Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/r-PwdNwWJSGz-T5hqizrqTY1JWc.roa
File:                     r-PwdNwWJSGz-T5hqizrqTY1JWc.roa (raw, json)
Hash identifier:          5UPQnz6kvSvcuW3uOkM9jnX1qfyq322rgG/vWeq49BE=
Subject key identifier:   AF:E3:F0:74:DC:16:25:21:B3:F9:3E:61:AA:2C:EB:A9:36:35:25:67
Certificate issuer:       /CN=8572d5acc25167699c7fcf3a1b804ea325ac4e5d
Certificate serial:       01856EA696ACADBD6EC2AE18DF4820393177
Authority key identifier: 85:72:D5:AC:C2:51:67:69:9C:7F:CF:3A:1B:80:4E:A3:25:AC:4E:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hXLVrMJRZ2mcf886G4BOoyWsTl0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/r-PwdNwWJSGz-T5hqizrqTY1JWc.roa
Signing time:             Sun 01 Jan 2023 18:44:49 +0000
ROA not before:           Sun 01 Jan 2023 18:44:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202746
IP address blocks:        185.43.52.0/22 maxlen: 24
                          2a04:94c0::/30 maxlen: 31

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:a6:96:ac:ad:bd:6e:c2:ae:18:df:48:20:39:31:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8572d5acc25167699c7fcf3a1b804ea325ac4e5d
        Validity
            Not Before: Jan  1 18:44:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=afe3f074dc162521b3f93e61aa2ceba936352567
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:10:d3:48:0b:eb:e8:84:8d:da:d6:2e:82:51:
                    12:ac:f8:bd:c1:58:29:34:98:33:c1:75:61:8e:34:
                    fd:ea:23:23:df:e1:8e:83:b3:ae:78:4b:48:5a:52:
                    5e:22:2e:02:4a:eb:d0:cf:2a:69:66:83:33:cc:24:
                    af:d9:cd:22:f8:dc:ce:d6:09:85:a5:0b:1c:cf:94:
                    04:64:ef:96:81:df:e7:3b:84:a5:82:21:18:08:cb:
                    ff:9b:cf:ae:73:9d:b1:b5:cb:ba:f7:d6:2a:19:a2:
                    60:dc:8b:a9:78:e2:45:e1:9d:89:80:cc:95:74:50:
                    fc:2d:cf:8d:49:7e:2c:7d:0d:c8:23:ca:3a:8f:03:
                    f2:93:71:4d:fc:84:27:c0:68:b0:79:47:99:a6:07:
                    7d:f6:72:6b:d2:1f:b5:42:4a:7c:45:22:ca:aa:1c:
                    1c:48:bd:01:f5:a4:a2:e0:70:54:ba:6c:b7:a6:14:
                    e1:e1:d1:b6:38:fe:5d:bd:fe:88:1c:7e:96:e7:22:
                    a0:af:a0:31:7d:69:6a:96:47:3f:c1:38:cb:87:42:
                    5c:b8:7f:7d:e9:01:60:2e:f6:55:5e:c8:b2:c4:04:
                    ca:39:c9:34:b7:6b:22:ca:f5:28:6d:79:5d:c2:31:
                    13:fb:9f:c6:08:d4:af:b0:34:e7:28:c9:f4:96:eb:
                    ad:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:E3:F0:74:DC:16:25:21:B3:F9:3E:61:AA:2C:EB:A9:36:35:25:67
            X509v3 Authority Key Identifier:
                keyid:85:72:D5:AC:C2:51:67:69:9C:7F:CF:3A:1B:80:4E:A3:25:AC:4E:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hXLVrMJRZ2mcf886G4BOoyWsTl0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/r-PwdNwWJSGz-T5hqizrqTY1JWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/011234-cfb7-4275-9f79-40dc445c669a/1/hXLVrMJRZ2mcf886G4BOoyWsTl0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.43.52.0/22
