Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/JRd6GYh5D5S4VSYUoej1xm2JXtk.roa
File:                     JRd6GYh5D5S4VSYUoej1xm2JXtk.roa (raw, json)
Hash identifier:          vLNkCEzMJfSN5qwQtJslqvynVlvD3v0AuJih9BiXWQo=
Subject key identifier:   25:17:7A:19:88:79:0F:94:B8:55:26:14:A1:E8:F5:C6:6D:89:5E:D9
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CF421201EF4B4FB09D66CA1E07DEE0538
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/JRd6GYh5D5S4VSYUoej1xm2JXtk.roa
Signing time:             Wed 10 Jan 2024 16:07:40 +0000
ROA not before:           Wed 10 Jan 2024 16:07:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198912
IP address blocks:        57.191.0.0/21 maxlen: 24
                          57.191.224.0/19 maxlen: 24
                          57.250.220.0/24 maxlen: 24
                          57.191.127.0/24 maxlen: 24
                          57.191.192.0/19 maxlen: 24
                          2a0a:90c2:1000::/36 maxlen: 36
                          2a0a:90c2::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 01 Feb 2024 16:28:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f4:21:20:1e:f4:b4:fb:09:d6:6c:a1:e0:7d:ee:05:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan 10 16:07:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25177a1988790f94b8552614a1e8f5c66d895ed9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7d:19:36:35:1d:21:5c:b1:a2:ed:5d:6a:23:
                    21:06:71:33:4d:10:8e:60:26:c9:14:a2:e7:f4:61:
                    3e:2b:91:e7:a0:a9:bc:09:d0:77:21:e2:43:ec:b9:
                    04:11:6c:a5:4a:65:27:ff:c8:9d:7e:ce:f7:24:7f:
                    82:b8:2c:d3:0d:ef:14:43:2c:66:b8:64:11:d8:0a:
                    99:c8:6c:8f:c8:21:6a:42:d2:03:4d:73:0e:af:5a:
                    af:89:71:a3:e9:04:c8:5b:e2:6d:9c:66:70:2a:bc:
                    67:8b:c6:96:45:3e:70:9b:0c:7e:4d:1b:1a:f0:4c:
                    3d:d5:bc:40:5a:ce:9d:fa:8a:a5:cb:51:90:c0:80:
                    27:b5:1a:ff:b7:fc:57:16:85:d6:73:71:ec:56:b0:
                    bc:8b:c0:d5:f4:04:c1:9a:c3:ac:a8:f1:ac:06:0f:
                    78:a8:39:b3:20:03:3f:09:ce:bc:b0:f5:4e:ab:4c:
                    ef:a5:eb:83:1b:96:c5:77:04:13:96:4b:ec:4f:8f:
                    4d:8e:9e:03:a9:1d:d0:b9:5c:57:e9:21:7b:80:28:
                    a1:7a:e5:23:6f:d9:97:87:be:d2:c2:ec:3f:cb:a2:
                    fb:9c:5e:37:1b:62:5b:a2:4e:5b:40:b8:7a:56:f5:
                    54:b2:72:a6:b3:d1:59:35:22:a2:8d:17:64:ef:0f:
                    45:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:17:7A:19:88:79:0F:94:B8:55:26:14:A1:E8:F5:C6:6D:89:5E:D9
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/JRd6GYh5D5S4VSYUoej1xm2JXtk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.191.0.0/21
                  57.191.127.0/24
                  57.191.192.0/18
                  57.250.220.0/24
                IPv6:
                  2a0a:90c2::/35

    Signature Algorithm: sha256WithRSAEncryption
         19:f3:bd:14:52:b7:ce:5c:91:e6:e3:6f:d1:c4:74:a5:99:ee:
         9f:37:86:c1:ce:84:d9:6d:5d:b5:55:a6:bf:12:b8:9a:35:30:
         b9:9d:89:9f:25:41:75:96:98:db:e4:13:1f:53:50:25:e5:e2:
         3e:f5:7f:aa:c4:45:06:ac:e5:41:66:f5:f1:9d:6a:f3:a0:21:
         c3:ec:a5:0b:dd:8f:a2:f7:f2:28:4d:ef:2b:09:4d:64:7d:fa:
         4d:bd:f9:af:ad:ff:cb:a4:b0:eb:ea:3c:ef:c4:da:40:1e:ae:
         4c:bc:0b:6f:24:17:22:c3:86:f9:b9:3d:7f:55:f4:d0:18:71:
         81:37:40:1c:30:11:1c:ef:ce:c2:02:2b:65:98:2f:0e:a4:2a:
         a8:6d:3b:d3:4f:96:f1:59:a5:ba:58:e3:53:f4:8d:51:8c:e0:
         c2:4f:6b:bd:63:22:ab:bb:e0:34:a6:88:26:f0:06:06:87:48:
         26:f3:e6:dc:20:60:a1:4b:34:22:6f:87:91:0f:91:41:98:9a:
         42:bf:a7:5a:f4:c8:9e:dd:7f:a1:87:44:e4:d2:8a:d4:01:74:
         07:0d:58:74:ee:ad:bf:35:fc:91:40:b7:e4:b6:a9:39:3a:43:
         4b:b0:8e:b8:94:ed:78:f9:a5:38:bc:43:da:4b:9b:3b:4d:a8:
         1c:b7:75:3a
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYz0ISAe9LT7CdZsoeB97gU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTEwMTYwNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTE3N2ExOTg4NzkwZjk0Yjg1NTI2MTRhMWU4ZjVjNjZkODk1ZWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA430ZNjUdIVyxou1daiMhBnEzTRCO
YCbJFKLn9GE+K5HnoKm8CdB3IeJD7LkEEWylSmUn/8idfs73JH+CuCzTDe8UQyxm
uGQR2AqZyGyPyCFqQtIDTXMOr1qviXGj6QTIW+JtnGZwKrxni8aWRT5wmwx+TRsa
8Ew91bxAWs6d+oqly1GQwIAntRr/t/xXFoXWc3HsVrC8i8DV9ATBmsOsqPGsBg94
qDmzIAM/Cc68sPVOq0zvpeuDG5bFdwQTlkvsT49Njp4DqR3QuVxX6SF7gCiheuUj
b9mXh77Swuw/y6L7nF43G2Jbok5bQLh6VvVUsnKms9FZNSKijRdk7w9F7wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFCUXehmIeQ+UuFUmFKHo9cZtiV7ZMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvSlJkNkdZaDVENVM0VlNZVW9lajF4bTJKWHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAeBAIAATAYAwQDOb8AAwQA
Ob9/AwQGOb/AAwQAOfrcMA4EAgACMAgDBgUqCpDCADANBgkqhkiG9w0BAQsFAAOC
AQEAGfO9FFK3zlyR5uNv0cR0pZnunzeGwc6E2W1dtVWmvxK4mjUwuZ2JnyVBdZaY
2+QTH1NQJeXiPvV/qsRFBqzlQWb18Z1q86Ahw+ylC92PovfyKE3vKwlNZH36Tb35
r63/y6Sw6+o878TaQB6uTLwLbyQXIsOG+bk9f1X00BhxgTdAHDARHO/OwgIrZZgv
DqQqqG0700+W8VmluljjU/SNUYzgwk9rvWMiq7vgNKaIJvAGBodIJvPm3CBgoUs0
Im+HkQ+RQZiaQr+nWvTInt1/oYdE5NKK1AF0Bw1YdO6tvzX8kUC35LapOTpDS7CO
uJTtePmlOLxD2kubO02oHLd1Og==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:17 2024 by rpki-client on console-fra.rpki-client.org