Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/baE8TZXihJQkvAsLHa2s9x9ddfA.roa
File:                     baE8TZXihJQkvAsLHa2s9x9ddfA.roa (raw, json)
Hash identifier:          hy1qX6PB4fXUC3JGtBNAwsOhzVXpO60YZjRqWa4+ufE=
Subject key identifier:   6D:A1:3C:4D:95:E2:84:94:24:BC:0B:0B:1D:AD:AC:F7:1F:5D:75:F0
Certificate issuer:       /CN=111014ce8ad38d15350096d549ee1c5805d09dc8
Certificate serial:       0185708CB0A6C668C65EE4043DDCA4BC3070
Authority key identifier: 11:10:14:CE:8A:D3:8D:15:35:00:96:D5:49:EE:1C:58:05:D0:9D:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/baE8TZXihJQkvAsLHa2s9x9ddfA.roa
Signing time:             Mon 02 Jan 2023 03:35:46 +0000
ROA not before:           Mon 02 Jan 2023 03:35:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43648
IP address blocks:        45.132.220.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:8c:b0:a6:c6:68:c6:5e:e4:04:3d:dc:a4:bc:30:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=111014ce8ad38d15350096d549ee1c5805d09dc8
        Validity
            Not Before: Jan  2 03:35:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6da13c4d95e2849424bc0b0b1dadacf71f5d75f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:62:db:c2:c9:21:24:c4:09:6d:72:1b:f9:e9:
                    64:0d:00:b7:70:87:76:bb:24:1d:31:61:63:81:01:
                    22:02:10:46:67:24:4a:5d:66:da:c5:1f:c6:67:df:
                    1d:cf:4e:0e:7c:e7:7f:5c:fe:e8:02:a6:9f:02:24:
                    39:66:b0:19:13:12:77:f8:7c:b8:b5:12:58:46:91:
                    fc:72:61:84:a9:8c:d8:18:92:28:3f:39:e3:17:37:
                    71:63:b7:d6:13:70:f2:7d:d9:dd:43:67:c3:33:1a:
                    17:d0:42:92:86:09:a8:23:f9:02:31:85:78:f6:e2:
                    84:6f:63:8b:3f:cc:31:bd:ff:c9:5c:5a:72:94:95:
                    42:74:41:2b:5f:3f:5f:47:51:dc:5c:ec:1e:8c:2d:
                    8d:7c:de:14:1d:60:06:5c:3f:9e:81:f1:6a:98:dc:
                    00:39:fa:7d:69:c8:c8:2e:52:ec:c4:9a:8c:cc:21:
                    e7:70:1e:58:87:fe:45:f5:77:e2:22:90:39:d2:8b:
                    cf:65:e8:22:18:c8:5a:6f:51:ba:ac:e6:da:a2:36:
                    3f:77:07:f9:b8:50:b3:1d:ba:17:46:cf:82:d9:04:
                    23:be:0c:66:9c:26:d9:aa:04:54:5d:66:e9:30:ea:
                    5e:5e:b8:62:49:35:e2:6b:b0:84:c7:7c:16:84:15:
                    f8:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:A1:3C:4D:95:E2:84:94:24:BC:0B:0B:1D:AD:AC:F7:1F:5D:75:F0
            X509v3 Authority Key Identifier:
                keyid:11:10:14:CE:8A:D3:8D:15:35:00:96:D5:49:EE:1C:58:05:D0:9D:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ERAUzorTjRU1AJbVSe4cWAXQncg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/baE8TZXihJQkvAsLHa2s9x9ddfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/d6c752-aa4b-4fa7-ab1f-91a394684644/1/ERAUzorTjRU1AJbVSe4cWAXQncg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:65:74:18:72:09:86:85:6b:30:9b:3d:78:73:ef:ec:45:56:
