Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/0059b5-f637-4265-a3e4-a3b58628060d/1/aXjgtwUK3chz7DhMLxCn0bUV0kU.roa
File:                     aXjgtwUK3chz7DhMLxCn0bUV0kU.roa (raw, json)
Hash identifier:          SEG4jfWDOWlKAFTjxeLgp52pNOU4C6kraKIhDyIJKfM=
Subject key identifier:   69:78:E0:B7:05:0A:DD:C8:73:EC:38:4C:2F:10:A7:D1:B5:15:D2:45
Certificate issuer:       /CN=6851a3fee77e924146177123dd6753b06fde2452
Certificate serial:       01856F26B9917E3FD277D960686A447E1B53
Authority key identifier: 68:51:A3:FE:E7:7E:92:41:46:17:71:23:DD:67:53:B0:6F:DE:24:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aFGj_ud-kkFGF3Ej3WdTsG_eJFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/0059b5-f637-4265-a3e4-a3b58628060d/1/aXjgtwUK3chz7DhMLxCn0bUV0kU.roa
Signing time:             Sun 01 Jan 2023 21:04:46 +0000
ROA not before:           Sun 01 Jan 2023 21:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     559
IP address blocks:        192.42.192.0/21 maxlen: 21
                          192.42.200.0/23 maxlen: 23
                          130.223.0.0/16 maxlen: 16
                          192.42.180.0/22 maxlen: 22
                          192.42.184.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:26:b9:91:7e:3f:d2:77:d9:60:68:6a:44:7e:1b:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6851a3fee77e924146177123dd6753b06fde2452
        Validity
            Not Before: Jan  1 21:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6978e0b7050addc873ec384c2f10a7d1b515d245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:5e:8b:f7:d3:d5:a3:38:13:18:e7:ff:6e:de:
                    ca:81:78:5c:83:1c:8d:e1:e0:e4:28:75:ed:6a:67:
                    14:c3:98:c2:b9:c3:bd:96:48:3d:6e:4b:01:4c:ca:
                    22:3f:81:02:a3:f3:d0:fa:0d:74:e4:fd:84:84:1d:
                    7f:68:e6:3a:38:79:94:c3:42:bb:08:3c:7a:05:6a:
                    30:af:25:f7:b7:d4:16:f9:fe:49:9d:92:90:32:c7:
                    bd:bb:bc:ea:f6:65:f0:2a:10:a7:32:fc:4a:27:ed:
                    e4:09:88:73:dd:ff:95:05:87:92:ca:5d:9f:c4:bf:
                    26:16:74:b4:b4:72:52:39:43:ef:74:3c:a1:4e:fd:
                    b7:89:29:10:2a:af:d1:ff:60:3f:b9:04:cc:80:ed:
                    00:f7:9e:6b:53:d9:80:7d:36:33:15:81:7a:57:ef:
                    dc:80:29:61:09:23:c0:db:06:44:8e:8d:68:b4:93:
                    2b:cb:ff:f0:62:dc:94:c8:e4:45:8d:c0:75:95:fb:
                    1c:4c:43:cd:ba:2d:6f:d6:14:7e:4c:13:1f:58:1e:
                    57:e0:f5:4f:6c:9c:7e:4b:13:5e:89:82:06:04:e0:
                    11:dc:6e:31:57:68:99:8c:05:ad:d3:78:f7:dd:e6:
                    9d:52:c9:2d:58:a0:e1:3d:8c:57:ec:25:78:e3:d0:
                    c1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:78:E0:B7:05:0A:DD:C8:73:EC:38:4C:2F:10:A7:D1:B5:15:D2:45
            X509v3 Authority Key Identifier:
