Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/hqO1_HXB7KpVfQekgmA8nUmdfdE.roa
File:                     hqO1_HXB7KpVfQekgmA8nUmdfdE.roa (raw, json)
Hash identifier:          BMdNcBKCtHmWNS5yZkImzUNHv2RW0EwykNPiKVYdVoI=
Subject key identifier:   86:A3:B5:FC:75:C1:EC:AA:55:7D:07:A4:82:60:3C:9D:49:9D:7D:D1
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EAFA73292C2DCDFB8ACB264C54309DAB2
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/hqO1_HXB7KpVfQekgmA8nUmdfdE.roa
Signing time:             Fri 05 Apr 2024 19:05:54 +0000
ROA not before:           Fri 05 Apr 2024 19:05:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41957
IP address blocks:        46.253.128.0/24 maxlen: 24
                          91.242.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Apr 2024 12:28:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:af:a7:32:92:c2:dc:df:b8:ac:b2:64:c5:43:09:da:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  5 19:05:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86a3b5fc75c1ecaa557d07a482603c9d499d7dd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:69:32:ae:c0:48:ee:73:f0:6c:c2:8b:83:6f:
                    c5:b4:e7:93:c8:89:fc:c7:9b:a5:0f:c4:0a:1a:cc:
                    b6:70:c2:23:26:b1:dd:f7:45:9e:e8:67:6d:c0:ee:
                    0d:d7:3b:03:a5:52:b8:5c:1d:1c:d5:31:b7:ef:da:
                    4e:f9:6d:1c:38:df:e4:eb:41:c9:3f:a8:58:e9:42:
                    4b:db:31:30:d5:f6:ed:8e:3a:0a:c4:25:de:0c:42:
                    a6:47:a4:4a:7f:98:1f:85:b6:79:c3:c5:6e:9a:52:
                    94:2a:3c:86:83:33:6e:20:36:c5:94:5f:11:7a:49:
                    3d:2c:b2:e6:82:f1:e8:de:09:55:f9:2e:aa:5f:4b:
                    89:8c:3e:fa:16:3d:dc:86:35:0d:df:9e:5f:09:f9:
                    34:d2:ec:19:f3:e7:9b:94:c4:00:7b:a3:96:e4:df:
                    b8:3a:20:75:8e:dd:31:99:d0:00:da:50:f4:f9:6e:
                    7d:b5:39:29:79:61:e8:e4:d9:85:57:f9:10:b1:4f:
                    ba:ee:73:d0:fc:b2:2c:15:6e:51:3d:96:0f:b8:3a:
                    d5:ca:8c:04:b9:ab:21:aa:9b:3f:d0:09:b0:06:41:
                    72:5c:f0:2e:63:2e:fd:6e:b0:ab:7e:49:08:57:68:
                    d4:02:cd:68:11:4c:70:7b:4a:b7:59:d3:e9:59:c3:
                    d4:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A3:B5:FC:75:C1:EC:AA:55:7D:07:A4:82:60:3C:9D:49:9D:7D:D1
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/hqO1_HXB7KpVfQekgmA8nUmdfdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.128.0/24
                  91.242.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ac:2a:9a:da:8d:6f:b9:68:98:0a:e3:c1:32:a3:db:41:5e:
         42:56:de:05:a9:6e:f6:2e:b3:63:22:db:3d:51:c7:3d:c4:3c:
         d6:d6:e0:7d:a2:bc:04:08:ff:54:1d:f6:bb:5a:f7:08:ff:80:
         9b:a9:c5:fe:ba:7a:61:5f:e8:4c:23:7c:99:33:78:ee:55:94:
         90:4c:3d:df:26:7d:21:93:81:de:bf:47:62:7d:97:ef:e2:68:
         62:7f:ea:30:da:23:9b:db:54:55:0f:a2:e0:19:f1:3b:6d:3e:
         8d:e7:20:8d:a6:f4:20:1d:d0:d4:34:ef:f5:ce:0c:ca:26:4c:
         39:5a:4a:92:35:22:bc:0c:00:49:c3:7d:99:ad:de:07:dd:da:
         db:78:82:04:b7:61:04:a2:90:12:d7:2c:c7:dc:fe:d9:6b:a5:
         96:f7:c0:00:24:93:f3:eb:10:67:61:00:4d:7d:be:e6:48:63:
         94:94:c4:4f:4f:71:62:49:29:fd:67:c7:c9:9e:ba:a3:9f:25:
         0e:98:38:7e:71:20:48:a3:e0:4f:61:dd:b7:66:f8:82:32:a5:
         08:68:ee:93:da:8e:55:d2:c3:80:cc:d1:e8:57:76:d3:41:14:
         c5:3b:c6:de:fb:e5:77:2b:a6:36:cb:0c:70:a7:b6:ef:d5:51:
         46:e5:58:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6vpzKSwtzfuKyyZMVDCdqyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA1MTkwNTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmEzYjVmYzc1YzFlY2FhNTU3ZDA3YTQ4MjYwM2M5ZDQ5OWQ3ZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGkyrsBI7nPwbMKLg2/FtOeTyIn8
x5ulD8QKGsy2cMIjJrHd90We6GdtwO4N1zsDpVK4XB0c1TG379pO+W0cON/k60HJ
P6hY6UJL2zEw1fbtjjoKxCXeDEKmR6RKf5gfhbZ5w8VumlKUKjyGgzNuIDbFlF8R
ekk9LLLmgvHo3glV+S6qX0uJjD76Fj3chjUN355fCfk00uwZ8+eblMQAe6OW5N+4
OiB1jt0xmdAA2lD0+W59tTkpeWHo5NmFV/kQsU+67nPQ/LIsFW5RPZYPuDrVyowE
uashqps/0AmwBkFyXPAuYy79brCrfkkIV2jUAs1oEUxwe0q3WdPpWcPU/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIajtfx1weyqVX0HpIJgPJ1JnX3RMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvaHFPMV9IWEI3S3BWZlFla2dtQThuVW1kZmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALv2AAwQA
W/L+MA0GCSqGSIb3DQEBCwUAA4IBAQBqrCqa2o1vuWiYCuPBMqPbQV5CVt4FqW72
LrNjIts9Ucc9xDzW1uB9orwECP9UHfa7WvcI/4CbqcX+unphX+hMI3yZM3juVZSQ
TD3fJn0hk4Hev0difZfv4mhif+ow2iOb21RVD6LgGfE7bT6N5yCNpvQgHdDUNO/1
zgzKJkw5WkqSNSK8DABJw32Zrd4H3drbeIIEt2EEopAS1yzH3P7Za6WW98AAJJPz
6xBnYQBNfb7mSGOUlMRPT3FiSSn9Z8fJnrqjnyUOmDh+cSBIo+BPYd23ZviCMqUI
aO6T2o5V0sOAzNHoV3bTQRTFO8be++V3K6Y2ywxwp7bv1VFG5Vi+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:52 2024 by rpki-client on console-ams.rpki-client.org