Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/W2cDWCmj0MUd28R4JCbUpj4ORFU.roa
File:                     W2cDWCmj0MUd28R4JCbUpj4ORFU.roa (raw, json)
Hash identifier:          O+PLI/QPmItVqyBybW8I5Sr3QBdUpOhjUl6pENZiulk=
Subject key identifier:   5B:67:03:58:29:A3:D0:C5:1D:DB:C4:78:24:26:D4:A6:3E:0E:44:55
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       018780D3904B1FD57FE7C66E607DB7C5A843
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/W2cDWCmj0MUd28R4JCbUpj4ORFU.roa
Signing time:             Fri 14 Apr 2023 17:32:41 +0000
ROA not before:           Fri 14 Apr 2023 17:32:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34700
IP address blocks:        31.202.192.0/18 maxlen: 18
                          31.202.0.0/17 maxlen: 17
                          46.160.88.0/21 maxlen: 21
                          178.165.0.0/17 maxlen: 18
                          31.202.128.0/18 maxlen: 18
                          185.147.96.0/22 maxlen: 22
                          5.255.160.0/20 maxlen: 20
                          79.171.120.0/21 maxlen: 21
                          2a00:1210::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 14 Apr 2023 18:19:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:80:d3:90:4b:1f:d5:7f:e7:c6:6e:60:7d:b7:c5:a8:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Apr 14 17:32:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5b67035829a3d0c51ddbc4782426d4a63e0e4455
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:23:24:82:1f:30:d7:58:17:2d:2d:d6:13:26:
                    a6:d5:ee:40:07:5b:0b:0d:4c:44:b9:b5:89:b1:1b:
                    bf:94:02:49:5e:c9:03:72:37:e7:3e:39:d1:81:80:
                    cd:e7:c0:d4:2c:83:1f:aa:ce:e1:b6:87:d5:5d:6a:
                    7d:63:1e:0d:b7:2d:c3:77:8b:60:91:cc:9c:fd:22:
                    a9:3a:b4:d1:b6:3c:a3:c3:c1:dc:1f:6d:4e:ca:d1:
                    53:93:6e:38:a3:ab:b6:46:44:ea:9d:23:68:84:e1:
                    4a:14:3c:e8:3a:ea:9d:0c:cf:37:b8:4f:3c:f0:12:
                    10:28:e1:c8:b7:db:34:f0:c6:c2:58:94:74:7b:a3:
                    6d:41:30:de:c0:1a:c9:e9:ce:36:c9:48:7f:96:e4:
                    4d:b1:1a:47:73:f8:84:36:85:78:0d:8c:d8:b3:62:
                    fa:7f:eb:d6:af:a9:82:dc:66:91:0c:67:32:e7:81:
                    e2:c7:f8:dc:16:5f:3d:1a:ac:96:67:52:1e:03:a1:
                    dc:00:bc:1e:1f:fa:28:07:7d:6f:de:42:29:02:eb:
                    3b:7b:2f:5e:49:b7:21:26:62:03:10:96:5a:05:d8:
                    e6:f8:bb:e3:f2:a1:08:50:de:c8:d6:23:d3:97:eb:
                    da:4d:39:a3:97:ec:e7:06:96:bc:7c:9e:7a:7b:f9:
                    b8:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:67:03:58:29:A3:D0:C5:1D:DB:C4:78:24:26:D4:A6:3E:0E:44:55
