Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/0b9cbf-25ae-4327-98aa-a7dd9aea1d7a/1/I-ZvfqiyshkBnptS5xCTZ-zJTas.roa
File:                     I-ZvfqiyshkBnptS5xCTZ-zJTas.roa (raw, json)
Hash identifier:          W/nP3t47NaKPonWUnElQYdca0gw7yMVd7sLrYeLIJoU=
Subject key identifier:   23:E6:6F:7E:A8:B2:B2:19:01:9E:9B:52:E7:10:93:67:EC:C9:4D:AB
Certificate issuer:       /CN=afc193ee11e54716169f94c8f931eae1fc854921
Certificate serial:       018CCA976FBD2CF3BB562CA87E4DBD438857
Authority key identifier: AF:C1:93:EE:11:E5:47:16:16:9F:94:C8:F9:31:EA:E1:FC:85:49:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r8GT7hHlRxYWn5TI-THq4fyFSSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/0b9cbf-25ae-4327-98aa-a7dd9aea1d7a/1/I-ZvfqiyshkBnptS5xCTZ-zJTas.roa
Signing time:             Tue 02 Jan 2024 14:32:51 +0000
ROA not before:           Tue 02 Jan 2024 14:32:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208367
IP address blocks:        45.142.100.0/24 maxlen: 24
                          2a10:46c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 01:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:97:6f:bd:2c:f3:bb:56:2c:a8:7e:4d:bd:43:88:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afc193ee11e54716169f94c8f931eae1fc854921
        Validity
            Not Before: Jan  2 14:32:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23e66f7ea8b2b219019e9b52e7109367ecc94dab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c0:9b:cc:6f:b5:f2:b5:65:dd:e7:31:ee:f1:
                    78:fb:4f:0e:5c:16:20:e3:17:5c:cb:62:aa:2d:37:
                    1d:6b:4f:a4:8f:6a:d1:c1:18:65:dd:d6:5b:8a:aa:
                    f0:06:22:35:3b:c1:88:2b:1c:05:50:f8:7a:6f:0a:
                    43:21:11:fe:3c:63:4d:2d:a1:e2:fe:4e:11:39:a3:
                    62:ae:f0:40:18:7a:b6:ac:02:50:dc:7d:c8:e6:11:
                    08:7e:af:9f:ab:54:b6:0b:2c:b1:e2:11:7e:89:6b:
                    89:8f:38:54:fd:ca:32:65:48:cf:79:1c:d0:58:09:
                    3d:fe:14:78:ab:f6:3d:2e:66:3a:63:4e:04:ed:dc:
                    a2:1d:a2:ff:c2:65:32:0b:b0:5a:a2:2a:0f:40:33:
                    d2:64:86:9a:57:49:b6:14:12:c9:05:7b:c1:2b:93:
                    4a:c9:b7:d4:18:e6:4d:09:0b:f6:56:e9:51:46:c5:
                    48:c2:7a:4d:44:35:9e:e3:45:15:69:1f:f9:d2:eb:
                    b2:a3:ce:61:0a:3e:51:31:81:de:54:fa:50:46:90:
                    eb:a2:79:32:e3:c2:0b:0c:58:fb:7e:e1:f6:13:f2:
                    b8:e9:43:05:af:de:a5:a4:46:cb:86:b4:06:18:9e:
                    b9:05:c2:69:3f:15:5d:cb:a8:23:f0:7d:f8:e2:08:
                    c1:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E6:6F:7E:A8:B2:B2:19:01:9E:9B:52:E7:10:93:67:EC:C9:4D:AB
            X509v3 Authority Key Identifier:
                keyid:AF:C1:93:EE:11:E5:47:16:16:9F:94:C8:F9:31:EA:E1:FC:85:49:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r8GT7hHlRxYWn5TI-THq4fyFSSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/0b9cbf-25ae-4327-98aa-a7dd9aea1d7a/1/I-ZvfqiyshkBnptS5xCTZ-zJTas.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/0b9cbf-25ae-4327-98aa-a7dd9aea1d7a/1/r8GT7hHlRxYWn5TI-THq4fyFSSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.100.0/24
                IPv6:
                  2a10:46c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         44:a7:1b:68:0c:ee:3c:05:84:be:08:cb:7f:1d:bf:12:e0:5c:
         4a:d9:3c:23:74:9a:66:3c:5b:2c:af:55:4b:03:f7:66:f7:31:
         49:bd:fa:13:f9:f4:34:9a:eb:a3:ce:6f:35:53:ca:ed:44:3b:
         b4:12:e5:99:45:3f:03:3f:a7:80:39:37:36:b3:ad:e5:70:78:
         b8:c5:9c:1b:cd:15:34:db:09:9b:09:5f:6f:90:d1:ce:a9:44:
         92:3b:c4:f3:c1:13:df:b6:00:98:b2:86:c9:3c:eb:8c:50:d5:
         ea:34:26:18:8b:25:2d:8a:0d:e9:31:3d:53:f3:60:1a:50:18:
         e9:b5:ca:cd:6a:52:40:58:1a:d3:07:2b:81:c9:20:22:82:79:
         00:22:8b:24:02:f2:1c:38:9c:f4:ac:2e:00:34:85:b8:17:4c:
         a2:b2:df:70:68:dd:74:4b:7c:6e:0d:f4:9e:bd:6b:58:28:f6:
         8d:eb:5c:e4:73:4d:c6:bb:a4:38:ab:54:44:5d:ad:f1:b2:82:
         1e:e5:35:82:52:15:78:b7:57:4d:1e:fb:47:d7:c0:c7:6f:40:
         70:77:0a:67:b6:b1:8c:22:c6:83:38:a0:71:3d:9e:3d:c9:4d:
         67:ed:c8:f9:27:03:13:ad:1d:42:ab:1a:19:bf:8a:0c:8a:cd:
         f7:a4:1c:4a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKl2+9LPO7Viyofk29Q4hXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmYzE5M2VlMTFlNTQ3MTYxNjlmOTRjOGY5MzFlYWUxZmM4
NTQ5MjEwHhcNMjQwMTAyMTQzMjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2U2NmY3ZWE4YjJiMjE5MDE5ZTliNTJlNzEwOTM2N2VjYzk0ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cCbzG+18rVl3ecx7vF4+08OXBYg
4xdcy2KqLTcda0+kj2rRwRhl3dZbiqrwBiI1O8GIKxwFUPh6bwpDIRH+PGNNLaHi
/k4ROaNirvBAGHq2rAJQ3H3I5hEIfq+fq1S2Cyyx4hF+iWuJjzhU/coyZUjPeRzQ
WAk9/hR4q/Y9LmY6Y04E7dyiHaL/wmUyC7BaoioPQDPSZIaaV0m2FBLJBXvBK5NK
ybfUGOZNCQv2VulRRsVIwnpNRDWe40UVaR/50uuyo85hCj5RMYHeVPpQRpDronky
48ILDFj7fuH2E/K46UMFr96lpEbLhrQGGJ65BcJpPxVdy6gj8H344gjBowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCPmb36osrIZAZ6bUucQk2fsyU2rMB8GA1UdIwQY
MBaAFK/Bk+4R5UcWFp+UyPkx6uH8hUkhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjhHVDdoSGxSeFlXbjVUSS1USHE0ZnlGU1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8wYjljYmYtMjVhZS00MzI3LTk4YWEt
YTdkZDlhZWExZDdhLzEvSS1admZxaXlzaGtCbnB0UzV4Q1RaLXpKVGFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8wYjljYmYtMjVhZS00MzI3LTk4YWEtYTdkZDlhZWExZDdh
LzEvcjhHVDdoSGxSeFlXbjVUSS1USHE0ZnlGU1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALY5kMA0E
AgACMAcDBQAqEEbAMA0GCSqGSIb3DQEBCwUAA4IBAQBEpxtoDO48BYS+CMt/Hb8S
4FxK2TwjdJpmPFssr1VLA/dm9zFJvfoT+fQ0muujzm81U8rtRDu0EuWZRT8DP6eA
OTc2s63lcHi4xZwbzRU02wmbCV9vkNHOqUSSO8TzwRPftgCYsobJPOuMUNXqNCYY
iyUtig3pMT1T82AaUBjptcrNalJAWBrTByuBySAignkAIoskAvIcOJz0rC4ANIW4
F0yist9waN10S3xuDfSevWtYKPaN61zkc03Gu6Q4q1REXa3xsoIe5TWCUhV4t1dN
HvtH18DHb0BwdwpntrGMIsaDOKBxPZ49yU1n7cj5JwMTrR1CqxoZv4oMis33pBxK
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:53 2025 by rpki-client