Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/CThi4jdFj6wEBbcPNEwgCqtMTwc.roa
File:                     CThi4jdFj6wEBbcPNEwgCqtMTwc.roa (raw, json)
Hash identifier:          W/mOvUt8y2I5O3wi8zOLlwPWy/cK0n6SZUyTeS94Cm8=
Subject key identifier:   09:38:62:E2:37:45:8F:AC:04:05:B7:0F:34:4C:20:0A:AB:4C:4F:07
Certificate issuer:       /CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
Certificate serial:       01856F30117086582A3B9492F16DA1C57488
Authority key identifier: 57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/CThi4jdFj6wEBbcPNEwgCqtMTwc.roa
Signing time:             Sun 01 Jan 2023 21:14:59 +0000
ROA not before:           Sun 01 Jan 2023 21:14:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49121
IP address blocks:        37.221.71.0/24 maxlen: 24
                          37.221.68.0/24 maxlen: 24
                          37.221.69.0/24 maxlen: 24
                          37.221.70.0/24 maxlen: 24
                          45.87.118.0/24 maxlen: 24
                          45.87.117.0/24 maxlen: 24
                          45.87.119.0/24 maxlen: 24
                          2a09:e200::/48 maxlen: 48
                          2a09:e200:e200::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 31 May 2023 14:45:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:30:11:70:86:58:2a:3b:94:92:f1:6d:a1:c5:74:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=579ade9feaedc406df5e11bcef0393cd5e9fd0dd
        Validity
            Not Before: Jan  1 21:14:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=093862e237458fac0405b70f344c200aab4c4f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:37:f3:18:5e:18:ea:59:c0:f0:ff:d8:74:65:
                    42:cb:eb:ad:5b:26:8d:02:8b:da:d8:92:10:5e:ca:
                    dd:91:9d:3e:f4:d3:46:dc:08:b9:cb:73:2a:ed:30:
                    e5:66:4f:64:01:ea:e5:db:16:af:2e:3d:d3:e0:89:
                    54:53:54:48:08:02:84:ae:6f:13:5b:12:1d:5e:77:
                    40:41:39:fe:c5:5c:0c:29:c1:20:25:76:39:7b:1b:
                    07:9d:8a:0d:d1:52:4e:79:31:bd:e7:52:a0:6c:c2:
                    e2:83:51:c5:ed:81:d0:95:b6:6b:b9:d6:66:72:d6:
                    d4:1f:6f:3c:e3:83:64:4d:c5:e1:2e:5d:7b:4d:94:
                    27:98:28:9c:b3:7a:7b:16:e5:46:ad:05:34:bd:31:
                    42:92:e7:7b:30:dc:e8:6a:f0:2a:7e:ad:ee:cc:16:
                    40:72:e3:ca:5b:a3:07:ee:63:88:58:23:8f:53:8d:
                    14:52:c5:af:57:d2:61:15:e6:70:1d:34:61:d8:19:
                    1a:b3:2f:2a:19:88:01:32:1c:85:9a:14:3d:69:19:
                    6c:c5:ea:8b:2a:cb:77:23:dd:25:f3:d9:69:fd:dd:
                    a6:21:04:10:02:b6:11:67:c3:be:5a:c2:a9:6f:ed:
                    06:0c:91:3a:a7:54:1d:1a:0e:48:5d:4a:20:f1:f9:
                    1f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:38:62:E2:37:45:8F:AC:04:05:B7:0F:34:4C:20:0A:AB:4C:4F:07
            X509v3 Authority Key Identifier:
                keyid:57:9A:DE:9F:EA:ED:C4:06:DF:5E:11:BC:EF:03:93:CD:5E:9F:D0:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V5ren-rtxAbfXhG87wOTzV6f0N0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/CThi4jdFj6wEBbcPNEwgCqtMTwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/220ed7-8dc2-4c01-92bb-208ef32c0202/1/V5ren-rtxAbfXhG87wOTzV6f0N0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.68.0/22
                  45.87.117.0-45.87.119.255
                IPv6:
                  2a09:e200::/48
                  2a09:e200:e200::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:84:09:75:de:bf:e9:5f:42:e0:38:be:06:df:17:0c:2e:f7:
         54:0a:e1:4e:07:9e:7a:a4:e3:0c:56:6a:fe:78:c5:6a:69:7b:
         7e:1f:80:3a:5b:d0:f5:f0:03:71:0f:61:9a:4f:b9:32:74:80:
         58:61:02:2e:e6:ce:42:59:4f:78:2e:c1:41:17:1c:de:32:84:
         2f:b9:02:4b:ad:18:50:79:4a:a7:71:36:ed:54:1f:13:9b:fd:
         96:8b:f3:80:35:cf:f3:f3:3a:3d:5e:a8:24:0e:97:fd:79:8f:
         8c:97:e6:55:e8:d1:71:c6:63:4f:f6:a4:8a:30:ff:98:c6:38:
         51:69:02:7d:80:c7:57:67:d6:fc:14:fe:6d:7d:5f:fc:bd:12:
         d2:c9:72:69:12:35:f7:be:c4:79:bb:4b:fc:a0:7d:31:de:5e:
         40:76:30:1b:5e:3d:ba:b5:73:22:e6:85:36:1d:ec:d6:a5:17:
         60:7a:fb:02:3f:99:15:8b:9c:37:7d:4c:8f:d4:72:49:97:81:
         ca:8d:16:fb:16:1d:23:bc:e2:fb:14:ac:8e:23:1b:ac:53:62:
         a6:ac:7e:83:c3:e4:4d:01:96:9c:28:56:43:72:04:f6:1b:5e:
         81:d9:b7:76:48:bf:a7:7a:9b:c9:12:db:96:81:43:dd:81:6c:
         2f:f0:62:56
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVvMBFwhlgqO5SS8W2hxXSIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3OWFkZTlmZWFlZGM0MDZkZjVlMTFiY2VmMDM5M2NkNWU5
ZmQwZGQwHhcNMjMwMTAxMjExNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTM4NjJlMjM3NDU4ZmFjMDQwNWI3MGYzNDRjMjAwYWFiNGM0ZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTfzGF4Y6lnA8P/YdGVCy+utWyaN
Aova2JIQXsrdkZ0+9NNG3Ai5y3Mq7TDlZk9kAerl2xavLj3T4IlUU1RICAKErm8T
WxIdXndAQTn+xVwMKcEgJXY5exsHnYoN0VJOeTG951KgbMLig1HF7YHQlbZrudZm
ctbUH28844NkTcXhLl17TZQnmCics3p7FuVGrQU0vTFCkud7MNzoavAqfq3uzBZA
cuPKW6MH7mOIWCOPU40UUsWvV9JhFeZwHTRh2Bkasy8qGYgBMhyFmhQ9aRlsxeqL
Kst3I90l89lp/d2mIQQQArYRZ8O+WsKpb+0GDJE6p1QdGg5IXUog8fkfeQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFAk4YuI3RY+sBAW3DzRMIAqrTE8HMB8GA1UdIwQY
MBaAFFea3p/q7cQG314RvO8Dk81en9DdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmIt
MjA4ZWYzMmMwMjAyLzEvQ1RoaTRqZEZqNndFQmJjUE5Fd2dDcXRNVHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8yMjBlZDctOGRjMi00YzAxLTkyYmItMjA4ZWYzMmMwMjAy
LzEvVjVyZW4tcnR4QWJmWGhHODd3T1R6VjZmME4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAaBAIAATAUAwQCJd1EMAwD
BAAtV3UDBAMtV3AwGAQCAAIwEgMHACoJ4gAAAAMHACoJ4gDiADANBgkqhkiG9w0B
AQsFAAOCAQEAgIQJdd6/6V9C4Di+Bt8XDC73VArhTgeeeqTjDFZq/njFaml7fh+A
OlvQ9fADcQ9hmk+5MnSAWGECLubOQllPeC7BQRcc3jKEL7kCS60YUHlKp3E27VQf
E5v9lovzgDXP8/M6PV6oJA6X/XmPjJfmVejRccZjT/akijD/mMY4UWkCfYDHV2fW
/BT+bX1f/L0S0slyaRI1977EebtL/KB9Md5eQHYwG149urVzIuaFNh3s1qUXYHr7
Aj+ZFYucN31Mj9RySZeByo0W+xYdI7zi+xSsjiMbrFNipqx+g8PkTQGWnChWQ3IE
9htegdm3dki/p3qbyRLbloFD3YFsL/BiVg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:13 2024 by rpki-client on console-ams.rpki-client.org