Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/2tmU1pynUD_VdMqqxSEL8wVmvGE.roa
File:                     2tmU1pynUD_VdMqqxSEL8wVmvGE.roa (raw, json)
Hash identifier:          bFDfflqHJDdc5fRQmZFNIGrKiGt+ghzaNJnswSmQnKw=
Subject key identifier:   DA:D9:94:D6:9C:A7:50:3F:D5:74:CA:AA:C5:21:0B:F3:05:66:BC:61
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       0186A846D939F0AD96EC2EBE3A0026FCCAEA
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/2tmU1pynUD_VdMqqxSEL8wVmvGE.roa
Signing time:             Fri 03 Mar 2023 16:21:00 +0000
ROA not before:           Fri 03 Mar 2023 16:21:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        91.213.174.0/24 maxlen: 24
                          91.213.189.0/24 maxlen: 24
                          91.213.200.0/24 maxlen: 24
                          91.208.104.0/24 maxlen: 24
                          91.208.109.0/24 maxlen: 24
                          45.150.197.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 22 Apr 2023 22:06:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:a8:46:d9:39:f0:ad:96:ec:2e:be:3a:00:26:fc:ca:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Mar  3 16:21:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dad994d69ca7503fd574caaac5210bf30566bc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8f:3e:cf:8c:ca:5f:a2:d7:2a:a3:47:9b:50:
                    54:41:6b:6f:fd:5f:77:d7:22:50:b4:5e:f2:76:8b:
                    de:03:69:d2:86:6e:c2:21:6a:7d:6a:48:83:c7:e5:
                    c5:33:88:bd:af:8b:6e:17:ad:9d:cd:2b:96:3d:c9:
                    0e:9c:4c:a7:fb:29:76:04:f2:e0:7f:02:a0:bb:eb:
                    44:3b:80:05:38:3a:0d:b6:1f:ca:be:2f:b4:3b:ff:
                    24:15:3b:ab:13:97:d8:69:58:a4:8a:05:7f:0b:af:
                    7d:d2:35:d5:86:c9:2f:ad:45:3d:18:33:25:96:50:
                    71:40:83:60:63:91:84:e7:85:2f:71:c6:85:52:a3:
                    be:9a:30:c9:cf:c1:a9:5b:0d:f3:17:c9:0b:3d:f7:
                    d2:7b:95:24:0d:dd:28:99:51:2f:3e:f2:c4:3d:d3:
                    fe:97:56:14:84:fc:53:b4:12:d8:18:3a:3b:a4:f6:
                    60:40:58:b4:f1:5e:41:db:35:a6:d7:4b:37:31:0f:
                    2f:ef:ce:cb:44:e7:70:f7:85:ab:d0:9a:89:a1:e1:
                    79:69:d2:9c:df:af:d0:1f:a4:c2:08:02:44:52:dd:
                    b9:76:07:d0:ad:a8:9d:54:98:b4:8c:c1:80:d7:3e:
                    bc:cf:b0:a5:a7:01:54:50:94:0f:f0:06:16:2f:ff:
                    4b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D9:94:D6:9C:A7:50:3F:D5:74:CA:AA:C5:21:0B:F3:05:66:BC:61
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/2tmU1pynUD_VdMqqxSEL8wVmvGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.197.0/24
                  91.208.104.0/24
                  91.208.109.0/24
                  91.213.174.0/24
                  91.213.189.0/24
                  91.213.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:f5:83:b7:21:7d:50:23:08:88:5d:a6:dd:05:cc:a5:62:7d:
         27:41:37:e8:0a:e5:dc:8a:05:59:df:4f:5c:02:ce:67:74:c2:
         dd:7d:dc:f4:ce:3e:92:eb:53:2c:e7:48:7b:c0:62:f7:9a:34:
         10:38:5e:33:8e:48:4e:8a:2e:c1:ca:70:0e:34:7c:76:16:57:
         6e:f7:58:8b:d0:25:f5:0f:92:1e:f4:f1:5d:11:bd:8b:19:cd:
         39:0e:e3:e7:fa:03:5e:7c:e9:72:7b:3a:44:7a:1d:ea:38:4f:
         f5:67:d5:f0:2a:da:56:c8:41:b6:52:3b:c0:2c:19:27:6a:c5:
         e4:52:79:c9:76:0d:ff:9b:55:c7:74:e1:96:1c:1a:e3:b3:e3:
         ea:47:f1:b8:1b:4f:27:4a:5c:46:73:79:c3:43:51:dc:0e:cb:
         69:02:24:f4:0f:93:d3:d2:94:55:2d:58:a6:0c:a2:03:ff:b6:
         17:1f:02:87:7a:9c:5c:ee:41:da:0f:76:8a:7b:61:47:75:e6:
         13:ce:3c:fb:39:78:fa:75:fe:10:cd:83:08:cb:35:da:aa:08:
         d4:7d:fc:53:5a:29:b9:6a:3a:eb:79:39:ea:ae:36:6e:76:86:
         a8:cb:4e:4f:06:c1:a6:1e:c5:90:91:41:ac:f5:81:36:f1:5e:
         a9:26:07:3b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYaoRtk58K2W7C6+OgAm/MrqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjMwMzAzMTYyMTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQ5OTRkNjljYTc1MDNmZDU3NGNhYWFjNTIxMGJmMzA1NjZiYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtY8+z4zKX6LXKqNHm1BUQWtv/V93
1yJQtF7ydoveA2nShm7CIWp9akiDx+XFM4i9r4tuF62dzSuWPckOnEyn+yl2BPLg
fwKgu+tEO4AFODoNth/Kvi+0O/8kFTurE5fYaVikigV/C6990jXVhskvrUU9GDMl
llBxQINgY5GE54UvccaFUqO+mjDJz8GpWw3zF8kLPffSe5UkDd0omVEvPvLEPdP+
l1YUhPxTtBLYGDo7pPZgQFi08V5B2zWm10s3MQ8v787LROdw94Wr0JqJoeF5adKc
36/QH6TCCAJEUt25dgfQraidVJi0jMGA1z68z7ClpwFUUJQP8AYWL/9LWQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNrZlNacp1A/1XTKqsUhC/MFZrxhMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvMnRtVTFweW5VRF9WZE1xcXhTRUw4d1ZtdkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALZbFAwQA
W9BoAwQAW9BtAwQAW9WuAwQAW9W9AwQAW9XIMA0GCSqGSIb3DQEBCwUAA4IBAQCq
9YO3IX1QIwiIXabdBcylYn0nQTfoCuXcigVZ309cAs5ndMLdfdz0zj6S61Ms50h7
wGL3mjQQOF4zjkhOii7BynAONHx2Fldu91iL0CX1D5Ie9PFdEb2LGc05DuPn+gNe
fOlyezpEeh3qOE/1Z9XwKtpWyEG2UjvALBknasXkUnnJdg3/m1XHdOGWHBrjs+Pq
R/G4G08nSlxGc3nDQ1HcDstpAiT0D5PT0pRVLVimDKID/7YXHwKHepxc7kHaD3aK
e2FHdeYTzjz7OXj6df4QzYMIyzXaqgjUffxTWim5ajrreTnqrjZudoaoy05PBsGm
HsWQkUGs9YE28V6pJgc7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:14 2024 by rpki-client on console-ams.rpki-client.org