Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/5NU32d6I5oDXf89ttqJr7WDWYn4.roa
File:                     5NU32d6I5oDXf89ttqJr7WDWYn4.roa (raw, json)
Hash identifier:          xVHOkBHHBEvEYc8qnqTr2kFYxt3vVpX5S58rrrlZtyY=
Subject key identifier:   E4:D5:37:D9:DE:88:E6:80:D7:7F:CF:6D:B6:A2:6B:ED:60:D6:62:7E
Certificate issuer:       /CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
Certificate serial:       01856F42C85AE6D5EF19C3D4E8210BF789AE
Authority key identifier: 6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/5NU32d6I5oDXf89ttqJr7WDWYn4.roa
Signing time:             Sun 01 Jan 2023 21:35:25 +0000
ROA not before:           Sun 01 Jan 2023 21:35:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198949
IP address blocks:        145.219.11.0/24 maxlen: 24
                          145.219.8.0/24 maxlen: 24
                          145.219.10.0/24 maxlen: 24
                          145.219.9.0/24 maxlen: 24
                          145.219.15.0/24 maxlen: 24
                          145.219.17.0/24 maxlen: 24
                          145.219.16.0/24 maxlen: 24
                          145.219.12.0/24 maxlen: 24
                          145.219.14.0/24 maxlen: 24
                          145.219.13.0/24 maxlen: 24
                          2a04:b0c0::/45 maxlen: 45
                          2a04:b0c0:8::/45 maxlen: 45

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:42:c8:5a:e6:d5:ef:19:c3:d4:e8:21:0b:f7:89:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e6d7bcabfcc308d420053c482a0d59fb1282e30
        Validity
            Not Before: Jan  1 21:35:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e4d537d9de88e680d77fcf6db6a26bed60d6627e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8a:1e:8f:b7:7c:44:0f:5c:83:2c:f0:49:2a:
                    d1:76:73:cf:04:4e:8f:04:e6:6a:f1:2c:a0:18:9f:
                    26:67:38:fb:88:b4:e7:00:3d:02:86:17:ff:22:2f:
                    c7:09:53:8f:69:09:01:4e:cb:55:3e:76:53:11:2e:
                    5c:84:dd:58:c5:8e:c3:8b:89:db:f5:49:9d:d6:89:
                    10:74:60:8b:98:ad:5e:56:7c:58:2e:20:27:a5:5c:
                    cc:1e:3c:d6:cf:58:87:19:bf:5b:dc:5f:3d:af:2b:
                    ec:a1:4f:93:b9:73:68:b7:b5:67:c1:c4:f1:cb:5d:
                    33:6c:67:08:68:64:77:2b:a7:98:d9:86:7f:04:b2:
                    d9:c9:8a:7b:a8:aa:0f:32:21:72:f8:5c:81:95:64:
                    e6:92:57:63:c5:30:aa:75:05:f5:f4:96:1c:ad:17:
                    fa:53:4c:c5:ef:e6:6b:4c:d4:2d:6a:ab:64:6d:32:
                    7a:4a:a9:35:c5:be:0f:3f:c2:0e:b7:37:70:98:3f:
                    6e:51:63:ce:50:12:bb:65:f7:a9:66:33:34:41:22:
                    f7:13:58:dd:37:08:a3:d8:c5:68:af:8b:cc:9f:5b:
                    c5:25:5d:4d:51:bd:a8:a2:f1:24:d3:b8:b4:4a:4e:
                    15:8f:87:de:d2:15:06:f2:46:47:b0:d2:16:4d:fe:
                    ba:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D5:37:D9:DE:88:E6:80:D7:7F:CF:6D:B6:A2:6B:ED:60:D6:62:7E
            X509v3 Authority Key Identifier:
