64:26:5d:1b:ab:82:0a:7f:86:bd:
                    13:a7:55:f8:53:b4:48:33:1c:bd:14:71:87:a6:7b:
                    7e:e6:f8:12:5e:87:7c:45:23:12:20:ea:15:c4:a8:
                    b1:23:b5:d1:f9:f4:e4:cd:4c:83:ef:aa:0b:c1:5b:
                    95:26:95:78:74:74:53:9e:96:da:a6:aa:f5:15:9e:
                    1f:5e:f5:cc:84:37:70:24:68:8f:71:37:09:d6:98:
                    6e:18:19:78:82:c8:f1:6d:66:2d:75:68:d0:d0:99:
                    48:cd:e3:6a:a2:65:c8:6a:ad:3c:87:37:f5:fb:d2:
                    db:e5:15:d3:8d:20:c7:5a:81:59:81:eb:21:b4:91:
                    d3:97:11:f9:05:d3:f7:11:9b:e1:78:4d:aa:9a:44:
                    a1:c1:d6:0c:c8:5b:30:f4:bd:ea:7c:0f:ab:c6:f7:
                    bb:5a:67:ba:ea:16:01:58:86:2e:c0:83:36:91:ca:
                    3f:c6:46:c0:31:36:dd:07:29:37:ee:5f:e4:8c:07:
                    9f:84:2d:f1:29:54:d7:d2:85:9e:81:0d:38:06:0b:
                    ea:75:0b:24:ac:2f:a9:ab:05:d2:56:64:da:45:83:
                    ec:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D4:A5:49:3A:26:C0:15:6D:03:5B:E6:4F:8D:CB:9F:34:31:00:01
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/BNSlSTomwBVtA1vmT43LnzQxAAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.29.0/24
                  64.137.34.0/23
                  64.137.40.0/23
                  64.137.114.0/24
                  84.246.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:77:e2:8b:07:9c:44:14:0e:b9:3f:82:6b:05:6f:9b:ae:d5:
         a0:f5:f1:36:a6:25:38:56:82:ff:10:b6:f3:34:b8:79:74:87:
         bc:98:6f:f5:a6:27:52:b4:2b:98:f5:65:fb:66:1a:db:35:c1:
         cb:9f:be:dd:e4:28:55:d8:8d:29:d5:41:e7:50:53:dc:18:82:
         77:52:cb:fa:26:9b:c7:26:e9:95:45:ae:78:18:e2:e3:5d:0f:
         84:aa:e2:4d:77:49:97:ac:27:75:3f:9d:aa:21:a7:fc:01:0b:
         3e:f8:36:4e:c4:1b:cc:16:c9:a4:de:94:3f:e6:bd:52:66:da:
         43:da:66:4a:8b:fc:64:65:84:fa:44:93:ca:54:ee:50:79:5c:
         25:d9:f7:31:67:61:89:6d:f0:7f:7e:7f:06:9d:77:73:09:7b:
         38:c6:80:7d:e6:97:da:e6:d0:03:66:f0:9d:c8:cd:57:51:a4:
         e6:a2:d2:f7:5a:27:db:8a:ec:66:b1:69:34:f7:c3:c4:4e:09:
         15:0d:74:88:9c:f4:44:0f:bc:be:79:41:7f:74:f2:cf:b6:c2:
         58:64:7a:d9:dd:64:d7:6e:3c:41:b3:b8:5f:74:be:ad:3c:5d:
         26:4c:9c:81:bd:d5:78:c6:35:f5:e0:52:d4:0e:e0:96:29:da:
         a1:01:05:7d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYePByEB4unXIAMko2I+WucYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwNDE3MTE0MzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQ0YTU0OTNhMjZjMDE1NmQwMzViZTY0ZjhkY2I5ZjM0MzEwMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqW+Ieu0nYQU0KFsTh6F0HBAv9li0
sihqf0TO4O5GTiu4TGQmXRurggp/hr0Tp1X4U7RIMxy9FHGHpnt+5vgSXod8RSMS
IOoVxKixI7XR+fTkzUyD76oLwVuVJpV4dHRTnpbapqr1FZ4fXvXMhDdwJGiPcTcJ
1phuGBl4gsjxbWYtdWjQ0JlIzeNqomXIaq08hzf1+9Lb5RXTjSDHWoFZgeshtJHT
lxH5BdP3EZvheE2qmkShwdYMyFsw9L3qfA+rxve7Wme66hYBWIYuwIM2kco/xkbA
MTbdByk37l/kjAefhC3xKVTX0oWegQ04BgvqdQskrC+pqwXSVmTaRYPssQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFATUpUk6JsAVbQNb5k+Ny580MQABMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvQk5TbFNUb213QlZ0QTF2bVQ0M0xuelF4QUFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAQIkdAwQB
QIkiAwQBQIkoAwQAQIlyAwQAVPZsMA0GCSqGSIb3DQEBCwUAA4IBAQCOd+KLB5xE
FA65P4JrBW+brtWg9fE2piU4VoL/ELbzNLh5dIe8mG/1pidStCuY9WX7ZhrbNcHL
n77d5ChV2I0p1UHnUFPcGIJ3Usv6JpvHJumVRa54GOLjXQ+EquJNd0mXrCd1P52q
Iaf8AQs++DZOxBvMFsmk3pQ/5r1SZtpD2mZKi/xkZYT6RJPKVO5QeVwl2fcxZ2GJ
bfB/fn8GnXdzCXs4xoB95pfa5tADZvCdyM1XUaTmotL3WifbiuxmsWk098PETgkV
DXSInPRED7y+eUF/dPLPtsJYZHrZ3WTXbjxBs7hfdL6tPF0mTJyBvdV4xjX14FLU
DuCWKdqhAQV9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org