Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zCB-p5_VIxJGScw4bE_bKptc-LU.roa
File:                     zCB-p5_VIxJGScw4bE_bKptc-LU.roa (raw, json)
Hash identifier:          +H9LSpAjmM+1SWIU/xo4XBuSwyH73gHa5M7GsaGASpQ=
Subject key identifier:   CC:20:7E:A7:9F:D5:23:12:46:49:CC:38:6C:4F:DB:2A:9B:5C:F8:B5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018F0A7DD10E4EA3A945833F44CA852672E8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zCB-p5_VIxJGScw4bE_bKptc-LU.roa
Signing time:             Tue 23 Apr 2024 10:26:08 +0000
ROA not before:           Tue 23 Apr 2024 10:26:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.21.0/24 maxlen: 24
                          185.220.250.0/23 maxlen: 24
                          185.223.82.0/24 maxlen: 24
                          185.225.0.0/23 maxlen: 23
                          185.226.104.0/24 maxlen: 24
                          185.227.146.0/23 maxlen: 24
                          185.227.147.0/24 maxlen: 24
                          185.234.20.0/24 maxlen: 24
                          185.251.230.0/24 maxlen: 24
                          193.58.146.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 Apr 2024 11:25:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:7d:d1:0e:4e:a3:a9:45:83:3f:44:ca:85:26:72:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 23 10:26:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc207ea79fd523124649cc386c4fdb2a9b5cf8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:5a:a1:9e:dd:da:27:f0:fd:b6:0d:63:e0:b6:
                    5b:70:4a:9d:b7:2d:4f:18:1a:58:ae:a2:7e:d8:f6:
                    34:d1:c8:a2:91:c6:08:89:1c:14:91:63:0d:c9:1f:
                    b1:5d:dc:d1:29:ef:b9:fb:c0:aa:64:1e:a6:61:79:
                    2c:61:c9:4e:52:c9:c7:e3:5e:3a:5f:35:b2:5e:ba:
                    91:34:a6:f0:9d:37:9c:6a:b2:46:ef:e1:ba:9b:ad:
                    bf:50:fd:ae:ca:b2:40:e0:f9:4f:93:5a:f0:be:ca:
                    12:14:be:11:63:f9:6d:cd:e2:cd:30:3b:ff:d9:e0:
                    65:29:5a:18:ef:11:1d:ae:8a:09:85:4e:98:88:6e:
                    6f:f5:92:34:52:ad:15:7b:de:5a:17:18:06:92:45:
                    ac:b2:84:7e:44:f5:1a:75:15:1e:66:81:eb:f6:4c:
                    89:53:db:f0:44:a9:10:39:6b:f3:4c:55:45:38:3d:
                    10:b7:ab:28:41:91:fc:f9:f3:77:1d:c6:f3:ae:a3:
                    de:01:86:4f:9e:3b:9b:a2:dd:c3:f0:20:9b:e7:f2:
                    b9:59:6d:e3:6a:fd:21:af:c2:1e:44:cc:2c:d1:4c:
                    fe:10:23:ce:58:ee:47:73:d2:1d:75:f8:fa:e9:df:
                    ba:ed:33:cb:ca:2d:4a:25:f4:73:3c:6b:03:b2:d2:
                    03:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:20:7E:A7:9F:D5:23:12:46:49:CC:38:6C:4F:DB:2A:9B:5C:F8:B5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zCB-p5_VIxJGScw4bE_bKptc-LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.21.0/24
