Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/lDi7QsSG-lCbjNb0H_qlbBmBJr4.roa
File:                     lDi7QsSG-lCbjNb0H_qlbBmBJr4.roa (raw, json)
Hash identifier:          wIguoQrKg+2LWZ6AhIm/nkcknLMXE38yRmXV+CXpa0Q=
Subject key identifier:   94:38:BB:42:C4:86:FA:50:9B:8C:D6:F4:1F:FA:A5:6C:19:81:26:BE
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       0187716B46670E50F954E84A54ACE9A9BFDA
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/lDi7QsSG-lCbjNb0H_qlbBmBJr4.roa
Signing time:             Tue 11 Apr 2023 17:44:28 +0000
ROA not before:           Tue 11 Apr 2023 17:44:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42938
IP address blocks:        45.147.3.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:71:6b:46:67:0e:50:f9:54:e8:4a:54:ac:e9:a9:bf:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr 11 17:44:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9438bb42c486fa509b8cd6f41ffaa56c198126be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f8:62:92:e0:53:bd:4f:10:19:d8:c5:2e:e5:
                    fa:2b:ed:74:a7:08:28:94:f6:68:63:06:62:59:b0:
                    13:ec:3a:ac:4b:8f:38:a5:03:e7:3c:db:ab:00:76:
                    37:7e:a1:45:e1:4a:52:fa:97:73:15:8d:2d:9e:46:
                    9b:c9:ff:a2:e1:b5:c9:c6:51:7c:c5:f5:e9:07:24:
                    a7:55:b8:c3:06:57:f9:9f:6b:1a:77:b3:63:5c:c2:
                    60:f1:48:01:66:f8:75:32:7a:3a:2c:16:15:dc:5b:
                    24:fa:3c:c2:78:ce:72:93:f4:aa:c4:c5:be:e0:a3:
                    ee:5f:ff:d5:ce:17:4a:3b:ac:75:ca:ee:e2:47:f2:
                    be:da:9f:79:a9:8d:ed:e6:0d:8f:16:82:55:2a:87:
                    df:78:f9:ad:db:63:13:18:27:1e:db:11:00:ab:3f:
                    0e:00:43:8a:18:59:c1:39:04:bd:3b:13:81:0c:43:
                    00:3a:9a:b2:54:da:22:8c:cc:6c:ee:22:97:78:9a:
                    d5:4f:cd:ab:d2:d8:b4:dd:68:8f:52:5b:9c:6c:eb:
                    cc:2f:74:d4:e2:60:d0:4d:48:16:b6:6b:c4:2b:53:
                    e8:75:0d:2e:87:56:3d:df:f6:2c:e0:a6:4b:2e:0f:
                    3c:4d:8d:30:b9:89:b9:92:3e:b7:18:6b:ec:61:74:
                    69:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:38:BB:42:C4:86:FA:50:9B:8C:D6:F4:1F:FA:A5:6C:19:81:26:BE
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/lDi7QsSG-lCbjNb0H_qlbBmBJr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:7d:f0:d7:16:12:ca:bd:42:32:8e:a1:7c:92:e0:2a:74:ba:
         cb:46:ff:c8:f1:b4:3d:16:99:67:82:10:07:85:a6:36:9f:5b:
         1c:06:cc:27:7c:43:be:e1:4d:10:60:33:40:a3:f8:77:f0:7d:
         18:61:43:b5:ab:2b:fa:99:43:3e:27:b4:b3:e9:ba:e2:7a:24:
         6c:c0:d3:d1:d9:b8:72:56:1d:8f:41:48:01:74:6d:05:46:ab:
         b8:7a:26:af:c4:07:13:54:7d:06:7a:5d:82:53:91:fb:6c:e8:
         26:84:6b:92:59:a3:e9:9c:08:6d:5e:0f:a2:df:ac:ec:a2:c9:
         ae:9f:61:13:49:44:7a:c4:6a:5c:35:82:6f:d0:b7:5a:67:65:
         1b:a9:4e:ef:82:8f:c1:f3:ff:6a:76:3a:5b:01:22:2b:99:6d:
         52:23:94:38:6d:b1:e8:d3:ea:2a:9a:d1:e9:70:86:57:11:31:
         04:3a:9e:57:2c:84:d0:14:bd:7a:b3:37:f1:ea:59:e8:17:cd:
         72:ec:a9:4c:46:30:9a:53:c0:0a:b4:44:7a:6c:ce:e2:32:68:
         98:ee:bb:c3:dc:b5:79:61:cd:80:5f:59:20:f9:83:b8:75:43:
         70:c5:3e:0a:82:73:0e:64:e6:0e:af:65:07:5f:7c:27:fc:e1:
         c4:a9:0f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdxa0ZnDlD5VOhKVKzpqb/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjMwNDExMTc0NDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDM4YmI0MmM0ODZmYTUwOWI4Y2Q2ZjQxZmZhYTU2YzE5ODEyNmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovhikuBTvU8QGdjFLuX6K+10pwgo
lPZoYwZiWbAT7DqsS484pQPnPNurAHY3fqFF4UpS+pdzFY0tnkabyf+i4bXJxlF8
xfXpBySnVbjDBlf5n2sad7NjXMJg8UgBZvh1Mno6LBYV3Fsk+jzCeM5yk/SqxMW+
4KPuX//VzhdKO6x1yu7iR/K+2p95qY3t5g2PFoJVKoffePmt22MTGCce2xEAqz8O
AEOKGFnBOQS9OxOBDEMAOpqyVNoijMxs7iKXeJrVT82r0ti03WiPUlucbOvML3TU
4mDQTUgWtmvEK1PodQ0uh1Y93/Ys4KZLLg88TY0wuYm5kj63GGvsYXRppwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJQ4u0LEhvpQm4zW9B/6pWwZgSa+MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvbERpN1FzU0ctbENiak5iMEhfcWxiQm1CSnI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZMDMA0G
CSqGSIb3DQEBCwUAA4IBAQAeffDXFhLKvUIyjqF8kuAqdLrLRv/I8bQ9FplnghAH
haY2n1scBswnfEO+4U0QYDNAo/h38H0YYUO1qyv6mUM+J7Sz6brieiRswNPR2bhy
Vh2PQUgBdG0FRqu4eiavxAcTVH0Gel2CU5H7bOgmhGuSWaPpnAhtXg+i36zsosmu
n2ETSUR6xGpcNYJv0LdaZ2UbqU7vgo/B8/9qdjpbASIrmW1SI5Q4bbHo0+oqmtHp
cIZXETEEOp5XLITQFL16szfx6lnoF81y7KlMRjCaU8AKtER6bM7iMmiY7rvD3LV5
Yc2AX1kg+YO4dUNwxT4KgnMOZOYOr2UHX3wn/OHEqQ8D
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:04 2024 by rpki-client on console-ams.rpki-client.org