Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/1c0ea6-a6df-4522-8bc9-8c511698fcae/1/LjoT30VxtQ8lr01wk3ujVGp-RgI.roa
File:                     LjoT30VxtQ8lr01wk3ujVGp-RgI.roa (raw, json)
Hash identifier:          dp5aorrw6VO+cw4tTVheWfC8cAdwgXzoznXWMiYrBEw=
Subject key identifier:   2E:3A:13:DF:45:71:B5:0F:25:AF:4D:70:93:7B:A3:54:6A:7E:46:02
Certificate issuer:       /CN=97ecfbb3550bf2c7674cc52e9cbbf3a933f5e778
Certificate serial:       0185704BD22840ED2843FEB1E1073F258636
Authority key identifier: 97:EC:FB:B3:55:0B:F2:C7:67:4C:C5:2E:9C:BB:F3:A9:33:F5:E7:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l-z7s1UL8sdnTMUunLvzqTP153g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/1c0ea6-a6df-4522-8bc9-8c511698fcae/1/LjoT30VxtQ8lr01wk3ujVGp-RgI.roa
Signing time:             Mon 02 Jan 2023 02:24:55 +0000
ROA not before:           Mon 02 Jan 2023 02:24:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205362
IP address blocks:        188.212.251.0/24 maxlen: 24
                          188.215.32.0/24 maxlen: 24
                          185.216.4.0/24 maxlen: 24
                          80.240.106.0/24 maxlen: 24
                          185.216.4.0/22 maxlen: 22
                          185.216.5.0/24 maxlen: 24
                          185.216.6.0/24 maxlen: 24
                          185.216.7.0/24 maxlen: 24
                          128.0.42.0/23 maxlen: 23
                          128.0.42.0/24 maxlen: 24
                          128.0.43.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:4b:d2:28:40:ed:28:43:fe:b1:e1:07:3f:25:86:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97ecfbb3550bf2c7674cc52e9cbbf3a933f5e778
        Validity
            Not Before: Jan  2 02:24:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2e3a13df4571b50f25af4d70937ba3546a7e4602
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:86:91:66:d0:03:63:71:35:1d:a3:c2:9a:70:
                    41:b8:11:42:77:41:0d:27:7c:f8:b6:e9:ab:06:e4:
                    b9:67:3f:6a:cc:5d:d2:66:b9:52:41:1b:bb:b9:34:
                    e9:8c:08:9d:bc:e8:c4:d5:e3:a0:be:c8:86:41:fc:
                    33:1d:92:72:06:55:dd:3b:69:73:80:b0:69:eb:50:
                    a5:67:14:46:35:4c:3b:88:2c:d1:c8:dd:d2:0a:7b:
                    9d:ed:2d:da:da:d0:df:2b:56:4f:2f:fa:7a:06:f2:
                    25:23:46:63:9b:a8:19:45:8f:7f:55:d7:b7:c0:51:
                    96:3b:32:08:fd:22:ec:ef:7e:28:c1:bf:c2:b8:b9:
                    29:ab:82:f7:6a:57:d5:26:54:69:17:2a:f0:db:2d:
                    c9:06:ab:3d:fc:c1:8d:fb:82:8c:88:b1:82:34:8c:
                    6b:8b:ab:f3:fa:7e:c1:80:a1:83:b0:df:88:1c:db:
                    20:82:e6:42:80:39:5f:99:05:25:3a:2b:ad:e3:23:
                    4b:8a:3b:c8:45:07:c6:68:9a:3c:55:9a:8b:56:aa:
                    3b:ce:b0:59:a1:a0:7b:17:64:53:26:1c:cb:2f:99:
                    94:4c:8d:9c:d5:04:35:ef:96:66:42:1f:3f:5e:a3:
                    8d:c8:aa:49:73:d2:ea:f5:f9:56:ce:8f:b2:2f:3f:
                    66:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3A:13:DF:45:71:B5:0F:25:AF:4D:70:93:7B:A3:54:6A:7E:46:02
            X509v3 Authority Key Identifier:
