Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/qUDsbypTg7FLTJyK5miSQLpPH-k.roa
File:                     qUDsbypTg7FLTJyK5miSQLpPH-k.roa (raw, json)
Hash identifier:          a3vtjw7K1Mi7vbO/ovBl6TGUg1bZpFP3Ih0IXW+WFNc=
Subject key identifier:   A9:40:EC:6F:2A:53:83:B1:4B:4C:9C:8A:E6:68:92:40:BA:4F:1F:E9
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0188300686E2C56B2A208D1A25814859723F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/qUDsbypTg7FLTJyK5miSQLpPH-k.roa
Signing time:             Thu 18 May 2023 18:01:54 +0000
ROA not before:           Thu 18 May 2023 18:01:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398465
IP address blocks:        64.137.29.0/24 maxlen: 24
                          64.137.39.0/24 maxlen: 24
                          64.137.44.0/24 maxlen: 24
                          64.137.45.0/24 maxlen: 24
                          64.137.46.0/24 maxlen: 24
                          64.137.72.0/24 maxlen: 24
                          64.137.85.0/24 maxlen: 24
                          64.137.114.0/24 maxlen: 24
                          64.137.116.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:30:06:86:e2:c5:6b:2a:20:8d:1a:25:81:48:59:72:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May 18 18:01:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a940ec6f2a5383b14b4c9c8ae6689240ba4f1fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:a6:60:5a:fe:49:65:fe:e3:61:b0:3a:f4:c9:
                    39:96:cd:ab:0c:ed:f4:01:9e:9b:7d:a8:e8:c8:7c:
                    3c:0a:6d:9e:ec:f9:30:25:72:b3:78:0f:b7:c1:f4:
                    f6:c5:f4:39:47:44:8a:e7:8b:04:b7:ef:c8:0a:91:
                    90:20:7c:06:f2:5b:f4:89:4d:e3:16:77:fc:2a:ae:
                    62:80:de:df:6d:8b:69:68:13:d7:42:2b:ec:ec:3c:
                    7b:54:34:6a:fd:ae:9c:bc:d0:1e:5b:0b:a9:aa:35:
                    44:52:ab:5d:1b:73:8d:a1:70:5c:0e:02:c2:27:dd:
                    cc:6e:68:72:96:4c:73:c8:8b:5c:1e:78:82:67:4a:
                    55:a7:29:d3:2a:5e:7f:91:1e:57:9b:73:1c:59:04:
                    26:4b:68:74:94:75:ec:40:52:75:d2:e7:d7:c7:7d:
                    bf:44:c3:32:bb:52:2c:36:34:9b:29:ee:5a:0a:4f:
                    07:05:fa:30:d5:11:b9:4d:2d:31:7a:c3:86:6b:78:
                    32:1d:88:66:d2:31:99:7a:45:8b:ea:63:98:93:e4:
                    f6:bf:5f:a6:25:56:28:10:e2:67:13:d7:45:2e:f1:
                    b8:84:7f:2f:cf:1e:00:b9:97:33:93:fa:d1:36:e0:
                    95:f4:37:f9:19:57:e2:3f:32:4d:95:b4:98:5f:b8:
                    68:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:40:EC:6F:2A:53:83:B1:4B:4C:9C:8A:E6:68:92:40:BA:4F:1F:E9
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/qUDsbypTg7FLTJyK5miSQLpPH-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.29.0/24
                  64.137.39.0/24
                  64.137.44.0-64.137.46.255
                  64.137.72.0/24
                  64.137.85.0/24
                  64.137.114.0/24
                  64.137.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:d3:66:e2:0a:44:b4:db:32:0f:c9:b4:80:00:b8:ea:34:60:
         cc:02:b7:7a:32:80:79:00:ed:de:f7:df:89:fe:77:a2:90:7b:
         9f:99:1d:73:e4:05:8f:11:21:a5:95:09:5f:d7:ba:06:6a:0d:
         4f:fe:81:25:83:9d:50:e6:f1:62:78:7a:e2:d1:35:ac:5d:17:
         ac:41:28:99:44:30:d2:cc:c1:9e:dc:42:e4:93:a9:7d:3b:4a:
         75:52:da:bf:10:12:56:43:3c:f8:fc:34:69:0b:9c:89:12:e9:
         9c:9a:5c:d3:a4:d7:1a:b2:be:7a:34:e9:b2:c3:65:f8:1c:41:
         a2:a7:0f:1e:c1:8c:e1:01:7c:09:59:36:4c:bd:db:7b:29:64:
         31:76:15:86:d3:97:d0:bb:2e:e3:ec:03:48:5f:c2:f6:79:af:
         83:25:3a:d9:f0:b4:e2:b8:eb:d8:f4:f5:b3:11:50:8e:50:61:
         8a:99:7b:20:12:f1:08:84:0d:37:41:c7:79:53:5c:c2:3c:1b:
         f3:17:9a:2d:8d:ad:44:4d:95:d0:c5:2d:fa:b4:50:1a:eb:6c:
         08:8d:62:a3:70:b7:68:24:54:de:cb:34:1d:ed:99:62:20:a9:
         de:42:32:64:f9:e8:7b:35:17:55:c7:2b:b3:7e:6c:b3:19:9e:
         42:de:aa:a2
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYgwBobixWsqII0aJYFIWXI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwNTE4MTgwMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTQwZWM2ZjJhNTM4M2IxNGI0YzljOGFlNjY4OTI0MGJhNGYxZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgaZgWv5JZf7jYbA69Mk5ls2rDO30
AZ6bfajoyHw8Cm2e7PkwJXKzeA+3wfT2xfQ5R0SK54sEt+/ICpGQIHwG8lv0iU3j
Fnf8Kq5igN7fbYtpaBPXQivs7Dx7VDRq/a6cvNAeWwupqjVEUqtdG3ONoXBcDgLC
J93MbmhylkxzyItcHniCZ0pVpynTKl5/kR5Xm3McWQQmS2h0lHXsQFJ10ufXx32/
RMMyu1IsNjSbKe5aCk8HBfow1RG5TS0xesOGa3gyHYhm0jGZekWL6mOYk+T2v1+m
JVYoEOJnE9dFLvG4hH8vzx4AuZczk/rRNuCV9Df5GVfiPzJNlbSYX7hoMwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKlA7G8qU4OxS0yciuZokkC6Tx/pMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvcVVEc2J5cFRnN0ZMVEp5SzVtaVNRTHBQSC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAQIkdAwQA
QIknMAwDBAJAiSwDBABAiS4DBABAiUgDBABAiVUDBABAiXIDBABAiXQwDQYJKoZI
hvcNAQELBQADggEBAHXTZuIKRLTbMg/JtIAAuOo0YMwCt3oygHkA7d7334n+d6KQ
e5+ZHXPkBY8RIaWVCV/XugZqDU/+gSWDnVDm8WJ4euLRNaxdF6xBKJlEMNLMwZ7c
QuSTqX07SnVS2r8QElZDPPj8NGkLnIkS6ZyaXNOk1xqyvno06bLDZfgcQaKnDx7B
jOEBfAlZNky923spZDF2FYbTl9C7LuPsA0hfwvZ5r4MlOtnwtOK469j09bMRUI5Q
YYqZeyAS8QiEDTdBx3lTXMI8G/MXmi2NrURNldDFLfq0UBrrbAiNYqNwt2gkVN7L
NB3tmWIgqd5CMmT56Hs1F1XHK7N+bLMZnkLeqqI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org