Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/KxN4RIA8qF-Gsg0G-isrSG1UH-Y.roa
File:                     KxN4RIA8qF-Gsg0G-isrSG1UH-Y.roa (raw, json)
Hash identifier:          ErzKeZ8aSWaySfE/bkDqFDtnITnlfLR/rkvx5rg8hUk=
Subject key identifier:   2B:13:78:44:80:3C:A8:5F:86:B2:0D:06:FA:2B:2B:48:6D:54:1F:E6
Certificate issuer:       /CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
Certificate serial:       018C2EB8A401FA21C18DB3D46031CD18C6F5
Authority key identifier: F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/KxN4RIA8qF-Gsg0G-isrSG1UH-Y.roa
Signing time:             Sun 03 Dec 2023 08:08:21 +0000
ROA not before:           Sun 03 Dec 2023 08:08:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        123.253.212.0/24 maxlen: 24
                          46.175.130.0/24 maxlen: 24
                          185.110.63.0/24 maxlen: 24
                          123.253.213.0/24 maxlen: 24
                          141.98.139.0/24 maxlen: 24
                          141.98.137.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:2e:b8:a4:01:fa:21:c1:8d:b3:d4:60:31:cd:18:c6:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04eb204f358004788224e2fb18e4d5e74bebf8d
        Validity
            Not Before: Dec  3 08:08:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b137844803ca85f86b20d06fa2b2b486d541fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:57:53:30:91:df:21:f5:58:76:15:b9:cd:3b:
                    3e:a4:d6:3a:ce:c5:33:7f:6d:b8:76:c8:2a:60:03:
                    a9:cd:91:6c:22:0d:ce:a7:1f:73:f1:45:94:f7:7d:
                    da:8f:b3:4d:da:c5:65:32:59:22:7b:f6:3a:55:97:
                    7a:83:e3:5f:1d:1e:fb:39:87:10:2d:9d:f5:d9:3d:
                    0a:c6:fc:fe:af:1b:ea:fe:99:87:04:d0:4f:b3:ea:
                    91:9c:86:dd:8a:1a:31:39:07:f6:42:90:84:af:9d:
                    8c:3f:01:2e:90:82:78:8c:92:5e:ed:56:c9:3e:73:
                    6d:94:70:ba:c9:86:00:04:7a:f2:fc:8b:75:4c:d8:
                    f7:83:ef:8e:b3:32:36:70:1f:ea:c4:1d:80:30:ee:
                    84:34:1f:d7:e4:0f:c3:74:16:a5:f5:76:25:ff:d3:
                    f7:d3:0f:9a:2a:d0:0c:b7:36:e4:c4:1d:e8:76:74:
                    a5:4b:d3:c8:5c:74:24:51:84:7a:1e:97:66:27:12:
                    62:82:77:15:88:fa:09:59:3c:e1:dc:79:b6:fa:38:
                    7b:60:1a:59:25:77:9c:69:98:6f:4e:c4:ff:b8:af:
                    e5:68:2e:cf:7c:68:69:72:c8:3f:48:25:5a:64:e7:
                    da:33:8b:65:53:02:da:c4:a5:48:0b:46:32:c2:64:
                    50:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:13:78:44:80:3C:A8:5F:86:B2:0D:06:FA:2B:2B:48:6D:54:1F:E6
            X509v3 Authority Key Identifier:
                keyid:F0:4E:B2:04:F3:58:00:47:88:22:4E:2F:B1:8E:4D:5E:74:BE:BF:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8E6yBPNYAEeIIk4vsY5NXnS-v40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/KxN4RIA8qF-Gsg0G-isrSG1UH-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/9ab42a-df92-4e42-9e33-5c5892afa487/1/8E6yBPNYAEeIIk4vsY5NXnS-v40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.130.0/24