                keyid:6E:6D:7B:CA:BF:CC:30:8D:42:00:53:C4:82:A0:D5:9F:B1:28:2E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bm17yr_MMI1CAFPEgqDVn7EoLjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/5NU32d6I5oDXf89ttqJr7WDWYn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/45c689-afaa-4da3-a942-93194eb6108d/1/bm17yr_MMI1CAFPEgqDVn7EoLjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.219.8.0-145.219.17.255
                IPv6:
                  2a04:b0c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         00:bb:86:e2:a1:27:1a:d8:39:49:13:66:8b:14:cc:d3:1e:1d:
         1d:c3:99:d0:7c:df:10:42:7c:eb:61:ae:b4:6e:ee:d5:6e:0c:
         44:03:36:7d:ed:ae:d5:31:bc:a9:fb:63:2f:e3:dd:17:18:71:
         6a:3d:37:b4:9e:5e:2e:7c:90:5c:32:45:0c:0b:11:28:34:58:
         dd:57:e5:81:d2:b3:a0:54:60:fd:1a:61:48:05:83:c8:b5:58:
         37:ce:3b:6c:04:dc:a4:80:84:a0:7d:44:ef:8e:42:cb:61:8a:
         52:8f:13:a6:2e:b4:46:d9:bb:c0:74:2d:dd:e0:eb:5d:58:e6:
         1f:fb:79:13:a4:77:96:ac:f0:69:d4:38:ac:a3:56:f1:1f:60:
         3d:13:71:ec:3a:0a:34:f1:4f:2b:a2:be:f8:c9:f8:55:23:b5:
         0d:41:76:8c:eb:f6:99:92:82:f4:ab:d5:0a:68:05:40:b0:94:
         4d:05:0d:77:7d:21:f2:b1:dd:8b:08:5f:14:ae:60:22:90:2c:
         36:96:e9:e5:a4:ed:8c:2b:38:05:b1:71:dc:40:15:69:7b:39:
         84:a0:db:97:a7:0a:23:75:e5:83:ed:fb:5e:6f:49:de:90:6a:
         e0:da:ca:21:da:71:51:1d:69:c1:a8:68:27:74:8a:5c:45:a6:
         0b:cb:64:5f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYVvQsha5tXvGcPU6CEL94muMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNmQ3YmNhYmZjYzMwOGQ0MjAwNTNjNDgyYTBkNTlmYjEy
ODJlMzAwHhcNMjMwMTAxMjEzNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQ1MzdkOWRlODhlNjgwZDc3ZmNmNmRiNmEyNmJlZDYwZDY2MjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnooej7d8RA9cgyzwSSrRdnPPBE6P
BOZq8SygGJ8mZzj7iLTnAD0Chhf/Ii/HCVOPaQkBTstVPnZTES5chN1YxY7Di4nb
9Umd1okQdGCLmK1eVnxYLiAnpVzMHjzWz1iHGb9b3F89ryvsoU+TuXNot7VnwcTx
y10zbGcIaGR3K6eY2YZ/BLLZyYp7qKoPMiFy+FyBlWTmkldjxTCqdQX19JYcrRf6
U0zF7+ZrTNQtaqtkbTJ6Sqk1xb4PP8IOtzdwmD9uUWPOUBK7ZfepZjM0QSL3E1jd
Nwij2MVor4vMn1vFJV1NUb2oovEk07i0Sk4Vj4fe0hUG8kZHsNIWTf66cwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFOTVN9neiOaA13/Pbbaia+1g1mJ+MB8GA1UdIwQY
MBaAFG5te8q/zDCNQgBTxIKg1Z+xKC4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDIt
OTMxOTRlYjYxMDhkLzEvNU5VMzJkNkk1b0RYZjg5dHRxSnI3V0RXWW40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy80NWM2ODktYWZhYS00ZGEzLWE5NDItOTMxOTRlYjYxMDhk
LzEvYm0xN3lyX01NSTFDQUZQRWdxRFZuN0VvTGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAUBAIAATAOMAwDBAOR2wgD
BAGR2xAwDwQCAAIwCQMHBCoEsMAAADANBgkqhkiG9w0BAQsFAAOCAQEAALuG4qEn
Gtg5SRNmixTM0x4dHcOZ0HzfEEJ862GutG7u1W4MRAM2fe2u1TG8qftjL+PdFxhx
aj03tJ5eLnyQXDJFDAsRKDRY3VflgdKzoFRg/RphSAWDyLVYN847bATcpICEoH1E
745Cy2GKUo8Tpi60Rtm7wHQt3eDrXVjmH/t5E6R3lqzwadQ4rKNW8R9gPRNx7DoK
NPFPK6K++Mn4VSO1DUF2jOv2mZKC9KvVCmgFQLCUTQUNd30h8rHdiwhfFK5gIpAs
Npbp5aTtjCs4BbFx3EAVaXs5hKDbl6cKI3Xlg+37Xm9J3pBq4NrKIdpxUR1pwaho
J3SKXEWmC8tkXw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:11 2024 by rpki-client on console-fra.rpki-client.org