Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/tOxblqFQXacOWaSbx1Ctm6vj-gA.roa
File:                     tOxblqFQXacOWaSbx1Ctm6vj-gA.roa (raw, json)
Hash identifier:          uerJ08/snbNqG6gIVnNH9fiDiKcHrRT4dE2CAhH51Kg=
Subject key identifier:   B4:EC:5B:96:A1:50:5D:A7:0E:59:A4:9B:C7:50:AD:9B:AB:E3:FA:00
Certificate issuer:       /CN=3c86ec321e72fd46c98dcc0cd7c70bcad557d59c
Certificate serial:       018CC5DC6AB897BBA2F4F998BC17F1954BC2
Authority key identifier: 3C:86:EC:32:1E:72:FD:46:C9:8D:CC:0C:D7:C7:0B:CA:D5:57:D5:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIbsMh5y_UbJjcwM18cLytVX1Zw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/tOxblqFQXacOWaSbx1Ctm6vj-gA.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209097
IP address blocks:        45.149.58.0/24 maxlen: 24
                          45.149.56.0/24 maxlen: 24
                          45.149.57.0/24 maxlen: 24
                          45.149.59.0/24 maxlen: 24
                          5.182.144.0/24 maxlen: 24
                          5.182.145.0/24 maxlen: 24
                          5.182.146.0/24 maxlen: 24
                          5.182.147.0/24 maxlen: 24
                          2a0e:5c03::/32 maxlen: 32
                          2a0e:5c04::/30 maxlen: 30
                          2a0e:5c01::/32 maxlen: 32
                          2a0e:5c00::/32 maxlen: 32
                          2a0e:5c02::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 19 Mar 2024 14:20:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:6a:b8:97:bb:a2:f4:f9:98:bc:17:f1:95:4b:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c86ec321e72fd46c98dcc0cd7c70bcad557d59c
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b4ec5b96a1505da70e59a49bc750ad9babe3fa00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:98:4a:a6:11:9f:42:b2:bc:66:39:ff:62:e5:
                    b9:d1:76:13:81:fd:66:52:bb:41:5d:55:a0:4e:eb:
                    ff:3d:62:19:2b:c3:6a:cf:e2:af:d8:21:78:d8:b6:
                    56:49:96:a9:a1:ff:55:34:7b:61:b5:75:a5:2e:b3:
                    a2:ef:45:1c:cb:04:da:27:fa:91:64:28:af:b5:c0:
                    55:57:4f:60:2d:32:d9:7f:ce:62:03:21:af:08:67:
                    07:72:9b:a6:e5:f4:38:a0:a6:4b:88:4b:27:1c:ce:
                    5c:71:c4:38:2d:d0:90:bb:41:82:9c:9b:63:05:b7:
                    70:27:3e:a9:1d:b2:3c:fe:dc:fe:a1:b3:a3:b4:60:
                    6f:d9:02:13:e6:e1:4f:a5:52:d4:c1:d0:ab:99:7a:
                    d9:ba:b1:bb:db:cb:32:fb:b6:21:59:3b:0d:86:b3:
                    79:b1:ee:18:c1:eb:d4:a9:88:2e:e6:4c:cf:67:55:
                    56:6d:6a:2e:e6:77:5b:1f:8a:95:5a:84:52:2f:0f:
                    26:3d:6b:2c:3f:51:c8:57:b5:df:07:4d:7a:82:6e:
                    23:8e:1f:d5:dc:db:97:54:45:41:a5:f1:dc:ae:79:
                    c4:40:bd:7b:d4:52:97:b0:ba:9f:99:cb:b1:ea:cc:
                    b7:89:dc:74:32:f2:7e:49:17:9f:76:8e:c1:5f:b7:
                    79:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:EC:5B:96:A1:50:5D:A7:0E:59:A4:9B:C7:50:AD:9B:AB:E3:FA:00
            X509v3 Authority Key Identifier:
