Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/2-Bi7vfoMWEal8ky2jb_YFX2zgI.roa
File:                     2-Bi7vfoMWEal8ky2jb_YFX2zgI.roa (raw, json)
Hash identifier:          TCfsfKV/SZtILlTFbxgDM5n9g0pSW2tYLi4dXaMtW2A=
Subject key identifier:   DB:E0:62:EE:F7:E8:31:61:1A:97:C9:32:DA:36:FF:60:55:F6:CE:02
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       01892498F27FC8A703DB6882A33C9FA566B3
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/2-Bi7vfoMWEal8ky2jb_YFX2zgI.roa
Signing time:             Wed 05 Jul 2023 05:49:10 +0000
ROA not before:           Wed 05 Jul 2023 05:49:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        81.29.148.0/24 maxlen: 24
                          81.29.147.0/24 maxlen: 24
                          81.29.157.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jul 2023 05:51:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:24:98:f2:7f:c8:a7:03:db:68:82:a3:3c:9f:a5:66:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Jul  5 05:49:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbe062eef7e831611a97c932da36ff6055f6ce02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:09:e6:d1:61:52:68:e8:c3:eb:eb:69:6b:b1:
                    8f:e1:00:fe:ca:37:79:a2:98:9a:f1:cc:b8:5c:4f:
                    7e:f8:46:fb:bc:ac:cd:a5:14:31:42:3d:07:be:4b:
                    83:2f:f4:3f:e9:e2:b5:db:f1:14:7e:42:0e:66:ca:
                    8d:45:b8:f9:c1:33:81:60:5e:62:16:a9:95:65:f8:
                    66:49:5c:18:8a:07:41:c3:78:9f:b5:b6:08:c4:d3:
                    99:90:50:b2:28:59:9c:33:5e:bc:5c:a8:d6:a6:d8:
                    fc:40:08:6e:4c:ae:5c:5f:b0:c2:da:b2:31:45:93:
                    ec:fc:33:e9:7d:fd:fe:f0:31:19:9c:74:c6:35:36:
                    c6:25:d7:ce:cc:8f:64:3c:49:dd:d4:b3:c4:0c:68:
                    90:79:37:ba:e4:f4:26:26:28:30:f9:da:e6:60:cb:
                    77:11:60:b3:b9:52:d1:7e:08:a4:31:50:e7:9f:ee:
                    12:42:73:c0:ca:78:ce:20:f9:96:b2:95:d9:00:a9:
                    be:d2:61:75:3b:da:ae:0b:b4:a8:27:a6:4e:d5:f5:
                    9a:1e:14:9c:70:61:3b:aa:14:b1:6d:cd:9e:ef:21:
                    e9:d5:cc:eb:a4:71:40:f4:de:0b:a4:85:69:ac:43:
                    d0:9d:f7:09:a4:cb:5a:dc:c7:93:22:a4:3d:9e:8c:
                    d1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E0:62:EE:F7:E8:31:61:1A:97:C9:32:DA:36:FF:60:55:F6:CE:02
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/2-Bi7vfoMWEal8ky2jb_YFX2zgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.147.0-81.29.148.255
                  81.29.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:1d:b2:71:f7:ab:85:3a:67:35:d0:c1:0f:c7:53:13:ca:c2:
         e1:2c:58:e7:20:02:c5:81:68:b9:e8:0f:aa:36:5e:65:d3:28:
         21:53:ed:33:cd:4e:f7:f9:ff:24:52:00:1c:2e:02:ff:af:72:
         34:63:4d:63:75:ec:2f:73:02:78:4f:62:4f:cd:7b:f3:1e:b0:
         2c:d2:6c:d6:cf:c2:c1:c8:79:16:22:6d:cb:4c:90:5d:aa:f4:
         71:20:a6:45:b3:44:a4:33:94:db:a5:ae:17:d2:46:9e:42:17:
         fa:de:07:a2:81:ce:aa:e7:56:42:98:ab:35:b3:05:28:24:a4:
         25:7d:1e:ad:c3:08:39:17:05:e9:97:f7:c7:10:a3:55:6d:2e:
         9d:22:a2:62:91:65:0c:ed:ae:fc:52:2e:84:51:f7:c9:c9:53:
         34:74:6b:91:b2:47:40:6c:d3:bb:5a:44:85:4f:39:f8:7c:cd:
         b2:9f:80:f8:06:46:4a:cc:b8:bb:8a:c6:31:11:7a:06:7f:98:
         c4:5a:ce:59:f8:22:a1:0e:eb:f3:fb:69:a5:d3:5a:c0:0c:d0:
         1e:19:6c:10:bb:8c:f4:5d:0c:d2:23:20:5a:e9:45:e5:e8:c0:
         ae:40:73:51:24:57:a3:48:43:86:64:71:d7:43:39:bb:9d:4f:
         04:f9:78:8e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYkkmPJ/yKcD22iCozyfpWazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwNzA1MDU0OTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmUwNjJlZWY3ZTgzMTYxMWE5N2M5MzJkYTM2ZmY2MDU1ZjZjZTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQnm0WFSaOjD6+tpa7GP4QD+yjd5
opia8cy4XE9++Eb7vKzNpRQxQj0HvkuDL/Q/6eK12/EUfkIOZsqNRbj5wTOBYF5i
FqmVZfhmSVwYigdBw3iftbYIxNOZkFCyKFmcM168XKjWptj8QAhuTK5cX7DC2rIx
RZPs/DPpff3+8DEZnHTGNTbGJdfOzI9kPEnd1LPEDGiQeTe65PQmJigw+drmYMt3
EWCzuVLRfgikMVDnn+4SQnPAynjOIPmWspXZAKm+0mF1O9quC7SoJ6ZO1fWaHhSc
cGE7qhSxbc2e7yHp1czrpHFA9N4LpIVprEPQnfcJpMta3MeTIqQ9nozRTwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNvgYu736DFhGpfJMto2/2BV9s4CMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvMi1CaTd2Zm9NV0VhbDhreTJqYl9ZRlgyemdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBABRHZMD
BABRHZQDBABRHZ0wDQYJKoZIhvcNAQELBQADggEBAAMdsnH3q4U6ZzXQwQ/HUxPK
wuEsWOcgAsWBaLnoD6o2XmXTKCFT7TPNTvf5/yRSABwuAv+vcjRjTWN17C9zAnhP
Yk/Ne/MesCzSbNbPwsHIeRYibctMkF2q9HEgpkWzRKQzlNulrhfSRp5CF/reB6KB
zqrnVkKYqzWzBSgkpCV9Hq3DCDkXBemX98cQo1VtLp0iomKRZQztrvxSLoRR98nJ
UzR0a5GyR0Bs07taRIVPOfh8zbKfgPgGRkrMuLuKxjERegZ/mMRazln4IqEO6/P7
aaXTWsAM0B4ZbBC7jPRdDNIjIFrpReXowK5Ac1EkV6NIQ4ZkcddDObudTwT5eI4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:39 2024 by rpki-client on console-fra.rpki-client.org