Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/REq8HmoIPp-l2e1JeHUts3wQX0A.roa
File:                     REq8HmoIPp-l2e1JeHUts3wQX0A.roa (raw, json)
Hash identifier:          YFT/Nx1+qUjkor3YYg80ZVrxFGXsi6NmkgiAnZywfKU=
Subject key identifier:   44:4A:BC:1E:6A:08:3E:9F:A5:D9:ED:49:78:75:2D:B3:7C:10:5F:40
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       018AAD16D8B228B1D187DBD6E2B800BF2202
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/REq8HmoIPp-l2e1JeHUts3wQX0A.roa
Signing time:             Tue 19 Sep 2023 10:57:50 +0000
ROA not before:           Tue 19 Sep 2023 10:57:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.94.0/24 maxlen: 24
                          80.246.225.0/24 maxlen: 24
                          80.246.232.0/24 maxlen: 24
                          80.246.228.0/24 maxlen: 24
                          80.246.236.0/24 maxlen: 24
                          80.246.236.0/22 maxlen: 24
                          80.246.237.0/24 maxlen: 24
                          80.246.238.0/24 maxlen: 24
                          80.246.239.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 20 Sep 2023 07:42:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ad:16:d8:b2:28:b1:d1:87:db:d6:e2:b8:00:bf:22:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Sep 19 10:57:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=444abc1e6a083e9fa5d9ed4978752db37c105f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f5:ec:0e:8f:58:b3:08:75:03:d1:c9:ca:fc:
                    44:27:1f:9e:af:82:b9:1a:d9:60:f7:10:a2:7c:00:
                    1f:96:74:04:31:8e:c3:81:e5:7c:f7:2f:79:2e:a8:
                    42:a2:2b:f6:f4:93:37:a4:42:53:8f:37:9e:ad:52:
                    4f:3b:53:91:fc:48:3e:f4:d2:79:3d:16:f8:76:17:
                    a3:f4:fa:83:ae:28:f8:f8:6a:da:77:1f:ea:4d:85:
                    ad:69:78:1b:d2:45:4f:30:f1:2b:56:06:5c:f7:e7:
                    c9:0e:4d:e8:ac:c2:6b:c0:f8:fe:03:ed:51:5e:56:
                    dc:7f:28:b1:81:31:ed:82:be:39:4d:b9:7a:ae:9a:
                    de:c4:3d:88:73:d2:a6:c4:4a:fc:3a:98:0b:a5:61:
                    22:eb:8b:90:2c:9e:da:4a:91:94:b9:25:e4:6b:1d:
                    2b:8f:16:7c:3e:f6:5f:17:af:d8:ce:6e:31:48:59:
                    32:23:31:ec:a1:9a:00:ee:91:51:84:f9:01:bd:45:
                    a1:72:95:41:c3:2f:78:b4:e1:8c:86:94:e8:f8:04:
                    e4:3d:af:57:15:ef:b7:a5:2a:3e:e5:d3:31:db:b6:
                    03:ac:53:cf:e1:a4:3b:cc:8e:16:4d:2f:fb:96:31:
                    c6:a3:97:e8:da:79:91:02:27:8b:c5:00:65:ca:67:
                    09:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:4A:BC:1E:6A:08:3E:9F:A5:D9:ED:49:78:75:2D:B3:7C:10:5F:40
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/REq8HmoIPp-l2e1JeHUts3wQX0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.94.0/24
                  80.246.225.0/24
                  80.246.228.0/24
                  80.246.232.0/24
                  80.246.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:f2:ec:e3:96:eb:5e:5d:87:6e:bc:16:76:f2:73:33:41:d4:
         05:55:56:12:c2:25:fb:3c:7e:f1:07:c7:40:11:47:ac:46:5d:
         7f:44:2b:0f:57:ed:c1:b5:7a:13:8a:27:97:9a:6a:c7:16:a0:
         b6:1c:55:87:38:30:49:87:29:d4:57:a9:a0:a8:94:47:9d:99:
         c2:4d:7c:45:71:1d:61:91:a7:f0:1c:b1:70:4a:53:2f:d9:5c:
         c5:20:49:cd:d7:7c:92:e3:08:54:14:f8:86:f7:36:8f:e0:3d:
         0e:27:b7:88:63:7b:41:f3:33:e5:72:25:e6:7b:9c:02:f9:80:
         2a:05:23:04:a3:42:13:8f:83:ac:8c:d0:83:27:5e:08:b7:28:
         87:80:6a:be:cb:40:90:f0:0a:b6:42:fc:e9:9f:37:e9:d1:81:
         4c:c6:7f:2e:bd:55:26:82:96:17:16:a0:cb:4e:6f:a3:2f:80:
         eb:4f:97:03:d9:32:70:0b:ec:92:b5:08:48:6a:85:7b:e9:14:
         68:cd:9d:de:f3:3b:0c:d5:c7:a4:34:58:ef:ab:7f:01:0c:10:
         f3:e3:11:0a:71:c8:fd:5d:75:6a:0d:c5:12:db:12:68:2b:cd:
         a3:82:5c:e2:54:fe:42:c5:06:d7:0b:89:a5:47:dc:3c:53:aa:
         fb:b2:6c:04
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYqtFtiyKLHRh9vW4rgAvyICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjMwOTE5MTA1NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDRhYmMxZTZhMDgzZTlmYTVkOWVkNDk3ODc1MmRiMzdjMTA1ZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/XsDo9Yswh1A9HJyvxEJx+er4K5
Gtlg9xCifAAflnQEMY7DgeV89y95LqhCoiv29JM3pEJTjzeerVJPO1OR/Eg+9NJ5
PRb4dhej9PqDrij4+Gradx/qTYWtaXgb0kVPMPErVgZc9+fJDk3orMJrwPj+A+1R
XlbcfyixgTHtgr45Tbl6rprexD2Ic9KmxEr8OpgLpWEi64uQLJ7aSpGUuSXkax0r
jxZ8PvZfF6/Yzm4xSFkyIzHsoZoA7pFRhPkBvUWhcpVBwy94tOGMhpTo+ATkPa9X
Fe+3pSo+5dMx27YDrFPP4aQ7zI4WTS/7ljHGo5fo2nmRAieLxQBlymcJEwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFERKvB5qCD6fpdntSXh1LbN8EF9AMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvUkVxOEhtb0lQcC1sMmUxSmVIVXRzM3dRWDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALZVeAwQA
UPbhAwQAUPbkAwQAUPboAwQCUPbsMA0GCSqGSIb3DQEBCwUAA4IBAQAc8uzjlute
XYduvBZ28nMzQdQFVVYSwiX7PH7xB8dAEUesRl1/RCsPV+3BtXoTiieXmmrHFqC2
HFWHODBJhynUV6mgqJRHnZnCTXxFcR1hkafwHLFwSlMv2VzFIEnN13yS4whUFPiG
9zaP4D0OJ7eIY3tB8zPlciXme5wC+YAqBSMEo0ITj4OsjNCDJ14ItyiHgGq+y0CQ
8Aq2Qvzpnzfp0YFMxn8uvVUmgpYXFqDLTm+jL4DrT5cD2TJwC+yStQhIaoV76RRo
zZ3e8zsM1cekNFjvq38BDBDz4xEKccj9XXVqDcUS2xJoK82jglziVP5CxQbXC4ml
R9w8U6r7smwE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:52 2024 by rpki-client on console-fra.rpki-client.org