Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/BSGDINlxIVwUcNBtsOXIxS5JLIg.roa
File:                     BSGDINlxIVwUcNBtsOXIxS5JLIg.roa (raw, json)
Hash identifier:          sguleSD2eUHn6F3FdP1I4Yke/D17LrhEZZsiblVRAF4=
Subject key identifier:   05:21:83:20:D9:71:21:5C:14:70:D0:6D:B0:E5:C8:C5:2E:49:2C:88
Certificate issuer:       /CN=129462d45b8ab95d4c35c40265b31b52bf1e8dbd
Certificate serial:       018924DCB4756483CEB58B46AE74B4B6286C
Authority key identifier: 12:94:62:D4:5B:8A:B9:5D:4C:35:C4:02:65:B3:1B:52:BF:1E:8D:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/BSGDINlxIVwUcNBtsOXIxS5JLIg.roa
Signing time:             Wed 05 Jul 2023 07:03:11 +0000
ROA not before:           Wed 05 Jul 2023 07:03:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48988
IP address blocks:        213.148.0.0/20 maxlen: 20
                          2a13:8280::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 09:34:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:24:dc:b4:75:64:83:ce:b5:8b:46:ae:74:b4:b6:28:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=129462d45b8ab95d4c35c40265b31b52bf1e8dbd
        Validity
            Not Before: Jul  5 07:03:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=05218320d971215c1470d06db0e5c8c52e492c88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:ee:91:f6:00:d6:63:23:df:3d:7d:db:58:9a:
                    3a:a5:9c:04:1d:8c:af:bb:ae:ee:63:ee:0a:3a:78:
                    2d:19:f2:5f:65:69:45:2a:af:af:54:0f:34:ae:13:
                    e9:5f:b5:3c:13:ee:1f:12:63:6d:cd:c5:bb:90:b3:
                    e3:c7:65:bf:2e:5c:19:62:c0:dd:67:aa:11:b8:09:
                    f2:79:97:0f:19:7b:26:77:bf:11:da:0d:8b:30:ec:
                    6e:82:a6:f8:6e:16:2b:54:6d:f4:cd:54:68:3d:ae:
                    dd:82:44:46:2d:44:1f:b6:b3:05:cb:e2:66:5f:8c:
                    2b:09:65:99:ea:d1:1d:c3:45:a8:a2:37:47:50:c1:
                    78:3d:5f:e9:ee:fb:b6:05:fa:76:1d:ea:25:bd:38:
                    b6:83:b5:71:56:e4:55:0a:bf:8c:4f:1b:ce:d3:da:
                    c9:8a:49:cd:75:36:32:cc:f8:60:62:8b:79:31:b4:
                    2a:77:1d:83:ac:e5:32:ae:57:b4:42:c4:86:18:ea:
                    ce:c8:e9:1b:e6:0f:6f:33:00:57:19:ce:a3:29:93:
                    ad:a7:3b:c5:60:60:45:2f:66:7d:e0:4a:63:6e:a9:
                    01:b2:cc:ec:17:1c:fc:61:f2:45:a2:61:84:79:a5:
                    d4:03:38:6b:0e:f6:a3:80:ea:0e:6a:48:2a:f6:43:
                    df:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:21:83:20:D9:71:21:5C:14:70:D0:6D:B0:E5:C8:C5:2E:49:2C:88
            X509v3 Authority Key Identifier:
                keyid:12:94:62:D4:5B:8A:B9:5D:4C:35:C4:02:65:B3:1B:52:BF:1E:8D:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/BSGDINlxIVwUcNBtsOXIxS5JLIg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/EpRi1FuKuV1MNcQCZbMbUr8ejb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.148.0.0/20
