Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/0fKv8D6iG_RrWRl9c3ceRoW5kIQ.roa
File:                     0fKv8D6iG_RrWRl9c3ceRoW5kIQ.roa (raw, json)
Hash identifier:          XH5JUa5Gyx9Apv+qjGSiYGHPptAFc2TWcuNUmmJjkb0=
Subject key identifier:   D1:F2:AF:F0:3E:A2:1B:F4:6B:59:19:7D:73:77:1E:46:85:B9:90:84
Certificate issuer:       /CN=9af9d0d4befda09e999eabd0c8724e217364de10
Certificate serial:       018C7DC1257D3C9384E1FE9496C7B7E3B14E
Authority key identifier: 9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/0fKv8D6iG_RrWRl9c3ceRoW5kIQ.roa
Signing time:             Mon 18 Dec 2023 16:27:39 +0000
ROA not before:           Mon 18 Dec 2023 16:27:39 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208398
IP address blocks:        100.43.64.0/19 maxlen: 19
                          199.36.240.0/22 maxlen: 22
                          199.21.96.0/22 maxlen: 22
                          45.87.132.0/22 maxlen: 22
                          2a13:a400::/29 maxlen: 48
                          2a0e:fd87::/32 maxlen: 32
                          2a0e:fd80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7d:c1:25:7d:3c:93:84:e1:fe:94:96:c7:b7:e3:b1:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9af9d0d4befda09e999eabd0c8724e217364de10
        Validity
            Not Before: Dec 18 16:27:39 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d1f2aff03ea21bf46b59197d73771e4685b99084
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:88:e8:d9:97:71:88:c2:a6:a1:80:75:da:2f:
                    d5:29:3a:83:9e:5a:8c:5b:c6:37:b1:5e:01:27:8e:
                    fd:67:ee:57:80:70:97:ab:9f:05:f2:c1:4a:81:1b:
                    82:e6:8e:63:95:48:16:66:20:a1:0b:f7:d9:74:37:
                    6a:aa:10:95:c0:ef:22:5f:7c:72:15:9e:49:36:0e:
                    52:3b:22:4a:bc:5a:d3:ee:85:f6:27:e0:e9:0b:9a:
                    ce:37:0f:34:40:53:82:d0:14:a2:4b:48:41:71:7f:
                    d5:ec:e3:ce:22:08:db:6d:ca:b7:78:b8:31:27:38:
                    d4:33:29:ce:d3:3f:77:14:e0:bf:05:cc:5b:c0:10:
                    db:fe:f0:2a:02:3b:1b:2c:c4:75:53:02:9b:21:40:
                    db:96:00:d6:c1:35:33:32:c2:54:66:c1:8a:99:00:
                    2c:0c:bd:11:42:1b:58:00:92:1d:5c:d8:ea:cc:e0:
                    ff:85:16:c8:d3:9b:8b:31:4e:1f:7e:93:70:9f:fc:
                    8b:c0:c4:b5:30:e4:52:5c:46:74:96:e7:74:20:af:
                    8d:6b:b4:20:27:6a:92:34:f8:0b:a9:f9:2f:89:58:
                    51:4b:ff:38:26:f8:d4:15:8e:79:44:26:39:64:00:
                    66:6b:d1:2c:73:a3:c3:41:d7:08:31:28:b3:4a:a0:
                    ec:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F2:AF:F0:3E:A2:1B:F4:6B:59:19:7D:73:77:1E:46:85:B9:90:84
            X509v3 Authority Key Identifier:
                keyid:9A:F9:D0:D4:BE:FD:A0:9E:99:9E:AB:D0:C8:72:4E:21:73:64:DE:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/0fKv8D6iG_RrWRl9c3ceRoW5kIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/01d9fe-e14a-40a4-8458-26701b162fc3/1/mvnQ1L79oJ6ZnqvQyHJOIXNk3hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.132.0/22
