Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/sx3iT3FLhdvn4ZokAegCO3taq3E.roa
File:                     sx3iT3FLhdvn4ZokAegCO3taq3E.roa (raw, json)
Hash identifier:          apqRisu+99mhlQcJH/IhNC6elT2gJztRqUn9LYLJTCM=
Subject key identifier:   B3:1D:E2:4F:71:4B:85:DB:E7:E1:9A:24:01:E8:02:3B:7B:5A:AB:71
Certificate issuer:       /CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
Certificate serial:       0186CC0FCD4599123F506CC5B824713E23E9
Authority key identifier: 3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/sx3iT3FLhdvn4ZokAegCO3taq3E.roa
Signing time:             Fri 10 Mar 2023 15:07:13 +0000
ROA not before:           Fri 10 Mar 2023 15:07:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20253
IP address blocks:        146.19.181.0/24 maxlen: 26
                          217.20.49.0/24 maxlen: 24
                          217.20.48.0/24 maxlen: 24
                          217.20.51.0/24 maxlen: 24
                          217.20.50.0/24 maxlen: 24
                          217.20.56.0/24 maxlen: 24
                          217.20.52.0/24 maxlen: 24
                          217.20.53.0/24 maxlen: 24
                          217.20.60.0/24 maxlen: 24
                          2a12:45c7:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 15 Mar 2023 09:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:cc:0f:cd:45:99:12:3f:50:6c:c5:b8:24:71:3e:23:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec63e5db0435c2d3e74a6b28ad3d9c30d6a8cee
        Validity
            Not Before: Mar 10 15:07:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b31de24f714b85dbe7e19a2401e8023b7b5aab71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:28:72:82:d7:32:d1:b3:a6:cb:ae:6c:b9:1e:
                    80:5c:e0:ed:62:c2:6e:25:06:fd:43:5b:3a:ca:93:
                    2d:4d:a4:f2:7b:85:cd:78:d1:97:ac:a6:1f:5e:32:
                    10:de:b4:70:04:85:c1:a5:ff:89:e1:8c:c5:66:76:
                    77:7d:c1:9f:c3:77:99:ed:b5:12:78:ef:36:4a:b8:
                    c0:fd:a9:8c:de:d6:ac:d4:fb:1e:60:7a:a0:da:67:
                    93:b3:28:20:47:5e:b8:61:0b:94:81:ef:e3:38:9a:
                    d7:31:52:21:6b:28:46:14:23:f5:36:30:d5:9b:8d:
                    8a:0d:17:e2:0c:21:65:31:0a:60:0c:31:d5:49:74:
                    48:d2:89:a7:ee:47:1b:0e:fe:0b:85:91:46:a9:88:
                    db:4c:3a:f7:d8:76:02:b3:fc:2d:a7:ed:10:c9:95:
                    5b:11:a7:81:ce:ea:93:d5:5b:50:07:59:6d:57:23:
                    fd:da:bd:09:fd:94:7b:1b:19:65:8f:b8:e4:f1:c3:
                    42:a5:16:6d:eb:6c:a1:e3:c8:8c:d8:ca:24:69:d8:
                    a5:37:ec:5d:ba:44:37:ed:bc:d6:91:05:94:38:a7:
                    b5:83:a3:72:e1:5b:34:39:20:90:94:80:dd:22:95:
                    5e:23:8d:87:53:33:40:f3:c5:8c:50:d1:ea:39:24:
                    b4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:1D:E2:4F:71:4B:85:DB:E7:E1:9A:24:01:E8:02:3B:7B:5A:AB:71
            X509v3 Authority Key Identifier:
