Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/otFZUvKdw52SmOPar5I2WN3NvDM.roa
File:                     otFZUvKdw52SmOPar5I2WN3NvDM.roa (raw, json)
Hash identifier:          SPg/OCEAxTpA0d0irjT/H7lAkiN6SimSsodR3MspVFI=
Subject key identifier:   A2:D1:59:52:F2:9D:C3:9D:92:98:E3:DA:AF:92:36:58:DD:CD:BC:33
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018AD23932E14BD9B76A827B0AA01B115C8C
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/otFZUvKdw52SmOPar5I2WN3NvDM.roa
Signing time:             Tue 26 Sep 2023 16:01:18 +0000
ROA not before:           Tue 26 Sep 2023 16:01:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     132399
IP address blocks:        57.191.95.0/24 maxlen: 24
                          57.191.96.0/19 maxlen: 24
                          57.191.160.0/19 maxlen: 24
                          57.191.64.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d2:39:32:e1:4b:d9:b7:6a:82:7b:0a:a0:1b:11:5c:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Sep 26 16:01:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2d15952f29dc39d9298e3daaf923658ddcdbc33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:23:69:8d:66:c0:36:04:63:66:b1:c0:08:8a:
                    26:3c:f6:92:8c:37:79:58:38:c0:9c:cf:bf:8a:c0:
                    19:4a:f5:78:b0:a0:ff:40:81:3b:59:fd:56:b2:62:
                    81:2e:57:c1:73:59:b0:3f:31:f7:12:85:6b:1a:a1:
                    44:f3:f3:62:2f:d2:47:7b:99:83:34:08:ba:f5:3c:
                    bc:f4:64:2c:b5:5e:36:42:f8:57:cd:18:32:3f:e9:
                    77:26:15:a5:78:8d:4e:a8:fb:86:44:3b:9b:72:17:
                    7a:cb:f2:91:1b:91:10:d4:80:4b:55:85:bb:7d:28:
                    0e:21:fd:83:85:ec:05:c6:ec:3a:2d:b3:70:b8:dc:
                    7d:70:e1:09:0e:88:71:36:79:09:52:92:02:bf:d5:
                    da:69:ba:69:4b:08:59:a0:0e:99:42:f7:02:70:74:
                    ef:3e:ff:29:b2:3c:d8:53:78:ea:7e:b7:4a:78:b6:
                    77:9c:07:88:15:3d:42:0b:ce:ff:94:d5:2d:aa:44:
                    ae:47:69:30:a1:64:29:f5:ad:19:cf:33:a2:99:bd:
                    5a:36:c5:52:ed:e8:92:6c:4f:ac:19:28:33:44:37:
                    32:d0:66:c6:a6:54:34:12:ca:76:54:df:37:f5:1c:
                    55:26:0e:c6:a6:2c:97:3b:dd:5a:f9:59:45:88:64:
                    f3:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D1:59:52:F2:9D:C3:9D:92:98:E3:DA:AF:92:36:58:DD:CD:BC:33
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/otFZUvKdw52SmOPar5I2WN3NvDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.191.64.0/22
                  57.191.95.0-57.191.127.255
                  57.191.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         47:6f:52:07:db:49:0f:fb:79:2b:60:38:8f:e4:20:35:f6:e4:
         1f:d7:6c:bb:62:05:cf:20:89:4b:11:dc:3f:04:0c:61:be:90:
         8b:28:91:1a:c4:fe:99:da:56:d8:e0:1c:c1:af:87:a9:a6:29:
         c9:58:af:87:fb:2b:8a:fb:cc:d2:9f:dc:0b:ed:11:e7:1e:58:
         93:b4:2c:bb:a0:46:9a:5d:47:7f:66:5e:5c:9e:bb:83:58:4c:
         ca:d9:a6:ce:d5:c7:c6:12:9a:84:31:eb:69:b1:66:2a:bf:18:
         5e:2c:30:16:67:b0:9f:e9:b7:e5:f5:10:54:25:c7:90:e2:13:
         86:ac:84:7f:58:08:c8:ca:48:75:c1:1a:27:a3:10:f0:a6:8b:
         6a:a1:84:8e:2b:d0:e6:2f:28:d9:0e:d1:0a:c7:c8:e8:0f:6b:
         b1:36:70:60:89:b4:02:d9:88:d1:80:4d:64:c3:16:5a:5f:50:
         b9:fe:64:23:4f:d3:40:e6:72:58:9b:75:a9:84:34:f6:6e:6f:
         6d:a5:1e:f6:0d:e6:64:8c:f8:ab:89:58:b0:50:92:c1:86:14:
         21:88:02:93:78:5f:ff:53:1f:28:06:1f:4d:04:50:d0:6a:fd:
         db:37:31:7d:36:b4:25:f7:e1:46:a7:bc:d3:5f:99:11:d7:0d:
         d7:79:2d:a8
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYrSOTLhS9m3aoJ7CqAbEVyMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjMwOTI2MTYwMTE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQxNTk1MmYyOWRjMzlkOTI5OGUzZGFhZjkyMzY1OGRkY2RiYzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkyNpjWbANgRjZrHACIomPPaSjDd5
WDjAnM+/isAZSvV4sKD/QIE7Wf1WsmKBLlfBc1mwPzH3EoVrGqFE8/NiL9JHe5mD
NAi69Ty89GQstV42QvhXzRgyP+l3JhWleI1OqPuGRDubchd6y/KRG5EQ1IBLVYW7
fSgOIf2DhewFxuw6LbNwuNx9cOEJDohxNnkJUpICv9XaabppSwhZoA6ZQvcCcHTv
Pv8psjzYU3jqfrdKeLZ3nAeIFT1CC87/lNUtqkSuR2kwoWQp9a0ZzzOimb1aNsVS
7eiSbE+sGSgzRDcy0GbGplQ0Esp2VN839RxVJg7GpiyXO91a+VlFiGTzpQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKLRWVLyncOdkpjj2q+SNljdzbwzMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvb3RGWlV2S2R3NTJTbU9QYXI1STJXTjNOdkRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCOb9AMAwD
BAA5v18DBAc5vwADBAU5v6AwDQYJKoZIhvcNAQELBQADggEBAEdvUgfbSQ/7eStg
OI/kIDX25B/XbLtiBc8giUsR3D8EDGG+kIsokRrE/pnaVtjgHMGvh6mmKclYr4f7
K4r7zNKf3AvtEeceWJO0LLugRppdR39mXlyeu4NYTMrZps7Vx8YSmoQx62mxZiq/
GF4sMBZnsJ/pt+X1EFQlx5DiE4ashH9YCMjKSHXBGiejEPCmi2qhhI4r0OYvKNkO
0QrHyOgPa7E2cGCJtALZiNGATWTDFlpfULn+ZCNP00DmclibdamENPZub22lHvYN
5mSM+KuJWLBQksGGFCGIApN4X/9THygGH00EUNBq/ds3MX02tCX34UanvNNfmRHX
Ddd5Lag=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:17 2024 by rpki-client on console-fra.rpki-client.org