Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/MgFzPXYO-3Fvd_Y9Pw1u4tZIrB0.roa
File:                     MgFzPXYO-3Fvd_Y9Pw1u4tZIrB0.roa (raw, json)
Hash identifier:          wsP1DuSsf8JIE24UeNyo60Djw6zszgxXTLMfUlZqs84=
Subject key identifier:   32:01:73:3D:76:0E:FB:71:6F:77:F6:3D:3F:0D:6E:E2:D6:48:AC:1D
Certificate issuer:       /CN=64d4e8723450d0a710c32d90ffea18529104e538
Certificate serial:       018ED14F6C2DC6F64898EA98C04437539B1C
Authority key identifier: 64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/MgFzPXYO-3Fvd_Y9Pw1u4tZIrB0.roa
Signing time:             Fri 12 Apr 2024 07:57:06 +0000
ROA not before:           Fri 12 Apr 2024 07:57:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202656
IP address blocks:        193.203.50.0/23 maxlen: 23
                          193.203.50.0/24 maxlen: 24
                          193.203.51.0/24 maxlen: 24
                          195.211.40.0/23 maxlen: 23
                          2a13:f580:5::/48 maxlen: 48
                          2a13:f580:7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 22 Sep 2024 08:11:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d1:4f:6c:2d:c6:f6:48:98:ea:98:c0:44:37:53:9b:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d4e8723450d0a710c32d90ffea18529104e538
        Validity
            Not Before: Apr 12 07:57:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3201733d760efb716f77f63d3f0d6ee2d648ac1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:29:e9:58:d9:61:b8:29:21:57:b9:87:23:8e:
                    d3:bb:d3:1c:d6:2f:db:b2:f6:5c:dc:40:b7:61:80:
                    03:b5:1f:92:9c:eb:fc:24:f1:bd:93:cf:84:40:5b:
                    e7:9c:9f:35:6a:ea:9f:fe:4c:77:59:6e:ab:f7:1b:
                    20:d2:00:0f:a8:64:04:f8:e5:e7:b3:7e:19:96:0e:
                    53:9a:77:70:64:77:aa:0b:54:d6:fb:9e:54:f8:13:
                    27:c3:c6:92:ae:56:14:bf:f9:80:b3:4f:8a:25:f9:
                    ae:36:8a:56:2b:ef:6f:10:b1:7e:76:57:e5:a1:d4:
                    45:d8:a3:65:be:2a:e6:94:a4:38:4a:e2:e0:c9:55:
                    c6:11:4d:9b:12:3f:35:74:aa:dc:ff:ba:d0:24:de:
                    42:fe:e1:57:65:99:90:ea:93:87:10:ec:c0:52:ba:
                    f3:96:2d:23:b3:68:e5:ee:4c:16:d1:b9:d1:2f:da:
                    cc:fd:f4:64:40:77:5f:1c:4e:8e:98:1a:a0:f8:19:
                    5e:74:78:6c:46:d7:3c:49:17:26:10:68:f2:07:60:
                    52:d3:71:d5:bc:8e:4a:0e:69:b9:10:5e:e3:1c:9b:
                    ee:41:21:8a:80:5a:e1:67:a5:79:ee:d2:90:d1:d3:
                    b8:f1:ca:af:3c:39:85:70:25:ff:c1:44:1b:b1:c6:
                    98:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:01:73:3D:76:0E:FB:71:6F:77:F6:3D:3F:0D:6E:E2:D6:48:AC:1D
            X509v3 Authority Key Identifier:
