Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/TKqaPWwyyqM6iaANsqH4wtMfZI0.roa
File:                     TKqaPWwyyqM6iaANsqH4wtMfZI0.roa (raw, json)
Hash identifier:          iBdfpF/xzom2MguRB3/LhAR3bV3Y2sTHrPSRK2293ik=
Subject key identifier:   4C:AA:9A:3D:6C:32:CA:A3:3A:89:A0:0D:B2:A1:F8:C2:D3:1F:64:8D
Certificate issuer:       /CN=bb830630f23b070a2b7bdf529f73948c97eacd40
Certificate serial:       01856CAF127B4CCD9ECAAE088107E1A6619C
Authority key identifier: BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/TKqaPWwyyqM6iaANsqH4wtMfZI0.roa
Signing time:             Sun 01 Jan 2023 09:34:50 +0000
ROA not before:           Sun 01 Jan 2023 09:34:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44477
IP address blocks:        80.92.206.0/24 maxlen: 24
                          74.119.195.0/24 maxlen: 24
                          185.242.84.0/24 maxlen: 24
                          185.242.85.0/24 maxlen: 24
                          185.242.87.0/24 maxlen: 24
                          185.242.86.0/24 maxlen: 24
                          185.250.149.0/24 maxlen: 24
                          185.250.148.0/24 maxlen: 24
                          45.67.231.0/24 maxlen: 24
                          45.67.230.0/24 maxlen: 24
                          45.67.229.0/24 maxlen: 24
                          45.67.228.0/24 maxlen: 24
                          2a09:7c44::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 18 Jan 2023 18:04:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:12:7b:4c:cd:9e:ca:ae:08:81:07:e1:a6:61:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb830630f23b070a2b7bdf529f73948c97eacd40
        Validity
            Not Before: Jan  1 09:34:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4caa9a3d6c32caa33a89a00db2a1f8c2d31f648d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b0:60:b3:16:eb:81:20:93:b8:f6:dc:1a:3f:
                    a1:b3:43:14:86:93:dc:b0:88:c6:f5:04:ad:95:d1:
                    27:a7:5d:68:37:d9:b3:57:ff:d1:79:1c:5c:a9:c8:
                    0d:b8:69:3a:0b:44:b1:07:0c:f3:06:92:75:ec:bd:
                    46:d9:14:4c:48:c1:14:f6:81:9a:f3:b0:eb:e2:51:
                    49:89:ad:ab:18:52:06:0a:da:8e:60:10:de:2f:76:
                    37:7f:c1:a1:4b:92:9b:a0:36:6c:ca:95:19:13:e0:
                    04:c0:6f:93:fd:0a:bb:2a:36:fe:b5:b1:de:50:6e:
                    56:53:ec:13:d1:8b:80:ce:3c:27:07:14:3c:12:3c:
                    70:4a:15:a4:54:20:84:91:10:a7:4e:01:c2:82:45:
                    a0:61:e1:5f:67:85:91:72:5a:69:bc:86:b9:cf:c4:
                    16:ac:78:e9:9b:85:fe:f6:a3:c7:a6:b5:57:86:8a:
                    3b:a4:8b:ff:d0:85:a4:8c:cd:9c:9a:a0:f0:83:5a:
                    d5:50:3a:d6:a4:a9:d7:0e:0e:a4:6e:b8:93:0d:e9:
                    45:c3:76:97:0a:6d:ab:48:9e:e6:bd:69:d9:fe:46:
                    a5:57:6b:66:34:ab:64:48:1d:e9:ad:48:3f:2a:63:
                    7f:8b:96:5f:82:bd:51:32:9a:2b:e7:c0:27:5e:b0:
                    37:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:AA:9A:3D:6C:32:CA:A3:3A:89:A0:0D:B2:A1:F8:C2:D3:1F:64:8D
            X509v3 Authority Key Identifier:
                keyid:BB:83:06:30:F2:3B:07:0A:2B:7B:DF:52:9F:73:94:8C:97:EA:CD:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u4MGMPI7Bwore99Sn3OUjJfqzUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/TKqaPWwyyqM6iaANsqH4wtMfZI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/f76e20-5859-415d-86b3-119efcbb2023/1/u4MGMPI7Bwore99Sn3OUjJfqzUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.228.0/22
                  74.119.195.0/24
                  80.92.206.0/24
                  185.242.84.0/22
                  185.250.148.0/23
                IPv6:
                  2a09:7c44::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:ca:c4:27:b3:6e:a4:3a:d7:74:b4:3e:e7:52:ae:37:ef:1e:
         42:a0:86:0b:c1:88:ec:01:95:f1:ba:e3:df:b4:df:18:d1:1f:
         69:98:14:df:1e:59:14:8a:94:1a:6f:4a:9e:5d:eb:10:52:12:
         c2:87:9f:40:c2:cf:c0:6b:a2:93:06:99:33:b1:fe:84:24:0a:
         7d:b0:94:ee:a4:4c:c5:bf:c1:49:35:9a:4c:6f:26:bb:a0:61:
         36:5b:10:96:e1:67:9d:e7:32:bd:c5:95:1b:b5:44:48:0c:2b:
         6a:2f:11:99:e0:80:23:2e:14:2b:c3:62:0a:21:16:20:9a:0c:
         b2:59:d3:3e:5d:3b:a8:91:19:d0:1a:cf:24:72:83:c5:d8:20:
         8f:9c:76:b2:6c:6b:31:ba:da:a8:81:31:a1:fc:52:3d:9d:d6:
         b5:54:8d:95:b0:38:f1:bd:86:67:8b:c1:ac:67:a0:51:e3:98:
         a1:b5:88:20:6c:b6:39:0f:2c:a0:8d:8b:e8:2d:8a:f3:42:38:
         31:ed:54:b8:e9:02:04:66:93:b8:d6:67:77:41:dd:85:5f:3a:
         e5:df:87:5f:63:3b:ac:8c:01:20:d1:6b:30:8f:9d:d9:b7:63:
         23:15:a1:e2:2e:cf:54:2e:ca:68:d9:74:be:4c:ab:94:6c:fe:
         0e:fc:c2:16
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVsrxJ7TM2eyq4IgQfhpmGcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiODMwNjMwZjIzYjA3MGEyYjdiZGY1MjlmNzM5NDhjOTdl
YWNkNDAwHhcNMjMwMTAxMDkzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2FhOWEzZDZjMzJjYWEzM2E4OWEwMGRiMmExZjhjMmQzMWY2NDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLBgsxbrgSCTuPbcGj+hs0MUhpPc
sIjG9QStldEnp11oN9mzV//ReRxcqcgNuGk6C0SxBwzzBpJ17L1G2RRMSMEU9oGa
87Dr4lFJia2rGFIGCtqOYBDeL3Y3f8GhS5KboDZsypUZE+AEwG+T/Qq7Kjb+tbHe
UG5WU+wT0YuAzjwnBxQ8EjxwShWkVCCEkRCnTgHCgkWgYeFfZ4WRclppvIa5z8QW
rHjpm4X+9qPHprVXhoo7pIv/0IWkjM2cmqDwg1rVUDrWpKnXDg6kbriTDelFw3aX
Cm2rSJ7mvWnZ/kalV2tmNKtkSB3prUg/KmN/i5Zfgr1RMpor58AnXrA3XQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFEyqmj1sMsqjOomgDbKh+MLTH2SNMB8GA1UdIwQY
MBaAFLuDBjDyOwcKK3vfUp9zlIyX6s1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMt
MTE5ZWZjYmIyMDIzLzEvVEtxYVBXd3l5cU02aWFBTnNxSDR3dE1mWkkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9mNzZlMjAtNTg1OS00MTVkLTg2YjMtMTE5ZWZjYmIyMDIz
LzEvdTRNR01QSTdCd29yZTk5U24zT1VqSmZxelVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCLUPkAwQA
SnfDAwQAUFzOAwQCufJUAwQBufqUMA0EAgACMAcDBQAqCXxEMA0GCSqGSIb3DQEB
CwUAA4IBAQCdysQns26kOtd0tD7nUq437x5CoIYLwYjsAZXxuuPftN8Y0R9pmBTf
HlkUipQab0qeXesQUhLCh59Aws/Aa6KTBpkzsf6EJAp9sJTupEzFv8FJNZpMbya7
oGE2WxCW4Wed5zK9xZUbtURIDCtqLxGZ4IAjLhQrw2IKIRYgmgyyWdM+XTuokRnQ
Gs8kcoPF2CCPnHaybGsxutqogTGh/FI9nda1VI2VsDjxvYZni8GsZ6BR45ihtYgg
bLY5DyygjYvoLYrzQjgx7VS46QIEZpO41md3Qd2FXzrl34dfYzusjAEg0Wswj53Z
t2MjFaHiLs9ULspo2XS+TKuUbP4O/MIW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:41:06 2024 by rpki-client on console-fra.rpki-client.org