Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/GugOYOZx8yocbl9ITLDy7fwb71U.roa
File:                     GugOYOZx8yocbl9ITLDy7fwb71U.roa (raw, json)
Hash identifier:          q5Q+tV8aIesb1/PqxEs+oNQMgdEqPm2LgIgXKBEDBsU=
Subject key identifier:   1A:E8:0E:60:E6:71:F3:2A:1C:6E:5F:48:4C:B0:F2:ED:FC:1B:EF:55
Certificate issuer:       /CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
Certificate serial:       01856E1456888544B44B6450DE06BFD4D53C
Authority key identifier: B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/GugOYOZx8yocbl9ITLDy7fwb71U.roa
Signing time:             Sun 01 Jan 2023 16:05:04 +0000
ROA not before:           Sun 01 Jan 2023 16:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199670
IP address blocks:        194.0.6.0/24 maxlen: 24
                          194.0.37.0/24 maxlen: 24
                          194.0.44.0/24 maxlen: 24
                          194.0.43.0/24 maxlen: 24
                          2001:678:68::/48 maxlen: 48
                          2001:678:9::/48 maxlen: 48
                          2001:678:6c::/48 maxlen: 48
                          2001:678:64::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:29:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:14:56:88:85:44:b4:4b:64:50:de:06:bf:d4:d5:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b443914a48e5dae5a756b1e3b8fbe437ee0d8b0c
        Validity
            Not Before: Jan  1 16:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1ae80e60e671f32a1c6e5f484cb0f2edfc1bef55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b0:f4:f3:20:49:6f:36:25:6d:2a:de:c4:58:
                    39:6d:34:3e:c7:3b:7b:56:0c:f4:a5:a5:7e:f3:29:
                    4a:37:c0:fc:b7:47:9d:2f:bc:c2:47:f6:4f:69:d5:
                    17:fb:1c:ce:14:bf:e0:31:f7:79:d0:b1:4e:2d:41:
                    f6:dd:a3:58:7c:2f:c0:6b:92:84:59:7f:c8:27:29:
                    17:36:f7:fd:8f:18:52:62:7a:ae:26:0e:a5:60:aa:
                    34:6e:c4:5a:0d:cd:0b:92:6d:53:75:bf:3d:e0:42:
                    67:54:a0:af:fe:2a:c2:1f:3e:c8:1d:18:9b:22:d8:
                    35:2f:20:3e:79:57:26:82:9d:63:06:84:02:c6:ad:
                    89:56:78:b4:5f:2e:43:55:9a:be:b9:14:ad:e8:c6:
                    f7:61:62:6c:41:60:24:d5:37:e3:5c:7e:34:a4:ba:
                    de:ba:c6:41:eb:69:a2:dd:5f:22:8e:2c:da:69:a6:
                    1e:a2:39:a5:5c:29:a2:dc:8d:67:a5:40:1e:f1:90:
                    e1:18:61:4e:f8:a1:2b:c0:62:3c:00:fc:26:0f:2e:
                    c5:96:55:62:71:21:dd:8c:9c:8f:65:70:39:1b:e0:
                    51:9f:64:46:e6:fe:21:ef:52:32:87:ba:3f:73:ed:
                    dd:08:bb:8d:08:42:3d:09:d6:ce:de:60:07:e5:a5:
                    3c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:E8:0E:60:E6:71:F3:2A:1C:6E:5F:48:4C:B0:F2:ED:FC:1B:EF:55
            X509v3 Authority Key Identifier:
                keyid:B4:43:91:4A:48:E5:DA:E5:A7:56:B1:E3:B8:FB:E4:37:EE:0D:8B:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tEORSkjl2uWnVrHjuPvkN-4Niww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/GugOYOZx8yocbl9ITLDy7fwb71U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/6920d2-a7a6-41a5-96e0-314ef746d8a6/1/tEORSkjl2uWnVrHjuPvkN-4Niww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.6.0/24
