Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/3H5lrSvHkuny79Wul-CO9nubdX4.roa
File:                     3H5lrSvHkuny79Wul-CO9nubdX4.roa (raw, json)
Hash identifier:          MKUSyyDxGpXobBLzd+W0PHq4leVc0ttDvICCt6NdNVQ=
Subject key identifier:   DC:7E:65:AD:2B:C7:92:E9:F2:EF:D5:AE:97:E0:8E:F6:7B:9B:75:7E
Certificate issuer:       /CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
Certificate serial:       0186E480BC2277287EDCDC751E0BB3F7C070
Authority key identifier: 3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/3H5lrSvHkuny79Wul-CO9nubdX4.roa
Signing time:             Wed 15 Mar 2023 09:01:27 +0000
ROA not before:           Wed 15 Mar 2023 09:01:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20253
IP address blocks:        146.19.181.0/24 maxlen: 26
                          217.20.49.0/24 maxlen: 24
                          217.20.48.0/24 maxlen: 24
                          217.20.51.0/24 maxlen: 24
                          217.20.50.0/24 maxlen: 24
                          217.20.56.0/24 maxlen: 24
                          217.20.52.0/24 maxlen: 24
                          217.20.53.0/24 maxlen: 24
                          217.20.57.0/24 maxlen: 24
                          217.20.60.0/24 maxlen: 24
                          2a12:45c7:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 10 May 2023 03:10:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:e4:80:bc:22:77:28:7e:dc:dc:75:1e:0b:b3:f7:c0:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
        Validity
            Not Before: Mar 15 09:01:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc7e65ad2bc792e9f2efd5ae97e08ef67b9b757e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e8:a3:5b:00:f1:62:91:5a:32:be:da:43:a0:
                    66:1f:9e:5d:51:27:eb:b1:ab:58:5b:0f:7f:4d:e9:
                    9a:5a:8e:b2:ec:1e:29:a4:45:bb:74:e7:11:d5:02:
                    99:86:03:df:ea:78:1f:d8:16:35:35:48:cb:9e:9e:
                    a5:8a:cb:8a:32:2f:c0:6e:4a:f7:f5:af:7c:03:4c:
                    08:3f:9d:bb:9e:df:e6:49:b0:66:c3:c7:00:3e:cd:
                    94:ed:36:35:cc:7e:d5:84:ac:9d:36:df:77:5b:17:
                    1c:7b:31:ce:51:47:91:e8:32:77:3e:38:87:5f:9c:
                    dc:34:cb:01:97:0c:6b:a8:54:bd:35:23:b1:b8:c8:
                    79:4a:c2:63:a4:e5:6c:4d:0e:92:be:c7:be:b0:80:
                    ec:b9:58:e9:9f:d6:aa:35:ab:1c:69:33:98:19:a9:
                    fa:f6:b9:4e:64:58:f8:13:48:b1:e5:3f:53:5a:bb:
                    11:1d:3b:44:10:99:20:24:b5:66:d0:2a:3a:e3:01:
                    8b:b5:c0:08:83:62:3b:ef:0c:f8:af:85:0c:49:09:
                    98:aa:28:99:96:9e:48:47:a8:aa:49:dc:c1:5c:b6:
                    f3:7c:bf:86:ec:d4:f2:1e:28:a2:ac:91:c9:ff:32:
                    51:58:2e:b9:03:93:1e:12:dc:5f:97:fe:8c:39:86:
                    46:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:7E:65:AD:2B:C7:92:E9:F2:EF:D5:AE:97:E0:8E:F6:7B:9B:75:7E
            X509v3 Authority Key Identifier:
                keyid:3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/3H5lrSvHkuny79Wul-CO9nubdX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/PsY-XbBDXC0-dKayitPZww1qjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.181.0/24
                  217.20.48.0-217.20.53.255
                  217.20.56.0/23
                  217.20.60.0/24
                IPv6:
                  2a12:45c7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:64:f3:25:dd:f3:e5:21:76:ed:6c:7b:6f:3f:3c:f7:20:a6:
         f4:c4:82:3c:88:fd:40:84:35:ba:ce:b8:18:97:e7:de:c8:a3:
         83:f5:35:92:ce:2a:8c:de:c1:fa:fa:bc:2f:85:a5:11:4e:2e:
         65:12:99:5f:a0:d0:c4:e3:ee:22:07:82:f7:23:1a:2a:e3:c9:
         3b:6d:6f:6b:9c:3b:f8:bf:7b:d7:88:d8:48:4d:7c:4b:5a:01:
         a7:12:a2:c9:7c:46:45:e7:d8:be:22:b9:77:33:2e:1d:65:7a:
         bc:e3:ce:24:ed:87:1e:c8:6c:ad:93:da:2c:db:1f:14:04:81:
         d5:45:db:42:d2:0f:21:ec:5f:07:67:d0:59:4a:72:ad:49:45:
         02:62:28:df:7e:80:0f:c3:69:f3:d5:0c:cd:03:02:15:8b:ca:
         00:34:b7:6e:d3:89:22:ad:83:dc:d4:c8:9d:ec:70:c6:08:c6:
         47:38:da:4d:17:93:91:f5:bf:7c:ab:c5:48:bc:f3:20:ae:86:
         5e:6f:48:78:77:30:2b:8e:f1:9a:79:e7:79:0f:a8:d3:a9:65:
         94:64:81:dd:05:1b:36:ae:84:dc:21:16:b3:50:16:04:37:91:
         45:ed:03:e5:78:da:98:64:2d:3b:4d:70:73:3c:d7:f9:86:9b:
         4a:f7:54:cb
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYbkgLwidyh+3Nx1Hguz98BwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzYzZTVkYjA0MzVjMmQzZTc0YTZiMjhhZDNkOWMzMGQ2
YThjZWUwHhcNMjMwMzE1MDkwMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzdlNjVhZDJiYzc5MmU5ZjJlZmQ1YWU5N2UwOGVmNjdiOWI3NTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuijWwDxYpFaMr7aQ6BmH55dUSfr
satYWw9/TemaWo6y7B4ppEW7dOcR1QKZhgPf6ngf2BY1NUjLnp6lisuKMi/Abkr3
9a98A0wIP527nt/mSbBmw8cAPs2U7TY1zH7VhKydNt93WxccezHOUUeR6DJ3PjiH
X5zcNMsBlwxrqFS9NSOxuMh5SsJjpOVsTQ6Svse+sIDsuVjpn9aqNascaTOYGan6
9rlOZFj4E0ix5T9TWrsRHTtEEJkgJLVm0Co64wGLtcAIg2I77wz4r4UMSQmYqiiZ
lp5IR6iqSdzBXLbzfL+G7NTyHiiirJHJ/zJRWC65A5MeEtxfl/6MOYZG8wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFNx+Za0rx5Lp8u/VrpfgjvZ7m3V+MB8GA1UdIwQY
MBaAFD7GPl2wQ1wtPnSmsorT2cMNaozuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjIt
NTIwNThmOGE5YTFhLzEvM0g1bHJTdkhrdW55NzlXdWwtQ085bnViZFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjItNTIwNThmOGE5YTFh
LzEvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQAkhO1MAwD
BATZFDADBAHZFDQDBAHZFDgDBADZFDwwDwQCAAIwCQMHACoSRcf//zANBgkqhkiG
9w0BAQsFAAOCAQEAumTzJd3z5SF27Wx7bz889yCm9MSCPIj9QIQ1us64GJfn3sij
g/U1ks4qjN7B+vq8L4WlEU4uZRKZX6DQxOPuIgeC9yMaKuPJO21va5w7+L9714jY
SE18S1oBpxKiyXxGRefYviK5dzMuHWV6vOPOJO2HHshsrZPaLNsfFASB1UXbQtIP
IexfB2fQWUpyrUlFAmIo336AD8Np89UMzQMCFYvKADS3btOJIq2D3NTInexwxgjG
RzjaTReTkfW/fKvFSLzzIK6GXm9IeHcwK47xmnnneQ+o06lllGSB3QUbNq6E3CEW
s1AWBDeRRe0D5XjamGQtO01wczzX+YabSvdUyw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:21 2024 by rpki-client on console-fra.rpki-client.org