Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/rTQzUujppRjW5KssoMLDKC-cv8I.roa
File:                     rTQzUujppRjW5KssoMLDKC-cv8I.roa (raw, json)
Hash identifier:          xuGUtlYHRGBDK26x2IlRZpkDOX0I8PBx9m+v3osEpv0=
Subject key identifier:   AD:34:33:52:E8:E9:A5:18:D6:E4:AB:2C:A0:C2:C3:28:2F:9C:BF:C2
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0186A356F18AF8A783A9B9FEEF69C11B0316
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/rTQzUujppRjW5KssoMLDKC-cv8I.roa
Signing time:             Thu 02 Mar 2023 17:20:29 +0000
ROA not before:           Thu 02 Mar 2023 17:20:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205964
IP address blocks:        64.137.30.0/23 maxlen: 23
                          104.239.0.0/23 maxlen: 23
                          104.239.4.0/23 maxlen: 23
                          104.239.2.0/23 maxlen: 23
                          104.239.6.0/23 maxlen: 23
                          104.143.252.0/22 maxlen: 22
                          64.137.64.0/23 maxlen: 23
                          64.137.70.0/23 maxlen: 23
                          64.137.105.0/24 maxlen: 24
                          64.137.107.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 06 Mar 2023 13:14:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a3:56:f1:8a:f8:a7:83:a9:b9:fe:ef:69:c1:1b:03:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar  2 17:20:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad343352e8e9a518d6e4ab2ca0c2c3282f9cbfc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:57:82:34:c4:1e:e7:07:89:9e:21:ff:9c:c9:
                    0b:38:a0:3c:cc:18:56:ac:a7:2f:dc:08:68:c4:c4:
                    e1:c8:b3:e8:c4:61:36:8c:03:8d:d7:63:c0:09:d0:
                    04:4a:fc:f8:36:f5:43:27:03:1f:99:07:e9:98:62:
                    27:ca:7a:a6:62:62:91:d0:df:ad:1d:12:e1:cd:79:
                    ec:f9:ae:5d:39:0d:2e:17:7d:b0:ee:7b:4d:50:17:
                    27:84:07:e7:1e:94:bd:fa:97:11:e8:10:73:ce:42:
                    26:b2:6d:f3:d2:c4:cc:1d:1c:35:ce:51:7d:b6:be:
                    e0:70:df:eb:d6:61:1b:5e:04:dd:b1:7d:a1:c0:d9:
                    a2:4a:a5:d5:ca:3a:72:30:b4:ce:9a:f1:96:ed:59:
                    c2:49:7d:dd:18:ba:a8:4a:bc:88:f2:d0:b6:cc:62:
                    40:e9:75:0f:fa:d9:5e:78:05:e9:89:a8:8e:7d:a3:
                    b9:41:98:2e:f6:04:23:7f:d4:68:e1:98:07:29:bf:
                    e0:b8:c3:61:99:ee:c2:cb:78:53:cc:c9:5c:85:44:
                    c1:4b:e5:57:96:68:b3:c8:ee:cb:80:92:41:77:db:
                    bf:04:94:e1:fd:ad:f5:0c:a7:b1:44:c9:1c:b8:0d:
                    77:f5:6e:03:1e:0e:5c:30:4b:7e:b4:a8:44:bc:fb:
                    54:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:34:33:52:E8:E9:A5:18:D6:E4:AB:2C:A0:C2:C3:28:2F:9C:BF:C2
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/rTQzUujppRjW5KssoMLDKC-cv8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.30.0/23
                  64.137.64.0/23
                  64.137.70.0/23
                  64.137.105.0/24
                  64.137.107.0/24
                  104.143.252.0/22
                  104.239.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         31:35:e0:71:3b:c1:98:9a:49:84:f6:ae:d1:cd:77:32:f1:a6:
         c7:13:1e:ab:9b:09:fa:ef:de:bd:b8:24:66:1b:1e:42:df:3a:
         a9:71:0f:49:01:00:8d:2a:15:1c:6e:55:89:87:47:b4:77:aa:
         87:a8:53:2e:d2:a5:e7:76:32:e0:83:34:ed:ca:20:cd:fc:dc:
         1f:22:8b:8a:73:4a:69:c8:97:27:be:ca:ad:7c:a1:43:55:e7:
         20:f2:ea:cd:35:d6:3c:86:68:2b:41:b1:b0:77:b6:03:05:a4:
         7a:c1:52:2b:65:7b:82:e4:c5:83:79:3e:ab:b7:95:54:55:96:
         6b:e9:0c:57:c7:c1:cb:c7:6d:2c:60:30:f9:44:af:68:57:cc:
         7f:9e:e6:90:14:d4:0e:49:67:95:de:7b:01:50:b1:48:6f:e2:
         4f:8e:04:55:a7:02:2d:17:0c:04:5c:e5:d5:6a:5f:94:cb:99:
         a6:c2:e2:ee:d4:eb:49:0e:c6:c7:99:db:c7:79:d5:b4:57:a6:
         f8:0d:38:e7:96:35:ed:7d:d2:18:ed:24:c1:e9:86:7e:97:5e:
         ac:8f:53:1b:57:62:46:4d:8a:1c:38:58:4e:43:87:1f:9d:b2:
         fc:80:28:a4:f0:f7:f7:e9:cf:36:b9:99:fe:14:34:78:41:0d:
         e5:fb:d6:ac
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYajVvGK+KeDqbn+72nBGwMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMzAyMTcyMDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDM0MzM1MmU4ZTlhNTE4ZDZlNGFiMmNhMGMyYzMyODJmOWNiZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FeCNMQe5weJniH/nMkLOKA8zBhW
rKcv3AhoxMThyLPoxGE2jAON12PACdAESvz4NvVDJwMfmQfpmGInynqmYmKR0N+t
HRLhzXns+a5dOQ0uF32w7ntNUBcnhAfnHpS9+pcR6BBzzkImsm3z0sTMHRw1zlF9
tr7gcN/r1mEbXgTdsX2hwNmiSqXVyjpyMLTOmvGW7VnCSX3dGLqoSryI8tC2zGJA
6XUP+tleeAXpiaiOfaO5QZgu9gQjf9Ro4ZgHKb/guMNhme7Cy3hTzMlchUTBS+VX
lmizyO7LgJJBd9u/BJTh/a31DKexRMkcuA139W4DHg5cMEt+tKhEvPtU+QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFK00M1Lo6aUY1uSrLKDCwygvnL/CMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvclRRelV1anBwUmpXNUtzc29NTERLQy1jdjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBQIkeAwQB
QIlAAwQBQIlGAwQAQIlpAwQAQIlrAwQCaI/8AwQDaO8AMA0GCSqGSIb3DQEBCwUA
A4IBAQAxNeBxO8GYmkmE9q7RzXcy8abHEx6rmwn67969uCRmGx5C3zqpcQ9JAQCN
KhUcblWJh0e0d6qHqFMu0qXndjLggzTtyiDN/NwfIouKc0ppyJcnvsqtfKFDVecg
8urNNdY8hmgrQbGwd7YDBaR6wVIrZXuC5MWDeT6rt5VUVZZr6QxXx8HLx20sYDD5
RK9oV8x/nuaQFNQOSWeV3nsBULFIb+JPjgRVpwItFwwEXOXVal+Uy5mmwuLu1OtJ
DsbHmdvHedW0V6b4DTjnljXtfdIY7STB6YZ+l16sj1MbV2JGTYocOFhOQ4cfnbL8
gCik8Pf36c82uZn+FDR4QQ3l+9as
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org