                keyid:64:D4:E8:72:34:50:D0:A7:10:C3:2D:90:FF:EA:18:52:91:04:E5:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/MgFzPXYO-3Fvd_Y9Pw1u4tZIrB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/2310b1-96a1-48e4-aa72-422aed3a7702/1/ZNTocjRQ0KcQwy2Q_-oYUpEE5Tg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.50.0/23
                  195.211.40.0/23
                IPv6:
                  2a13:f580:5::/48
                  2a13:f580:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:6c:3a:d6:2b:d2:b9:ed:2f:f0:e3:a6:98:f2:c0:01:e2:16:
         a5:0a:fd:96:c3:bd:48:13:64:3d:43:d1:18:1e:b8:f3:78:87:
         a3:54:98:5d:71:7d:31:6f:58:df:25:e8:7d:9c:f1:bd:1a:f2:
         c6:be:8e:f9:82:ad:7b:d6:99:c4:e7:e4:ab:b6:7c:96:89:35:
         64:ba:a3:2c:a1:31:58:d5:fb:af:6c:1d:39:b2:84:bf:4e:30:
         0c:0c:74:c2:35:a8:f1:65:15:77:c3:da:e3:6a:98:16:9c:89:
         3e:76:b1:7f:0f:c9:a9:18:85:0e:ef:6e:a4:3f:62:b5:38:e4:
         8b:33:97:a5:e3:52:11:18:0c:40:50:89:1f:26:36:5a:a3:61:
         73:df:95:7e:c1:aa:82:af:18:79:e5:e7:d1:5d:3a:4f:8b:5b:
         5f:3c:7e:3c:26:c5:05:95:00:d3:05:8c:34:78:46:c9:23:26:
         fa:28:62:63:af:3c:e5:c7:d3:b8:0d:e0:8c:1c:d6:b7:49:6e:
         dd:ce:3f:50:7c:c4:cb:fa:b8:d7:c3:64:8b:75:0d:77:ea:df:
         35:50:b1:6e:ea:cb:c9:24:cb:ee:c9:34:02:73:bb:e7:e9:52:
         57:68:a0:7a:58:58:3a:90:e8:00:7e:f8:da:d3:67:1d:7a:ec:
         eb:96:a9:d4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAY7RT2wtxvZImOqYwEQ3U5scMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDRlODcyMzQ1MGQwYTcxMGMzMmQ5MGZmZWExODUyOTEw
NGU1MzgwHhcNMjQwNDEyMDc1NzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjAxNzMzZDc2MGVmYjcxNmY3N2Y2M2QzZjBkNmVlMmQ2NDhhYzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAginpWNlhuCkhV7mHI47Tu9Mc1i/b
svZc3EC3YYADtR+SnOv8JPG9k8+EQFvnnJ81auqf/kx3WW6r9xsg0gAPqGQE+OXn
s34Zlg5TmndwZHeqC1TW+55U+BMnw8aSrlYUv/mAs0+KJfmuNopWK+9vELF+dlfl
odRF2KNlvirmlKQ4SuLgyVXGEU2bEj81dKrc/7rQJN5C/uFXZZmQ6pOHEOzAUrrz
li0js2jl7kwW0bnRL9rM/fRkQHdfHE6OmBqg+BledHhsRtc8SRcmEGjyB2BS03HV
vI5KDmm5EF7jHJvuQSGKgFrhZ6V57tKQ0dO48cqvPDmFcCX/wUQbscaYbwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDIBcz12Dvtxb3f2PT8NbuLWSKwdMB8GA1UdIwQY
MBaAFGTU6HI0UNCnEMMtkP/qGFKRBOU4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzIt
NDIyYWVkM2E3NzAyLzEvTWdGelBYWU8tM0Z2ZF9ZOVB3MXU0dFpJckIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC8yMzEwYjEtOTZhMS00OGU0LWFhNzItNDIyYWVkM2E3NzAy
LzEvWk5Ub2NqUlEwS2NRd3kyUV8tb1lVcEVFNVRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQBwcsyAwQB
w9MoMBgEAgACMBIDBwAqE/WAAAUDBwAqE/WAAAcwDQYJKoZIhvcNAQELBQADggEB
AKVsOtYr0rntL/DjppjywAHiFqUK/ZbDvUgTZD1D0RgeuPN4h6NUmF1xfTFvWN8l
6H2c8b0a8sa+jvmCrXvWmcTn5Ku2fJaJNWS6oyyhMVjV+69sHTmyhL9OMAwMdMI1
qPFlFXfD2uNqmBaciT52sX8PyakYhQ7vbqQ/YrU45Iszl6XjUhEYDEBQiR8mNlqj
YXPflX7BqoKvGHnl59FdOk+LW188fjwmxQWVANMFjDR4RskjJvooYmOvPOXH07gN
4Iwc1rdJbt3OP1B8xMv6uNfDZIt1DXfq3zVQsW7qy8kky+7JNAJzu+fpUldooHpY
WDqQ6AB++NrTZx167OuWqdQ=
-----END CERTIFICATE-----
Generated at Sun Sep 22 09:34:01 2024 by rpki-client on console-fra.rpki-client.org