                keyid:97:EC:FB:B3:55:0B:F2:C7:67:4C:C5:2E:9C:BB:F3:A9:33:F5:E7:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l-z7s1UL8sdnTMUunLvzqTP153g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/1c0ea6-a6df-4522-8bc9-8c511698fcae/1/LjoT30VxtQ8lr01wk3ujVGp-RgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/1c0ea6-a6df-4522-8bc9-8c511698fcae/1/l-z7s1UL8sdnTMUunLvzqTP153g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.240.106.0/24
                  128.0.42.0/23
                  185.216.4.0/22
                  188.212.251.0/24
                  188.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e2:75:a6:5b:18:84:39:c0:d7:d2:58:8c:81:01:74:41:b9:
         8e:e6:41:3e:83:a1:b2:8d:12:ce:c0:c9:45:64:bb:b4:0f:f7:
         80:52:cc:34:4a:72:ab:11:a6:80:6d:b5:fa:4d:df:a7:43:f1:
         6f:74:7b:25:3f:30:ac:7a:ad:9b:ca:11:3f:d0:8e:f9:6f:f7:
         73:23:e5:bc:b5:d2:0f:1c:9d:81:68:a5:fd:ea:7d:9a:67:d4:
         f6:7e:dd:7b:2d:f3:1d:44:ff:19:3b:fb:a8:ac:3c:cd:36:56:
         64:28:5f:d2:52:ce:52:0e:cb:22:08:6a:31:ad:06:1c:d1:b5:
         eb:3b:e5:f2:dd:ff:51:2e:9c:1c:40:8d:d5:15:8c:11:c1:16:
         38:79:7b:a4:c2:c7:47:7b:95:5d:ee:70:1a:d3:2e:b6:94:2b:
         e5:ce:69:47:63:15:e5:b3:63:e1:d5:5c:0a:e6:67:2b:26:d6:
         71:d4:b8:df:f2:b1:64:aa:c7:41:7b:e1:0a:c4:d3:bf:75:c4:
         ea:ac:d6:70:e4:75:4d:67:e8:c6:38:44:f8:00:98:d7:f7:d7:
         87:97:c2:1c:82:19:32:c7:45:ce:73:08:71:a1:e5:26:b5:22:
         6d:48:42:cc:2a:01:46:3b:47:66:2b:0b:31:35:1d:85:90:df:
         66:0e:6f:8c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVwS9IoQO0oQ/6x4Qc/JYY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZWNmYmIzNTUwYmYyYzc2NzRjYzUyZTljYmJmM2E5MzNm
NWU3NzgwHhcNMjMwMTAyMDIyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTNhMTNkZjQ1NzFiNTBmMjVhZjRkNzA5MzdiYTM1NDZhN2U0NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4aRZtADY3E1HaPCmnBBuBFCd0EN
J3z4tumrBuS5Zz9qzF3SZrlSQRu7uTTpjAidvOjE1eOgvsiGQfwzHZJyBlXdO2lz
gLBp61ClZxRGNUw7iCzRyN3SCnud7S3a2tDfK1ZPL/p6BvIlI0Zjm6gZRY9/Vde3
wFGWOzII/SLs734owb/CuLkpq4L3alfVJlRpFyrw2y3JBqs9/MGN+4KMiLGCNIxr
i6vz+n7BgKGDsN+IHNsgguZCgDlfmQUlOiut4yNLijvIRQfGaJo8VZqLVqo7zrBZ
oaB7F2RTJhzLL5mUTI2c1QQ175ZmQh8/XqONyKpJc9Lq9flWzo+yLz9mLQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFC46E99FcbUPJa9NcJN7o1RqfkYCMB8GA1UdIwQY
MBaAFJfs+7NVC/LHZ0zFLpy786kz9ed4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbC16N3MxVUw4c2RuVE1VdW5MdnpxVFAxNTNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xYzBlYTYtYTZkZi00NTIyLThiYzkt
OGM1MTE2OThmY2FlLzEvTGpvVDMwVnh0UThscjAxd2szdWpWR3AtUmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xYzBlYTYtYTZkZi00NTIyLThiYzktOGM1MTE2OThmY2Fl
LzEvbC16N3MxVUw4c2RuVE1VdW5MdnpxVFAxNTNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUPBqAwQB
gAAqAwQCudgEAwQAvNT7AwQAvNcgMA0GCSqGSIb3DQEBCwUAA4IBAQB34nWmWxiE
OcDX0liMgQF0QbmO5kE+g6GyjRLOwMlFZLu0D/eAUsw0SnKrEaaAbbX6Td+nQ/Fv
dHslPzCseq2byhE/0I75b/dzI+W8tdIPHJ2BaKX96n2aZ9T2ft17LfMdRP8ZO/uo
rDzNNlZkKF/SUs5SDssiCGoxrQYc0bXrO+Xy3f9RLpwcQI3VFYwRwRY4eXukwsdH
e5Vd7nAa0y62lCvlzmlHYxXls2Ph1VwK5mcrJtZx1Ljf8rFkqsdBe+EKxNO/dcTq
rNZw5HVNZ+jGOET4AJjX99eHl8Icghkyx0XOcwhxoeUmtSJtSELMKgFGO0dmKwsx
NR2FkN9mDm+M
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:25 2024 by rpki-client on console-ams.rpki-client.org