                  194.0.37.0/24
                  194.0.43.0-194.0.44.255
                IPv6:
                  2001:678:9::/48
                  2001:678:64::/48
                  2001:678:68::/48
                  2001:678:6c::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:ae:e6:8a:df:bf:12:62:4b:7f:e3:f5:5f:55:a2:00:54:54:
         27:0c:76:07:92:45:cc:c7:6a:9a:83:b2:6b:a2:09:6d:ea:b5:
         22:8c:a0:2d:cc:2d:16:7a:a0:91:4e:cf:0d:46:ef:6b:9a:f2:
         d4:92:d2:74:b6:93:6c:04:c1:ab:4d:07:8c:0d:d0:c8:b9:21:
         cd:1a:03:60:6d:d8:e6:51:74:af:4a:55:bf:e9:a1:04:91:5b:
         77:63:95:5e:cd:ba:46:6c:1e:0b:a8:7a:c5:ff:5a:4b:1b:09:
         7e:31:c3:bf:4a:b5:cf:55:10:7f:0e:4a:6d:37:98:81:8e:fa:
         57:d1:1c:20:ef:93:17:a1:9c:2b:d7:88:e8:07:d6:5b:2a:bb:
         2f:5d:d9:d6:7c:a4:5e:02:e8:70:06:40:0d:5e:05:55:fe:4e:
         e1:e9:da:b0:58:01:ca:17:84:69:69:ad:04:2c:2f:56:c7:f2:
         3f:d1:56:98:46:d1:69:a0:bd:2b:77:f6:97:60:d5:62:6f:7a:
         f8:83:36:7a:d5:3a:11:11:c8:8c:e5:f1:90:a8:4f:9f:b1:31:
         e2:bd:eb:2f:37:cc:ab:b5:66:a7:a2:c5:76:36:ad:e4:23:08:
         0a:37:63:1f:98:cd:2d:31:cb:97:23:21:ca:39:d5:a8:c0:f5:
         6d:71:f6:b1
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVuFFaIhUS0S2RQ3ga/1NU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NDM5MTRhNDhlNWRhZTVhNzU2YjFlM2I4ZmJlNDM3ZWUw
ZDhiMGMwHhcNMjMwMTAxMTYwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWU4MGU2MGU2NzFmMzJhMWM2ZTVmNDg0Y2IwZjJlZGZjMWJlZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLD08yBJbzYlbSrexFg5bTQ+xzt7
Vgz0paV+8ylKN8D8t0edL7zCR/ZPadUX+xzOFL/gMfd50LFOLUH23aNYfC/Aa5KE
WX/IJykXNvf9jxhSYnquJg6lYKo0bsRaDc0Lkm1Tdb894EJnVKCv/irCHz7IHRib
Itg1LyA+eVcmgp1jBoQCxq2JVni0Xy5DVZq+uRSt6Mb3YWJsQWAk1TfjXH40pLre
usZB62mi3V8ijizaaaYeojmlXCmi3I1npUAe8ZDhGGFO+KErwGI8APwmDy7FllVi
cSHdjJyPZXA5G+BRn2RG5v4h71Iyh7o/c+3dCLuNCEI9CdbO3mAH5aU8GwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFBroDmDmcfMqHG5fSEyw8u38G+9VMB8GA1UdIwQY
MBaAFLRDkUpI5drlp1ax47j75DfuDYsMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAt
MzE0ZWY3NDZkOGE2LzEvR3VnT1lPWng4eW9jYmw5SVRMRHk3ZndiNzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC82OTIwZDItYTdhNi00MWE1LTk2ZTAtMzE0ZWY3NDZkOGE2
LzEvdEVPUlNramwydVduVnJIanVQdmtOLTROaXd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAgBAIAATAaAwQAwgAGAwQA
wgAlMAwDBADCACsDBADCACwwKgQCAAIwJAMHACABBngACQMHACABBngAZAMHACAB
BngAaAMHACABBngAbDANBgkqhkiG9w0BAQsFAAOCAQEAQK7mit+/EmJLf+P1X1Wi
AFRUJwx2B5JFzMdqmoOya6IJbeq1IoygLcwtFnqgkU7PDUbva5ry1JLSdLaTbATB
q00HjA3QyLkhzRoDYG3Y5lF0r0pVv+mhBJFbd2OVXs26RmweC6h6xf9aSxsJfjHD
v0q1z1UQfw5KbTeYgY76V9EcIO+TF6GcK9eI6AfWWyq7L13Z1nykXgLocAZADV4F
Vf5O4enasFgByheEaWmtBCwvVsfyP9FWmEbRaaC9K3f2l2DVYm96+IM2etU6ERHI
jOXxkKhPn7Ex4r3rLzfMq7Vmp6LFdjat5CMICjdjH5jNLTHLlyMhyjnVqMD1bXH2
sQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:55 2024 by rpki-client on console-ams.rpki-client.org