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/W2cDWCmj0MUd28R4JCbUpj4ORFU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.255.160.0/20
                  31.202.0.0/16
                  46.160.88.0/21
                  79.171.120.0/21
                  178.165.0.0/17
                  185.147.96.0/22
                IPv6:
                  2a00:1210::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:7f:52:a7:f3:8d:68:36:cc:36:d9:8b:0c:be:8a:87:e9:24:
         d7:ec:c7:b9:9d:ab:02:bf:b1:b8:72:16:3a:a6:22:51:d3:08:
         f4:10:b8:9e:0c:b1:53:92:6f:84:ac:f5:3c:aa:b6:f6:a3:f4:
         16:49:77:41:80:e3:b1:67:53:4d:dd:d5:94:a7:68:1e:3b:e1:
         3a:52:a7:6c:85:4b:f8:73:e5:a2:67:b7:4b:bf:45:b8:c2:5d:
         f8:47:e3:2f:82:5e:60:59:33:96:4f:b6:da:68:c3:89:2d:3a:
         aa:8c:77:00:a9:fd:66:b8:78:ba:7b:6a:d2:99:9e:c3:ee:a0:
         5c:24:0a:90:7d:b7:dd:51:a3:12:40:14:6f:0f:ec:08:1d:ca:
         60:46:90:28:0a:e6:c5:0a:13:be:86:e4:ca:30:79:7c:72:6d:
         21:6b:4e:37:42:c6:17:69:88:07:3f:ac:12:4f:66:28:b9:9b:
         c2:8e:ee:75:64:c2:35:7d:f3:1b:92:c7:43:79:80:1a:d0:b3:
         ec:67:b9:43:f5:68:79:db:c3:62:56:d8:00:8c:dc:e8:62:8e:
         8a:72:a1:80:a6:2b:55:64:9c:b5:fe:83:cc:af:5d:74:d0:0d:
         d5:e8:55:78:52:90:ae:b2:88:c6:46:fb:83:f2:48:e7:51:5d:
         66:d3:b1:84
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYeA05BLH9V/58ZuYH23xahDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjMwNDE0MTczMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY3MDM1ODI5YTNkMGM1MWRkYmM0NzgyNDI2ZDRhNjNlMGU0NDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCMkgh8w11gXLS3WEyam1e5AB1sL
DUxEubWJsRu/lAJJXskDcjfnPjnRgYDN58DULIMfqs7htofVXWp9Yx4Nty3Dd4tg
kcyc/SKpOrTRtjyjw8HcH21OytFTk244o6u2RkTqnSNohOFKFDzoOuqdDM83uE88
8BIQKOHIt9s08MbCWJR0e6NtQTDewBrJ6c42yUh/luRNsRpHc/iENoV4DYzYs2L6
f+vWr6mC3GaRDGcy54Hix/jcFl89GqyWZ1IeA6HcALweH/ooB31v3kIpAus7ey9e
SbchJmIDEJZaBdjm+Lvj8qEIUN7I1iPTl+vaTTmjl+znBpa8fJ56e/m4TQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFtnA1gpo9DFHdvEeCQm1KY+DkRVMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvVzJjRFdDbWowTVVkMjhSNEpDYlVwajRPUkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMtY2M5YTc1OGM5OTE2
LzEvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjApBAIAATAjAwQEBf+gAwMA
H8oDBAMuoFgDBANPq3gDBAeypQADBAK5k2AwDQQCAAIwBwMFACoAEhAwDQYJKoZI
hvcNAQELBQADggEBAEV/UqfzjWg2zDbZiwy+iofpJNfsx7mdqwK/sbhyFjqmIlHT
CPQQuJ4MsVOSb4Ss9Tyqtvaj9BZJd0GA47FnU03d1ZSnaB474TpSp2yFS/hz5aJn
t0u/RbjCXfhH4y+CXmBZM5ZPttpow4ktOqqMdwCp/Wa4eLp7atKZnsPuoFwkCpB9
t91RoxJAFG8P7AgdymBGkCgK5sUKE76G5MoweXxybSFrTjdCxhdpiAc/rBJPZii5
m8KO7nVkwjV98xuSx0N5gBrQs+xnuUP1aHnbw2JW2ACM3OhijopyoYCmK1VknLX+
g8yvXXTQDdXoVXhSkK6yiMZG+4PySOdRXWbTsYQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:49 2024 by rpki-client on console-fra.rpki-client.org