Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/t0o-PLhTjx8s7tfwzosgKdVyHs8.roa
File:                     t0o-PLhTjx8s7tfwzosgKdVyHs8.roa (raw, json)
Hash identifier:          c7N34sdDsqY4Ki+LCPQ5Lp2fe3O4utPRVMToufHRjhM=
Subject key identifier:   B7:4A:3E:3C:B8:53:8F:1F:2C:EE:D7:F0:CE:8B:20:29:D5:72:1E:CF
Certificate issuer:       /CN=aafc41aafbbccaa96711849745ef722a5260ac7e
Certificate serial:       01856E144C336C07F26AE18BA1E0216D2ECB
Authority key identifier: AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/t0o-PLhTjx8s7tfwzosgKdVyHs8.roa
Signing time:             Sun 01 Jan 2023 16:05:01 +0000
ROA not before:           Sun 01 Jan 2023 16:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42525
IP address blocks:        45.67.92.0/22 maxlen: 24
                          2a09:7440::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:14:4c:33:6c:07:f2:6a:e1:8b:a1:e0:21:6d:2e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aafc41aafbbccaa96711849745ef722a5260ac7e
        Validity
            Not Before: Jan  1 16:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b74a3e3cb8538f1f2ceed7f0ce8b2029d5721ecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cb:30:33:9d:2d:0c:af:02:d9:17:64:bf:b1:
                    d6:7f:fa:55:f2:e0:9e:1f:92:3e:00:bf:e1:a2:15:
                    8d:17:24:77:83:97:66:3e:08:8d:09:c0:66:ca:ab:
                    3d:09:c9:cc:ba:81:68:c5:9f:f5:8a:21:d9:88:b9:
                    e0:0d:63:69:a8:93:df:18:36:fe:d8:2b:42:d7:c5:
                    8b:81:b9:87:a6:46:0e:d2:6a:76:b6:81:2a:5b:f0:
                    81:14:53:9b:51:6c:d2:20:d4:fe:ee:3b:fb:03:6e:
                    dc:e2:ed:ac:98:a4:41:f9:e0:7c:56:47:60:64:c7:
                    d5:42:2b:0c:f8:1d:81:80:1e:ae:b2:10:b0:04:41:
                    0b:4e:8a:11:aa:27:4f:e6:81:b5:0b:c1:b5:f6:57:
                    7a:db:1f:00:94:4f:9a:23:ba:81:04:fe:27:62:0a:
                    50:48:80:c9:37:34:ec:39:ed:27:cf:cf:b8:43:b6:
                    8f:b1:30:b3:0f:7e:4e:96:75:b9:3f:d7:31:40:ba:
                    11:60:f3:3a:00:7e:3e:77:6f:cf:e2:cc:10:01:3c:
                    cf:80:1d:cb:60:5f:96:55:8e:36:9e:57:7e:20:32:
                    e8:2c:d4:54:bf:d9:7e:68:45:b2:1f:6a:9b:30:60:
                    39:c4:47:03:90:09:48:67:46:f3:b3:27:4e:7b:9e:
                    30:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4A:3E:3C:B8:53:8F:1F:2C:EE:D7:F0:CE:8B:20:29:D5:72:1E:CF
            X509v3 Authority Key Identifier:
                keyid:AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/t0o-PLhTjx8s7tfwzosgKdVyHs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.92.0/22
                IPv6:
                  2a09:7440::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:5e:56:4d:44:b3:2f:97:9a:a0:3c:2d:ab:6f:ca:6c:b3:9e:
         79:77:86:f7:4f:96:00:c1:d9:cf:93:76:d9:41:b9:ec:2e:4e:
         2b:ad:99:1d:92:ff:35:e0:74:a5:01:af:95:1d:04:92:ce:ac:
         84:97:62:dd:fc:eb:3e:ba:63:e5:bd:27:fe:69:ed:6f:df:28:
         60:d6:73:de:27:f7:58:2a:ae:ea:54:36:31:f0:cc:f9:d9:65:
         2a:9b:9c:8f:cc:3a:de:2e:35:79:64:2a:ec:ba:44:2f:90:0a:
         84:f0:ea:bf:2e:b6:3a:89:91:c7:ac:14:66:f7:b7:25:4f:b8:
         87:45:b6:1b:85:96:1c:6c:aa:3e:77:cc:c1:a4:f6:af:2b:0e:
         7c:ae:dd:3b:2d:f0:db:cb:a8:18:2e:a9:98:74:d8:60:78:33:
         54:ce:6c:10:2a:d6:de:3d:7b:db:51:ac:f5:9a:eb:20:3b:8d:
         8d:20:39:8f:64:bb:0b:85:bb:e0:03:8d:bf:7a:77:27:65:01:
         f9:05:1f:a2:c6:73:10:c3:8b:93:fe:47:2e:4b:67:41:ea:6d:
         da:48:c0:03:e1:60:74:2d:ef:3e:ae:26:4e:9b:2e:a5:81:03:
         ce:4a:ef:14:0c:35:07:2a:e7:64:76:12:18:8b:a2:9b:c6:16:
         2a:c2:23:9a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuFEwzbAfyauGLoeAhbS7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZmM0MWFhZmJiY2NhYTk2NzExODQ5NzQ1ZWY3MjJhNTI2
MGFjN2UwHhcNMjMwMTAxMTYwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRhM2UzY2I4NTM4ZjFmMmNlZWQ3ZjBjZThiMjAyOWQ1NzIxZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8swM50tDK8C2Rdkv7HWf/pV8uCe
H5I+AL/hohWNFyR3g5dmPgiNCcBmyqs9CcnMuoFoxZ/1iiHZiLngDWNpqJPfGDb+
2CtC18WLgbmHpkYO0mp2toEqW/CBFFObUWzSINT+7jv7A27c4u2smKRB+eB8Vkdg
ZMfVQisM+B2BgB6ushCwBEELTooRqidP5oG1C8G19ld62x8AlE+aI7qBBP4nYgpQ
SIDJNzTsOe0nz8+4Q7aPsTCzD35OlnW5P9cxQLoRYPM6AH4+d2/P4swQATzPgB3L
YF+WVY42nld+IDLoLNRUv9l+aEWyH2qbMGA5xEcDkAlIZ0bzsydOe54wSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLdKPjy4U48fLO7X8M6LICnVch7PMB8GA1UdIwQY
MBaAFKr8Qar7vMqpZxGEl0XvcipSYKx+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjct
MWJjMzFjNjI0MDFmLzEvdDBvLVBMaFRqeDhzN3Rmd3pvc2dLZFZ5SHM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjctMWJjMzFjNjI0MDFm
LzEvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUNcMA0E
AgACMAcDBQAqCXRAMA0GCSqGSIb3DQEBCwUAA4IBAQCOXlZNRLMvl5qgPC2rb8ps
s555d4b3T5YAwdnPk3bZQbnsLk4rrZkdkv814HSlAa+VHQSSzqyEl2Ld/Os+umPl
vSf+ae1v3yhg1nPeJ/dYKq7qVDYx8Mz52WUqm5yPzDreLjV5ZCrsukQvkAqE8Oq/
LrY6iZHHrBRm97clT7iHRbYbhZYcbKo+d8zBpPavKw58rt07LfDby6gYLqmYdNhg
eDNUzmwQKtbePXvbUaz1musgO42NIDmPZLsLhbvgA42/encnZQH5BR+ixnMQw4uT
/kcuS2dB6m3aSMAD4WB0Le8+riZOmy6lgQPOSu8UDDUHKudkdhIYi6KbxhYqwiOa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:01 2024 by rpki-client on console-fra.rpki-client.org