Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/9f18f8-96c4-4b23-931f-d5f047c29190/1/xWDB1fymj_YJk-l8Y8fqEcd3ePc.roa
File:                     xWDB1fymj_YJk-l8Y8fqEcd3ePc.roa (raw, json)
Hash identifier:          BupUuB/G2TC9pa5cMUwCZrsx+osIhb+JrSC9MEz5+A0=
Subject key identifier:   C5:60:C1:D5:FC:A6:8F:F6:09:93:E9:7C:63:C7:EA:11:C7:77:78:F7
Certificate issuer:       /CN=33358b451ee0fe85b004a0564f8310fb211c95fa
Certificate serial:       01870E801089AB83863CDC1B19589198FE09
Authority key identifier: 33:35:8B:45:1E:E0:FE:85:B0:04:A0:56:4F:83:10:FB:21:1C:95:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzWLRR7g_oWwBKBWT4MQ-yEclfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/9f18f8-96c4-4b23-931f-d5f047c29190/1/xWDB1fymj_YJk-l8Y8fqEcd3ePc.roa
Signing time:             Thu 23 Mar 2023 12:44:46 +0000
ROA not before:           Thu 23 Mar 2023 12:44:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49042
IP address blocks:        45.148.120.0/24 maxlen: 24
                          45.148.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0e:80:10:89:ab:83:86:3c:dc:1b:19:58:91:98:fe:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33358b451ee0fe85b004a0564f8310fb211c95fa
        Validity
            Not Before: Mar 23 12:44:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c560c1d5fca68ff60993e97c63c7ea11c77778f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:c5:98:cd:48:1b:73:63:9d:c5:71:8a:6a:ce:
                    33:fe:70:f4:b1:cb:ee:35:79:85:95:86:e5:4b:df:
                    12:0b:6a:f3:23:db:3b:2c:96:4a:42:4e:16:a6:31:
                    e7:bf:44:05:fd:68:46:62:12:a7:19:0a:d9:2b:1a:
                    66:cd:07:d1:2a:59:a4:45:86:06:47:da:14:a0:8c:
                    3a:29:1e:c2:66:7d:61:90:34:a5:27:e2:73:e2:dc:
                    ff:87:b4:cf:a9:59:8b:68:ea:72:6a:7c:e1:a7:59:
                    a8:25:41:70:b4:cd:b7:2d:4b:40:27:e1:44:d8:a4:
                    44:ee:2a:20:5c:44:2a:a3:05:14:1d:a5:32:44:9a:
                    86:eb:58:e4:96:3a:d5:0f:af:ad:4d:26:d3:c3:95:
                    f1:0d:cc:35:da:24:dc:90:86:ee:40:33:e5:4c:ac:
                    cf:ba:4f:8e:4d:2e:8e:d4:12:b1:5d:50:b4:5d:f4:
                    3a:b9:b5:08:92:a9:e1:f6:54:d9:73:65:1e:4e:8a:
                    eb:e5:a4:df:07:00:0c:b6:c6:64:93:da:78:2b:1b:
                    c0:0c:be:64:e4:a5:94:7c:71:0f:a1:e8:22:3a:c7:
                    46:7c:2c:5c:33:19:37:bc:5b:89:1e:a9:41:e3:30:
                    87:45:e9:1d:4d:f9:72:be:e5:d0:01:1b:39:5c:a3:
                    ee:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:60:C1:D5:FC:A6:8F:F6:09:93:E9:7C:63:C7:EA:11:C7:77:78:F7
            X509v3 Authority Key Identifier:
                keyid:33:35:8B:45:1E:E0:FE:85:B0:04:A0:56:4F:83:10:FB:21:1C:95:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzWLRR7g_oWwBKBWT4MQ-yEclfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/9f18f8-96c4-4b23-931f-d5f047c29190/1/xWDB1fymj_YJk-l8Y8fqEcd3ePc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/9f18f8-96c4-4b23-931f-d5f047c29190/1/MzWLRR7g_oWwBKBWT4MQ-yEclfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.148.120.0/24
