Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/61979a-ea83-4ee7-b7f7-e168db2c54b4/1/WspSqMYnIEbqWCCrZCgUQJ09Wv0.roa
File:                     WspSqMYnIEbqWCCrZCgUQJ09Wv0.roa (raw, json)
Hash identifier:          NgO+XabLZ+Nctuwqdvh1klh1GGKNjH2CXH4mfuklwFk=
Subject key identifier:   5A:CA:52:A8:C6:27:20:46:EA:58:20:AB:64:28:14:40:9D:3D:5A:FD
Certificate issuer:       /CN=6d9ff4a53a3db0f432820cd737d543f867a972d8
Certificate serial:       01856F4B657CAA6C0883991A4A742038FE9A
Authority key identifier: 6D:9F:F4:A5:3A:3D:B0:F4:32:82:0C:D7:37:D5:43:F8:67:A9:72:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bZ_0pTo9sPQyggzXN9VD-Gepctg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/61979a-ea83-4ee7-b7f7-e168db2c54b4/1/WspSqMYnIEbqWCCrZCgUQJ09Wv0.roa
Signing time:             Sun 01 Jan 2023 21:44:50 +0000
ROA not before:           Sun 01 Jan 2023 21:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41902
IP address blocks:        46.17.129.0/24 maxlen: 24
                          46.17.128.0/24 maxlen: 24
                          46.17.128.0/22 maxlen: 24
                          46.17.128.0/21 maxlen: 24
                          46.17.132.0/24 maxlen: 24
                          46.17.132.0/22 maxlen: 24
                          46.17.131.0/24 maxlen: 24
                          46.17.130.0/24 maxlen: 24
                          46.17.135.0/24 maxlen: 24
                          46.17.134.0/24 maxlen: 24
                          46.17.133.0/24 maxlen: 24
                          194.36.160.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:4b:65:7c:aa:6c:08:83:99:1a:4a:74:20:38:fe:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d9ff4a53a3db0f432820cd737d543f867a972d8
        Validity
            Not Before: Jan  1 21:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5aca52a8c6272046ea5820ab642814409d3d5afd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:80:bc:09:57:98:c2:83:59:e2:69:96:1a:ad:
                    0f:b1:bc:1e:5d:bc:69:f7:e0:bf:52:3c:13:a2:27:
                    02:9f:10:91:eb:8b:e9:fc:1c:0f:28:f3:e9:0a:93:
                    f1:d3:15:ac:b6:ca:bd:7f:4c:58:cc:13:3a:b3:f4:
                    95:1d:a9:a6:ac:e1:62:b2:f4:69:33:19:bc:99:fc:
                    06:f7:03:87:91:e5:55:e3:b8:df:6a:bd:94:6f:33:
                    9e:8d:fe:12:75:41:d2:20:5b:3d:2a:2d:65:8c:96:
                    b6:c5:61:b8:0d:9f:24:3b:18:0c:89:fd:98:3c:8d:
                    4a:83:d9:87:b5:13:35:89:ac:df:55:3e:fa:62:95:
                    04:6f:24:59:4b:16:19:21:e5:e6:e5:15:11:ec:a1:
                    6f:da:ef:65:56:59:73:6c:a8:af:80:98:10:82:7d:
                    bf:49:10:7c:f7:3a:5c:c3:64:ef:53:9d:cc:2f:e3:
                    5a:b7:33:f3:f2:b1:c2:ef:9a:87:ce:7b:9f:a7:54:
                    f6:8a:30:9f:d8:02:34:00:b9:8f:e1:27:1f:4b:e9:
                    bf:26:87:f3:79:00:16:da:b6:3e:61:dc:9d:91:27:
                    a8:c0:17:33:a4:fa:42:67:81:48:75:99:d7:84:35:
                    17:f5:5f:fb:af:52:aa:74:a8:62:81:44:95:f1:4c:
                    5c:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:CA:52:A8:C6:27:20:46:EA:58:20:AB:64:28:14:40:9D:3D:5A:FD
            X509v3 Authority Key Identifier:
                keyid:6D:9F:F4:A5:3A:3D:B0:F4:32:82:0C:D7:37:D5:43:F8:67:A9:72:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bZ_0pTo9sPQyggzXN9VD-Gepctg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/61979a-ea83-4ee7-b7f7-e168db2c54b4/1/WspSqMYnIEbqWCCrZCgUQJ09Wv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/61979a-ea83-4ee7-b7f7-e168db2c54b4/1/bZ_0pTo9sPQyggzXN9VD-Gepctg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.128.0/21
                  194.36.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:ad:0f:30:7e:23:61:eb:c7:4d:21:ae:50:a9:94:e8:bd:22:
         b8:2b:95:af:9b:db:06:d5:03:18:9f:44:97:80:51:49:4d:3f:
         78:94:e3:18:ee:01:30:a5:73:3e:6d:8c:72:79:dc:46:35:b2:
         6c:cc:d7:af:65:6c:5a:ee:29:9b:4f:65:65:ab:be:81:e0:90:
         2f:ef:b9:c6:8e:64:00:23:e1:45:48:55:4e:1a:e8:61:3d:e7:
         d8:8e:08:48:17:4c:e7:10:ad:29:59:b0:be:4f:3d:a8:d3:7f:
         9e:4e:37:2e:ab:e9:86:5a:c8:36:e3:ce:da:83:2a:59:d3:fa:
         cd:b8:df:3b:17:4a:0c:43:ad:eb:3f:0b:54:b7:4f:a8:60:62:
         f1:1a:36:98:96:6e:41:83:a9:a5:98:b9:a0:f0:aa:5c:d1:9e:
         65:87:c0:b5:cd:b9:a1:17:8e:cf:2a:2d:d8:34:c0:98:95:d7:
         00:23:ed:73:e3:13:11:a3:40:d5:6c:ff:0d:23:b6:e2:4d:c7:
         30:97:d3:fc:2b:31:8c:9c:54:69:4c:af:47:a0:ce:7d:92:dc:
         0a:06:74:14:bb:10:59:d6:a5:5d:98:e2:fe:0a:07:a2:7b:a0:
         82:be:fc:94:1a:4e:e3:de:0d:a1:a2:9e:d6:11:b4:de:b8:09:
         5f:22:02:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvS2V8qmwIg5kaSnQgOP6aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkOWZmNGE1M2EzZGIwZjQzMjgyMGNkNzM3ZDU0M2Y4Njdh
OTcyZDgwHhcNMjMwMTAxMjE0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWNhNTJhOGM2MjcyMDQ2ZWE1ODIwYWI2NDI4MTQ0MDlkM2Q1YWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYC8CVeYwoNZ4mmWGq0PsbweXbxp
9+C/UjwToicCnxCR64vp/BwPKPPpCpPx0xWstsq9f0xYzBM6s/SVHammrOFisvRp
Mxm8mfwG9wOHkeVV47jfar2UbzOejf4SdUHSIFs9Ki1ljJa2xWG4DZ8kOxgMif2Y
PI1Kg9mHtRM1iazfVT76YpUEbyRZSxYZIeXm5RUR7KFv2u9lVllzbKivgJgQgn2/
SRB89zpcw2TvU53ML+NatzPz8rHC75qHznufp1T2ijCf2AI0ALmP4ScfS+m/Jofz
eQAW2rY+YdydkSeowBczpPpCZ4FIdZnXhDUX9V/7r1KqdKhigUSV8UxcIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFrKUqjGJyBG6lggq2QoFECdPVr9MB8GA1UdIwQY
MBaAFG2f9KU6PbD0MoIM1zfVQ/hnqXLYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlpfMHBUbzlzUFF5Z2d6WE45VkQtR2VwY3RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82MTk3OWEtZWE4My00ZWU3LWI3Zjct
ZTE2OGRiMmM1NGI0LzEvV3NwU3FNWW5JRWJxV0NDclpDZ1VRSjA5V3YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82MTk3OWEtZWE4My00ZWU3LWI3ZjctZTE2OGRiMmM1NGI0
LzEvYlpfMHBUbzlzUFF5Z2d6WE45VkQtR2VwY3RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhGAAwQA
wiSgMA0GCSqGSIb3DQEBCwUAA4IBAQAxrQ8wfiNh68dNIa5QqZTovSK4K5Wvm9sG
1QMYn0SXgFFJTT94lOMY7gEwpXM+bYxyedxGNbJszNevZWxa7imbT2Vlq76B4JAv
77nGjmQAI+FFSFVOGuhhPefYjghIF0znEK0pWbC+Tz2o03+eTjcuq+mGWsg2487a
gypZ0/rNuN87F0oMQ63rPwtUt0+oYGLxGjaYlm5Bg6mlmLmg8Kpc0Z5lh8C1zbmh
F47PKi3YNMCYldcAI+1z4xMRo0DVbP8NI7biTccwl9P8KzGMnFRpTK9HoM59ktwK
BnQUuxBZ1qVdmOL+Cgeie6CCvvyUGk7j3g2hop7WEbTeuAlfIgKO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:46 2024 by rpki-client on console-ams.rpki-client.org