Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/L2gCIqPbXGKN9j2c4UgRjKaUyuw.roa
File:                     L2gCIqPbXGKN9j2c4UgRjKaUyuw.roa (raw, json)
Hash identifier:          Q8NfkY/lzAWb5kmKZyZ7nJiRh4tcIqljhNGxyv1pGhg=
Subject key identifier:   2F:68:02:22:A3:DB:5C:62:8D:F6:3D:9C:E1:48:11:8C:A6:94:CA:EC
Certificate issuer:       /CN=614b70ff9c22ffe0b77f43f41c08074de6f36e1b
Certificate serial:       01856F5483CDFE2D442EBDA99539BAAC0FA0
Authority key identifier: 61:4B:70:FF:9C:22:FF:E0:B7:7F:43:F4:1C:08:07:4D:E6:F3:6E:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YUtw_5wi_-C3f0P0HAgHTebzbhs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/L2gCIqPbXGKN9j2c4UgRjKaUyuw.roa
Signing time:             Sun 01 Jan 2023 21:54:47 +0000
ROA not before:           Sun 01 Jan 2023 21:54:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57280
IP address blocks:        109.163.200.0/21 maxlen: 21
                          185.60.172.0/22 maxlen: 22
                          185.60.174.0/24 maxlen: 24
                          185.60.175.0/24 maxlen: 24
                          2a03:5584::/30 maxlen: 30
                          2a03:5580::/30 maxlen: 30

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:54:83:cd:fe:2d:44:2e:bd:a9:95:39:ba:ac:0f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=614b70ff9c22ffe0b77f43f41c08074de6f36e1b
        Validity
            Not Before: Jan  1 21:54:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2f680222a3db5c628df63d9ce148118ca694caec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fc:20:9b:89:4b:45:70:7b:f6:d0:92:8d:b3:
                    58:fd:2e:49:5e:2f:77:0d:02:14:a4:de:52:d5:62:
                    30:b8:c3:95:d6:12:d5:ed:62:05:53:f0:e3:c2:dc:
                    96:ec:16:8c:63:17:5b:f4:fc:0a:f1:7b:a4:77:8b:
                    80:e7:7d:00:a8:6d:c9:b7:52:c4:6e:ed:b0:48:6c:
                    8e:e2:6f:5b:c4:cf:4a:5d:1c:ed:10:bd:b0:26:49:
                    22:a1:c1:f2:7b:02:09:ef:af:6d:20:96:ec:07:de:
                    04:77:3e:ad:21:62:b1:79:85:2f:89:4b:4f:c7:5f:
                    4e:1c:3f:c5:df:ae:4f:23:8f:dc:96:79:f2:d8:a6:
                    f6:66:e5:9b:2e:61:71:ed:e7:5c:73:53:6b:d6:e7:
                    35:cf:fb:43:88:34:c9:9a:e5:e3:62:4f:26:80:17:
                    ef:19:20:a5:fb:7f:52:0f:f8:6b:56:6b:e2:7c:d8:
                    f4:be:ab:56:f8:ff:f6:da:7e:d6:53:b7:2f:21:2d:
                    8a:5c:ca:12:09:c7:a8:5f:5e:f9:26:2e:f6:d9:7d:
                    e7:d7:bf:ee:62:2f:c4:f5:37:67:7b:8c:a7:c6:f5:
                    9c:6b:18:7b:36:a3:af:9b:0b:38:74:e8:a2:c7:0d:
                    fa:de:6e:6c:5e:79:dc:d1:35:de:f3:16:e9:af:72:
                    31:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:68:02:22:A3:DB:5C:62:8D:F6:3D:9C:E1:48:11:8C:A6:94:CA:EC
            X509v3 Authority Key Identifier:
                keyid:61:4B:70:FF:9C:22:FF:E0:B7:7F:43:F4:1C:08:07:4D:E6:F3:6E:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YUtw_5wi_-C3f0P0HAgHTebzbhs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/L2gCIqPbXGKN9j2c4UgRjKaUyuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/971f17-0bf8-4ba1-b768-55fec1252ab0/1/YUtw_5wi_-C3f0P0HAgHTebzbhs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.163.200.0/21
                  185.60.172.0/22
                IPv6:
                  2a03:5580::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:93:0f:e5:f6:c7:c3:4c:fd:fc:27:2d:d9:98:d5:ea:f5:32:
         13:df:87:60:c4:48:cf:cd:30:43:55:30:8a:f4:12:9a:82:ad:
         86:1d:2b:0e:dd:48:f0:df:11:cd:e6:93:c8:1d:d8:5c:d6:f8:
         cf:50:df:ca:f5:9b:47:d9:cd:dc:d3:73:74:84:20:0b:2e:59:
         93:85:61:86:38:05:26:e2:2b:aa:4e:7d:d9:ed:e0:44:39:69:
         c7:e3:3a:79:a2:5d:be:06:7b:84:22:85:96:84:14:46:26:6d:
         1b:79:e1:ed:64:fc:47:af:e1:66:13:f3:75:dc:dc:41:4b:2b:
         3c:07:0a:19:3c:b9:dd:b0:40:a4:84:f2:e2:a4:a5:ac:24:ea:
         d2:c2:2f:4d:f5:9f:d1:91:a7:ea:19:40:56:1f:1a:19:c0:93:
         84:bd:85:3f:40:86:6a:8a:c4:57:31:37:af:6a:d7:48:7f:13:
         a1:7a:db:15:32:f5:22:35:97:c6:a0:b8:c6:8b:c9:80:c1:b6:
         f6:4b:85:1f:41:7c:77:8b:69:8b:b4:18:c5:3c:9f:7e:a1:e3:
         ff:2e:b3:4a:68:9a:89:36:59:68:00:36:d0:d7:12:4d:6b:af:
         e7:0f:d0:49:59:11:0e:06:58:8a:82:d2:b9:05:55:e7:bd:a3:
         1e:f5:c5:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVvVIPN/i1ELr2plTm6rA+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNGI3MGZmOWMyMmZmZTBiNzdmNDNmNDFjMDgwNzRkZTZm
MzZlMWIwHhcNMjMwMTAxMjE1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjY4MDIyMmEzZGI1YzYyOGRmNjNkOWNlMTQ4MTE4Y2E2OTRjYWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovwgm4lLRXB79tCSjbNY/S5JXi93
DQIUpN5S1WIwuMOV1hLV7WIFU/DjwtyW7BaMYxdb9PwK8Xukd4uA530AqG3Jt1LE
bu2wSGyO4m9bxM9KXRztEL2wJkkiocHyewIJ769tIJbsB94Edz6tIWKxeYUviUtP
x19OHD/F365PI4/clnny2Kb2ZuWbLmFx7edcc1Nr1uc1z/tDiDTJmuXjYk8mgBfv
GSCl+39SD/hrVmvifNj0vqtW+P/22n7WU7cvIS2KXMoSCceoX175Ji722X3n17/u
Yi/E9Tdne4ynxvWcaxh7NqOvmws4dOiixw363m5sXnnc0TXe8xbpr3IxwwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC9oAiKj21xijfY9nOFIEYymlMrsMB8GA1UdIwQY
MBaAFGFLcP+cIv/gt39D9BwIB03m824bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVV0d181d2lfLUMzZjBQMEhBZ0hUZWJ6YmhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi85NzFmMTctMGJmOC00YmExLWI3Njgt
NTVmZWMxMjUyYWIwLzEvTDJnQ0lxUGJYR0tOOWoyYzRVZ1JqS2FVeXV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi85NzFmMTctMGJmOC00YmExLWI3NjgtNTVmZWMxMjUyYWIw
LzEvWVV0d181d2lfLUMzZjBQMEhBZ0hUZWJ6YmhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbaPIAwQC
uTysMA0EAgACMAcDBQMqA1WAMA0GCSqGSIb3DQEBCwUAA4IBAQASkw/l9sfDTP38
Jy3ZmNXq9TIT34dgxEjPzTBDVTCK9BKagq2GHSsO3Ujw3xHN5pPIHdhc1vjPUN/K
9ZtH2c3c03N0hCALLlmThWGGOAUm4iuqTn3Z7eBEOWnH4zp5ol2+BnuEIoWWhBRG
Jm0beeHtZPxHr+FmE/N13NxBSys8BwoZPLndsECkhPLipKWsJOrSwi9N9Z/Rkafq
GUBWHxoZwJOEvYU/QIZqisRXMTevatdIfxOhetsVMvUiNZfGoLjGi8mAwbb2S4Uf
QXx3i2mLtBjFPJ9+oeP/LrNKaJqJNlloADbQ1xJNa6/nD9BJWREOBliKgtK5BVXn
vaMe9cVH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:09 2024 by rpki-client on console-ams.rpki-client.org