Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8b5f1e-4190-48b6-bdc5-7d05f9888e98/1/FXjstXlaF2ekNCQflOheeuErV40.roa
File:                     FXjstXlaF2ekNCQflOheeuErV40.roa (raw, json)
Hash identifier:          +18ggXI+OjfOT9g1mIhr6MD915dmU6b1IBqxBGqLbgI=
Subject key identifier:   15:78:EC:B5:79:5A:17:67:A4:34:24:1F:94:E8:5E:7A:E1:2B:57:8D
Certificate issuer:       /CN=6613d9c856444a7096e3a8508cae307fdebc0cd4
Certificate serial:       018570FB9C3FD1636AED7DA426F2A3BCA05E
Authority key identifier: 66:13:D9:C8:56:44:4A:70:96:E3:A8:50:8C:AE:30:7F:DE:BC:0C:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhPZyFZESnCW46hQjK4wf968DNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8b5f1e-4190-48b6-bdc5-7d05f9888e98/1/FXjstXlaF2ekNCQflOheeuErV40.roa
Signing time:             Mon 02 Jan 2023 05:36:55 +0000
ROA not before:           Mon 02 Jan 2023 05:36:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60501
IP address blocks:        46.149.102.0/24 maxlen: 24
                          2a10:2400::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:9c:3f:d1:63:6a:ed:7d:a4:26:f2:a3:bc:a0:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6613d9c856444a7096e3a8508cae307fdebc0cd4
        Validity
            Not Before: Jan  2 05:36:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1578ecb5795a1767a434241f94e85e7ae12b578d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a9:fe:2e:76:51:03:82:74:12:0c:e8:1c:42:
                    b9:6f:8b:97:3e:4a:ba:fb:10:e7:39:54:ac:8b:79:
                    6b:02:d3:51:7d:29:33:7b:9e:e8:0b:21:8b:be:20:
                    80:ad:a6:8a:23:4b:f0:19:05:9c:4c:7a:ad:7f:49:
                    c5:b3:d8:b8:3a:89:ac:65:5c:db:2f:71:e8:51:75:
                    94:75:63:92:12:90:8b:a8:14:86:e9:61:5d:8f:71:
                    a9:13:be:4a:23:13:36:aa:4a:13:6e:68:cb:c1:8a:
                    4a:b8:10:87:ef:17:37:bf:1a:5d:01:2b:dd:ec:56:
                    17:90:54:11:08:de:ab:3d:dc:d5:50:dc:a5:66:56:
                    6e:35:8d:95:b3:aa:22:0e:d1:72:a2:af:a4:28:8b:
                    19:14:39:84:f0:e3:8e:2b:81:50:16:2a:09:d0:89:
                    36:0b:7e:a6:47:43:53:61:19:8f:51:cd:53:2f:ed:
                    ef:d3:bd:28:e7:8f:52:eb:bc:6f:8a:fa:fc:bd:d6:
                    e6:d8:5c:eb:aa:00:e2:8f:13:da:c9:30:8d:26:b5:
                    f7:3b:82:57:13:05:39:91:82:f2:92:ce:27:11:bb:
                    9e:a7:5d:04:9d:aa:b6:1f:be:43:41:e5:1c:15:03:
                    d8:2c:38:59:4d:ce:63:5e:a6:ee:f6:6d:2c:4a:1d:
                    b4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:78:EC:B5:79:5A:17:67:A4:34:24:1F:94:E8:5E:7A:E1:2B:57:8D
            X509v3 Authority Key Identifier:
                keyid:66:13:D9:C8:56:44:4A:70:96:E3:A8:50:8C:AE:30:7F:DE:BC:0C:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhPZyFZESnCW46hQjK4wf968DNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8b5f1e-4190-48b6-bdc5-7d05f9888e98/1/FXjstXlaF2ekNCQflOheeuErV40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8b5f1e-4190-48b6-bdc5-7d05f9888e98/1/ZhPZyFZESnCW46hQjK4wf968DNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.102.0/24