                IPv6:
                  2a13:8280::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:4a:20:47:de:91:ed:75:50:5e:36:e3:78:9d:3b:b3:e4:63:
         ae:19:7b:77:f0:69:4f:3b:91:13:0f:3a:5e:2e:fa:12:82:2a:
         25:f6:c7:a2:97:13:dd:d0:8d:0b:28:d2:b7:03:ea:dd:24:18:
         86:08:64:1a:af:a8:23:e4:e9:de:ea:cf:9a:37:65:9e:4e:a5:
         ff:b6:9c:da:da:75:a1:9d:22:b9:9d:81:e0:d0:66:9d:18:43:
         cc:90:f0:c7:db:da:ff:4d:0f:9b:e0:b9:d7:7a:b0:d7:6f:74:
         5a:db:12:cb:b6:b2:fc:ec:f0:66:31:b5:e9:a5:20:03:d7:39:
         fc:0b:f6:ab:7e:94:dd:c2:a6:99:0e:a7:d3:85:9e:c3:07:cf:
         c1:97:f3:49:27:e1:84:9b:63:bf:58:fa:09:83:c8:bd:53:3e:
         2c:24:77:f5:07:16:9b:52:66:0d:81:ce:bc:e7:a5:0a:58:a1:
         db:c4:26:57:bd:22:57:51:4f:c9:70:b1:e1:11:8e:72:e6:d5:
         22:5f:7a:50:3f:16:94:ad:ed:23:f9:0e:3f:53:f4:7e:68:f4:
         c5:15:85:64:52:75:de:83:e8:2d:6d:45:ef:5e:ba:ba:53:9f:
         0f:7f:34:f5:4a:76:8d:7d:61:6c:bb:d8:30:ab:2f:86:5f:7d:
         97:49:ae:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYkk3LR1ZIPOtYtGrnS0tihsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyOTQ2MmQ0NWI4YWI5NWQ0YzM1YzQwMjY1YjMxYjUyYmYx
ZThkYmQwHhcNMjMwNzA1MDcwMzExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTIxODMyMGQ5NzEyMTVjMTQ3MGQwNmRiMGU1YzhjNTJlNDkyYzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2O6R9gDWYyPfPX3bWJo6pZwEHYyv
u67uY+4KOngtGfJfZWlFKq+vVA80rhPpX7U8E+4fEmNtzcW7kLPjx2W/LlwZYsDd
Z6oRuAnyeZcPGXsmd78R2g2LMOxugqb4bhYrVG30zVRoPa7dgkRGLUQftrMFy+Jm
X4wrCWWZ6tEdw0WoojdHUMF4PV/p7vu2Bfp2HeolvTi2g7VxVuRVCr+MTxvO09rJ
iknNdTYyzPhgYot5MbQqdx2DrOUyrle0QsSGGOrOyOkb5g9vMwBXGc6jKZOtpzvF
YGBFL2Z94EpjbqkBsszsFxz8YfJFomGEeaXUAzhrDvajgOoOakgq9kPfMwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAUhgyDZcSFcFHDQbbDlyMUuSSyIMB8GA1UdIwQY
MBaAFBKUYtRbirldTDXEAmWzG1K/Ho29MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXBSaTFGdUt1VjFNTmNRQ1piTWJVcjhlamIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85OTk1MDktYmRjMC00ZTA3LTg3NzQt
M2EzODkzMzJmNzlmLzEvQlNHRElObHhJVndVY05CdHNPWEl4UzVKTElnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85OTk1MDktYmRjMC00ZTA3LTg3NzQtM2EzODkzMzJmNzlm
LzEvRXBSaTFGdUt1VjFNTmNRQ1piTWJVcjhlamIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE1ZQAMA0E
AgACMAcDBQAqE4KAMA0GCSqGSIb3DQEBCwUAA4IBAQAqSiBH3pHtdVBeNuN4nTuz
5GOuGXt38GlPO5ETDzpeLvoSgiol9seilxPd0I0LKNK3A+rdJBiGCGQar6gj5One
6s+aN2WeTqX/tpza2nWhnSK5nYHg0GadGEPMkPDH29r/TQ+b4LnXerDXb3Ra2xLL
trL87PBmMbXppSAD1zn8C/arfpTdwqaZDqfThZ7DB8/Bl/NJJ+GEm2O/WPoJg8i9
Uz4sJHf1BxabUmYNgc6856UKWKHbxCZXvSJXUU/JcLHhEY5y5tUiX3pQPxaUre0j
+Q4/U/R+aPTFFYVkUnXeg+gtbUXvXrq6U58PfzT1SnaNfWFsu9gwqy+GX32XSa40
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:36 2024 by rpki-client on console-ams.rpki-client.org