Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/oJb87oIXbF4wk_plyOuYgIHbUq0.roa
File:                     oJb87oIXbF4wk_plyOuYgIHbUq0.roa (raw, json)
Hash identifier:          gcsrOdlJbr4meNh9+hheaHstJ7UJQHKxFYb+YcGHj7g=
Subject key identifier:   A0:96:FC:EE:82:17:6C:5E:30:93:FA:65:C8:EB:98:80:81:DB:52:AD
Certificate issuer:       /CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
Certificate serial:       018BF25C5E53BF1D1D0CBDE3D1CFAF751E4D
Authority key identifier: D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/oJb87oIXbF4wk_plyOuYgIHbUq0.roa
Signing time:             Tue 21 Nov 2023 14:50:21 +0000
ROA not before:           Tue 21 Nov 2023 14:50:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25091
IP address blocks:        46.20.240.0/20 maxlen: 24
                          185.60.52.0/22 maxlen: 24
                          85.8.128.0/24 maxlen: 24
                          5.144.32.0/21 maxlen: 24
                          2a02:2528::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f2:5c:5e:53:bf:1d:1d:0c:bd:e3:d1:cf:af:75:1e:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9fc0bec60d0bace1889677bd9bb90190cc4fd22
        Validity
            Not Before: Nov 21 14:50:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a096fcee82176c5e3093fa65c8eb988081db52ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:19:2c:99:91:6f:6a:fb:c1:d0:49:8a:45:d8:
                    9f:64:2b:18:24:89:9a:75:15:4f:5a:9b:74:3c:80:
                    7b:29:74:e6:14:0b:eb:b2:c3:da:59:67:3e:70:cd:
                    6d:c0:3e:00:6e:b1:79:eb:f6:d9:98:e9:35:7b:0d:
                    ca:aa:e9:6f:22:e7:cd:e7:7d:95:bb:77:19:fe:ab:
                    3f:f2:56:74:0a:5d:a9:d4:3c:6d:bd:72:38:48:ca:
                    85:6a:ed:2b:09:d6:8c:56:2c:51:d4:f4:fa:21:37:
                    8e:ab:8c:e3:f7:70:3d:d6:d6:eb:ee:70:5b:f0:34:
                    d6:be:06:89:08:1f:57:62:c0:7b:65:5d:d0:92:e1:
                    10:1e:64:3d:09:d2:5f:93:b1:0a:75:85:a1:95:05:
                    bc:30:3b:79:b8:ce:a9:89:01:a3:7b:af:12:06:d3:
                    92:a6:ff:ea:aa:c7:0c:db:94:05:63:97:e2:c7:6e:
                    0c:0a:18:52:f1:70:e0:35:34:f3:51:b1:26:a9:d0:
                    a2:67:45:be:ca:e5:b1:ba:cb:81:64:b0:75:28:d2:
                    f8:0e:bf:ca:25:96:fd:3f:ac:e7:94:e2:40:f2:1d:
                    8b:4e:db:ea:06:bd:82:15:15:ab:36:d9:81:f8:e7:
                    e0:b2:6e:b3:06:9c:1a:9d:1a:06:66:36:49:73:ca:
                    ec:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:96:FC:EE:82:17:6C:5E:30:93:FA:65:C8:EB:98:80:81:DB:52:AD
            X509v3 Authority Key Identifier:
                keyid:D9:FC:0B:EC:60:D0:BA:CE:18:89:67:7B:D9:BB:90:19:0C:C4:FD:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fwL7GDQus4YiWd72buQGQzE_SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/oJb87oIXbF4wk_plyOuYgIHbUq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b0d6e6-2ed7-4928-ad69-3469034fa441/1/2fwL7GDQus4YiWd72buQGQzE_SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.32.0/21