                  45.148.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:8e:9f:2a:66:ce:bf:11:80:ff:32:54:45:94:7a:6a:4b:d0:
         9c:66:56:6e:55:af:72:30:35:e2:ca:73:2a:05:ca:de:ca:d5:
         dd:ae:2c:b2:60:5e:64:e8:4a:0d:c0:10:05:71:d6:c2:ca:da:
         98:f3:37:15:f5:36:30:05:84:df:81:64:19:d9:66:ad:c1:32:
         01:cf:1c:3c:62:57:76:4a:51:15:c4:c2:f5:7c:07:7f:af:33:
         16:99:32:76:8a:6b:28:7d:a8:7f:1d:7f:78:8c:31:e7:f5:4b:
         c3:1f:82:cf:fb:67:5c:2c:60:54:38:74:45:d5:fe:19:8e:1d:
         f9:db:6b:dd:1e:62:4a:f5:a6:ab:6c:dc:2e:48:9f:1c:04:dd:
         3b:a3:e3:63:db:17:d5:41:b2:5e:43:de:5c:0f:ec:f7:e7:5a:
         db:d6:eb:91:b1:51:c6:00:21:6c:ee:60:94:b5:42:c9:7b:45:
         cf:27:65:46:8f:6c:06:45:e6:3a:be:60:cf:54:af:a4:08:8c:
         f2:22:15:20:f8:7d:41:45:f5:dc:ef:7e:47:15:aa:68:d6:07:
         f0:f8:76:4b:ca:c0:00:bc:14:35:b4:d7:7a:2f:a1:e4:14:bb:
         80:e8:66:3b:86:89:76:40:a0:b0:81:b5:ed:db:75:0a:9f:d3:
         f4:3a:ed:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYcOgBCJq4OGPNwbGViRmP4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzU4YjQ1MWVlMGZlODViMDA0YTA1NjRmODMxMGZiMjEx
Yzk1ZmEwHhcNMjMwMzIzMTI0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTYwYzFkNWZjYTY4ZmY2MDk5M2U5N2M2M2M3ZWExMWM3Nzc3OGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0MWYzUgbc2OdxXGKas4z/nD0scvu
NXmFlYblS98SC2rzI9s7LJZKQk4WpjHnv0QF/WhGYhKnGQrZKxpmzQfRKlmkRYYG
R9oUoIw6KR7CZn1hkDSlJ+Jz4tz/h7TPqVmLaOpyanzhp1moJUFwtM23LUtAJ+FE
2KRE7iogXEQqowUUHaUyRJqG61jkljrVD6+tTSbTw5XxDcw12iTckIbuQDPlTKzP
uk+OTS6O1BKxXVC0XfQ6ubUIkqnh9lTZc2UeTorr5aTfBwAMtsZkk9p4KxvADL5k
5KWUfHEPoegiOsdGfCxcMxk3vFuJHqlB4zCHRekdTflyvuXQARs5XKPuCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMVgwdX8po/2CZPpfGPH6hHHd3j3MB8GA1UdIwQY
MBaAFDM1i0Ue4P6FsASgVk+DEPshHJX6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpXTFJSN2dfb1d3QktCV1Q0TVEteUVjbGZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS85ZjE4ZjgtOTZjNC00YjIzLTkzMWYt
ZDVmMDQ3YzI5MTkwLzEveFdEQjFmeW1qX1lKay1sOFk4ZnFFY2QzZVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS85ZjE4ZjgtOTZjNC00YjIzLTkzMWYtZDVmMDQ3YzI5MTkw
LzEvTXpXTFJSN2dfb1d3QktCV1Q0TVEteUVjbGZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZR4AwQA
LZR7MA0GCSqGSIb3DQEBCwUAA4IBAQBdjp8qZs6/EYD/MlRFlHpqS9CcZlZuVa9y
MDXiynMqBcreytXdriyyYF5k6EoNwBAFcdbCytqY8zcV9TYwBYTfgWQZ2WatwTIB
zxw8Yld2SlEVxML1fAd/rzMWmTJ2imsofah/HX94jDHn9UvDH4LP+2dcLGBUOHRF
1f4Zjh3522vdHmJK9aarbNwuSJ8cBN07o+Nj2xfVQbJeQ95cD+z351rb1uuRsVHG
ACFs7mCUtULJe0XPJ2VGj2wGReY6vmDPVK+kCIzyIhUg+H1BRfXc735HFapo1gfw
+HZLysAAvBQ1tNd6L6HkFLuA6GY7hol2QKCwgbXt23UKn9P0Ou26
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:24 2024 by rpki-client on console-ams.rpki-client.org