Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/opPYpqBOo2umtRXNBPUmCM_s1Qg.roa
File:                     opPYpqBOo2umtRXNBPUmCM_s1Qg.roa (raw, json)
Hash identifier:          RorVuRG3yBR2u/u5jfJKNt56U2qiKszjbkW770u0omA=
Subject key identifier:   A2:93:D8:A6:A0:4E:A3:6B:A6:B5:15:CD:04:F5:26:08:CF:EC:D5:08
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018EA4698FCE69883757CA6E23C4C67EEF62
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/opPYpqBOo2umtRXNBPUmCM_s1Qg.roa
Signing time:             Wed 03 Apr 2024 14:42:45 +0000
ROA not before:           Wed 03 Apr 2024 14:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        45.43.172.0/22 maxlen: 22
                          64.137.29.0/24 maxlen: 24
                          64.137.39.0/24 maxlen: 24
                          64.137.44.0/24 maxlen: 24
                          64.137.45.0/24 maxlen: 24
                          64.137.46.0/24 maxlen: 24
                          64.137.72.0/24 maxlen: 24
                          64.137.85.0/24 maxlen: 24
                          64.137.114.0/24 maxlen: 24
                          64.137.116.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 12 Apr 2024 19:49:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a4:69:8f:ce:69:88:37:57:ca:6e:23:c4:c6:7e:ef:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Apr  3 14:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a293d8a6a04ea36ba6b515cd04f52608cfecd508
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:4b:6d:b3:d6:0b:b2:e2:a8:f1:44:d9:e1:0f:
                    5e:0d:ba:76:eb:f0:0c:3c:20:af:8a:a4:4c:38:13:
                    ae:aa:6a:43:71:a2:59:ba:40:39:02:90:56:1b:7c:
                    a5:80:8f:0b:f0:8e:bf:ad:40:79:46:fc:61:93:60:
                    50:3b:e8:0c:dd:fe:92:f4:3c:41:f5:70:1b:d3:33:
                    8b:0f:f0:00:7a:ae:c2:d2:cc:69:cb:df:b5:bc:f3:
                    81:27:7b:43:18:8e:be:0d:15:b2:7e:d8:43:63:6c:
                    e5:94:60:97:55:ea:e1:7c:e8:47:33:d0:f9:62:c8:
                    23:b2:85:c1:60:62:25:b2:d5:bb:ec:1c:2a:9b:bc:
                    8b:46:5c:ff:e5:28:8d:f0:5c:a5:4a:58:16:8a:cf:
                    59:cc:58:4a:0d:ab:42:6d:5d:b2:dd:46:0b:a5:5c:
                    f6:57:25:7a:d2:5b:07:ee:02:ce:75:13:33:17:96:
                    80:76:6e:93:fa:76:91:41:96:26:67:0f:e5:78:3a:
                    d5:ff:b7:56:84:5a:12:df:b0:56:6a:38:b2:20:3e:
                    49:19:47:40:70:fa:65:2d:9c:e4:59:a1:0d:e6:61:
                    14:02:12:a1:4a:f6:8b:b0:c0:8e:e7:73:4a:b0:8c:
                    37:5b:8a:50:79:cf:86:52:65:31:34:16:6a:37:63:
                    f8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:93:D8:A6:A0:4E:A3:6B:A6:B5:15:CD:04:F5:26:08:CF:EC:D5:08
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/opPYpqBOo2umtRXNBPUmCM_s1Qg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.172.0/22
                  64.137.29.0/24
                  64.137.39.0/24
                  64.137.44.0-64.137.46.255
                  64.137.72.0/24
                  64.137.85.0/24
                  64.137.114.0/24
                  64.137.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:0b:d1:34:4c:90:06:cf:e8:d9:7e:5a:0d:ca:c7:ce:25:f9:
         9c:b5:e2:03:94:b4:d5:ce:ba:e9:7f:1c:91:10:df:b2:ee:3b:
         53:99:c7:a0:7e:c6:ae:8c:f6:7b:ea:c1:13:d6:f8:95:58:92:
         ae:d0:22:b3:1a:cc:da:8c:b3:d4:b6:10:53:db:27:76:34:57:
         93:23:03:a6:72:1f:58:80:38:f9:4d:d7:ed:3a:cd:44:09:47:
         cf:f5:12:29:cf:50:35:26:a0:76:b8:c6:47:b2:0b:ef:31:ad:
         da:8b:81:6c:6b:2f:05:dc:2e:a0:78:5e:6e:b1:14:1d:0b:26:
         06:c4:98:b6:4d:cb:f7:9e:81:52:8e:ad:70:1b:31:68:3b:26:
         4c:e1:e9:3a:97:32:39:03:f8:d7:67:09:5d:da:9b:d5:9f:84:
         93:f5:10:26:45:13:55:8d:c9:78:c6:6c:23:63:c5:1c:11:6a:
         69:d3:1e:a0:aa:44:33:6b:db:0c:e9:6c:94:5a:f2:8b:88:aa:
         59:f1:a5:cc:ed:4f:56:0b:09:35:f4:61:a9:8e:68:97:04:04:
         c6:04:2f:c2:50:d2:39:0c:e6:5c:47:38:3f:1e:7e:62:ef:97:
         9b:d1:d3:8c:93:49:fd:70:f0:91:d8:6d:28:66:54:71:0a:16:
         43:f0:3a:b3
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY6kaY/OaYg3V8puI8TGfu9iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNDAzMTQ0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjkzZDhhNmEwNGVhMzZiYTZiNTE1Y2QwNGY1MjYwOGNmZWNkNTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArktts9YLsuKo8UTZ4Q9eDbp26/AM
PCCviqRMOBOuqmpDcaJZukA5ApBWG3ylgI8L8I6/rUB5Rvxhk2BQO+gM3f6S9DxB
9XAb0zOLD/AAeq7C0sxpy9+1vPOBJ3tDGI6+DRWyfthDY2zllGCXVerhfOhHM9D5
YsgjsoXBYGIlstW77Bwqm7yLRlz/5SiN8FylSlgWis9ZzFhKDatCbV2y3UYLpVz2
VyV60lsH7gLOdRMzF5aAdm6T+naRQZYmZw/leDrV/7dWhFoS37BWajiyID5JGUdA
cPplLZzkWaEN5mEUAhKhSvaLsMCO53NKsIw3W4pQec+GUmUxNBZqN2P4UQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFKKT2KagTqNrprUVzQT1JgjP7NUIMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvb3BQWXBxQk9vMnVtdFJYTkJQVW1DTV9zMVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQCLSusAwQA
QIkdAwQAQIknMAwDBAJAiSwDBABAiS4DBABAiUgDBABAiVUDBABAiXIDBABAiXQw
DQYJKoZIhvcNAQELBQADggEBAEsL0TRMkAbP6Nl+Wg3Kx84l+Zy14gOUtNXOuul/
HJEQ37LuO1OZx6B+xq6M9nvqwRPW+JVYkq7QIrMazNqMs9S2EFPbJ3Y0V5MjA6Zy
H1iAOPlN1+06zUQJR8/1EinPUDUmoHa4xkeyC+8xrdqLgWxrLwXcLqB4Xm6xFB0L
JgbEmLZNy/eegVKOrXAbMWg7Jkzh6TqXMjkD+NdnCV3am9WfhJP1ECZFE1WNyXjG
bCNjxRwRamnTHqCqRDNr2wzpbJRa8ouIqlnxpcztT1YLCTX0YamOaJcEBMYEL8JQ
0jkM5lxHOD8efmLvl5vR04yTSf1w8JHYbShmVHEKFkPwOrM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org