         5f:69:84:49:a2:60:e9:e5:c9:25:79:4a:af:b4:df:e0:22:4c:
         94:ea:fa:0e:46:02:aa:84:bb:c4:81:b9:b6:67:30:1d:fc:ea:
         89:53:fb:01:6d:92:ea:17:3e:ee:27:4b:16:91:2e:aa:34:53:
         46:80:9b:46:79:a5:f0:3b:fc:26:2b:a9:46:d3:d1:46:86:4f:
         6a:db:48:27:36:1b:f2:40:73:78:82:29:f8:63:84:c6:d3:12:
         34:e5:c2:e6:08:80:24:ec:84:fe:64:2b:36:90:45:91:f7:57:
         fe:66:95:7b:17:da:ba:d1:2e:33:ef:20:1b:68:63:fa:d7:da:
         0c:fb:75:6f:01:6d:42:3c:b5:a4:af:81:d3:3e:65:ce:f2:2a:
         ef:fb:80:d5:1c:0f:e0:64:03:16:09:71:9a:1e:48:69:b3:5b:
         d8:44:fc:cd:ac:83:57:ff:ea:69:72:18:7d:73:0c:a0:60:5d:
         20:ec:1c:24:18:fd:23:0d:26:3a:8a:41:bc:5c:4a:e5:b7:37:
         b1:05:ce:05:48:4d:d4:f1:c5:65:35:0a:ed:e7:d4:ad:2e:99:
         26:55:d4:57:7c:39:dd:e7:42:72:60:7f:4c:eb:96:8f:bc:57:
         47:ed:39:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwjLCmxmjGXuQEPdykvDBwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExMTAxNGNlOGFkMzhkMTUzNTAwOTZkNTQ5ZWUxYzU4MDVk
MDlkYzgwHhcNMjMwMTAyMDMzNTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGExM2M0ZDk1ZTI4NDk0MjRiYzBiMGIxZGFkYWNmNzFmNWQ3NWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWLbwskhJMQJbXIb+elkDQC3cId2
uyQdMWFjgQEiAhBGZyRKXWbaxR/GZ98dz04OfOd/XP7oAqafAiQ5ZrAZExJ3+Hy4
tRJYRpH8cmGEqYzYGJIoPznjFzdxY7fWE3DyfdndQ2fDMxoX0EKShgmoI/kCMYV4
9uKEb2OLP8wxvf/JXFpylJVCdEErXz9fR1HcXOwejC2NfN4UHWAGXD+egfFqmNwA
Ofp9acjILlLsxJqMzCHncB5Yh/5F9XfiIpA50ovPZegiGMhab1G6rObaojY/dwf5
uFCzHboXRs+C2QQjvgxmnCbZqgRUXWbpMOpeXrhiSTXia7CEx3wWhBX4QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2hPE2V4oSUJLwLCx2trPcfXXXwMB8GA1UdIwQY
MBaAFBEQFM6K040VNQCW1UnuHFgF0J3IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVJBVXpvclRqUlUxQUpiVlNlNGNXQVhRbmNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9kNmM3NTItYWE0Yi00ZmE3LWFiMWYt
OTFhMzk0Njg0NjQ0LzEvYmFFOFRaWGloSlFrdkFzTEhhMnM5eDlkZGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9kNmM3NTItYWE0Yi00ZmE3LWFiMWYtOTFhMzk0Njg0NjQ0
LzEvRVJBVXpvclRqUlUxQUpiVlNlNGNXQVhRbmNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYTcMA0G
CSqGSIb3DQEBCwUAA4IBAQBmZXQYcgmGhWswmz14c+/sRVZfaYRJomDp5ckleUqv
tN/gIkyU6voORgKqhLvEgbm2ZzAd/OqJU/sBbZLqFz7uJ0sWkS6qNFNGgJtGeaXw
O/wmK6lG09FGhk9q20gnNhvyQHN4gin4Y4TG0xI05cLmCIAk7IT+ZCs2kEWR91f+
ZpV7F9q60S4z7yAbaGP619oM+3VvAW1CPLWkr4HTPmXO8irv+4DVHA/gZAMWCXGa
Hkhps1vYRPzNrINX/+ppchh9cwygYF0g7BwkGP0jDSY6ikG8XErltzexBc4FSE3U
8cVlNQrt59StLpkmVdRXfDnd50JyYH9M65aPvFdH7Tk/
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:08 2024 by rpki-client on console-fra.rpki-client.org