Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PnNWKFMR6JnNnsG1bw3YvGljJ0M.roa
File:                     PnNWKFMR6JnNnsG1bw3YvGljJ0M.roa (raw, json)
Hash identifier:          6RmJ9njePoprNpqsnQ/IkrCtIt8sf2eIRO20xgkULdE=
Subject key identifier:   3E:73:56:28:53:11:E8:99:CD:9E:C1:B5:6F:0D:D8:BC:69:63:27:43
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       018C8F5197B7538DC583549CCC36B2372C96
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PnNWKFMR6JnNnsG1bw3YvGljJ0M.roa
Signing time:             Fri 22 Dec 2023 02:18:58 +0000
ROA not before:           Fri 22 Dec 2023 02:18:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     23470
IP address blocks:        185.185.251.0/24 maxlen: 24
                          45.12.161.0/24 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:34:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:8f:51:97:b7:53:8d:c5:83:54:9c:cc:36:b2:37:2c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Dec 22 02:18:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e7356285311e899cd9ec1b56f0dd8bc69632743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6a:95:25:e7:26:79:7e:55:2a:52:e8:f8:fa:
                    bf:e4:12:ad:b8:ed:54:05:8b:e8:6a:56:c1:c5:63:
                    6c:95:20:a9:66:1b:d4:61:1f:ec:c9:6b:b1:c0:31:
                    7c:b2:e5:f1:0a:8f:f8:dd:f5:d7:90:a0:21:c2:ba:
                    19:32:0c:2e:a4:5d:51:3b:48:ea:a5:77:53:03:7c:
                    a1:0d:9e:bf:26:cd:2d:67:db:70:a6:fd:d8:49:97:
                    00:e5:59:b5:74:ee:77:f4:78:53:64:18:ac:3d:d5:
                    67:9a:e0:27:63:7f:50:22:93:59:39:31:73:ca:f9:
                    2c:39:72:32:9e:82:20:f8:1c:15:97:c5:bf:7e:64:
                    dc:8a:66:ca:ea:ea:0c:ac:80:68:53:5f:da:16:3d:
                    63:45:a1:bc:89:15:3d:65:d2:ec:9e:d1:49:1e:ba:
                    e7:a7:e7:27:6b:e6:52:3e:ee:61:f5:4b:d6:9b:dd:
                    f4:53:bc:eb:2d:1f:33:7a:87:6c:f5:10:f9:11:2e:
                    f4:e7:d7:de:78:ca:85:88:25:72:86:5f:fc:54:aa:
                    f8:9b:ea:e4:93:91:e6:c6:33:55:d3:cc:c9:c2:ef:
                    28:15:d6:a4:13:df:bc:fe:a0:8d:a8:b4:ff:ee:d0:
                    3d:da:5a:a1:f4:21:da:28:32:94:d4:17:81:0a:85:
                    16:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:73:56:28:53:11:E8:99:CD:9E:C1:B5:6F:0D:D8:BC:69:63:27:43
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/PnNWKFMR6JnNnsG1bw3YvGljJ0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.161.0/24
                  185.185.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:0a:b9:06:a4:dd:79:f0:80:04:79:b9:e3:6d:f9:f2:fd:7d:
         71:60:14:19:03:33:43:2d:1a:df:c2:88:ff:03:9c:97:30:2c:
         60:49:11:39:04:f9:2f:87:39:b3:ed:03:7a:30:a8:c0:32:b9:
         eb:ec:1f:ab:d8:5e:45:a2:75:f6:2b:79:58:76:da:25:b3:2c:
         2a:5c:b0:40:c5:92:a8:e7:e3:a2:87:db:11:3f:ab:bb:17:79:
         c4:d7:b3:39:a4:8a:5f:b3:2d:9e:a9:e0:5f:8c:3c:cc:bb:90:
         72:0f:5a:a9:43:d9:24:e3:01:f6:12:f3:ad:f1:82:f1:e3:ca:
         a5:33:98:64:b0:a6:36:f4:33:02:d8:54:a9:1b:31:7c:24:30:
         03:e0:1a:46:3c:16:53:e8:bb:8b:a9:6d:76:d0:a8:02:4e:84:
         26:ac:89:99:18:54:fa:95:e4:08:71:7f:f5:72:43:2b:8c:0b:
         c3:c8:43:b2:0d:53:38:1a:5b:16:eb:1c:01:5b:a2:b4:84:ed:
         99:10:2d:3d:44:05:2f:b3:aa:96:d7:b1:d4:88:f7:3a:68:4c:
         7f:95:52:cb:cb:6a:13:a1:e6:9a:64:05:e0:c9:28:44:a3:bd:
         1f:78:e1:c8:d6:6c:81:40:a8:57:0a:93:1e:31:7b:bf:43:f9:
         ba:d7:a6:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyPUZe3U43Fg1SczDayNyyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjMxMjIyMDIxODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTczNTYyODUzMTFlODk5Y2Q5ZWMxYjU2ZjBkZDhiYzY5NjMyNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWqVJecmeX5VKlLo+Pq/5BKtuO1U
BYvoalbBxWNslSCpZhvUYR/syWuxwDF8suXxCo/43fXXkKAhwroZMgwupF1RO0jq
pXdTA3yhDZ6/Js0tZ9twpv3YSZcA5Vm1dO539HhTZBisPdVnmuAnY39QIpNZOTFz
yvksOXIynoIg+BwVl8W/fmTcimbK6uoMrIBoU1/aFj1jRaG8iRU9ZdLsntFJHrrn
p+cna+ZSPu5h9UvWm930U7zrLR8zeods9RD5ES7059feeMqFiCVyhl/8VKr4m+rk
k5HmxjNV08zJwu8oFdakE9+8/qCNqLT/7tA92lqh9CHaKDKU1BeBCoUWDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD5zVihTEeiZzZ7BtW8N2LxpYydDMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvUG5OV0tGTVI2Sm5ObnNHMWJ3M1l2R2xqSjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQyhAwQA
ubn7MA0GCSqGSIb3DQEBCwUAA4IBAQDDCrkGpN158IAEebnjbfny/X1xYBQZAzND
LRrfwoj/A5yXMCxgSRE5BPkvhzmz7QN6MKjAMrnr7B+r2F5FonX2K3lYdtolsywq
XLBAxZKo5+Oih9sRP6u7F3nE17M5pIpfsy2eqeBfjDzMu5ByD1qpQ9kk4wH2EvOt
8YLx48qlM5hksKY29DMC2FSpGzF8JDAD4BpGPBZT6LuLqW120KgCToQmrImZGFT6
leQIcX/1ckMrjAvDyEOyDVM4GlsW6xwBW6K0hO2ZEC09RAUvs6qW17HUiPc6aEx/
lVLLy2oToeaaZAXgyShEo70feOHI1myBQKhXCpMeMXu/Q/m616am
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:45 2024 by rpki-client on console-fra.rpki-client.org