                IPv6:
                  2a04:94c0::/30

    Signature Algorithm: sha256WithRSAEncryption
         6c:2e:2c:f1:be:52:87:0a:1e:29:c8:f9:6e:1b:2a:00:97:8e:
         27:44:22:31:8d:5e:e2:0c:3c:88:4f:5a:2a:dc:f1:a3:0f:6c:
         9f:bc:88:1e:4d:89:a6:d6:75:6e:25:0e:0c:bd:28:41:8e:fb:
         47:f9:ce:a2:a0:81:02:fd:7e:48:af:8f:be:3e:a8:43:94:96:
         52:05:bf:95:09:17:d1:6c:ba:9f:f7:aa:6a:75:57:cb:92:55:
         dc:42:f9:7a:81:6c:4d:1c:6e:cc:87:75:8a:94:88:cf:68:26:
         97:62:55:5b:40:6e:b2:60:ef:a0:91:db:b3:fd:d0:9a:49:8e:
         5b:28:0b:6d:5f:46:f3:95:14:06:bc:41:ab:b8:c6:3a:b2:1a:
         71:73:56:c9:fa:16:77:38:d7:45:d2:14:3f:2b:08:88:74:82:
         a6:66:69:53:94:30:1b:ed:3e:cf:0b:96:8f:29:71:cc:9f:c3:
         e4:fc:0e:81:05:b0:2c:5a:1e:71:59:27:8e:8e:48:06:2a:dd:
         93:9c:b7:0b:ab:bc:8f:e7:76:94:c4:37:e7:9e:d0:fc:b7:f8:
         05:1d:99:99:55:d1:5d:3e:5a:33:88:a5:0a:a5:65:bc:7f:2a:
         7e:67:cb:19:64:1d:6c:e1:75:da:42:2b:ed:74:d0:df:1f:12:
         7f:50:aa:b1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuppasrb1uwq4Y30ggOTF3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NzJkNWFjYzI1MTY3Njk5YzdmY2YzYTFiODA0ZWEzMjVh
YzRlNWQwHhcNMjMwMTAxMTg0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmUzZjA3NGRjMTYyNTIxYjNmOTNlNjFhYTJjZWJhOTM2MzUyNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhDTSAvr6ISN2tYuglESrPi9wVgp
NJgzwXVhjjT96iMj3+GOg7OueEtIWlJeIi4CSuvQzyppZoMzzCSv2c0i+NzO1gmF
pQscz5QEZO+Wgd/nO4SlgiEYCMv/m8+uc52xtcu699YqGaJg3IupeOJF4Z2JgMyV
dFD8Lc+NSX4sfQ3II8o6jwPyk3FN/IQnwGiweUeZpgd99nJr0h+1Qkp8RSLKqhwc
SL0B9aSi4HBUumy3phTh4dG2OP5dvf6IHH6W5yKgr6AxfWlqlkc/wTjLh0JcuH99
6QFgLvZVXsiyxATKOck0t2siyvUobXldwjET+5/GCNSvsDTnKMn0luutUQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK/j8HTcFiUhs/k+Yaos66k2NSVnMB8GA1UdIwQY
MBaAFIVy1azCUWdpnH/POhuATqMlrE5dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFhMVnJNSlJaMm1jZjg4Nkc0Qk9veVdzVGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8wMTEyMzQtY2ZiNy00Mjc1LTlmNzkt
NDBkYzQ0NWM2NjlhLzEvci1Qd2ROd1dKU0d6LVQ1aHFpenJxVFkxSldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8wMTEyMzQtY2ZiNy00Mjc1LTlmNzktNDBkYzQ0NWM2Njlh
LzEvaFhMVnJNSlJaMm1jZjg4Nkc0Qk9veVdzVGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSs0MA0E
AgACMAcDBQIqBJTAMA0GCSqGSIb3DQEBCwUAA4IBAQBsLizxvlKHCh4pyPluGyoA
l44nRCIxjV7iDDyIT1oq3PGjD2yfvIgeTYmm1nVuJQ4MvShBjvtH+c6ioIEC/X5I
r4++PqhDlJZSBb+VCRfRbLqf96pqdVfLklXcQvl6gWxNHG7Mh3WKlIjPaCaXYlVb
QG6yYO+gkduz/dCaSY5bKAttX0bzlRQGvEGruMY6shpxc1bJ+hZ3ONdF0hQ/KwiI
dIKmZmlTlDAb7T7PC5aPKXHMn8Pk/A6BBbAsWh5xWSeOjkgGKt2TnLcLq7yP53aU
xDfnntD8t/gFHZmZVdFdPloziKUKpWW8fyp+Z8sZZB1s4XXaQivtdNDfHxJ/UKqx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:03 2024 by rpki-client on console-fra.rpki-client.org