                  100.43.64.0/19
                  199.21.96.0/22
                  199.36.240.0/22
                IPv6:
                  2a0e:fd80::/32
                  2a0e:fd87::/32
                  2a13:a400::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:51:1e:a8:ff:7b:1b:0d:17:c2:31:3e:b8:d8:28:a7:cc:80:
         31:20:f6:0c:52:9b:9b:1c:b1:c8:b5:76:fa:da:bc:b8:25:d9:
         19:5a:6b:01:ea:79:1d:d8:ca:0f:c4:5b:c7:9a:d2:34:10:9e:
         4f:d6:50:52:14:5c:24:66:c9:ac:15:55:e5:8c:84:58:25:d2:
         d6:40:c1:19:87:33:ac:5a:9d:12:60:11:2e:51:71:b8:76:42:
         cd:f6:d1:6a:51:0f:a1:be:e6:31:58:cb:da:98:01:25:e6:98:
         71:8d:54:5b:f2:30:64:c3:3f:70:26:36:6d:bc:b0:c7:00:78:
         0d:14:7e:29:c7:1b:3e:a3:e9:1d:fb:03:15:02:21:2d:af:78:
         20:85:51:97:1b:60:7d:bd:41:11:08:3a:3c:06:7f:ee:0d:ca:
         ca:da:45:15:17:7f:45:e6:67:ba:8a:c1:81:58:bf:52:c8:c5:
         08:69:22:ef:48:f9:36:cf:58:7a:6a:df:6b:af:99:d1:bc:30:
         7e:a2:59:92:e6:6f:cf:a2:6a:74:fe:09:c7:f5:a2:60:36:a5:
         d7:d7:0a:43:e6:fb:a4:c2:7f:a4:e9:fa:29:90:07:11:93:ac:
         2f:d4:6f:d3:0a:77:02:d6:21:f9:a9:75:6c:bc:2d:ec:24:e7:
         55:27:79:1d
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYx9wSV9PJOE4f6Ulse347FOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZjlkMGQ0YmVmZGEwOWU5OTllYWJkMGM4NzI0ZTIxNzM2
NGRlMTAwHhcNMjMxMjE4MTYyNzM5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYyYWZmMDNlYTIxYmY0NmI1OTE5N2Q3Mzc3MWU0Njg1Yjk5MDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIjo2ZdxiMKmoYB12i/VKTqDnlqM
W8Y3sV4BJ479Z+5XgHCXq58F8sFKgRuC5o5jlUgWZiChC/fZdDdqqhCVwO8iX3xy
FZ5JNg5SOyJKvFrT7oX2J+DpC5rONw80QFOC0BSiS0hBcX/V7OPOIgjbbcq3eLgx
JzjUMynO0z93FOC/BcxbwBDb/vAqAjsbLMR1UwKbIUDblgDWwTUzMsJUZsGKmQAs
DL0RQhtYAJIdXNjqzOD/hRbI05uLMU4ffpNwn/yLwMS1MORSXEZ0lud0IK+Na7Qg
J2qSNPgLqfkviVhRS/84JvjUFY55RCY5ZABma9Esc6PDQdcIMSizSqDsKQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFNHyr/A+ohv0a1kZfXN3HkaFuZCEMB8GA1UdIwQY
MBaAFJr50NS+/aCemZ6r0MhyTiFzZN4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgt
MjY3MDFiMTYyZmMzLzEvMGZLdjhENmlHX1JyV1JsOWMzY2VSb1c1a0lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wMWQ5ZmUtZTE0YS00MGE0LTg0NTgtMjY3MDFiMTYyZmMz
LzEvbXZuUTFMNzlvSjZabnF2UXlISk9JWE5rM2hBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAeBAIAATAYAwQCLVeEAwQF
ZCtAAwQCxxVgAwQCxyTwMBsEAgACMBUDBQAqDv2AAwUAKg79hwMFAyoTpAAwDQYJ
KoZIhvcNAQELBQADggEBAJxRHqj/exsNF8IxPrjYKKfMgDEg9gxSm5scsci1dvra
vLgl2RlaawHqeR3Yyg/EW8ea0jQQnk/WUFIUXCRmyawVVeWMhFgl0tZAwRmHM6xa
nRJgES5Rcbh2Qs320WpRD6G+5jFYy9qYASXmmHGNVFvyMGTDP3AmNm28sMcAeA0U
finHGz6j6R37AxUCIS2veCCFUZcbYH29QREIOjwGf+4NysraRRUXf0XmZ7qKwYFY
v1LIxQhpIu9I+TbPWHpq32uvmdG8MH6iWZLmb8+ianT+Ccf1omA2pdfXCkPm+6TC
f6Tp+imQBxGTrC/Ub9MKdwLWIfmpdWy8Lewk51UneR0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:14 2024 by rpki-client on console-ams.rpki-client.org