Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/cwYrcH5y3xtPpX7xcni5DX4o7kM.roa
File:                     cwYrcH5y3xtPpX7xcni5DX4o7kM.roa (raw, json)
Hash identifier:          LD6/1jtTnyaNDQ1TCGN0wMpTWPVt2AeSzCwh/GrxrhY=
Subject key identifier:   73:06:2B:70:7E:72:DF:1B:4F:A5:7E:F1:72:78:B9:0D:7E:28:EE:43
Certificate issuer:       /CN=c5721737651598f56cf7195120777d7b5316f552
Certificate serial:       01856EF8E5FE1825164924AE7F6D481B8128
Authority key identifier: C5:72:17:37:65:15:98:F5:6C:F7:19:51:20:77:7D:7B:53:16:F5:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xXIXN2UVmPVs9xlRIHd9e1MW9VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/cwYrcH5y3xtPpX7xcni5DX4o7kM.roa
Signing time:             Sun 01 Jan 2023 20:14:43 +0000
ROA not before:           Sun 01 Jan 2023 20:14:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208766
IP address blocks:        45.85.228.0/22 maxlen: 22
                          2a0e:cc80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:f8:e5:fe:18:25:16:49:24:ae:7f:6d:48:1b:81:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c5721737651598f56cf7195120777d7b5316f552
        Validity
            Not Before: Jan  1 20:14:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=73062b707e72df1b4fa57ef17278b90d7e28ee43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d1:bb:ba:ca:8f:77:d0:c4:3b:78:c4:6a:23:
                    47:24:3b:e5:d2:fd:c7:8e:c6:9d:ac:0a:1a:55:eb:
                    e6:e7:4b:5b:6c:94:d7:b9:55:5b:ce:6b:15:03:38:
                    85:21:69:0a:ee:9d:a8:b7:10:52:d7:8c:fe:5f:3c:
                    75:c0:d1:fc:c2:60:71:fb:2f:5e:49:2a:ec:a4:8f:
                    7d:fb:5e:87:fc:d9:13:c1:2e:8a:54:51:65:d3:56:
                    b3:37:a3:70:da:65:f1:8a:ba:c7:59:71:8c:69:7a:
                    37:1e:08:88:d2:d2:da:42:7f:60:a1:2c:c2:04:53:
                    49:08:4c:10:31:a6:84:45:4d:07:ce:9f:85:86:70:
                    9d:0a:43:f1:ca:4b:c5:48:a6:14:cb:55:a8:9e:7d:
                    9d:1f:02:17:e6:26:14:a5:9c:4d:6e:b7:75:d0:06:
                    40:70:69:d9:46:76:bb:6f:f6:e9:bd:93:af:8f:63:
                    9a:fe:74:a7:e4:aa:fc:9c:75:aa:f8:de:b1:cf:a2:
                    fb:15:16:2b:ef:61:1c:94:4e:16:5b:ae:98:e6:46:
                    ee:36:e2:c9:68:70:7c:ce:47:24:e3:95:90:7b:36:
                    28:f0:81:ef:7e:89:03:e1:d8:82:86:03:c2:03:40:
                    a7:51:d1:8b:13:fc:d4:e3:87:40:a9:0e:a2:b4:21:
                    93:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:06:2B:70:7E:72:DF:1B:4F:A5:7E:F1:72:78:B9:0D:7E:28:EE:43
            X509v3 Authority Key Identifier:
                keyid:C5:72:17:37:65:15:98:F5:6C:F7:19:51:20:77:7D:7B:53:16:F5:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xXIXN2UVmPVs9xlRIHd9e1MW9VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/cwYrcH5y3xtPpX7xcni5DX4o7kM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/5b43ba-8eb5-44d3-9b87-e000e3fff93e/1/xXIXN2UVmPVs9xlRIHd9e1MW9VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.228.0/22
