Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/Z5k2TGzOzkQJXfBNeEQ354tT2N0.roa
File:                     Z5k2TGzOzkQJXfBNeEQ354tT2N0.roa (raw, json)
Hash identifier:          jXHVeEnqY3swpbYuyqzc7o2j0mCGc9mrxEp+PaHwcno=
Subject key identifier:   67:99:36:4C:6C:CE:CE:44:09:5D:F0:4D:78:44:37:E7:8B:53:D8:DD
Certificate issuer:       /CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
Certificate serial:       0187CD632E101450ED2FE9BA7C0ACE077C32
Authority key identifier: 3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/Z5k2TGzOzkQJXfBNeEQ354tT2N0.roa
Signing time:             Sat 29 Apr 2023 14:20:41 +0000
ROA not before:           Sat 29 Apr 2023 14:20:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43870
IP address blocks:        80.245.80.0/22 maxlen: 24
                          80.245.80.0/20 maxlen: 24
                          80.245.84.0/23 maxlen: 24
                          149.3.184.0/21 maxlen: 24
                          79.140.160.0/20 maxlen: 24
                          79.140.160.0/21 maxlen: 24
                          79.140.168.0/22 maxlen: 24
                          79.140.172.0/24 maxlen: 24
                          79.140.174.0/23 maxlen: 24
                          2a00:cce0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:cd:63:2e:10:14:50:ed:2f:e9:ba:7c:0a:ce:07:7c:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bfa6636fe6440acf293b75705a7a1dcada8420b
        Validity
            Not Before: Apr 29 14:20:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6799364c6ccece44095df04d784437e78b53d8dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b5:97:62:71:22:cc:62:c2:ad:70:d9:63:24:
                    5c:5b:e8:05:93:d5:3f:8c:29:3b:af:e0:8d:7c:fb:
                    fc:e1:21:06:f4:a8:49:ed:12:57:55:da:1c:e2:87:
                    84:84:e0:7b:4b:35:78:7c:74:64:45:f1:cb:7e:42:
                    56:44:c5:81:41:cd:20:8f:dc:e3:02:1d:55:22:15:
                    a3:2d:d2:51:b8:ec:3e:cd:36:ec:3f:22:fc:f1:2b:
                    9e:ea:47:07:8e:d1:40:38:e5:12:03:be:30:45:cd:
                    12:85:c1:03:96:29:e8:33:35:aa:a1:5f:c3:8e:6e:
                    f5:e1:37:af:21:e6:2a:e7:9b:95:95:e1:66:e0:7c:
                    7a:c9:46:55:2c:da:f6:d0:c8:04:cd:2f:43:07:b9:
                    07:31:c7:25:71:26:b1:fa:fc:e5:cd:08:67:4d:49:
                    79:46:83:c7:6b:89:8c:49:da:2f:99:5f:2b:88:c9:
                    51:d0:d1:18:4e:1e:77:85:a2:ca:22:7c:ff:cb:18:
                    eb:d9:91:bd:b0:05:a8:7c:1b:5d:3e:b0:ce:62:bb:
                    ed:85:1e:0c:40:91:f6:2a:3e:12:09:89:eb:74:e2:
                    be:60:b4:1f:7f:16:f0:17:41:8b:75:ca:e3:bf:3d:
                    5a:7e:e8:c9:c5:03:a3:ef:ed:9a:e5:f6:30:51:fb:
                    e3:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:99:36:4C:6C:CE:CE:44:09:5D:F0:4D:78:44:37:E7:8B:53:D8:DD
            X509v3 Authority Key Identifier:
                keyid:3B:FA:66:36:FE:64:40:AC:F2:93:B7:57:05:A7:A1:DC:AD:A8:42:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O_pmNv5kQKzyk7dXBaeh3K2oQgs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/Z5k2TGzOzkQJXfBNeEQ354tT2N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/a47cdf-d21b-4f1d-8901-92ec515c595a/1/O_pmNv5kQKzyk7dXBaeh3K2oQgs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.140.160.0/20
                  80.245.80.0/20
                  149.3.184.0/21
                IPv6:
                  2a00:cce0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:11:da:2b:24:96:50:87:c4:1b:a0:e8:ac:03:97:63:cc:b1:
         f0:4a:ab:93:e0:dd:70:3f:3e:f3:df:c8:b2:c8:04:3e:ad:c5:
         88:89:17:55:cb:97:dd:83:0c:6e:e2:ac:64:82:1b:5c:80:df:
         e2:ae:1c:4e:12:c5:92:54:97:22:af:51:26:e3:1f:05:ce:6e:
         be:8d:4e:df:a8:e6:d4:77:d8:cb:be:63:55:6b:cd:02:3e:ad:
         e9:cb:4d:9f:15:bd:c0:e9:3a:4b:95:ec:77:72:e4:a1:d6:40:
         bb:cb:1c:23:74:56:b4:78:16:76:c3:64:99:9d:fb:7f:6e:a7:
         39:8c:26:1a:44:b6:d9:e1:31:cc:ee:bf:ac:61:0c:f6:20:6a:
         79:eb:b7:2d:67:d3:aa:e8:e9:7a:8c:40:52:b6:68:d4:19:2e:
         53:35:92:e8:d7:7d:97:77:55:21:ad:fc:38:79:54:1a:70:5c:
         39:01:31:41:77:bb:31:a7:6a:de:94:97:60:83:2e:8a:08:a0:
         60:c3:95:54:14:17:b4:25:ec:78:d8:cc:b8:23:b4:be:62:09:
         b5:8e:91:df:3b:7b:fd:60:7a:40:38:d8:c1:1b:4c:c3:5e:54:
         cd:25:40:58:9a:e8:b7:4e:16:37:2d:e0:14:5b:d0:67:15:21:
         93:95:b4:43
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYfNYy4QFFDtL+m6fArOB3wyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZmE2NjM2ZmU2NDQwYWNmMjkzYjc1NzA1YTdhMWRjYWRh
ODQyMGIwHhcNMjMwNDI5MTQyMDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzk5MzY0YzZjY2VjZTQ0MDk1ZGYwNGQ3ODQ0MzdlNzhiNTNkOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLWXYnEizGLCrXDZYyRcW+gFk9U/
jCk7r+CNfPv84SEG9KhJ7RJXVdoc4oeEhOB7SzV4fHRkRfHLfkJWRMWBQc0gj9zj
Ah1VIhWjLdJRuOw+zTbsPyL88Sue6kcHjtFAOOUSA74wRc0ShcEDlinoMzWqoV/D
jm714TevIeYq55uVleFm4Hx6yUZVLNr20MgEzS9DB7kHMcclcSax+vzlzQhnTUl5
RoPHa4mMSdovmV8riMlR0NEYTh53haLKInz/yxjr2ZG9sAWofBtdPrDOYrvthR4M
QJH2Kj4SCYnrdOK+YLQffxbwF0GLdcrjvz1afujJxQOj7+2a5fYwUfvj+QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGeZNkxszs5ECV3wTXhEN+eLU9jdMB8GA1UdIwQY
MBaAFDv6Zjb+ZECs8pO3VwWnodytqEILMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEt
OTJlYzUxNWM1OTVhLzEvWjVrMlRHek96a1FKWGZCTmVFUTM1NHRUMk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9hNDdjZGYtZDIxYi00ZjFkLTg5MDEtOTJlYzUxNWM1OTVh
LzEvT19wbU52NWtRS3p5azdkWEJhZWgzSzJvUWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQET4ygAwQE
UPVQAwQDlQO4MA0EAgACMAcDBQAqAMzgMA0GCSqGSIb3DQEBCwUAA4IBAQBEEdor
JJZQh8QboOisA5djzLHwSquT4N1wPz7z38iyyAQ+rcWIiRdVy5fdgwxu4qxkghtc
gN/irhxOEsWSVJcir1Em4x8Fzm6+jU7fqObUd9jLvmNVa80CPq3py02fFb3A6TpL
lex3cuSh1kC7yxwjdFa0eBZ2w2SZnft/bqc5jCYaRLbZ4THM7r+sYQz2IGp567ct
Z9Oq6Ol6jEBStmjUGS5TNZLo132Xd1Uhrfw4eVQacFw5ATFBd7sxp2relJdggy6K
CKBgw5VUFBe0Jex42My4I7S+Ygm1jpHfO3v9YHpAONjBG0zDXlTNJUBYmui3ThY3
LeAUW9BnFSGTlbRD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:03 2024 by rpki-client on console-ams.rpki-client.org