Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/KZpEGWDN9_m1lbwcOkcLqpYzaVE.roa
File:                     KZpEGWDN9_m1lbwcOkcLqpYzaVE.roa (raw, json)
Hash identifier:          SFrfHAEZn6aDbFOOgqzYGNakp3vuAmnUIM8oKOorv34=
Subject key identifier:   29:9A:44:19:60:CD:F7:F9:B5:95:BC:1C:3A:47:0B:AA:96:33:69:51
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018E8604805D6AFCC2AB34F991D1C4D67395
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/KZpEGWDN9_m1lbwcOkcLqpYzaVE.roa
Signing time:             Thu 28 Mar 2024 17:03:45 +0000
ROA not before:           Thu 28 Mar 2024 17:03:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        45.87.126.0/24 maxlen: 24
                          45.95.29.0/24 maxlen: 24
                          45.128.125.0/24 maxlen: 24
                          45.128.126.0/24 maxlen: 24
                          45.128.127.0/24 maxlen: 24
                          94.154.190.0/24 maxlen: 24
                          193.187.105.0/24 maxlen: 24
                          194.59.187.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 13:07:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:86:04:80:5d:6a:fc:c2:ab:34:f9:91:d1:c4:d6:73:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 28 17:03:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=299a441960cdf7f9b595bc1c3a470baa96336951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:08:3a:f3:51:86:ec:5d:dd:23:7e:bd:b9:e0:
                    b1:6a:1e:06:7b:72:8f:99:b4:7b:fb:3c:49:6d:59:
                    99:09:4b:05:fe:98:3a:04:21:5f:9f:2e:6c:67:bc:
                    90:35:58:57:1f:c9:d6:ec:63:3f:37:7a:52:7c:14:
                    d4:be:be:a1:27:50:fa:8b:02:6d:a7:95:6c:d1:cc:
                    ec:2a:c6:ae:3a:0e:27:76:97:00:70:5f:89:32:15:
                    a9:ee:47:7e:cb:e0:4a:07:e0:db:90:3e:6c:31:31:
                    82:3c:f8:30:cc:c5:83:f1:6e:06:8e:77:b8:0f:bb:
                    57:d8:eb:73:32:4a:5c:85:d0:dc:74:79:46:82:ce:
                    1c:8a:be:9b:15:20:03:bd:d9:c4:bd:24:81:e8:96:
                    d8:22:43:0e:cf:86:3e:68:19:eb:b9:b6:2c:9d:d6:
                    bd:86:a9:e4:94:a9:de:00:98:76:5d:d4:47:84:4f:
                    7a:e2:d1:15:11:c9:e2:39:b7:16:b0:cb:1b:cd:19:
                    75:7c:77:80:40:ea:24:78:0c:1c:fc:da:a4:08:87:
                    75:a3:87:3b:26:02:6c:e0:49:ee:83:b2:00:65:22:
                    a3:36:79:ec:7b:d0:32:97:ae:84:22:6c:e0:2a:52:
                    92:80:e5:85:0e:69:41:26:3e:97:89:2f:21:38:6b:
                    2c:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9A:44:19:60:CD:F7:F9:B5:95:BC:1C:3A:47:0B:AA:96:33:69:51
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/KZpEGWDN9_m1lbwcOkcLqpYzaVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.126.0/24
                  45.95.29.0/24
                  45.128.125.0-45.128.127.255
                  94.154.190.0/24
                  193.187.105.0/24
                  194.59.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:37:fd:41:37:37:29:fc:0d:cb:4d:2f:86:5e:9d:81:b2:0e:
         14:7a:e1:2f:25:3a:64:8d:27:65:1e:3b:c4:a0:a2:e8:6a:cc:
         1d:72:f0:85:12:45:2f:8e:31:48:6b:0e:58:12:92:a8:ec:13:
         e6:4c:01:a3:6c:b8:17:07:4a:0c:fb:a2:d2:a3:ec:00:84:14:
         a5:7f:67:30:6a:d6:1a:bf:06:86:ab:9c:cc:d3:a9:07:8a:7e:
         3d:09:2d:cd:3d:fd:e9:d9:db:3b:31:54:54:75:4a:63:c4:70:
         3c:b1:da:8e:83:21:a1:36:e0:38:22:5d:fa:d7:5c:eb:71:88:
         99:b9:a1:a6:4a:96:be:66:1a:ed:35:4a:46:0e:d1:d4:ae:36:
         d1:55:2c:89:3e:cb:79:e6:db:f0:f0:6a:af:94:ca:61:40:4b:
         72:c8:07:9d:a0:81:b3:67:89:c5:b2:75:4f:9a:59:55:7b:53:
         9a:e8:17:94:bf:39:11:92:93:9a:d0:76:5e:8b:a8:24:07:1d:
         b8:3a:bb:24:f3:89:f9:d9:3b:99:a5:54:86:a9:a1:c5:5b:83:
         1e:b7:70:0d:02:79:02:9e:d0:67:a5:78:70:55:32:b5:05:12:
         a6:85:d7:1c:31:8c:b2:c8:d9:9c:cb:78:d6:77:79:54:80:50:
         c4:8f:e8:ba
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY6GBIBdavzCqzT5kdHE1nOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwMzI4MTcwMzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlhNDQxOTYwY2RmN2Y5YjU5NWJjMWMzYTQ3MGJhYTk2MzM2OTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQg681GG7F3dI369ueCxah4Ge3KP
mbR7+zxJbVmZCUsF/pg6BCFfny5sZ7yQNVhXH8nW7GM/N3pSfBTUvr6hJ1D6iwJt
p5Vs0czsKsauOg4ndpcAcF+JMhWp7kd+y+BKB+DbkD5sMTGCPPgwzMWD8W4Gjne4
D7tX2OtzMkpchdDcdHlGgs4cir6bFSADvdnEvSSB6JbYIkMOz4Y+aBnrubYsnda9
hqnklKneAJh2XdRHhE964tEVEcniObcWsMsbzRl1fHeAQOokeAwc/NqkCId1o4c7
JgJs4Enug7IAZSKjNnnse9Ayl66EImzgKlKSgOWFDmlBJj6XiS8hOGsstwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFCmaRBlgzff5tZW8HDpHC6qWM2lRMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvS1pwRUdXRE45X20xbGJ3Y09rY0xxcFl6YVZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQALVd+AwQA
LV8dMAwDBAAtgH0DBActgAADBABemr4DBADBu2kDBADCO7swDQYJKoZIhvcNAQEL
BQADggEBAEA3/UE3Nyn8DctNL4ZenYGyDhR64S8lOmSNJ2UeO8SgouhqzB1y8IUS
RS+OMUhrDlgSkqjsE+ZMAaNsuBcHSgz7otKj7ACEFKV/ZzBq1hq/BoarnMzTqQeK
fj0JLc09/enZ2zsxVFR1SmPEcDyx2o6DIaE24DgiXfrXXOtxiJm5oaZKlr5mGu01
SkYO0dSuNtFVLIk+y3nm2/Dwaq+UymFAS3LIB52ggbNnicWydU+aWVV7U5roF5S/
ORGSk5rQdl6LqCQHHbg6uyTzifnZO5mlVIapocVbgx63cA0CeQKe0GeleHBVMrUF
EqaF1xwxjLLI2ZzLeNZ3eVSAUMSP6Lo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:08 2024 by rpki-client on console-fra.rpki-client.org