Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Q5GqK7OEdnvVdUTqlD75eSHo_T8.roa
File:                     Q5GqK7OEdnvVdUTqlD75eSHo_T8.roa (raw, json)
Hash identifier:          5uoCNUCcZJfVhgBqwI3BAxKCZCtJCeWSAOoxUbi91HI=
Subject key identifier:   43:91:AA:2B:B3:84:76:7B:D5:75:44:EA:94:3E:F9:79:21:E8:FD:3F
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       0189741124C0970D738FB375FF1EA783BEE5
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Q5GqK7OEdnvVdUTqlD75eSHo_T8.roa
Signing time:             Thu 20 Jul 2023 16:10:27 +0000
ROA not before:           Thu 20 Jul 2023 16:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210531
IP address blocks:        195.8.200.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 25 Oct 2023 04:58:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:74:11:24:c0:97:0d:73:8f:b3:75:ff:1e:a7:83:be:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jul 20 16:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4391aa2bb384767bd57544ea943ef97921e8fd3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c0:cf:e4:e5:3b:66:ff:d3:fe:7a:91:f5:8c:
                    b0:7a:f1:46:77:a2:0f:bb:29:f6:55:ae:6c:8d:fc:
                    84:77:bd:86:55:25:aa:8d:86:d4:80:97:b3:ee:c2:
                    60:09:d4:a9:c0:1b:83:df:a0:86:26:20:45:ae:23:
                    e1:0a:88:b9:d0:d0:ce:4d:23:72:8d:10:bb:b7:1b:
                    a2:81:16:55:18:8d:14:3e:fe:72:a2:40:16:1b:af:
                    77:c5:46:60:10:6a:27:d6:6a:42:a7:3c:59:be:87:
                    fa:ef:8b:6c:55:bc:22:30:b9:5c:a6:9f:5e:1a:37:
                    4a:27:b4:3e:e5:de:da:9e:3d:b9:84:b2:77:08:09:
                    49:91:6b:71:a4:79:fb:bd:5b:72:17:61:0a:28:b0:
                    8a:88:f1:3a:8e:76:b7:93:e9:d4:08:cf:6a:01:5d:
                    c2:79:34:95:01:dd:81:81:a3:9c:96:3e:14:68:e1:
                    5d:f4:4f:5f:9b:3a:da:c4:18:f7:88:3a:d2:fb:44:
                    88:d8:c9:fe:42:73:c8:bb:85:c1:df:ca:49:70:c8:
                    0c:90:8c:2c:38:64:11:fc:07:8d:05:be:c6:a7:16:
                    bc:3e:96:06:09:48:6c:87:7a:42:ae:2e:b3:48:e1:
                    9d:d7:22:a9:20:85:28:ec:1b:b7:10:85:44:db:cf:
                    0f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:91:AA:2B:B3:84:76:7B:D5:75:44:EA:94:3E:F9:79:21:E8:FD:3F
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/Q5GqK7OEdnvVdUTqlD75eSHo_T8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.8.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:20:f9:5b:45:12:ce:47:d8:50:a6:b6:99:b0:eb:f2:6d:64:
         b3:33:75:e3:a3:05:6f:99:94:e1:f4:92:2d:f4:72:ed:bd:01:
         e5:51:b4:84:6c:68:d2:d8:f7:0c:3e:f9:58:1a:47:cf:23:ba:
         2f:cb:6a:9f:a4:f7:29:6b:c5:81:0d:3f:0f:90:cd:f5:01:43:
         b2:cd:58:ac:69:82:4f:27:bd:73:b4:a7:94:c4:17:15:90:8f:
         32:6b:dd:53:98:4c:a4:07:a2:58:d3:95:a0:ee:a4:a8:b4:13:
         3f:35:3c:98:93:ba:06:41:02:8b:b0:26:a6:90:d5:5e:47:2b:
         d8:b9:18:44:59:91:40:a7:a8:8f:c6:f8:a4:a7:b9:6a:6f:41:
         34:f7:06:5a:85:75:76:e2:06:e1:ab:36:17:ff:5e:b6:99:4d:
         57:96:76:ad:64:05:37:da:4a:65:ea:d6:6f:e6:3b:73:82:72:
         47:60:db:32:8c:de:61:31:70:e5:8a:59:4e:4f:9a:fc:f9:d1:
         e6:de:f5:16:21:6e:7f:cb:ad:0b:23:70:19:40:29:01:c6:0e:
         00:f1:4d:ec:f0:01:e4:62:7a:96:09:7f:40:4e:eb:68:b4:4f:
         65:33:ed:35:5e:b5:39:36:5f:4c:0a:0e:86:26:c6:e1:ae:c5:
         d8:88:c9:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYl0ESTAlw1zj7N1/x6ng77lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjMwNzIwMTYxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkxYWEyYmIzODQ3NjdiZDU3NTQ0ZWE5NDNlZjk3OTIxZThmZDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8DP5OU7Zv/T/nqR9YywevFGd6IP
uyn2Va5sjfyEd72GVSWqjYbUgJez7sJgCdSpwBuD36CGJiBFriPhCoi50NDOTSNy
jRC7txuigRZVGI0UPv5yokAWG693xUZgEGon1mpCpzxZvof674tsVbwiMLlcpp9e
GjdKJ7Q+5d7anj25hLJ3CAlJkWtxpHn7vVtyF2EKKLCKiPE6jna3k+nUCM9qAV3C
eTSVAd2BgaOclj4UaOFd9E9fmzraxBj3iDrS+0SI2Mn+QnPIu4XB38pJcMgMkIws
OGQR/AeNBb7Gpxa8PpYGCUhsh3pCri6zSOGd1yKpIIUo7Bu3EIVE288PqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEORqiuzhHZ71XVE6pQ++Xkh6P0/MB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvUTVHcUs3T0VkbnZWZFVUcWxENzVlU0hvX1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwjIMA0G
CSqGSIb3DQEBCwUAA4IBAQCvIPlbRRLOR9hQpraZsOvybWSzM3XjowVvmZTh9JIt
9HLtvQHlUbSEbGjS2PcMPvlYGkfPI7ovy2qfpPcpa8WBDT8PkM31AUOyzVisaYJP
J71ztKeUxBcVkI8ya91TmEykB6JY05Wg7qSotBM/NTyYk7oGQQKLsCamkNVeRyvY
uRhEWZFAp6iPxvikp7lqb0E09wZahXV24gbhqzYX/162mU1XlnatZAU32kpl6tZv
5jtzgnJHYNsyjN5hMXDlillOT5r8+dHm3vUWIW5/y60LI3AZQCkBxg4A8U3s8AHk
YnqWCX9ATutotE9lM+01XrU5Nl9MCg6GJsbhrsXYiMlA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:59 2024 by rpki-client on console-ams.rpki-client.org