                IPv6:
                  2a10:2400::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:d1:33:9c:6e:e7:b9:1d:51:7e:84:05:3d:e6:a3:25:c7:9f:
         f9:2d:4f:7a:4e:7b:26:de:a9:1d:28:b8:92:81:4e:26:d3:82:
         81:aa:f3:5a:de:5a:34:3d:b6:5d:ce:b8:13:80:8c:8c:3d:f5:
         9f:95:9b:b2:c7:4c:59:63:c5:8b:09:ff:05:eb:36:ab:31:3d:
         5b:9d:a3:7e:57:ce:42:51:0e:b1:8a:55:f7:b9:17:e1:ca:9c:
         dd:aa:07:a3:60:9b:45:fd:e0:87:51:63:a7:c2:21:71:5d:c5:
         8d:8a:b7:14:0f:b5:f2:06:6a:14:f3:04:32:ce:64:04:7d:f7:
         5f:39:07:2d:d9:22:89:f0:c3:24:ea:78:eb:e0:7f:80:78:2e:
         d4:6d:64:93:6e:7a:20:70:3f:8f:86:70:65:89:bf:6c:61:50:
         0a:bc:6c:8a:1a:88:ff:92:d0:62:bb:8f:21:dd:3e:87:34:9a:
         50:ac:2b:3c:1e:b2:2a:94:2e:c8:66:c1:3c:b1:ad:e2:b6:8e:
         9e:11:1b:a3:a8:9a:6d:f3:90:c3:ad:73:30:dc:28:57:3e:a8:
         2d:02:0d:e2:13:9f:5e:e1:68:5b:7d:a9:38:b3:e0:1c:1c:01:
         4d:1f:8b:c3:4d:6b:1a:50:bb:8c:de:59:46:eb:fb:1c:57:b7:
         66:01:88:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVw+5w/0WNq7X2kJvKjvKBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTNkOWM4NTY0NDRhNzA5NmUzYTg1MDhjYWUzMDdmZGVi
YzBjZDQwHhcNMjMwMTAyMDUzNjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc4ZWNiNTc5NWExNzY3YTQzNDI0MWY5NGU4NWU3YWUxMmI1NzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqn+LnZRA4J0EgzoHEK5b4uXPkq6
+xDnOVSsi3lrAtNRfSkze57oCyGLviCAraaKI0vwGQWcTHqtf0nFs9i4OomsZVzb
L3HoUXWUdWOSEpCLqBSG6WFdj3GpE75KIxM2qkoTbmjLwYpKuBCH7xc3vxpdASvd
7FYXkFQRCN6rPdzVUNylZlZuNY2Vs6oiDtFyoq+kKIsZFDmE8OOOK4FQFioJ0Ik2
C36mR0NTYRmPUc1TL+3v070o549S67xvivr8vdbm2FzrqgDijxPayTCNJrX3O4JX
EwU5kYLyks4nEbuep10Enaq2H75DQeUcFQPYLDhZTc5jXqbu9m0sSh20lQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBV47LV5WhdnpDQkH5ToXnrhK1eNMB8GA1UdIwQY
MBaAFGYT2chWREpwluOoUIyuMH/evAzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhQWnlGWkVTbkNXNDZoUWpLNHdmOTY4RE5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84YjVmMWUtNDE5MC00OGI2LWJkYzUt
N2QwNWY5ODg4ZTk4LzEvRlhqc3RYbGFGMmVrTkNRZmxPaGVldUVyVjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84YjVmMWUtNDE5MC00OGI2LWJkYzUtN2QwNWY5ODg4ZTk4
LzEvWmhQWnlGWkVTbkNXNDZoUWpLNHdmOTY4RE5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALpVmMA0E
AgACMAcDBQMqECQAMA0GCSqGSIb3DQEBCwUAA4IBAQAX0TOcbue5HVF+hAU95qMl
x5/5LU96Tnsm3qkdKLiSgU4m04KBqvNa3lo0PbZdzrgTgIyMPfWflZuyx0xZY8WL
Cf8F6zarMT1bnaN+V85CUQ6xilX3uRfhypzdqgejYJtF/eCHUWOnwiFxXcWNircU
D7XyBmoU8wQyzmQEffdfOQct2SKJ8MMk6njr4H+AeC7UbWSTbnogcD+PhnBlib9s
YVAKvGyKGoj/ktBiu48h3T6HNJpQrCs8HrIqlC7IZsE8sa3ito6eERujqJpt85DD
rXMw3ChXPqgtAg3iE59e4Whbfak4s+AcHAFNH4vDTWsaULuM3llG6/scV7dmAYil
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:43 2024 by rpki-client on console-fra.rpki-client.org