Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3t9fuRNF3EHqxnaTU_Ks3RR9rrc.roa
File:                     3t9fuRNF3EHqxnaTU_Ks3RR9rrc.roa (raw, json)
Hash identifier:          ZXn/eyjDpomK5ZHuu0En07tE4KLtHODCM5mo/IUF8tg=
Subject key identifier:   DE:DF:5F:B9:13:45:DC:41:EA:C6:76:93:53:F2:AC:DD:14:7D:AE:B7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DDAC0DCA35D074B7F673F83AEE2B67E02
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3t9fuRNF3EHqxnaTU_Ks3RR9rrc.roa
Signing time:             Sat 24 Feb 2024 10:54:48 +0000
ROA not before:           Sat 24 Feb 2024 10:54:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.94.0/24 maxlen: 24
                          45.14.166.0/24 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          87.121.60.0/24 maxlen: 24
                          87.121.61.0/24 maxlen: 24
                          91.92.26.0/24 maxlen: 24
                          93.123.74.0/23 maxlen: 23
                          93.123.80.0/24 maxlen: 24
                          185.252.160.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Sun 25 Feb 2024 00:14:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:da:c0:dc:a3:5d:07:4b:7f:67:3f:83:ae:e2:b6:7e:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 24 10:54:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dedf5fb91345dc41eac6769353f2acdd147daeb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:88:8a:6e:a8:e6:a4:66:2b:29:b9:4b:66:26:
                    0b:c8:c3:b8:e0:87:a2:da:c0:13:d0:13:67:9c:8a:
                    2d:23:f2:f8:22:99:0d:23:89:29:33:b7:69:bc:1f:
                    5c:f9:a1:e5:40:2b:7c:08:e6:64:67:17:f2:96:06:
                    a6:74:1e:9c:a4:2c:93:c9:30:15:99:1f:54:45:22:
                    f7:d6:98:58:ee:f4:ed:5b:40:a0:f5:6e:a7:58:c0:
                    50:ec:f3:03:4d:4a:21:83:09:cf:88:09:12:0b:d1:
                    9d:32:38:35:5f:97:b5:e7:05:c3:62:a6:fb:7a:2a:
                    47:a1:89:4d:f6:9e:fc:31:a2:81:08:5a:b7:23:b9:
                    fe:b9:b1:83:db:60:92:cc:11:48:1d:8c:74:66:a9:
                    8f:76:8f:60:12:0a:10:24:b5:92:53:d6:f7:ae:0b:
                    b9:32:f1:d3:9d:bf:74:c6:29:51:d4:11:56:72:aa:
                    bc:93:df:d9:27:68:b2:f2:2a:3c:fa:d0:2f:5d:c2:
                    c0:06:c4:05:aa:8d:16:f6:3c:e1:04:e2:ae:cc:34:
                    6c:ca:f7:ea:8b:02:2c:d2:3c:9c:4b:5a:ba:2f:3f:
                    ec:09:40:9b:af:b1:ad:a0:c6:a3:c3:9d:f7:95:5c:
                    1f:ce:b0:03:71:e5:4d:16:86:97:99:5c:eb:d3:4a:
                    b0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:DF:5F:B9:13:45:DC:41:EA:C6:76:93:53:F2:AC:DD:14:7D:AE:B7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3t9fuRNF3EHqxnaTU_Ks3RR9rrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.94.0/24
                  45.14.166.0/24
                  87.120.68.0/23
                  87.121.60.0/23
                  91.92.26.0/24
                  93.123.74.0/23
                  93.123.80.0/24
                  185.252.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         71:74:b8:1b:41:d3:a9:ea:22:e5:82:b9:0a:62:48:0b:2b:c5:
         ba:66:52:88:83:77:80:5c:50:f8:05:b9:5b:3c:88:a1:38:2f:
         10:a3:cc:82:36:7f:b0:69:c6:4c:68:2d:a7:17:dd:08:64:31:
         dd:ef:90:19:27:2f:32:a1:22:93:8c:7d:14:0e:96:47:95:b2:
         25:81:41:99:c0:d6:7f:ea:eb:56:3a:7f:ef:dd:5d:3b:46:99:
         4a:9c:7d:2f:84:de:c2:f2:a5:12:7a:db:8e:39:7a:d6:ec:61:
         0b:05:ae:c0:87:34:3f:95:b6:99:19:9f:0c:89:50:f3:e5:7a:
         db:ec:6b:be:09:21:9e:87:2f:2c:2f:d8:e0:4e:e5:61:5e:21:
         c1:90:5c:b8:12:24:1c:ce:57:d3:9a:31:1f:56:fb:99:fc:a4:
         58:49:5f:fb:65:1c:21:01:b0:6a:79:25:e1:bb:55:62:f2:70:
         ca:b3:90:62:8f:8d:dd:52:80:4e:3e:d0:ed:34:d8:24:cb:68:
         2b:ff:74:0e:05:9e:3b:15:d6:af:b2:da:c4:f0:2c:9f:01:9f:
         82:35:96:2b:c2:95:98:ca:88:1c:a2:ec:16:72:37:d2:12:33:
         95:1c:ea:77:43:49:f8:6e:1f:69:50:70:65:4f:3a:f8:21:f4:
         a4:34:aa:85
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY3awNyjXQdLf2c/g67itn4CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjI0MTA1NDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWRmNWZiOTEzNDVkYzQxZWFjNjc2OTM1M2YyYWNkZDE0N2RhZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYiKbqjmpGYrKblLZiYLyMO44Iei
2sAT0BNnnIotI/L4IpkNI4kpM7dpvB9c+aHlQCt8COZkZxfylgamdB6cpCyTyTAV
mR9URSL31phY7vTtW0Cg9W6nWMBQ7PMDTUohgwnPiAkSC9GdMjg1X5e15wXDYqb7
eipHoYlN9p78MaKBCFq3I7n+ubGD22CSzBFIHYx0ZqmPdo9gEgoQJLWSU9b3rgu5
MvHTnb90xilR1BFWcqq8k9/ZJ2iy8io8+tAvXcLABsQFqo0W9jzhBOKuzDRsyvfq
iwIs0jycS1q6Lz/sCUCbr7GtoMajw533lVwfzrADceVNFoaXmVzr00qwiQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFN7fX7kTRdxB6sZ2k1PyrN0Ufa63MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM3Q5ZnVSTkYzRUhxeG5hVFVfS3MzUlI5cnJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQheAwQA
LQ6mAwQBV3hEAwQBV3k8AwQAW1waAwQBXXtKAwQAXXtQAwQBufygMA0GCSqGSIb3
DQEBCwUAA4IBAQBxdLgbQdOp6iLlgrkKYkgLK8W6ZlKIg3eAXFD4BblbPIihOC8Q
o8yCNn+wacZMaC2nF90IZDHd75AZJy8yoSKTjH0UDpZHlbIlgUGZwNZ/6utWOn/v
3V07RplKnH0vhN7C8qUSetuOOXrW7GELBa7AhzQ/lbaZGZ8MiVDz5Xrb7Gu+CSGe
hy8sL9jgTuVhXiHBkFy4EiQczlfTmjEfVvuZ/KRYSV/7ZRwhAbBqeSXhu1Vi8nDK
s5Bij43dUoBOPtDtNNgky2gr/3QOBZ47FdavstrE8CyfAZ+CNZYrwpWYyogcouwW
cjfSEjOVHOp3Q0n4bh9pUHBlTzr4IfSkNKqF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org