Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/4b63ea-e4f0-44b0-bd2e-9e19d08cb71f/1/ONO2BW0WdjakIorJk2ff06Oqkh0.roa
File:                     ONO2BW0WdjakIorJk2ff06Oqkh0.roa (raw, json)
Hash identifier:          gypXE9Qd0sjQa+UsmDos+X1QLaONyi0ebix6A/Lajc8=
Subject key identifier:   38:D3:B6:05:6D:16:76:36:A4:22:8A:C9:93:67:DF:D3:A3:AA:92:1D
Certificate issuer:       /CN=bd02616554632356450bc4bb4b6dacfc79df3025
Certificate serial:       018B5B6F3324D96602FAA69224BA3A91AFC1
Authority key identifier: BD:02:61:65:54:63:23:56:45:0B:C4:BB:4B:6D:AC:FC:79:DF:30:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vQJhZVRjI1ZFC8S7S22s_HnfMCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/4b63ea-e4f0-44b0-bd2e-9e19d08cb71f/1/ONO2BW0WdjakIorJk2ff06Oqkh0.roa
Signing time:             Mon 23 Oct 2023 07:28:16 +0000
ROA not before:           Mon 23 Oct 2023 07:28:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209282
IP address blocks:        5.61.211.0/24 maxlen: 24
                          77.87.184.0/24 maxlen: 24
                          2a12:90c0:b0::/48 maxlen: 48
                          2a12:90c0:a0::/48 maxlen: 48
                          2a12:90c1:a::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:5b:6f:33:24:d9:66:02:fa:a6:92:24:ba:3a:91:af:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd02616554632356450bc4bb4b6dacfc79df3025
        Validity
            Not Before: Oct 23 07:28:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38d3b6056d167636a4228ac99367dfd3a3aa921d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:8d:33:94:a0:ab:10:71:a3:c2:9e:f9:43:96:
                    32:d3:d1:24:e9:74:e4:3c:86:70:0f:7d:27:12:8e:
                    40:eb:99:83:d6:94:51:81:f7:04:a6:e9:22:67:22:
                    14:df:34:20:41:ae:ae:c4:12:44:8d:58:a7:c7:ee:
                    f9:97:65:ca:b8:18:b3:50:05:70:82:ec:d5:04:88:
                    45:c3:ff:a8:73:69:7e:30:24:56:11:42:47:f5:cf:
                    eb:4c:52:b3:5e:aa:16:a3:e0:a5:5e:b0:ed:ca:8c:
                    3f:c0:0c:14:fa:7e:56:c7:b1:fc:27:14:21:cf:e1:
                    3d:43:a6:10:d0:99:3a:7e:12:42:bd:7b:7a:42:67:
                    75:18:33:5d:5c:64:12:13:39:7b:67:42:10:5c:5b:
                    ac:53:af:20:b3:fe:1f:9c:44:22:b0:fc:39:7b:93:
                    91:5b:2c:13:a3:93:14:c2:4a:cc:27:35:93:3d:61:
                    8e:21:93:83:bf:e2:ed:d4:6c:b6:64:3f:23:42:a0:
                    f0:21:de:d9:a9:3e:20:cc:35:b9:ed:d2:c1:41:ec:
                    3b:1d:40:4b:12:c8:59:17:dc:73:b1:b4:39:f9:22:
                    10:a2:78:c0:37:6c:ab:09:e0:fb:84:d4:b0:53:35:
                    33:72:29:3b:e5:78:3d:fc:39:83:79:ed:ad:df:78:
                    2a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D3:B6:05:6D:16:76:36:A4:22:8A:C9:93:67:DF:D3:A3:AA:92:1D
            X509v3 Authority Key Identifier:
                keyid:BD:02:61:65:54:63:23:56:45:0B:C4:BB:4B:6D:AC:FC:79:DF:30:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vQJhZVRjI1ZFC8S7S22s_HnfMCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/4b63ea-e4f0-44b0-bd2e-9e19d08cb71f/1/ONO2BW0WdjakIorJk2ff06Oqkh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/4b63ea-e4f0-44b0-bd2e-9e19d08cb71f/1/vQJhZVRjI1ZFC8S7S22s_HnfMCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.61.211.0/24