                keyid:68:51:A3:FE:E7:7E:92:41:46:17:71:23:DD:67:53:B0:6F:DE:24:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aFGj_ud-kkFGF3Ej3WdTsG_eJFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/0059b5-f637-4265-a3e4-a3b58628060d/1/aXjgtwUK3chz7DhMLxCn0bUV0kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/0059b5-f637-4265-a3e4-a3b58628060d/1/aFGj_ud-kkFGF3Ej3WdTsG_eJFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.223.0.0/16
                  192.42.180.0-192.42.201.255

    Signature Algorithm: sha256WithRSAEncryption
         a1:43:ab:36:2d:fc:c1:3e:21:4b:c6:b3:35:44:ed:a3:02:b9:
         6a:8e:e4:af:d7:9a:7e:20:7b:fd:1f:08:11:a1:41:95:27:f3:
         4b:91:a6:21:2d:2c:f8:80:e5:50:b5:71:d1:9b:65:77:84:e3:
         df:93:17:bc:74:73:c2:51:77:d1:d9:53:4e:60:90:11:2d:e2:
         94:ee:84:f2:74:0d:1f:29:48:f3:e3:d8:11:87:10:26:0f:88:
         22:82:af:c4:20:d1:42:a8:2b:25:91:a3:36:80:0e:ea:99:33:
         36:3b:65:8c:9d:aa:d7:d8:92:48:83:ed:13:d1:42:8d:3f:a4:
         27:01:b4:02:36:df:8a:d6:67:c9:d4:0d:6f:bd:ba:cd:7f:13:
         f8:e2:88:4e:4a:66:2a:03:6c:5e:2d:6b:71:19:b8:e5:37:7e:
         27:49:55:ed:cb:34:29:5e:dc:4a:82:17:f7:2b:06:2b:95:54:
         04:75:9a:56:a7:e1:c7:cc:92:7d:7e:6d:ad:6a:18:44:22:a1:
         13:63:5e:19:6a:d0:91:58:14:b3:f5:1d:0d:10:e7:1d:10:eb:
         a2:44:2e:3d:57:29:27:57:f6:37:34:a4:ff:db:61:7b:a1:3a:
         21:e4:6d:bc:d0:2b:0a:f2:e9:78:ef:8a:17:e4:e8:9e:8d:81:
         84:e4:3d:8b
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAYVvJrmRfj/Sd9lgaGpEfhtTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4NTFhM2ZlZTc3ZTkyNDE0NjE3NzEyM2RkNjc1M2IwNmZk
ZTI0NTIwHhcNMjMwMTAxMjEwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTc4ZTBiNzA1MGFkZGM4NzNlYzM4NGMyZjEwYTdkMWI1MTVkMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr16L99PVozgTGOf/bt7KgXhcgxyN
4eDkKHXtamcUw5jCucO9lkg9bksBTMoiP4ECo/PQ+g105P2EhB1/aOY6OHmUw0K7
CDx6BWowryX3t9QW+f5JnZKQMse9u7zq9mXwKhCnMvxKJ+3kCYhz3f+VBYeSyl2f
xL8mFnS0tHJSOUPvdDyhTv23iSkQKq/R/2A/uQTMgO0A955rU9mAfTYzFYF6V+/c
gClhCSPA2wZEjo1otJMry//wYtyUyORFjcB1lfscTEPNui1v1hR+TBMfWB5X4PVP
bJx+SxNeiYIGBOAR3G4xV2iZjAWt03j33eadUsktWKDhPYxX7CV449DBFwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFGl44LcFCt3Ic+w4TC8Qp9G1FdJFMB8GA1UdIwQY
MBaAFGhRo/7nfpJBRhdxI91nU7Bv3iRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUZHal91ZC1ra0ZHRjNFajNXZFRzR19lSkZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy8wMDU5YjUtZjYzNy00MjY1LWEzZTQt
YTNiNTg2MjgwNjBkLzEvYVhqZ3R3VUszY2h6N0RoTUx4Q24wYlVWMGtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy8wMDU5YjUtZjYzNy00MjY1LWEzZTQtYTNiNTg2MjgwNjBk
LzEvYUZHal91ZC1ra0ZHRjNFajNXZFRzR19lSkZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwMAgt8wDAME
AsAqtAMEAcAqyDANBgkqhkiG9w0BAQsFAAOCAQEAoUOrNi38wT4hS8azNUTtowK5
ao7kr9eafiB7/R8IEaFBlSfzS5GmIS0s+IDlULVx0Ztld4Tj35MXvHRzwlF30dlT
TmCQES3ilO6E8nQNHylI8+PYEYcQJg+IIoKvxCDRQqgrJZGjNoAO6pkzNjtljJ2q
19iSSIPtE9FCjT+kJwG0AjbfitZnydQNb726zX8T+OKITkpmKgNsXi1rcRm45Td+
J0lV7cs0KV7cSoIX9ysGK5VUBHWaVqfhx8ySfX5trWoYRCKhE2NeGWrQkVgUs/Ud
DRDnHRDrokQuPVcpJ1f2NzSk/9the6E6IeRtvNArCvLpeO+KF+Tono2BhOQ9iw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:01 2024 by rpki-client on console-ams.rpki-client.org