Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/KkxG-vsKJu3wobWGzkkGbFOxl-I.roa
File:                     KkxG-vsKJu3wobWGzkkGbFOxl-I.roa (raw, json)
Hash identifier:          hGRYG9TPpwDCBm2sbUH0Z+hXvCzK7k7ZgsDyCLLU/20=
Subject key identifier:   2A:4C:46:FA:FB:0A:26:ED:F0:A1:B5:86:CE:49:06:6C:53:B1:97:E2
Certificate issuer:       /CN=2b9efb5878d3b3634dc1ccb90ac48e0b89d1c879
Certificate serial:       018CC4244EC2012D1D87279C5FE1D65F6EED
Authority key identifier: 2B:9E:FB:58:78:D3:B3:63:4D:C1:CC:B9:0A:C4:8E:0B:89:D1:C8:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K577WHjTs2NNwcy5CsSOC4nRyHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/KkxG-vsKJu3wobWGzkkGbFOxl-I.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202090
IP address blocks:        178.159.44.0/24 maxlen: 24
                          178.159.44.0/22 maxlen: 22
                          178.159.46.0/24 maxlen: 24
                          178.159.47.0/24 maxlen: 24
                          178.159.45.0/24 maxlen: 24
                          185.99.142.0/23 maxlen: 24
                          185.99.142.0/24 maxlen: 24
                          185.99.143.0/24 maxlen: 24
                          185.65.137.0/24 maxlen: 24
                          193.176.180.0/24 maxlen: 24
                          193.176.181.0/24 maxlen: 24
                          193.176.180.0/22 maxlen: 22
                          193.176.183.0/24 maxlen: 24
                          193.176.182.0/24 maxlen: 24
                          81.91.191.0/24 maxlen: 24
                          81.91.190.0/24 maxlen: 24
                          185.47.152.0/23 maxlen: 23
                          2a0c:b1c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jul 2024 11:34:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4e:c2:01:2d:1d:87:27:9c:5f:e1:d6:5f:6e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b9efb5878d3b3634dc1ccb90ac48e0b89d1c879
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a4c46fafb0a26edf0a1b586ce49066c53b197e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:62:1f:43:40:87:8f:ee:cb:d8:c1:2d:cf:59:
                    cb:bd:90:f3:4a:cb:7f:61:e4:fa:fe:89:37:61:f5:
                    a3:4e:94:72:f4:c2:cf:67:e5:0a:28:0f:c0:e3:1a:
                    f5:61:90:91:bb:4d:17:dc:bf:a1:60:58:f0:7d:2e:
                    76:d9:2e:b5:0d:90:aa:d5:f5:b6:1a:7a:ad:c2:ad:
                    fc:84:af:46:56:58:d3:05:64:ef:6e:a5:35:24:29:
                    0b:bd:3a:5c:36:60:69:a5:96:4a:e5:0f:8f:32:22:
                    d1:03:72:d0:16:c0:f9:34:a1:02:02:73:f8:f1:d0:
                    c6:04:59:98:92:c2:95:06:7c:a2:22:d0:a9:59:3c:
                    d7:69:7f:49:69:56:7b:1b:1b:fe:4e:f7:e9:78:04:
                    d1:6b:19:4d:09:34:ad:4f:15:3f:73:61:38:64:2d:
                    c4:50:56:8f:42:1c:39:e2:4d:3a:67:a9:f1:f6:e1:
                    33:29:ad:86:10:8d:08:63:67:e9:e0:af:2f:84:27:
                    c3:bf:6b:36:d7:fe:13:21:64:0c:1f:1d:e8:37:35:
                    69:06:ca:41:ab:e3:61:45:0a:3b:b9:6d:d9:f1:be:
                    7c:fd:f1:76:b9:9c:46:25:3f:a7:71:47:4c:7a:2e:
                    0f:ec:f6:62:26:8b:05:e7:ce:a2:47:99:a1:a9:e8:
                    13:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:4C:46:FA:FB:0A:26:ED:F0:A1:B5:86:CE:49:06:6C:53:B1:97:E2
            X509v3 Authority Key Identifier:
                keyid:2B:9E:FB:58:78:D3:B3:63:4D:C1:CC:B9:0A:C4:8E:0B:89:D1:C8:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K577WHjTs2NNwcy5CsSOC4nRyHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/KkxG-vsKJu3wobWGzkkGbFOxl-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/d03608-3c67-423d-b18d-4bcd3d58463a/1/K577WHjTs2NNwcy5CsSOC4nRyHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.91.190.0/23
                  178.159.44.0/22
                  185.47.152.0/23
                  185.65.137.0/24
                  185.99.142.0/23
                  193.176.180.0/22
                IPv6:
                  2a0c:b1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:bb:c0:e6:ae:c9:ed:96:f2:1c:d3:db:78:20:6a:bd:b9:2b:
         d6:e1:10:a5:a5:ac:ad:97:b9:83:20:bd:ed:2a:8a:7f:e6:d0:
         d7:de:cc:26:94:c6:ab:8a:fb:54:51:8e:6e:ba:85:cc:e6:65:
         e0:93:d3:33:52:09:64:9e:bd:66:83:82:90:d3:23:de:13:ba:
         3a:61:34:a7:95:a2:be:c6:17:51:de:2e:e4:8d:06:74:8b:c1:
         e4:9a:e4:fb:85:c1:68:b6:03:26:ee:84:60:4f:0c:50:df:0d:
         21:35:ce:4a:3a:0a:50:fe:06:71:ab:00:a0:29:64:2b:ee:d6:
         cf:c3:e5:12:e0:79:e1:3a:f0:0d:1c:32:fa:ee:48:da:3b:44:
         e6:f3:50:65:d9:31:22:ad:cb:45:f8:7a:6d:f2:be:1a:ea:a6:
         f3:cd:ed:f2:97:fc:8d:f0:90:59:75:3f:67:ce:36:de:cf:12:
         a3:af:b4:e5:de:31:26:45:05:bc:d1:3a:96:a9:76:b8:c2:93:
         7c:50:b4:4d:fa:98:48:cd:0f:02:b3:cf:1f:2c:98:97:02:bb:
         09:aa:ae:a4:36:ce:51:43:09:5c:89:03:f0:77:cb:8e:29:74:
         92:06:65:7b:02:c0:d7:a9:dc:92:5d:3f:2f:f4:ff:fe:d9:ac:
         2e:6a:92:32
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzEJE7CAS0dhyecX+HWX27tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOWVmYjU4NzhkM2IzNjM0ZGMxY2NiOTBhYzQ4ZTBiODlk
MWM4NzkwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTRjNDZmYWZiMGEyNmVkZjBhMWI1ODZjZTQ5MDY2YzUzYjE5N2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGIfQ0CHj+7L2MEtz1nLvZDzSst/
YeT6/ok3YfWjTpRy9MLPZ+UKKA/A4xr1YZCRu00X3L+hYFjwfS522S61DZCq1fW2
Gnqtwq38hK9GVljTBWTvbqU1JCkLvTpcNmBppZZK5Q+PMiLRA3LQFsD5NKECAnP4
8dDGBFmYksKVBnyiItCpWTzXaX9JaVZ7Gxv+TvfpeATRaxlNCTStTxU/c2E4ZC3E
UFaPQhw54k06Z6nx9uEzKa2GEI0IY2fp4K8vhCfDv2s21/4TIWQMHx3oNzVpBspB
q+NhRQo7uW3Z8b58/fF2uZxGJT+ncUdMei4P7PZiJosF586iR5mhqegTqQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFCpMRvr7Cibt8KG1hs5JBmxTsZfiMB8GA1UdIwQY
MBaAFCue+1h407NjTcHMuQrEjguJ0ch5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzU3N1dIalRzMk5Od2N5NUNzU09DNG5SeUhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9kMDM2MDgtM2M2Ny00MjNkLWIxOGQt
NGJjZDNkNTg0NjNhLzEvS2t4Ry12c0tKdTN3b2JXR3pra0diRk94bC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9kMDM2MDgtM2M2Ny00MjNkLWIxOGQtNGJjZDNkNTg0NjNh
LzEvSzU3N1dIalRzMk5Od2N5NUNzU09DNG5SeUhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQBUVu+AwQC
sp8sAwQBuS+YAwQAuUGJAwQBuWOOAwQCwbC0MA0EAgACMAcDBQAqDLHAMA0GCSqG
SIb3DQEBCwUAA4IBAQABu8DmrsntlvIc09t4IGq9uSvW4RClpaytl7mDIL3tKop/
5tDX3swmlMarivtUUY5uuoXM5mXgk9MzUglknr1mg4KQ0yPeE7o6YTSnlaK+xhdR
3i7kjQZ0i8HkmuT7hcFotgMm7oRgTwxQ3w0hNc5KOgpQ/gZxqwCgKWQr7tbPw+US
4HnhOvANHDL67kjaO0Tm81Bl2TEirctF+Hpt8r4a6qbzze3yl/yN8JBZdT9nzjbe
zxKjr7Tl3jEmRQW80TqWqXa4wpN8ULRN+phIzQ8Cs88fLJiXArsJqq6kNs5RQwlc
iQPwd8uOKXSSBmV7AsDXqdySXT8v9P/+2awuapIy
-----END CERTIFICATE-----
Generated at Mon Jul 1 14:21:12 2024 by rpki-client on console-ams.rpki-client.org