                  77.87.184.0/24
                IPv6:
                  2a12:90c0:a0::/48
                  2a12:90c0:b0::/48
                  2a12:90c1:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:6f:55:87:ef:9e:9d:79:2b:44:c6:19:d8:01:20:39:b4:cf:
         0e:0d:34:4d:0b:91:84:be:01:0e:42:08:7a:47:b0:d3:6e:0e:
         df:fd:5e:07:34:dd:40:80:a5:24:5e:2a:32:7d:4c:49:fa:12:
         b0:44:d8:9a:3d:8f:f7:35:29:dc:49:73:eb:be:d4:80:e8:32:
         d0:3a:a0:d2:78:cf:14:db:f5:79:3f:82:47:05:36:29:88:87:
         5a:a4:90:e9:31:96:d4:ea:26:2a:20:61:fb:3f:00:6d:6a:92:
         ec:85:97:b9:df:a3:8f:b4:a7:56:44:e1:31:58:6c:55:3f:3e:
         50:7d:94:33:68:7b:23:a7:7f:08:43:68:0a:aa:be:e3:05:03:
         0f:c3:17:7d:5b:09:4f:ab:fc:d5:32:a7:81:44:b3:9a:c7:a9:
         97:ec:2d:69:b6:06:5b:e2:c1:c8:98:5c:ca:c3:25:2f:34:a3:
         2b:02:47:4b:08:5b:2f:fc:1e:be:94:70:3f:3b:c1:e7:13:64:
         af:b4:6a:bd:f9:d3:b8:77:05:9f:cb:2d:d1:a3:43:8f:5c:f3:
         e1:52:03:11:d3:1c:f3:49:07:8b:95:cd:98:67:f5:33:5a:c4:
         8d:54:37:c5:9a:a5:d2:75:28:6d:26:a2:05:84:d8:90:b3:65:
         53:e1:11:cd
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYtbbzMk2WYC+qaSJLo6ka/BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMDI2MTY1NTQ2MzIzNTY0NTBiYzRiYjRiNmRhY2ZjNzlk
ZjMwMjUwHhcNMjMxMDIzMDcyODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQzYjYwNTZkMTY3NjM2YTQyMjhhYzk5MzY3ZGZkM2EzYWE5MjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnI0zlKCrEHGjwp75Q5Yy09Ek6XTk
PIZwD30nEo5A65mD1pRRgfcEpukiZyIU3zQgQa6uxBJEjVinx+75l2XKuBizUAVw
guzVBIhFw/+oc2l+MCRWEUJH9c/rTFKzXqoWo+ClXrDtyow/wAwU+n5Wx7H8JxQh
z+E9Q6YQ0Jk6fhJCvXt6Qmd1GDNdXGQSEzl7Z0IQXFusU68gs/4fnEQisPw5e5OR
WywTo5MUwkrMJzWTPWGOIZODv+Lt1Gy2ZD8jQqDwId7ZqT4gzDW57dLBQew7HUBL
EshZF9xzsbQ5+SIQonjAN2yrCeD7hNSwUzUzcik75Xg9/DmDee2t33gq7QIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFDjTtgVtFnY2pCKKyZNn39OjqpIdMB8GA1UdIwQY
MBaAFL0CYWVUYyNWRQvEu0ttrPx53zAlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlFKaFpWUmpJMVpGQzhTN1MyMnNfSG5mTUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80YjYzZWEtZTRmMC00NGIwLWJkMmUt
OWUxOWQwOGNiNzFmLzEvT05PMkJXMFdkamFrSW9ySmsyZmYwNk9xa2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80YjYzZWEtZTRmMC00NGIwLWJkMmUtOWUxOWQwOGNiNzFm
LzEvdlFKaFpWUmpJMVpGQzhTN1MyMnNfSG5mTUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzASBAIAATAMAwQABT3TAwQA
TVe4MCEEAgACMBsDBwAqEpDAAKADBwAqEpDAALADBwAqEpDBAAowDQYJKoZIhvcN
AQELBQADggEBAG5vVYfvnp15K0TGGdgBIDm0zw4NNE0LkYS+AQ5CCHpHsNNuDt/9
Xgc03UCApSReKjJ9TEn6ErBE2Jo9j/c1KdxJc+u+1IDoMtA6oNJ4zxTb9Xk/gkcF
NimIh1qkkOkxltTqJiogYfs/AG1qkuyFl7nfo4+0p1ZE4TFYbFU/PlB9lDNoeyOn
fwhDaAqqvuMFAw/DF31bCU+r/NUyp4FEs5rHqZfsLWm2BlviwciYXMrDJS80oysC
R0sIWy/8Hr6UcD87wecTZK+0ar3507h3BZ/LLdGjQ49c8+FSAxHTHPNJB4uVzZhn
9TNaxI1UN8WapdJ1KG0mogWE2JCzZVPhEc0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:37 2024 by rpki-client on console-ams.rpki-client.org