                keyid:3C:86:EC:32:1E:72:FD:46:C9:8D:CC:0C:D7:C7:0B:CA:D5:57:D5:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIbsMh5y_UbJjcwM18cLytVX1Zw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/tOxblqFQXacOWaSbx1Ctm6vj-gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5c0fd2-6743-4682-967b-5f15beafa9b1/1/PIbsMh5y_UbJjcwM18cLytVX1Zw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.144.0/22
                  45.149.56.0/22
                IPv6:
                  2a0e:5c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         b3:b9:ff:c7:3e:f4:8f:37:98:4a:6e:ae:d0:3d:e0:0a:f8:d5:
         91:a7:24:fe:ba:25:9a:f3:b3:38:bb:d1:8d:c0:32:68:b2:4f:
         66:56:b9:6e:5b:dc:6b:81:62:f5:0c:7f:41:ec:08:d0:22:bf:
         5a:0a:fd:bc:22:d6:89:23:de:e7:d0:cc:96:db:7c:e3:12:58:
         ca:34:95:1a:73:2e:65:1a:91:a0:73:86:9c:f8:ee:98:8f:c8:
         a6:70:78:1f:f9:7e:8a:aa:03:68:86:fb:af:1d:c7:68:a1:2e:
         1a:27:78:84:a4:4b:52:b9:be:0e:8c:04:d6:bc:24:00:1c:4d:
         65:67:03:eb:da:a1:c0:a5:ec:f5:7e:b4:b8:f1:7e:74:18:9b:
         4c:1a:e0:f7:c9:f6:9a:38:14:45:70:40:40:c0:ff:1d:46:d5:
         70:96:15:eb:08:a0:39:97:87:01:a9:1b:7c:1b:48:7d:ff:c6:
         2d:1c:77:ef:3b:d6:15:18:e1:ea:45:8d:f7:ef:c9:3a:6f:9e:
         48:6f:4e:dc:43:12:18:1b:f3:7b:83:40:33:94:e2:2a:7e:67:
         cf:f4:fc:cf:52:ed:9e:d6:14:6f:4f:f4:dd:ca:14:0c:2d:32:
         51:b9:6d:0d:49:30:4c:24:09:f0:51:2e:00:06:91:ad:e1:62:
         31:74:bf:a9
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3Gq4l7ui9PmYvBfxlUvCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjODZlYzMyMWU3MmZkNDZjOThkY2MwY2Q3YzcwYmNhZDU1
N2Q1OWMwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGVjNWI5NmExNTA1ZGE3MGU1OWE0OWJjNzUwYWQ5YmFiZTNmYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZhKphGfQrK8Zjn/YuW50XYTgf1m
UrtBXVWgTuv/PWIZK8Nqz+Kv2CF42LZWSZapof9VNHthtXWlLrOi70UcywTaJ/qR
ZCivtcBVV09gLTLZf85iAyGvCGcHcpum5fQ4oKZLiEsnHM5cccQ4LdCQu0GCnJtj
BbdwJz6pHbI8/tz+obOjtGBv2QIT5uFPpVLUwdCrmXrZurG728sy+7YhWTsNhrN5
se4YwevUqYgu5kzPZ1VWbWou5ndbH4qVWoRSLw8mPWssP1HIV7XfB016gm4jjh/V
3NuXVEVBpfHcrnnEQL171FKXsLqfmcux6sy3idx0MvJ+SRefdo7BX7d5QwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFLTsW5ahUF2nDlmkm8dQrZur4/oAMB8GA1UdIwQY
MBaAFDyG7DIecv1GyY3MDNfHC8rVV9WcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElic01oNXlfVWJKamN3TTE4Y0x5dFZYMVp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81YzBmZDItNjc0My00NjgyLTk2N2It
NWYxNWJlYWZhOWIxLzEvdE94YmxxRlFYYWNPV2FTYngxQ3RtNnZqLWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81YzBmZDItNjc0My00NjgyLTk2N2ItNWYxNWJlYWZhOWIx
LzEvUElic01oNXlfVWJKamN3TTE4Y0x5dFZYMVp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCBbaQAwQC
LZU4MA0EAgACMAcDBQMqDlwAMA0GCSqGSIb3DQEBCwUAA4IBAQCzuf/HPvSPN5hK
bq7QPeAK+NWRpyT+uiWa87M4u9GNwDJosk9mVrluW9xrgWL1DH9B7AjQIr9aCv28
ItaJI97n0MyW23zjEljKNJUacy5lGpGgc4ac+O6Yj8imcHgf+X6KqgNohvuvHcdo
oS4aJ3iEpEtSub4OjATWvCQAHE1lZwPr2qHApez1frS48X50GJtMGuD3yfaaOBRF
cEBAwP8dRtVwlhXrCKA5l4cBqRt8G0h9/8YtHHfvO9YVGOHqRY3378k6b55Ib07c
QxIYG/N7g0AzlOIqfmfP9PzPUu2e1hRvT/TdyhQMLTJRuW0NSTBMJAnwUS4ABpGt
4WIxdL+p
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:02 2024 by rpki-client on console-fra.rpki-client.org