Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/hxZ3yapvy0gZSzB-NJJQnqHINjg.roa
File:                     hxZ3yapvy0gZSzB-NJJQnqHINjg.roa (raw, json)
Hash identifier:          1ZIn4u8jqEY1OGkHG5ZbGQimmrx20lcMIWmfhiMBp3A=
Subject key identifier:   87:16:77:C9:AA:6F:CB:48:19:4B:30:7E:34:92:50:9E:A1:C8:36:38
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       01898DC9999FCCCE19F9F732052C7FF055DB
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/hxZ3yapvy0gZSzB-NJJQnqHINjg.roa
Signing time:             Tue 25 Jul 2023 16:02:26 +0000
ROA not before:           Tue 25 Jul 2023 16:02:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43641
IP address blocks:        2.58.169.0/24 maxlen: 24
                          5.182.113.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Sep 2023 07:25:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:8d:c9:99:9f:cc:ce:19:f9:f7:32:05:2c:7f:f0:55:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jul 25 16:02:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=871677c9aa6fcb48194b307e3492509ea1c83638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:71:fc:e4:fa:1b:35:1c:ff:79:ce:67:9a:dc:
                    d3:c1:7d:f6:1d:60:9f:79:f3:57:97:58:c3:71:cd:
                    d4:ea:8f:08:05:06:d4:1b:73:02:9d:24:ae:b0:85:
                    6c:21:7e:74:81:38:78:32:80:e4:73:86:ab:c3:ab:
                    af:de:5b:f1:ed:35:8a:dc:03:94:bf:d7:51:19:fb:
                    8f:cb:df:6e:16:6a:bd:59:35:73:3a:8e:36:09:5b:
                    e9:ac:5c:48:c1:5a:3b:70:9f:a3:0a:72:2e:9f:18:
                    da:c1:cd:1b:92:f0:d4:58:b1:b2:b4:1e:9d:00:76:
                    3f:4c:3d:c7:14:d3:4b:de:78:af:b2:6a:c2:68:3e:
                    7d:ae:71:0c:9e:69:16:b0:3d:ca:13:71:f2:10:a7:
                    1f:5f:7c:fa:14:76:f3:e3:49:ad:32:30:d3:43:90:
                    b0:43:5f:1a:ad:12:48:a3:c1:d2:c0:39:11:2b:f0:
                    0a:25:24:1b:35:93:79:f2:b7:81:b3:b7:0e:ba:7e:
                    a6:40:43:97:4c:4a:bb:e7:fc:af:63:3b:57:d1:04:
                    fd:9b:83:d6:58:a0:ac:00:1c:ac:f0:d6:f7:51:fb:
                    d4:a3:d7:60:6d:6b:8e:47:9b:76:25:0b:eb:c5:87:
                    53:2d:f3:d8:2d:55:09:34:b2:bf:0d:de:e7:97:ca:
                    54:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:16:77:C9:AA:6F:CB:48:19:4B:30:7E:34:92:50:9E:A1:C8:36:38
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/hxZ3yapvy0gZSzB-NJJQnqHINjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.169.0/24
                  5.182.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:78:18:c8:2e:7e:c4:ab:ba:fe:b5:22:25:08:94:90:44:22:
         61:f6:8c:6b:8b:bc:a4:11:fb:48:e1:61:24:4c:df:6f:1f:70:
         5c:c9:1a:83:ae:2f:3c:9b:ac:25:f3:d7:ef:3d:63:00:09:a4:
         5a:44:dc:8a:8e:45:d7:17:d1:5d:3f:05:25:a9:d4:d5:ab:71:
         cf:dc:82:e1:04:04:ca:fd:93:58:b6:70:76:7c:7c:79:6e:11:
         20:91:3b:d4:bb:27:d7:9d:64:6c:9d:61:37:75:9c:09:42:da:
         4c:d6:43:46:ea:e9:f7:c2:b1:27:9d:58:8c:a4:2e:36:2f:ff:
         3b:6f:88:7d:bd:7e:95:86:b6:c3:1b:af:51:72:99:28:04:ad:
         2b:69:c1:b3:d2:5e:61:36:c5:b3:b4:cf:da:1d:70:73:0c:3a:
         9f:6a:93:0e:ce:ca:9e:02:3f:8f:cc:33:ab:87:fa:b7:92:75:
         60:c7:01:8c:45:bf:95:46:10:c0:a3:58:75:b5:51:8b:45:08:
         f9:0b:9d:f7:89:4c:e9:13:14:3f:59:88:49:a6:a0:b5:f8:f1:
         f5:38:f5:3f:9b:69:33:e3:07:2e:da:d9:95:6b:92:b0:bc:a1:
         f5:d2:63:fb:15:e8:bc:79:b2:b4:f6:29:a1:c3:49:47:a5:6c:
         a0:6e:b7:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYmNyZmfzM4Z+fcyBSx/8FXbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNzI1MTYwMjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzE2NzdjOWFhNmZjYjQ4MTk0YjMwN2UzNDkyNTA5ZWExYzgzNjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53H85PobNRz/ec5nmtzTwX32HWCf
efNXl1jDcc3U6o8IBQbUG3MCnSSusIVsIX50gTh4MoDkc4arw6uv3lvx7TWK3AOU
v9dRGfuPy99uFmq9WTVzOo42CVvprFxIwVo7cJ+jCnIunxjawc0bkvDUWLGytB6d
AHY/TD3HFNNL3nivsmrCaD59rnEMnmkWsD3KE3HyEKcfX3z6FHbz40mtMjDTQ5Cw
Q18arRJIo8HSwDkRK/AKJSQbNZN58reBs7cOun6mQEOXTEq75/yvYztX0QT9m4PW
WKCsABys8Nb3UfvUo9dgbWuOR5t2JQvrxYdTLfPYLVUJNLK/Dd7nl8pU8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIcWd8mqb8tIGUswfjSSUJ6hyDY4MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvaHhaM3lhcHZ5MGdaU3pCLU5KSlFucUhJTmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjqpAwQA
BbZxMA0GCSqGSIb3DQEBCwUAA4IBAQCWeBjILn7Eq7r+tSIlCJSQRCJh9oxri7yk
EftI4WEkTN9vH3BcyRqDri88m6wl89fvPWMACaRaRNyKjkXXF9FdPwUlqdTVq3HP
3ILhBATK/ZNYtnB2fHx5bhEgkTvUuyfXnWRsnWE3dZwJQtpM1kNG6un3wrEnnViM
pC42L/87b4h9vX6VhrbDG69RcpkoBK0racGz0l5hNsWztM/aHXBzDDqfapMOzsqe
Aj+PzDOrh/q3knVgxwGMRb+VRhDAo1h1tVGLRQj5C533iUzpExQ/WYhJpqC1+PH1
OPU/m2kz4wcu2tmVa5KwvKH10mP7Fei8ebK09imhw0lHpWygbrev
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org