Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-UVYy4DCmWQcXDa1hJhHOLO84WE.roa
File:                     1-UVYy4DCmWQcXDa1hJhHOLO84WE.roa (raw, json)
Hash identifier:          saYcnKKil6KCHLAkz/q+SIu7HrRqEaOlOEXKwDykv98=
Subject key identifier:   F9:45:58:CB:80:C2:99:64:1C:5C:36:B5:84:98:47:38:B3:BC:E1:61
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018EE6A3A2C023985775C0453AE706D06C1A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-UVYy4DCmWQcXDa1hJhHOLO84WE.roa
Signing time:             Tue 16 Apr 2024 11:21:07 +0000
ROA not before:           Tue 16 Apr 2024 11:21:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        87.120.68.0/23 maxlen: 24
                          87.121.60.0/24 maxlen: 24
                          93.123.74.0/23 maxlen: 23
                          93.123.74.0/24 maxlen: 24
                          93.123.75.0/24 maxlen: 24
                          185.252.160.0/23 maxlen: 24
                          193.148.253.0/24 maxlen: 24
                          212.87.205.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 22 Apr 2024 10:44:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e6:a3:a2:c0:23:98:57:75:c0:45:3a:e7:06:d0:6c:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 16 11:21:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f94558cb80c299641c5c36b584984738b3bce161
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3b:b6:a6:aa:bd:75:49:d5:cb:29:7a:ba:d0:
                    71:77:31:7d:58:55:c2:4a:0e:a7:56:44:e0:f5:83:
                    87:bf:9a:f1:80:e7:b3:e7:b2:61:6e:d7:f5:c4:c5:
                    2c:e4:30:47:b0:a0:6b:90:fe:99:47:7d:44:0a:7b:
                    97:29:7a:ab:ee:b7:93:e9:e5:24:07:dc:d2:99:20:
                    5a:95:0f:83:c9:ed:4a:35:22:e4:e1:d9:56:eb:b8:
                    58:cc:06:ab:bc:ee:79:67:ef:84:07:8a:4d:48:b8:
                    e9:40:01:8d:12:6e:5c:0e:38:71:64:e9:ad:97:dd:
                    bb:a1:ef:6c:60:78:43:ff:4c:ad:36:57:2c:4e:d7:
                    8f:7a:0b:7c:b4:14:17:bc:0b:cf:2f:d1:e2:79:84:
                    00:c1:5f:66:bb:5b:87:d5:e1:f0:bd:68:66:18:82:
                    37:2d:a3:17:32:dc:df:98:97:2b:8e:97:20:f1:4c:
                    ee:f0:e7:64:e7:ba:1d:de:d4:ce:f6:62:8a:f3:85:
                    8d:2e:bd:af:08:7d:7a:4d:c1:eb:33:b0:a9:46:8f:
                    c8:f4:6e:f6:7d:cf:af:3f:76:34:b9:5f:e3:c1:50:
                    57:a7:a0:95:53:2a:4b:32:49:52:3a:6e:23:16:fb:
                    f1:a1:ae:9b:b8:e4:34:ae:55:fb:bf:80:13:19:a2:
                    71:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:45:58:CB:80:C2:99:64:1C:5C:36:B5:84:98:47:38:B3:BC:E1:61
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-UVYy4DCmWQcXDa1hJhHOLO84WE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.120.68.0/23
                  87.121.60.0/24
                  93.123.74.0/23
                  185.252.160.0/23
                  193.148.253.0/24
                  212.87.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:af:27:d9:ac:c2:c4:9c:43:76:3e:26:39:02:d6:ea:e3:f7:
         97:02:9f:a1:a4:37:03:3b:e3:29:65:76:cd:ac:b1:af:8f:9e:
         85:f5:ed:ae:9d:9c:ee:f4:e0:41:3f:17:f9:a8:64:72:0a:4d:
         80:2b:e3:39:e8:e0:f8:26:32:94:46:35:2d:4d:2b:f7:45:c7:
         57:72:43:0c:ec:cb:28:4c:5f:39:f2:4a:2d:36:39:b2:86:1f:
         8e:f7:23:cb:e5:31:2b:c0:c3:9f:66:b7:ab:4e:5d:73:be:07:
         b6:52:7e:49:86:ae:77:23:89:86:e8:74:bf:e3:dc:11:f2:4e:
         03:0c:6a:cd:9d:3e:68:bb:98:82:34:a1:15:e7:43:7b:b5:74:
         52:03:db:15:f7:8c:c3:ff:ca:16:e2:ee:bc:6e:ae:f6:53:c2:
         cb:1a:58:e1:b7:d5:56:87:5e:ee:3c:b6:49:f1:dd:63:9c:8a:
         be:83:13:88:4d:e4:c9:d9:68:b8:74:c3:66:a9:9b:b0:1b:f0:
         52:78:e5:45:fb:6c:81:b9:91:e0:6b:82:08:c9:3b:84:88:aa:
         4f:fc:94:93:8f:52:a7:16:d1:46:03:1c:c5:b9:6d:c9:37:85:
         10:d8:26:c6:b3:b5:02:b1:f0:05:09:72:49:03:e4:c9:59:2b:
         bd:76:c0:fb
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgISAY7mo6LAI5hXdcBFOucG0GwaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDE2MTEyMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQ1NThjYjgwYzI5OTY0MWM1YzM2YjU4NDk4NDczOGIzYmNlMTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTu2pqq9dUnVyyl6utBxdzF9WFXC
Sg6nVkTg9YOHv5rxgOez57Jhbtf1xMUs5DBHsKBrkP6ZR31ECnuXKXqr7reT6eUk
B9zSmSBalQ+Dye1KNSLk4dlW67hYzAarvO55Z++EB4pNSLjpQAGNEm5cDjhxZOmt
l927oe9sYHhD/0ytNlcsTtePegt8tBQXvAvPL9HieYQAwV9mu1uH1eHwvWhmGII3
LaMXMtzfmJcrjpcg8Uzu8Odk57od3tTO9mKK84WNLr2vCH16TcHrM7CpRo/I9G72
fc+vP3Y0uV/jwVBXp6CVUypLMklSOm4jFvvxoa6buOQ0rlX7v4ATGaJx8wIDAQAB
o4ICKDCCAiQwHQYDVR0OBBYEFPlFWMuAwplkHFw2tYSYRzizvOFhMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1VVll5NERDbVdRY1hEYTFoSmhIT0xPODRXRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA9BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAVd4RAME
AFd5PAMEAV17SgMEAbn8oAMEAMGU/QMEANRXzTANBgkqhkiG9w0BAQsFAAOCAQEA
Ja8n2azCxJxDdj4mOQLW6uP3lwKfoaQ3AzvjKWV2zayxr4+ehfXtrp2c7vTgQT8X
+ahkcgpNgCvjOejg+CYylEY1LU0r90XHV3JDDOzLKExfOfJKLTY5soYfjvcjy+Ux
K8DDn2a3q05dc74HtlJ+SYaudyOJhuh0v+PcEfJOAwxqzZ0+aLuYgjShFedDe7V0
UgPbFfeMw//KFuLuvG6u9lPCyxpY4bfVVode7jy2SfHdY5yKvoMTiE3kydlouHTD
ZqmbsBvwUnjlRftsgbmR4GuCCMk7hIiqT/yUk49SpxbRRgMcxbltyTeFENgmxrO1
ArHwBQlySQPkyVkrvXbA+w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:56 2024 by rpki-client on console-fra.rpki-client.org