Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tPODszs-X2GdsZ-ooK_DCigtX5Q.roa
File:                     tPODszs-X2GdsZ-ooK_DCigtX5Q.roa (raw, json)
Hash identifier:          tMGNdMHdw8BT3mZqSmVVdsXFzds3fWi2mIlrNnAxQDI=
Subject key identifier:   B4:F3:83:B3:3B:3E:5F:61:9D:B1:9F:A8:A0:AF:C3:0A:28:2D:5F:94
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       018BF62FFC0E19584C1FAC7846FCADFB4918
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tPODszs-X2GdsZ-ooK_DCigtX5Q.roa
Signing time:             Wed 22 Nov 2023 08:40:21 +0000
ROA not before:           Wed 22 Nov 2023 08:40:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203639
IP address blocks:        185.155.186.0/24 maxlen: 24
                          185.155.187.0/24 maxlen: 24
                          46.21.16.0/24 maxlen: 24
                          46.21.23.0/24 maxlen: 24
                          45.143.159.0/24 maxlen: 24
                          45.143.158.0/24 maxlen: 24
                          46.21.20.0/24 maxlen: 24
                          46.21.28.0/24 maxlen: 24
                          46.21.30.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f6:2f:fc:0e:19:58:4c:1f:ac:78:46:fc:ad:fb:49:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Nov 22 08:40:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b4f383b33b3e5f619db19fa8a0afc30a282d5f94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:df:23:e6:14:48:5f:cd:8a:32:7b:9b:27:86:
                    8c:e5:19:01:e0:c7:72:45:7e:e5:14:d1:ff:89:6f:
                    26:6c:42:7a:c3:a5:78:24:a8:09:d2:95:5b:2f:3d:
                    88:38:af:2f:99:28:5d:d4:ad:c7:f4:70:4c:9e:5b:
                    a2:b7:4f:30:64:e9:0e:72:f3:e1:1d:9a:da:d8:ff:
                    40:e5:e3:82:4c:ba:be:6c:f4:60:ca:a6:a8:93:a1:
                    df:2a:9c:c4:b6:e7:6f:57:08:ef:f4:3e:10:67:15:
                    db:43:0d:30:0e:d9:b4:53:3a:f5:11:fb:df:9f:f1:
                    de:ed:bc:12:67:19:86:aa:a1:5b:c0:04:ea:19:e7:
                    05:18:c1:76:4a:88:8d:1e:3a:dd:76:8e:68:72:30:
                    dd:a3:70:30:78:7e:bd:86:39:03:df:6e:dd:c3:c2:
                    7e:47:86:1b:03:9d:09:d3:8d:99:bf:f3:65:9c:84:
                    3c:98:ab:28:6c:ce:95:e3:1c:50:95:2f:87:60:e9:
                    bd:26:c1:08:cc:f6:0a:df:57:27:b3:a1:4c:1d:fd:
                    b9:cf:fd:49:1c:ab:94:20:b3:82:39:27:18:fa:83:
                    62:d7:9e:8f:76:e4:03:1f:ab:f8:72:3a:69:b1:11:
                    3f:3c:99:2d:7a:58:03:a3:3c:9a:6b:2d:cb:de:0c:
                    ad:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:F3:83:B3:3B:3E:5F:61:9D:B1:9F:A8:A0:AF:C3:0A:28:2D:5F:94
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tPODszs-X2GdsZ-ooK_DCigtX5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.158.0/23
                  46.21.16.0/24
                  46.21.20.0/24
                  46.21.23.0/24
                  46.21.28.0/24
                  46.21.30.0/24
                  185.155.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:06:37:be:2f:a7:c9:2c:fc:ac:58:89:b8:c2:9e:1c:dd:73:
         71:7a:42:d8:be:94:3d:74:e0:ca:c6:97:db:cf:ae:87:2a:27:
         eb:ae:6d:ea:cc:93:3d:f1:be:58:66:1a:02:ec:9f:c0:fc:36:
         69:03:ed:4d:42:85:a7:5d:d9:7d:b9:4a:59:3c:fe:d2:a4:f6:
         34:ed:0f:be:9d:4d:ef:c9:6a:3e:db:2d:e8:a3:e5:7d:ec:b1:
         95:d6:77:c6:9c:ef:bc:c4:b4:e8:49:14:c8:86:76:16:7a:06:
         15:91:44:6c:6a:93:43:6a:55:30:3a:a9:07:ec:65:75:89:99:
         3b:ed:86:d9:b7:e7:98:fd:93:6b:a5:6b:a3:9d:26:29:5f:ea:
         49:0a:21:72:9f:b1:1c:97:dd:ba:75:59:78:bc:f3:e9:66:d6:
         6e:ac:11:96:a1:d1:f2:55:fa:59:e4:e4:44:5b:69:f9:8c:19:
         ec:7f:bd:ce:ad:1c:7e:da:ef:54:89:a6:98:4d:d9:05:29:be:
         26:28:76:bb:73:0c:f9:13:9a:eb:95:e4:de:2a:1d:a8:88:c6:
         38:b0:46:d1:b8:5c:dc:09:01:a9:d5:90:c0:6d:a2:2d:51:a0:
         d7:90:5c:9f:22:7b:90:29:23:93:54:21:c2:27:b8:ba:49:aa:
         af:ba:93:63
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYv2L/wOGVhMH6x4Rvyt+0kYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMTIyMDg0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYzODNiMzNiM2U1ZjYxOWRiMTlmYThhMGFmYzMwYTI4MmQ1Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN8j5hRIX82KMnubJ4aM5RkB4Mdy
RX7lFNH/iW8mbEJ6w6V4JKgJ0pVbLz2IOK8vmShd1K3H9HBMnluit08wZOkOcvPh
HZra2P9A5eOCTLq+bPRgyqaok6HfKpzEtudvVwjv9D4QZxXbQw0wDtm0Uzr1Efvf
n/He7bwSZxmGqqFbwATqGecFGMF2SoiNHjrddo5ocjDdo3AweH69hjkD327dw8J+
R4YbA50J042Zv/NlnIQ8mKsobM6V4xxQlS+HYOm9JsEIzPYK31cns6FMHf25z/1J
HKuUILOCOScY+oNi156PduQDH6v4cjppsRE/PJktelgDozyaay3L3gytuwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFLTzg7M7Pl9hnbGfqKCvwwooLV+UMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvdFBPRHN6cy1YMkdkc1otb29LX0RDaWd0WDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBLY+eAwQA
LhUQAwQALhUUAwQALhUXAwQALhUcAwQALhUeAwQBuZu6MA0GCSqGSIb3DQEBCwUA
A4IBAQA0Bje+L6fJLPysWIm4wp4c3XNxekLYvpQ9dODKxpfbz66HKifrrm3qzJM9
8b5YZhoC7J/A/DZpA+1NQoWnXdl9uUpZPP7SpPY07Q++nU3vyWo+2y3oo+V97LGV
1nfGnO+8xLToSRTIhnYWegYVkURsapNDalUwOqkH7GV1iZk77YbZt+eY/ZNrpWuj
nSYpX+pJCiFyn7Ecl926dVl4vPPpZtZurBGWodHyVfpZ5OREW2n5jBnsf73OrRx+
2u9UiaaYTdkFKb4mKHa7cwz5E5rrleTeKh2oiMY4sEbRuFzcCQGp1ZDAbaItUaDX
kFyfInuQKSOTVCHCJ7i6SaqvupNj
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:58 2024 by rpki-client on console-ams.rpki-client.org