                keyid:3E:C6:3E:5D:B0:43:5C:2D:3E:74:A6:B2:8A:D3:D9:C3:0D:6A:8C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PsY-XbBDXC0-dKayitPZww1qjO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/sx3iT3FLhdvn4ZokAegCO3taq3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/46d943-8cbd-41a2-b9f2-52058f8a9a1a/1/PsY-XbBDXC0-dKayitPZww1qjO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.19.181.0/24
                  217.20.48.0-217.20.53.255
                  217.20.56.0/24
                  217.20.60.0/24
                IPv6:
                  2a12:45c7:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         61:f3:36:5c:c3:a7:39:d3:c7:8b:b9:3f:25:70:36:55:61:8a:
         3c:8b:f6:e4:a6:70:18:5c:11:6c:a8:d9:77:24:ff:11:69:61:
         e6:7e:27:8f:a4:6a:59:3b:2c:c0:6e:64:b8:fd:32:c1:91:97:
         91:e5:e0:33:3a:03:72:9b:19:36:8c:96:52:76:d2:47:22:90:
         d4:ae:c4:27:6a:76:9e:8f:56:f1:c5:8d:90:e1:f7:1c:b6:fe:
         06:3b:36:57:22:db:f7:09:53:8b:e8:b3:8c:74:7e:f8:c4:a4:
         60:75:3b:c9:55:6e:6c:bd:15:a8:c8:10:c2:81:9e:1a:22:d4:
         b0:36:50:9d:fa:26:01:fc:03:b4:3e:44:81:ac:1f:9e:b6:27:
         4e:49:5b:cb:b3:13:6c:e2:50:48:5a:af:b6:f8:ae:52:ae:12:
         b9:40:40:c1:18:cd:13:83:93:6a:ef:32:5e:f5:02:aa:9e:e6:
         8c:a3:e6:c5:56:c4:e4:43:9a:4d:3c:78:13:b2:e4:8a:35:b5:
         aa:8b:c5:7a:b8:e6:60:c4:d7:b8:8f:2f:f9:44:e3:07:2e:c2:
         89:85:32:29:68:03:25:da:42:66:77:51:5f:b9:b8:9d:3e:ff:
         6a:e1:51:6a:28:f0:3a:36:67:04:99:03:6e:c1:ed:b3:76:4b:
         97:38:6d:ce
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYbMD81FmRI/UGzFuCRxPiPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzYzZTVkYjA0MzVjMmQzZTc0YTZiMjhhZDNkOWMzMGQ2
YThjZWUwHhcNMjMwMzEwMTUwNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzFkZTI0ZjcxNGI4NWRiZTdlMTlhMjQwMWU4MDIzYjdiNWFhYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ihygtcy0bOmy65suR6AXODtYsJu
JQb9Q1s6ypMtTaTye4XNeNGXrKYfXjIQ3rRwBIXBpf+J4YzFZnZ3fcGfw3eZ7bUS
eO82SrjA/amM3tas1PseYHqg2meTsyggR164YQuUge/jOJrXMVIhayhGFCP1NjDV
m42KDRfiDCFlMQpgDDHVSXRI0omn7kcbDv4LhZFGqYjbTDr32HYCs/wtp+0QyZVb
EaeBzuqT1VtQB1ltVyP92r0J/ZR7Gxllj7jk8cNCpRZt62yh48iM2MokadilN+xd
ukQ37bzWkQWUOKe1g6Ny4Vs0OSCQlIDdIpVeI42HUzNA88WMUNHqOSS0kwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFLMd4k9xS4Xb5+GaJAHoAjt7WqtxMB8GA1UdIwQY
MBaAFD7GPl2wQ1wtPnSmsorT2cMNaozuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjIt
NTIwNThmOGE5YTFhLzEvc3gzaVQzRkxoZHZuNFpva0FlZ0NPM3RhcTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS80NmQ5NDMtOGNiZC00MWEyLWI5ZjItNTIwNThmOGE5YTFh
LzEvUHNZLVhiQkRYQzAtZEtheWl0UFp3dzFxak80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQAkhO1MAwD
BATZFDADBAHZFDQDBADZFDgDBADZFDwwDwQCAAIwCQMHACoSRcf//zANBgkqhkiG
9w0BAQsFAAOCAQEAYfM2XMOnOdPHi7k/JXA2VWGKPIv25KZwGFwRbKjZdyT/EWlh
5n4nj6RqWTsswG5kuP0ywZGXkeXgMzoDcpsZNoyWUnbSRyKQ1K7EJ2p2no9W8cWN
kOH3HLb+Bjs2VyLb9wlTi+izjHR++MSkYHU7yVVubL0VqMgQwoGeGiLUsDZQnfom
AfwDtD5EgawfnrYnTklby7MTbOJQSFqvtviuUq4SuUBAwRjNE4OTau8yXvUCqp7m
jKPmxVbE5EOaTTx4E7LkijW1qovFerjmYMTXuI8v+UTjBy7CiYUyKWgDJdpCZndR
X7m4nT7/auFRaijwOjZnBJkDbsHts3ZLlzhtzg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:57 2024 by rpki-client on console-ams.rpki-client.org