                  185.220.250.0/23
                  185.223.82.0/24
                  185.225.0.0/23
                  185.226.104.0/24
                  185.227.146.0/23
                  185.234.20.0/24
                  185.251.230.0/24
                  193.58.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:a8:c6:e5:16:e5:9c:a6:b1:98:ca:7a:e2:d6:35:d2:5b:9a:
         79:c6:5d:84:d1:09:65:b0:7a:0d:2c:25:4f:45:e4:83:52:96:
         9d:95:eb:e3:9f:3b:86:55:cd:2c:a1:14:c8:6f:34:9d:7f:18:
         1d:16:8d:32:4c:89:2b:02:d2:1c:73:a2:eb:d1:f1:26:f5:46:
         8e:70:3e:e2:1b:7f:c2:96:82:1c:cb:12:09:ef:d3:4a:bf:28:
         11:e2:a0:20:d7:68:93:a2:c8:d0:14:60:71:0f:f2:cb:5d:dd:
         1b:3c:d5:9b:24:d9:ae:f0:c7:cd:d2:79:65:18:20:dd:ea:2d:
         49:e7:1f:b1:6d:5f:eb:9c:11:20:87:6c:a4:69:a9:aa:13:2b:
         7f:06:d1:f6:2f:0f:45:2f:7b:0f:1b:f9:d7:26:38:7a:78:e3:
         fe:17:a5:1e:76:17:98:f0:c5:95:dc:88:ca:4f:66:7f:75:df:
         7c:18:43:3e:16:0c:9a:8f:5f:92:d7:3a:8b:ea:06:60:01:0e:
         55:fe:2b:cd:23:9a:b3:b5:19:83:71:83:9a:ae:32:47:7d:64:
         3b:d6:ee:0d:ab:d7:cd:5e:9e:fd:79:34:4d:1e:9a:1c:ec:ce:
         25:4b:b5:15:a4:f6:57:6c:c9:9e:1c:20:9c:70:c7:c0:d7:f1:
         c0:57:82:5a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY8KfdEOTqOpRYM/RMqFJnLoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNDIzMTAyNjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzIwN2VhNzlmZDUyMzEyNDY0OWNjMzg2YzRmZGIyYTliNWNmOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVqhnt3aJ/D9tg1j4LZbcEqdty1P
GBpYrqJ+2PY00ciikcYIiRwUkWMNyR+xXdzRKe+5+8CqZB6mYXksYclOUsnH4146
XzWyXrqRNKbwnTecarJG7+G6m62/UP2uyrJA4PlPk1rwvsoSFL4RY/ltzeLNMDv/
2eBlKVoY7xEdrooJhU6YiG5v9ZI0Uq0Ve95aFxgGkkWssoR+RPUadRUeZoHr9kyJ
U9vwRKkQOWvzTFVFOD0Qt6soQZH8+fN3HcbzrqPeAYZPnjubot3D8CCb5/K5WW3j
av0hr8IeRMws0Uz+ECPOWO5Hc9Iddfj66d+67TPLyi1KJfRzPGsDstIDywIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFMwgfqef1SMSRknMOGxP2yqbXPi1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvekNCLXA1X1ZJeEpHU2N3NGJFX2JLcHRjLUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALQgVAwQB
udz6AwQAud9SAwQBueEAAwQAueJoAwQBueOSAwQAueoUAwQAufvmAwQBwTqSMA0G
CSqGSIb3DQEBCwUAA4IBAQAjqMblFuWcprGYynri1jXSW5p5xl2E0QllsHoNLCVP
ReSDUpadlevjnzuGVc0soRTIbzSdfxgdFo0yTIkrAtIcc6Lr0fEm9UaOcD7iG3/C
loIcyxIJ79NKvygR4qAg12iTosjQFGBxD/LLXd0bPNWbJNmu8MfN0nllGCDd6i1J
5x+xbV/rnBEgh2ykaamqEyt/BtH2Lw9FL3sPG/nXJjh6eOP+F6UedheY8MWV3IjK
T2Z/dd98GEM+Fgyaj1+S1zqL6gZgAQ5V/ivNI5qztRmDcYOarjJHfWQ71u4Nq9fN
Xp79eTRNHpoc7M4lS7UVpPZXbMmeHCCccMfA1/HAV4Ja
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:44 2024 by rpki-client on console-fra.rpki-client.org