Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/f17722-e58b-4452-8135-eaa5acf35fd1/1/P1wS4MkrS2WWM-sOuRvZWPr7D2E.roa
File:                     P1wS4MkrS2WWM-sOuRvZWPr7D2E.roa (raw, json)
Hash identifier:          PN1AVczucLVeljCRaffkRkugFzmUp/5YUs/obQqxzDA=
Subject key identifier:   3F:5C:12:E0:C9:2B:4B:65:96:33:EB:0E:B9:1B:D9:58:FA:FB:0F:61
Certificate issuer:       /CN=9cd67d1033ca472b5bb80fd596bb836d12e22261
Certificate serial:       01856DCAF8B65B29DF40AC8EAC4C75A79398
Authority key identifier: 9C:D6:7D:10:33:CA:47:2B:5B:B8:0F:D5:96:BB:83:6D:12:E2:22:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nNZ9EDPKRytbuA_VlruDbRLiImE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/f17722-e58b-4452-8135-eaa5acf35fd1/1/P1wS4MkrS2WWM-sOuRvZWPr7D2E.roa
Signing time:             Sun 01 Jan 2023 14:44:56 +0000
ROA not before:           Sun 01 Jan 2023 14:44:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208710
IP address blocks:        45.66.0.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 02 Oct 2023 09:50:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:ca:f8:b6:5b:29:df:40:ac:8e:ac:4c:75:a7:93:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cd67d1033ca472b5bb80fd596bb836d12e22261
        Validity
            Not Before: Jan  1 14:44:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3f5c12e0c92b4b659633eb0eb91bd958fafb0f61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:0b:89:d5:38:b5:71:58:34:5d:ed:b7:68:64:
                    21:40:28:52:b5:c0:f2:e8:ca:38:a1:4c:21:33:ed:
                    df:4d:7d:79:01:31:f4:3b:6c:d5:18:d8:57:2f:86:
                    e5:1f:a9:4e:b6:19:83:8e:09:0e:1d:b1:f2:20:13:
                    93:18:40:f2:26:21:0a:99:f9:3f:09:84:bf:fd:39:
                    95:5c:53:5c:e2:79:9f:a0:13:ad:0a:ab:a5:f2:3c:
                    6e:d6:f4:96:78:1c:3c:b5:66:89:13:8d:60:91:04:
                    27:79:e9:68:32:d3:a9:c9:38:e1:a3:96:6b:f8:c8:
                    f4:5f:61:2c:d3:4b:2f:8f:e8:2f:a2:74:0f:97:39:
                    53:04:36:57:6d:d7:f3:b8:2e:3e:b9:7d:2f:84:fb:
                    83:89:3e:b4:19:5c:42:ac:9a:5b:02:4d:ac:53:17:
                    8c:51:99:d9:08:81:7c:b4:6d:4f:3f:1b:28:25:86:
                    ea:a8:6b:5f:69:cc:dc:cb:d3:80:02:c7:1b:b7:8a:
                    8a:1d:bd:d8:7a:81:cc:a3:f6:c4:56:5f:8a:0d:af:
                    de:ef:2a:79:30:ab:47:9f:09:fa:f0:90:f0:17:92:
                    95:f3:2a:ed:06:91:79:85:ae:1f:23:7e:24:7d:fa:
                    29:83:a3:ba:43:2d:16:a5:98:c9:4f:4d:6f:75:aa:
                    ff:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5C:12:E0:C9:2B:4B:65:96:33:EB:0E:B9:1B:D9:58:FA:FB:0F:61
            X509v3 Authority Key Identifier:
                keyid:9C:D6:7D:10:33:CA:47:2B:5B:B8:0F:D5:96:BB:83:6D:12:E2:22:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nNZ9EDPKRytbuA_VlruDbRLiImE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/f17722-e58b-4452-8135-eaa5acf35fd1/1/P1wS4MkrS2WWM-sOuRvZWPr7D2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/f17722-e58b-4452-8135-eaa5acf35fd1/1/nNZ9EDPKRytbuA_VlruDbRLiImE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:37:be:31:da:d7:3e:39:21:f8:5d:c8:47:31:f8:42:9b:3d:
         0f:7a:ab:6c:e6:48:f2:b5:49:c6:ac:b0:f5:cf:6a:d1:95:3b:
         6c:8f:66:2b:5b:4a:30:14:5d:74:11:c5:a1:4e:cb:f9:03:56:
         6e:1b:32:3b:86:7d:ca:83:a1:0f:29:69:06:76:a3:21:1c:d7:
         88:41:c8:1b:47:a2:15:95:ac:6b:e3:44:b3:2d:f4:0c:db:73:
         7e:d4:0b:a9:ff:80:69:e7:13:9f:fa:d2:82:cc:6e:e4:5a:87:
         5c:f6:4e:5b:24:e4:f3:79:d0:c1:fc:02:95:db:fd:bf:3f:3f:
         0e:40:7d:6a:2b:b5:68:f4:78:f1:a3:e3:83:80:8e:aa:d7:97:
         30:27:f4:3f:d3:96:00:8e:be:0e:60:40:4d:02:81:4a:24:fd:
         75:99:cf:2a:34:f6:35:9f:b9:13:f3:3e:ff:7a:cb:17:fa:30:
         68:e2:c5:d4:26:90:43:f9:bf:e1:4c:69:1c:06:84:f9:f8:56:
         4a:1a:52:77:af:18:4f:5b:c6:bd:07:98:bd:2d:b6:4c:0e:fa:
         9f:31:4c:68:bc:a9:25:7e:53:3f:97:eb:db:1b:42:26:2c:f8:
         2b:75:8e:2e:68:48:45:ac:c2:75:c2:c9:cc:f9:0c:f7:d4:60:
         bc:f4:bf:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtyvi2WynfQKyOrEx1p5OYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljZDY3ZDEwMzNjYTQ3MmI1YmI4MGZkNTk2YmI4MzZkMTJl
MjIyNjEwHhcNMjMwMTAxMTQ0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjVjMTJlMGM5MmI0YjY1OTYzM2ViMGViOTFiZDk1OGZhZmIwZjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAuJ1Ti1cVg0Xe23aGQhQChStcDy
6Mo4oUwhM+3fTX15ATH0O2zVGNhXL4blH6lOthmDjgkOHbHyIBOTGEDyJiEKmfk/
CYS//TmVXFNc4nmfoBOtCqul8jxu1vSWeBw8tWaJE41gkQQneeloMtOpyTjho5Zr
+Mj0X2Es00svj+gvonQPlzlTBDZXbdfzuC4+uX0vhPuDiT60GVxCrJpbAk2sUxeM
UZnZCIF8tG1PPxsoJYbqqGtfaczcy9OAAscbt4qKHb3YeoHMo/bEVl+KDa/e7yp5
MKtHnwn68JDwF5KV8yrtBpF5ha4fI34kffopg6O6Qy0WpZjJT01vdar/YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9cEuDJK0tlljPrDrkb2Vj6+w9hMB8GA1UdIwQY
MBaAFJzWfRAzykcrW7gP1Za7g20S4iJhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk5aOUVEUEtSeXRidUFfVmxydURiUkxpSW1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9mMTc3MjItZTU4Yi00NDUyLTgxMzUt
ZWFhNWFjZjM1ZmQxLzEvUDF3UzRNa3JTMldXTS1zT3VSdlpXUHI3RDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9mMTc3MjItZTU4Yi00NDUyLTgxMzUtZWFhNWFjZjM1ZmQx
LzEvbk5aOUVEUEtSeXRidUFfVmxydURiUkxpSW1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUIAMA0G
CSqGSIb3DQEBCwUAA4IBAQBDN74x2tc+OSH4XchHMfhCmz0Peqts5kjytUnGrLD1
z2rRlTtsj2YrW0owFF10EcWhTsv5A1ZuGzI7hn3Kg6EPKWkGdqMhHNeIQcgbR6IV
laxr40SzLfQM23N+1Aup/4Bp5xOf+tKCzG7kWodc9k5bJOTzedDB/AKV2/2/Pz8O
QH1qK7Vo9Hjxo+ODgI6q15cwJ/Q/05YAjr4OYEBNAoFKJP11mc8qNPY1n7kT8z7/
essX+jBo4sXUJpBD+b/hTGkcBoT5+FZKGlJ3rxhPW8a9B5i9LbZMDvqfMUxovKkl
flM/l+vbG0ImLPgrdY4uaEhFrMJ1wsnM+Qz31GC89L/c
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:17 2024 by rpki-client on console-ams.rpki-client.org