Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tFrE_ydTtJ1oskPIME4tSq-sN_Y.roa
File:                     tFrE_ydTtJ1oskPIME4tSq-sN_Y.roa (raw, json)
Hash identifier:          gBCPTrC7tT0utyAGx2Soiu++duwHg4kRWV/s+6bsyVQ=
Subject key identifier:   B4:5A:C4:FF:27:53:B4:9D:68:B2:43:C8:30:4E:2D:4A:AF:AC:37:F6
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0186D9F76094B94F39754ECA8F7B9A71513D
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tFrE_ydTtJ1oskPIME4tSq-sN_Y.roa
Signing time:             Mon 13 Mar 2023 07:55:13 +0000
ROA not before:           Mon 13 Mar 2023 07:55:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209408
IP address blocks:        80.71.228.0/24 maxlen: 24
                          45.66.224.0/22 maxlen: 22
                          81.29.145.0/24 maxlen: 24
                          81.29.146.0/24 maxlen: 24
                          81.29.149.0/24 maxlen: 24
                          81.29.148.0/24 maxlen: 24
                          81.29.147.0/24 maxlen: 24
                          81.29.156.0/24 maxlen: 24
                          81.29.158.0/24 maxlen: 24
                          2a09:6c40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 20 Mar 2023 07:11:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:d9:f7:60:94:b9:4f:39:75:4e:ca:8f:7b:9a:71:51:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar 13 07:55:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b45ac4ff2753b49d68b243c8304e2d4aafac37f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:0f:67:c8:b1:d2:e1:94:24:9e:df:e4:a8:7b:
                    a6:d1:1b:fd:43:00:80:75:1c:87:07:03:13:f3:e9:
                    2a:e9:a0:12:32:38:f3:6a:cb:e0:fd:7b:13:0d:65:
                    f2:03:59:4e:03:ee:60:b6:42:2d:22:bf:05:20:fa:
                    0e:65:35:19:e0:7e:f9:8e:c4:26:3a:b4:28:65:6e:
                    34:6d:cb:9b:c9:25:d5:4c:0d:2a:4b:47:77:63:69:
                    85:5d:2d:da:42:00:55:2b:1a:72:74:c6:36:29:9a:
                    c4:6e:c3:26:72:bf:52:55:e3:b6:39:60:a9:1d:3e:
                    4e:c5:29:d0:2a:f0:d4:88:d6:b0:2a:c6:60:ee:78:
                    a9:6f:7f:b7:a2:17:89:eb:72:e8:80:c9:82:8e:e6:
                    41:48:81:70:66:01:ea:3e:07:5a:e0:93:4a:60:d4:
                    a8:98:aa:65:9b:00:9c:4f:4b:b6:66:c8:dd:27:d7:
                    91:28:30:2d:f8:4a:8b:68:4a:cb:bf:25:f8:8b:a3:
                    8f:0b:6a:4c:b8:c2:9f:e4:b1:1a:ab:59:ed:51:fd:
                    5b:fa:c5:94:93:24:ec:db:58:81:d7:1a:2e:0a:78:
                    e9:00:4e:5f:2b:4e:06:31:e1:c1:9a:a0:a2:ab:12:
                    f6:d6:6c:92:0f:0a:e9:7c:d3:04:a0:54:a7:d6:1f:
                    65:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5A:C4:FF:27:53:B4:9D:68:B2:43:C8:30:4E:2D:4A:AF:AC:37:F6
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/tFrE_ydTtJ1oskPIME4tSq-sN_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                  80.71.228.0/24
                  81.29.145.0-81.29.149.255
                  81.29.156.0/24
                  81.29.158.0/24
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2f:ef:d7:ec:4e:2a:06:a4:fe:7e:ca:30:5d:17:29:44:06:c3:
         57:46:0c:8f:0b:5a:77:d0:91:14:c7:93:ed:0c:4c:3d:b9:3b:
         47:cc:6d:db:74:51:82:92:bc:31:f5:5e:68:9e:26:31:17:69:
         66:93:e7:aa:d0:36:b3:bd:8a:4d:e5:3e:4b:e1:aa:38:ea:ae:
         99:9e:2a:10:c2:63:17:ff:e7:18:e0:e5:ad:1e:8e:ba:2f:83:
         ef:e5:ac:e9:ca:cd:de:5b:ec:4b:27:44:7e:24:b9:47:3d:34:
         24:e1:23:0c:b6:5c:73:56:73:20:ce:e1:be:39:17:78:33:be:
         6e:c3:76:f2:69:b5:c8:72:ce:4c:71:92:e1:27:6a:e8:ba:b4:
         cd:33:90:64:d0:e4:e0:4a:93:69:73:b6:a7:2b:72:20:f5:5e:
         1b:60:9f:0f:1f:68:a6:32:93:c2:00:cb:3a:3d:8f:2a:aa:e5:
         4b:e2:94:7f:27:01:ff:6b:c2:af:30:0c:81:3b:ea:7a:23:ef:
         a8:ad:16:d1:b6:0d:84:ba:2e:3b:41:07:eb:57:c2:16:43:ec:
         31:8f:aa:e2:8a:c6:ae:4d:9b:79:65:8a:ce:a6:ce:25:6c:e6:
         33:ce:2f:a7:65:69:27:32:73:10:32:2c:d4:f1:9d:83:aa:6a:
         e3:9a:7c:f2
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYbZ92CUuU85dU7Kj3uacVE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwMzEzMDc1NTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDVhYzRmZjI3NTNiNDlkNjhiMjQzYzgzMDRlMmQ0YWFmYWMzN2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhA9nyLHS4ZQknt/kqHum0Rv9QwCA
dRyHBwMT8+kq6aASMjjzasvg/XsTDWXyA1lOA+5gtkItIr8FIPoOZTUZ4H75jsQm
OrQoZW40bcubySXVTA0qS0d3Y2mFXS3aQgBVKxpydMY2KZrEbsMmcr9SVeO2OWCp
HT5OxSnQKvDUiNawKsZg7nipb3+3oheJ63LogMmCjuZBSIFwZgHqPgda4JNKYNSo
mKplmwCcT0u2ZsjdJ9eRKDAt+EqLaErLvyX4i6OPC2pMuMKf5LEaq1ntUf1b+sWU
kyTs21iB1xouCnjpAE5fK04GMeHBmqCiqxL21mySDwrpfNMEoFSn1h9lcQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFLRaxP8nU7SdaLJDyDBOLUqvrDf2MB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvdEZyRV95ZFR0SjFvc2tQSU1FNHRTcS1zTl9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQCLULgAwQA
UEfkMAwDBABRHZEDBAFRHZQDBABRHZwDBABRHZ4wDQQCAAIwBwMFAyoJbEAwDQYJ
KoZIhvcNAQELBQADggEBAC/v1+xOKgak/n7KMF0XKUQGw1dGDI8LWnfQkRTHk+0M
TD25O0fMbdt0UYKSvDH1XmieJjEXaWaT56rQNrO9ik3lPkvhqjjqrpmeKhDCYxf/
5xjg5a0ejrovg+/lrOnKzd5b7EsnRH4kuUc9NCThIwy2XHNWcyDO4b45F3gzvm7D
dvJptchyzkxxkuEnaui6tM0zkGTQ5OBKk2lztqcrciD1Xhtgnw8faKYyk8IAyzo9
jyqq5UvilH8nAf9rwq8wDIE76noj76itFtG2DYS6LjtBB+tXwhZD7DGPquKKxq5N
m3llis6mziVs5jPOL6dlaScycxAyLNTxnYOqauOafPI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:40 2024 by rpki-client on console-fra.rpki-client.org