Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/95fe44-b039-4c93-b975-46ee99a1ee30/1/4Q9iP-cNiVs8nZ2SzzX6qKcvdps.roa
File:                     4Q9iP-cNiVs8nZ2SzzX6qKcvdps.roa (raw, json)
Hash identifier:          rlltEFgLzyW0RoAsRYRezppahPY3lfZg0i1E2TgK6EI=
Subject key identifier:   E1:0F:62:3F:E7:0D:89:5B:3C:9D:9D:92:CF:35:FA:A8:A7:2F:76:9B
Certificate issuer:       /CN=0054882401b0724864a8cccbaeafe42c85240456
Certificate serial:       01856ECBA43867E9371016BFE2DF0B1C0AE3
Authority key identifier: 00:54:88:24:01:B0:72:48:64:A8:CC:CB:AE:AF:E4:2C:85:24:04:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AFSIJAGwckhkqMzLrq_kLIUkBFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/95fe44-b039-4c93-b975-46ee99a1ee30/1/4Q9iP-cNiVs8nZ2SzzX6qKcvdps.roa
Signing time:             Sun 01 Jan 2023 19:25:17 +0000
ROA not before:           Sun 01 Jan 2023 19:25:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201863
IP address blocks:        89.207.15.0/24 maxlen: 24
                          89.207.14.0/24 maxlen: 24
                          89.207.13.0/24 maxlen: 24
                          89.207.12.0/24 maxlen: 24
                          185.187.186.0/24 maxlen: 24
                          185.187.185.0/24 maxlen: 24
                          185.187.184.0/24 maxlen: 24
                          185.187.187.0/24 maxlen: 24
                          185.32.13.0/24 maxlen: 24
                          185.32.12.0/24 maxlen: 24
                          185.32.15.0/24 maxlen: 24
                          185.32.14.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:cb:a4:38:67:e9:37:10:16:bf:e2:df:0b:1c:0a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0054882401b0724864a8cccbaeafe42c85240456
        Validity
            Not Before: Jan  1 19:25:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e10f623fe70d895b3c9d9d92cf35faa8a72f769b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9d:e2:e9:12:f6:f0:15:a5:fb:da:73:8c:57:
                    ee:12:9f:36:33:4d:1a:e3:ae:cb:10:cd:5f:3f:8e:
                    71:f1:05:40:91:4f:ac:77:8f:bc:bf:9b:c9:60:a4:
                    86:a5:00:82:38:b6:e0:79:f6:44:74:5c:bd:42:99:
                    23:61:01:e1:96:c8:da:24:3e:e1:33:37:61:13:5b:
                    9c:4b:ae:79:8f:8b:38:e3:0c:d3:fb:cd:87:06:ca:
                    3e:26:15:2b:30:be:19:f4:ad:35:e7:45:f0:e8:64:
                    e3:1b:80:5e:e8:bb:f4:58:1c:a7:3e:83:da:72:0d:
                    4a:62:2b:30:88:70:1a:a8:14:4d:0e:ee:21:f6:f7:
                    39:d6:38:cc:07:2f:d6:ea:53:7b:49:7e:82:a4:f9:
                    4e:17:18:9f:e7:84:80:4a:7f:fd:77:71:11:50:3f:
                    d1:17:1b:2c:df:3f:bf:60:fd:ab:be:8f:f6:59:91:
                    ad:eb:a0:e2:6a:64:7d:2b:cc:ab:65:ad:0d:d4:ac:
                    e3:08:be:17:03:2a:7c:5a:90:a2:81:5b:7f:85:9e:
                    03:cd:d9:ec:ff:8e:68:ca:2a:1b:06:22:84:f5:7d:
                    31:8a:71:d2:d4:48:c4:c9:89:94:48:b4:d0:3e:2a:
                    8b:b3:a3:36:d0:f0:78:44:23:3e:01:c4:9c:d4:16:
                    c8:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:0F:62:3F:E7:0D:89:5B:3C:9D:9D:92:CF:35:FA:A8:A7:2F:76:9B
            X509v3 Authority Key Identifier:
                keyid:00:54:88:24:01:B0:72:48:64:A8:CC:CB:AE:AF:E4:2C:85:24:04:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AFSIJAGwckhkqMzLrq_kLIUkBFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/95fe44-b039-4c93-b975-46ee99a1ee30/1/4Q9iP-cNiVs8nZ2SzzX6qKcvdps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/95fe44-b039-4c93-b975-46ee99a1ee30/1/AFSIJAGwckhkqMzLrq_kLIUkBFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.207.12.0/22
                  185.32.12.0/22
                  185.187.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:7b:16:25:8d:7d:f3:76:c9:c7:e6:51:d0:c6:32:3d:d1:9c:
         f2:ca:10:c5:a8:be:cb:0a:a8:36:4f:70:a3:c0:76:8e:fc:b1:
         ad:7f:9b:0b:91:6c:72:c3:5b:54:ad:6c:09:46:8f:10:e1:8e:
         3c:fd:38:8a:71:27:a1:98:9b:16:58:56:04:ce:0c:29:b4:da:
         99:90:f6:3f:3e:0a:16:df:76:d5:00:e6:03:48:a1:82:ca:16:
         d9:01:90:18:4c:af:2d:de:8e:1f:3f:0e:45:74:66:ca:f5:81:
         cd:e0:77:69:a4:67:4b:c3:7b:91:2f:56:b3:fd:8b:6f:92:53:
         70:f0:88:82:63:67:55:44:0d:0f:a4:fb:8f:95:10:f1:39:76:
         34:7d:69:e1:f8:ee:61:59:91:94:f3:56:1d:ce:ad:4f:0e:66:
         c9:20:45:cf:ff:57:48:dd:cc:ce:cb:a0:21:2f:1b:23:07:74:
         77:18:51:8a:c7:6d:b1:01:60:5b:55:54:3e:39:79:43:1e:b4:
         6d:6a:22:f3:99:45:95:7f:7d:19:23:59:be:1b:3c:4f:0e:04:
         d5:ed:dd:1c:82:69:ee:3f:08:4f:73:0c:33:e0:ef:0e:cb:66:
         f6:da:7e:2e:0b:39:6c:6d:07:d1:58:c0:21:46:c6:a7:ed:e5:
         9e:56:2d:c0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVuy6Q4Z+k3EBa/4t8LHArjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwNTQ4ODI0MDFiMDcyNDg2NGE4Y2NjYmFlYWZlNDJjODUy
NDA0NTYwHhcNMjMwMTAxMTkyNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTBmNjIzZmU3MGQ4OTViM2M5ZDlkOTJjZjM1ZmFhOGE3MmY3NjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg53i6RL28BWl+9pzjFfuEp82M00a
467LEM1fP45x8QVAkU+sd4+8v5vJYKSGpQCCOLbgefZEdFy9QpkjYQHhlsjaJD7h
MzdhE1ucS655j4s44wzT+82HBso+JhUrML4Z9K0150Xw6GTjG4Be6Lv0WBynPoPa
cg1KYiswiHAaqBRNDu4h9vc51jjMBy/W6lN7SX6CpPlOFxif54SASn/9d3ERUD/R
Fxss3z+/YP2rvo/2WZGt66DiamR9K8yrZa0N1KzjCL4XAyp8WpCigVt/hZ4Dzdns
/45oyiobBiKE9X0xinHS1EjEyYmUSLTQPiqLs6M20PB4RCM+AcSc1BbIqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOEPYj/nDYlbPJ2dks81+qinL3abMB8GA1UdIwQY
MBaAFABUiCQBsHJIZKjMy66v5CyFJARWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUZTSUpBR3dja2hrcU16THJxX2tMSVVrQkZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85NWZlNDQtYjAzOS00YzkzLWI5NzUt
NDZlZTk5YTFlZTMwLzEvNFE5aVAtY05pVnM4bloyU3p6WDZxS2N2ZHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85NWZlNDQtYjAzOS00YzkzLWI5NzUtNDZlZTk5YTFlZTMw
LzEvQUZTSUpBR3dja2hrcU16THJxX2tMSVVrQkZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCWc8MAwQC
uSAMAwQCubu4MA0GCSqGSIb3DQEBCwUAA4IBAQBIexYljX3zdsnH5lHQxjI90Zzy
yhDFqL7LCqg2T3CjwHaO/LGtf5sLkWxyw1tUrWwJRo8Q4Y48/TiKcSehmJsWWFYE
zgwptNqZkPY/PgoW33bVAOYDSKGCyhbZAZAYTK8t3o4fPw5FdGbK9YHN4HdppGdL
w3uRL1az/YtvklNw8IiCY2dVRA0PpPuPlRDxOXY0fWnh+O5hWZGU81Ydzq1PDmbJ
IEXP/1dI3czOy6AhLxsjB3R3GFGKx22xAWBbVVQ+OXlDHrRtaiLzmUWVf30ZI1m+
GzxPDgTV7d0cgmnuPwhPcwwz4O8Oy2b22n4uCzlsbQfRWMAhRsan7eWeVi3A
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:12 2024 by rpki-client on console-ams.rpki-client.org