                IPv6:
                  2a0e:cc80::/29

    Signature Algorithm: sha256WithRSAEncryption
         64:f1:1a:09:81:a9:56:e4:cc:4d:69:c8:28:ee:f4:d1:52:db:
         dc:c2:cc:f2:04:c5:4c:4b:1e:31:eb:d9:10:e0:a9:3c:4b:46:
         1a:10:cd:15:9d:c4:7a:a5:1f:39:67:a3:d1:81:35:76:de:18:
         1d:08:08:be:57:6f:ba:bb:97:33:19:4d:2b:7e:a7:f2:eb:ba:
         80:3a:a7:01:7f:07:2c:7f:d7:cc:66:c9:7d:99:e4:66:ff:61:
         5c:01:ea:87:0c:17:82:6b:98:a4:c2:d3:b9:f9:57:34:09:fd:
         4d:26:68:4b:67:18:55:da:2d:6a:e4:bf:ec:64:cc:1f:72:81:
         29:ed:d0:13:9e:6b:33:42:c9:33:ed:c6:87:5a:e6:42:1a:07:
         c6:1d:9b:d8:b8:94:9e:74:ef:06:ae:e7:bb:38:5d:5d:19:fb:
         b5:5b:56:65:24:11:e1:6f:98:65:07:ce:73:6b:35:a8:e2:39:
         b7:f1:9d:b4:a5:ca:d1:8e:4c:1e:e3:f9:3d:3d:5c:81:dc:9d:
         66:95:92:46:30:bb:d4:1a:af:b1:cb:46:da:40:c3:95:c5:0d:
         cf:67:a4:e6:e5:77:4f:c2:7d:25:d0:02:4f:24:ea:4d:a5:5a:
         ec:2d:15:a3:dd:c8:9f:9e:78:1f:21:d9:3c:21:72:09:eb:d4:
         4f:91:90:92
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVu+OX+GCUWSSSuf21IG4EoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NzIxNzM3NjUxNTk4ZjU2Y2Y3MTk1MTIwNzc3ZDdiNTMx
NmY1NTIwHhcNMjMwMTAxMjAxNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzA2MmI3MDdlNzJkZjFiNGZhNTdlZjE3Mjc4YjkwZDdlMjhlZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9G7usqPd9DEO3jEaiNHJDvl0v3H
jsadrAoaVevm50tbbJTXuVVbzmsVAziFIWkK7p2otxBS14z+Xzx1wNH8wmBx+y9e
SSrspI99+16H/NkTwS6KVFFl01azN6Nw2mXxirrHWXGMaXo3HgiI0tLaQn9goSzC
BFNJCEwQMaaERU0Hzp+FhnCdCkPxykvFSKYUy1Wonn2dHwIX5iYUpZxNbrd10AZA
cGnZRna7b/bpvZOvj2Oa/nSn5Kr8nHWq+N6xz6L7FRYr72EclE4WW66Y5kbuNuLJ
aHB8zkck45WQezYo8IHvfokD4diChgPCA0CnUdGLE/zU44dAqQ6itCGTMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHMGK3B+ct8bT6V+8XJ4uQ1+KO5DMB8GA1UdIwQY
MBaAFMVyFzdlFZj1bPcZUSB3fXtTFvVSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFhJWE4yVVZtUFZzOXhsUklIZDllMU1XOVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC81YjQzYmEtOGViNS00NGQzLTliODct
ZTAwMGUzZmZmOTNlLzEvY3dZcmNINXkzeHRQcFg3eGNuaTVEWDRvN2tNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC81YjQzYmEtOGViNS00NGQzLTliODctZTAwMGUzZmZmOTNl
LzEveFhJWE4yVVZtUFZzOXhsUklIZDllMU1XOVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVXkMA0E
AgACMAcDBQMqDsyAMA0GCSqGSIb3DQEBCwUAA4IBAQBk8RoJgalW5MxNacgo7vTR
UtvcwszyBMVMSx4x69kQ4Kk8S0YaEM0VncR6pR85Z6PRgTV23hgdCAi+V2+6u5cz
GU0rfqfy67qAOqcBfwcsf9fMZsl9meRm/2FcAeqHDBeCa5ikwtO5+Vc0Cf1NJmhL
ZxhV2i1q5L/sZMwfcoEp7dATnmszQskz7caHWuZCGgfGHZvYuJSedO8Grue7OF1d
Gfu1W1ZlJBHhb5hlB85zazWo4jm38Z20pcrRjkwe4/k9PVyB3J1mlZJGMLvUGq+x
y0baQMOVxQ3PZ6Tm5XdPwn0l0AJPJOpNpVrsLRWj3cifnngfIdk8IXIJ69RPkZCS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:49 2024 by rpki-client on console-ams.rpki-client.org