Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/czRcOxNcLfIPU0znbeTP4Y5EGr4.roa
File:                     czRcOxNcLfIPU0znbeTP4Y5EGr4.roa (raw, json)
Hash identifier:          p7pObN0hLnKgBaOdXpPmksLNPLrNPYUODa/98HN4R6g=
Subject key identifier:   73:34:5C:3B:13:5C:2D:F2:0F:53:4C:E7:6D:E4:CF:E1:8E:44:1A:BE
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018DC1F20A74C7F3B66B8BA06C279108DEE1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/czRcOxNcLfIPU0znbeTP4Y5EGr4.roa
Signing time:             Mon 19 Feb 2024 15:18:01 +0000
ROA not before:           Mon 19 Feb 2024 15:18:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.8.94.0/24 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          87.121.147.0/24 maxlen: 24
                          91.92.26.0/24 maxlen: 24
                          93.123.74.0/23 maxlen: 23
                          185.252.160.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Tue 20 Feb 2024 14:23:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c1:f2:0a:74:c7:f3:b6:6b:8b:a0:6c:27:91:08:de:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb 19 15:18:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73345c3b135c2df20f534ce76de4cfe18e441abe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:73:54:b0:4c:a9:bd:99:c1:67:58:06:f0:c8:
                    be:e5:73:45:c6:f0:d6:a3:74:7b:f2:78:c2:40:f6:
                    5c:e4:8d:a3:d2:a3:71:38:81:af:78:ab:1a:85:44:
                    44:ee:3e:8a:dd:f9:4e:66:0e:c5:13:c5:fa:db:5a:
                    8b:d8:a9:da:c9:4b:7b:79:0a:42:20:6c:76:b4:32:
                    a9:47:3b:88:6d:74:ee:e5:ff:3e:4e:50:6b:f7:34:
                    6c:06:35:62:3f:74:b1:1c:65:38:6d:c1:8d:5f:d0:
                    89:36:58:c6:36:92:b0:98:f0:56:8a:ec:25:88:62:
                    7a:33:24:2b:12:7e:66:04:aa:7e:5b:eb:17:8d:f8:
                    fe:fb:65:a9:34:53:0a:d8:89:86:a3:c2:72:6d:d2:
                    56:ef:85:57:8a:5f:97:78:8e:c2:4c:26:a1:cb:70:
                    06:d3:8b:e0:29:b1:aa:bd:0c:5a:c7:1d:c2:0c:5e:
                    80:12:bb:98:79:56:b2:f8:b1:61:1a:94:d0:f4:3b:
                    23:f7:d4:4e:40:5d:03:4d:c8:16:9b:ff:bc:63:c5:
                    c8:98:dd:56:ff:b2:36:ab:d5:f9:52:27:3b:ce:e5:
                    eb:18:69:39:9f:24:81:22:51:11:15:73:ea:ef:8f:
                    22:80:70:5a:83:34:ec:ba:73:e1:19:95:24:06:45:
                    9f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:34:5C:3B:13:5C:2D:F2:0F:53:4C:E7:6D:E4:CF:E1:8E:44:1A:BE
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/czRcOxNcLfIPU0znbeTP4Y5EGr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.94.0/24
                  87.120.68.0/23
                  87.121.147.0/24
                  91.92.26.0/24
                  93.123.74.0/23
                  185.252.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:bc:10:05:31:d2:f1:00:03:5d:11:81:30:e2:31:e5:4f:9b:
         a1:3b:2d:52:b2:7e:94:d5:ec:c9:97:d2:ed:4a:23:cf:d3:f3:
         4d:27:4d:82:b2:da:f5:fa:17:6e:5f:d7:c3:52:05:e4:af:bd:
         51:1d:06:bf:05:de:bd:bc:a5:c2:13:44:14:0e:b0:00:06:e2:
         eb:35:3c:5c:c2:2e:c8:02:cc:da:b7:b0:c6:f6:17:1c:02:e1:
         4b:04:8b:54:22:b5:5b:06:90:59:c4:f0:68:52:5c:7d:8c:76:
         96:84:84:84:28:89:7f:1c:1e:08:29:73:18:b1:fa:4b:3d:db:
         dc:ea:41:d9:9b:43:bf:5d:bb:1a:a9:8d:0f:1c:b2:af:52:b5:
         c1:f6:e7:13:41:5a:71:89:34:b4:9b:da:27:cd:02:94:78:1b:
         9b:e2:66:1c:8d:40:d1:ee:d7:a1:30:1b:ab:74:70:34:b4:c3:
         40:28:00:82:fc:6a:ef:26:9e:c4:a3:80:73:93:89:f7:db:03:
         5e:d6:08:17:36:8b:2b:79:a8:9c:80:12:ad:10:94:7d:84:68:
         88:1e:53:36:06:db:82:69:df:4d:82:8c:9f:8b:b0:51:23:e5:
         49:8f:d5:66:a5:7d:47:a8:b4:91:aa:be:47:7b:3e:a9:17:f8:
         bd:de:3a:d9
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY3B8gp0x/O2a4ugbCeRCN7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjE5MTUxODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM0NWMzYjEzNWMyZGYyMGY1MzRjZTc2ZGU0Y2ZlMThlNDQxYWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXNUsEypvZnBZ1gG8Mi+5XNFxvDW
o3R78njCQPZc5I2j0qNxOIGveKsahURE7j6K3flOZg7FE8X621qL2KnayUt7eQpC
IGx2tDKpRzuIbXTu5f8+TlBr9zRsBjViP3SxHGU4bcGNX9CJNljGNpKwmPBWiuwl
iGJ6MyQrEn5mBKp+W+sXjfj++2WpNFMK2ImGo8JybdJW74VXil+XeI7CTCahy3AG
04vgKbGqvQxaxx3CDF6AEruYeVay+LFhGpTQ9Dsj99ROQF0DTcgWm/+8Y8XImN1W
/7I2q9X5Uic7zuXrGGk5nySBIlERFXPq748igHBagzTsunPhGZUkBkWfowIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHM0XDsTXC3yD1NM523kz+GORBq+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvY3pSY094TmNMZklQVTB6bmJlVFA0WTVFR3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALQheAwQB
V3hEAwQAV3mTAwQAW1waAwQBXXtKAwQBufygMA0GCSqGSIb3DQEBCwUAA4IBAQB7
vBAFMdLxAANdEYEw4jHlT5uhOy1Ssn6U1ezJl9LtSiPP0/NNJ02Cstr1+hduX9fD
UgXkr71RHQa/Bd69vKXCE0QUDrAABuLrNTxcwi7IAszat7DG9hccAuFLBItUIrVb
BpBZxPBoUlx9jHaWhISEKIl/HB4IKXMYsfpLPdvc6kHZm0O/XbsaqY0PHLKvUrXB
9ucTQVpxiTS0m9onzQKUeBub4mYcjUDR7tehMBurdHA0tMNAKACC/GrvJp7Eo4Bz
k4n32wNe1ggXNosreaicgBKtEJR9hGiIHlM2BtuCad9Ngoyfi7BRI+VJj9VmpX1H
qLSRqr5Hez6pF/i93jrZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:38 2024 by rpki-client on console-ams.rpki-client.org