                  123.253.212.0/23
                  141.98.137.0/24
                  141.98.139.0/24
                  185.110.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:92:e3:f8:f8:d6:e9:32:05:23:86:9c:f3:c8:67:98:7d:b9:
         d2:f4:5b:5c:bc:e9:4f:ad:42:e8:8f:dc:1a:56:22:d8:4d:46:
         ac:0b:ad:8d:34:fc:bc:56:7e:d2:d3:98:08:b2:74:79:c8:56:
         29:0c:33:81:8c:9c:48:90:67:f0:62:14:21:51:25:62:0e:c3:
         14:35:a8:15:ec:c6:d5:9c:8a:dd:30:32:98:a5:a2:d0:18:15:
         38:0d:b7:8b:88:13:89:b8:ee:89:19:b4:0e:d5:29:5d:08:3a:
         c0:7c:6b:29:4d:2c:08:9f:79:d5:58:fe:62:4b:54:10:51:e8:
         90:08:ad:99:10:5d:f8:b6:de:9b:44:be:12:6c:99:a1:b8:1c:
         90:d1:c3:46:75:54:85:0f:20:0d:2b:f4:8e:bb:8e:8a:13:dd:
         93:94:00:a9:00:c9:88:34:84:50:18:76:59:5d:f6:9e:e5:e7:
         64:58:85:34:54:65:fb:ad:27:ad:3a:f7:b9:d2:85:3d:25:fa:
         f5:20:8a:46:e6:c6:3c:d5:5b:c5:42:bc:5d:28:61:32:02:58:
         e7:06:76:e2:72:52:4e:e9:f2:44:4e:5b:32:e7:16:55:e2:2f:
         32:86:2f:1c:3c:97:57:f2:e9:8d:c5:c5:d5:5b:ac:1b:0f:ef:
         66:2d:a1:8d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYwuuKQB+iHBjbPUYDHNGMb1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGViMjA0ZjM1ODAwNDc4ODIyNGUyZmIxOGU0ZDVlNzRi
ZWJmOGQwHhcNMjMxMjAzMDgwODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjEzNzg0NDgwM2NhODVmODZiMjBkMDZmYTJiMmI0ODZkNTQxZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsldTMJHfIfVYdhW5zTs+pNY6zsUz
f224dsgqYAOpzZFsIg3Opx9z8UWU933aj7NN2sVlMlkie/Y6VZd6g+NfHR77OYcQ
LZ312T0Kxvz+rxvq/pmHBNBPs+qRnIbdihoxOQf2QpCEr52MPwEukIJ4jJJe7VbJ
PnNtlHC6yYYABHry/It1TNj3g++OszI2cB/qxB2AMO6ENB/X5A/DdBal9XYl/9P3
0w+aKtAMtzbkxB3odnSlS9PIXHQkUYR6HpdmJxJigncViPoJWTzh3Hm2+jh7YBpZ
JXecaZhvTsT/uK/laC7PfGhpcsg/SCVaZOfaM4tlUwLaxKVIC0YywmRQKwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCsTeESAPKhfhrINBvorK0htVB/mMB8GA1UdIwQY
MBaAFPBOsgTzWABHiCJOL7GOTV50vr+NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMt
NWM1ODkyYWZhNDg3LzEvS3hONFJJQThxRi1Hc2cwRy1pc3JTRzFVSC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85YWI0MmEtZGY5Mi00ZTQyLTllMzMtNWM1ODkyYWZhNDg3
LzEvOEU2eUJQTllBRWVJSWs0dnNZNU5YblMtdjQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALq+CAwQB
e/3UAwQAjWKJAwQAjWKLAwQAuW4/MA0GCSqGSIb3DQEBCwUAA4IBAQCUkuP4+Nbp
MgUjhpzzyGeYfbnS9FtcvOlPrULoj9waViLYTUasC62NNPy8Vn7S05gIsnR5yFYp
DDOBjJxIkGfwYhQhUSViDsMUNagV7MbVnIrdMDKYpaLQGBU4DbeLiBOJuO6JGbQO
1SldCDrAfGspTSwIn3nVWP5iS1QQUeiQCK2ZEF34tt6bRL4SbJmhuByQ0cNGdVSF
DyANK/SOu46KE92TlACpAMmINIRQGHZZXfae5edkWIU0VGX7rSetOve50oU9Jfr1
IIpG5sY81VvFQrxdKGEyAljnBnbiclJO6fJETlsy5xZV4i8yhi8cPJdX8umNxcXV
W6wbD+9mLaGN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:09 2024 by rpki-client on console-fra.rpki-client.org