                  46.20.240.0/20
                  85.8.128.0/24
                  185.60.52.0/22
                IPv6:
                  2a02:2528::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:6a:74:67:54:4e:6c:61:e1:7f:ef:75:44:fb:fb:a4:7b:9b:
         e2:e8:5c:89:6b:fe:f0:cd:b6:35:15:49:8b:33:d2:85:43:19:
         a9:9e:b2:43:01:9a:f4:94:54:16:70:45:1e:cc:e3:4e:d3:98:
         ff:15:5f:34:83:43:bc:f8:e1:fd:de:a8:ed:cb:97:68:8f:38:
         4e:f3:5e:a3:60:71:4d:c0:2d:ca:3c:a5:86:b8:76:41:8f:36:
         c5:0d:c4:bc:ef:48:1d:dc:69:2e:cd:44:06:99:41:f1:e7:a4:
         32:6f:58:57:04:14:db:87:a8:07:f4:5c:3a:ab:0b:96:0f:64:
         e2:cf:37:5f:f1:15:7b:9f:68:7b:5a:a0:67:ef:69:bd:d9:c9:
         0e:17:ce:42:2e:aa:5a:4a:84:bb:61:e3:64:9a:cb:75:dd:29:
         08:7c:bc:50:d6:ea:2f:64:85:d4:27:da:2b:09:85:0c:17:b9:
         33:9f:1d:73:9f:ad:fd:b0:20:86:fc:af:3e:aa:28:96:82:e2:
         2b:6a:a9:65:d4:f9:ee:21:65:a7:e9:2b:bb:bd:94:10:b4:c4:
         23:ea:fb:47:b9:33:11:d7:30:27:a3:5f:77:c2:9c:eb:e7:ca:
         be:83:4d:68:4c:6e:81:a1:a6:5a:aa:14:dd:5c:b0:4a:76:1f:
         34:f2:ff:0c
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYvyXF5Tvx0dDL3j0c+vdR5NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZmMwYmVjNjBkMGJhY2UxODg5Njc3YmQ5YmI5MDE5MGNj
NGZkMjIwHhcNMjMxMTIxMTQ1MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk2ZmNlZTgyMTc2YzVlMzA5M2ZhNjVjOGViOTg4MDgxZGI1MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBksmZFvavvB0EmKRdifZCsYJIma
dRVPWpt0PIB7KXTmFAvrssPaWWc+cM1twD4AbrF56/bZmOk1ew3KqulvIufN532V
u3cZ/qs/8lZ0Cl2p1DxtvXI4SMqFau0rCdaMVixR1PT6ITeOq4zj93A91tbr7nBb
8DTWvgaJCB9XYsB7ZV3QkuEQHmQ9CdJfk7EKdYWhlQW8MDt5uM6piQGje68SBtOS
pv/qqscM25QFY5fix24MChhS8XDgNTTzUbEmqdCiZ0W+yuWxusuBZLB1KNL4Dr/K
JZb9P6znlOJA8h2LTtvqBr2CFRWrNtmB+Ofgsm6zBpwanRoGZjZJc8rspQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKCW/O6CF2xeMJP6ZcjrmICB21KtMB8GA1UdIwQY
MBaAFNn8C+xg0LrOGIlne9m7kBkMxP0iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjkt
MzQ2OTAzNGZhNDQxLzEvb0piODdvSVhiRjR3a19wbHlPdVlnSUhiVXEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iMGQ2ZTYtMmVkNy00OTI4LWFkNjktMzQ2OTAzNGZhNDQx
LzEvMmZ3TDdHRFF1czRZaVdkNzJidVFHUXpFX1NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDBZAgAwQE
LhTwAwQAVQiAAwQCuTw0MA0EAgACMAcDBQMqAiUoMA0GCSqGSIb3DQEBCwUAA4IB
AQAqanRnVE5sYeF/73VE+/uke5vi6FyJa/7wzbY1FUmLM9KFQxmpnrJDAZr0lFQW
cEUezONO05j/FV80g0O8+OH93qjty5dojzhO816jYHFNwC3KPKWGuHZBjzbFDcS8
70gd3GkuzUQGmUHx56Qyb1hXBBTbh6gH9Fw6qwuWD2Tizzdf8RV7n2h7WqBn72m9
2ckOF85CLqpaSoS7YeNkmst13SkIfLxQ1uovZIXUJ9orCYUMF7kznx1zn639sCCG
/K8+qiiWguIraqll1PnuIWWn6Su7vZQQtMQj6vtHuTMR1zAno193wpzr58q+g01o
TG6BoaZaqhTdXLBKdh808v8M
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:22 2024 by rpki-client on console-fra.rpki-client.org