Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iYObkA8TIL6tlMLSxL4-Cc4ALkA.roa
File:                     iYObkA8TIL6tlMLSxL4-Cc4ALkA.roa (raw, json)
Hash identifier:          tSHBqO9gpTZga2OiagHqinVHRqKZjs24fh1Dm4R9KoE=
Subject key identifier:   89:83:9B:90:0F:13:20:BE:AD:94:C2:D2:C4:BE:3E:09:CE:00:2E:40
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01877908A5AA8D64ABA80F479F6054B54C97
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iYObkA8TIL6tlMLSxL4-Cc4ALkA.roa
Signing time:             Thu 13 Apr 2023 05:13:42 +0000
ROA not before:           Thu 13 Apr 2023 05:13:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204843
IP address blocks:        94.156.11.0/24 maxlen: 24
                          45.81.241.0/24 maxlen: 24
                          94.156.236.0/24 maxlen: 24
                          141.98.1.0/24 maxlen: 24
                          193.149.2.0/24 maxlen: 24
                          193.149.3.0/24 maxlen: 24
                          37.221.121.0/24 maxlen: 24
                          37.221.122.0/24 maxlen: 24
                          37.221.123.0/24 maxlen: 24
                          37.221.120.0/24 maxlen: 24
                          185.221.64.0/24 maxlen: 24
                          45.144.153.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 18 Apr 2023 10:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:79:08:a5:aa:8d:64:ab:a8:0f:47:9f:60:54:b5:4c:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Apr 13 05:13:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=89839b900f1320bead94c2d2c4be3e09ce002e40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d4:3f:4d:c3:62:f7:68:b0:48:37:eb:73:6f:
                    a5:f4:45:76:d9:ca:7d:c6:05:7f:8a:ea:6d:06:28:
                    22:d5:df:12:60:79:e1:40:a1:fe:2d:b3:b1:aa:46:
                    b2:38:48:e6:f8:4b:26:63:9c:ec:3b:c8:cc:68:ca:
                    61:7b:eb:69:84:df:98:5d:13:83:e6:e1:b6:27:5b:
                    c3:f3:61:85:9c:fb:78:08:51:35:4e:3e:24:75:c0:
                    bc:68:71:44:56:7b:63:b6:d0:85:89:29:36:18:e6:
                    ff:1e:1b:48:71:b0:d7:b7:cd:bb:fb:60:cc:63:f1:
                    61:8e:ac:1a:bd:0c:09:61:9f:11:6e:ef:f2:ce:09:
                    d7:16:3c:ed:eb:a2:d6:f3:5b:9c:1a:23:f6:d6:69:
                    9e:fe:7a:49:a2:fc:65:7e:ff:8d:66:42:f3:df:b2:
                    91:a3:c7:9e:fc:09:3d:63:e5:4a:84:06:80:47:54:
                    cd:d9:85:8b:4c:47:57:26:8c:25:57:95:22:5e:aa:
                    d6:d3:3b:48:d5:5d:12:1e:db:c0:d7:ce:69:7a:54:
                    d4:b0:c7:c9:1e:a7:12:77:9b:c1:0e:a7:af:63:fd:
                    44:b1:c8:a6:56:3d:5c:f2:55:38:17:94:1c:5e:6b:
                    db:b5:31:75:ae:45:0b:02:68:a0:0f:6a:50:f8:ea:
                    56:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:83:9B:90:0F:13:20:BE:AD:94:C2:D2:C4:BE:3E:09:CE:00:2E:40
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iYObkA8TIL6tlMLSxL4-Cc4ALkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.120.0/22
                  45.81.241.0/24
                  45.144.153.0/24
                  94.156.11.0/24
                  94.156.236.0/24
                  141.98.1.0/24
                  185.221.64.0/24
                  193.149.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:9a:1b:57:e4:5a:2c:c6:fa:4a:ec:53:ac:ad:dd:bc:bb:1d:
         c8:97:af:60:a6:b3:3c:b2:bb:82:25:dc:d8:5a:0a:48:3c:c0:
         1c:c8:29:12:6f:83:67:9c:65:3b:c4:87:b5:d1:6c:f4:f3:7c:
         5a:2d:bd:4d:6c:6e:77:d7:eb:5d:71:17:89:dc:62:32:65:6f:
         34:b5:69:b9:f4:86:64:86:11:46:44:56:9d:2e:dc:c6:4b:5b:
         32:89:a4:89:ae:f4:bc:17:14:cb:68:25:e2:1f:e9:79:37:36:
         e9:83:3b:ec:5b:c2:97:00:ba:b3:83:d9:72:bc:6b:99:28:de:
         9c:8b:f3:cc:79:a9:28:8b:2f:e9:41:87:43:cb:c2:9b:b9:2f:
         2d:f3:d6:58:2b:31:a7:6e:4f:7e:b0:ca:f3:79:8d:29:c9:a5:
         45:47:e0:e6:c8:fd:f8:39:d4:25:3b:1d:c4:d7:d4:ee:3a:1e:
         d8:f2:92:41:54:c5:e0:59:80:10:3f:5d:6b:8f:85:19:ba:5f:
         ca:19:4d:ff:cb:ee:80:10:e3:29:c4:86:8b:fd:1e:8b:b4:52:
         82:02:94:22:ba:05:7e:3a:7b:aa:ff:84:38:8e:9d:3c:ae:9b:
         71:15:5a:29:ae:e0:69:15:b6:e6:2e:d2:22:18:aa:e6:6f:e5:
         72:4d:3d:f0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYd5CKWqjWSrqA9Hn2BUtUyXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMDUxMzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTgzOWI5MDBmMTMyMGJlYWQ5NGMyZDJjNGJlM2UwOWNlMDAyZTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitQ/TcNi92iwSDfrc2+l9EV22cp9
xgV/iuptBigi1d8SYHnhQKH+LbOxqkayOEjm+EsmY5zsO8jMaMphe+tphN+YXROD
5uG2J1vD82GFnPt4CFE1Tj4kdcC8aHFEVntjttCFiSk2GOb/HhtIcbDXt827+2DM
Y/FhjqwavQwJYZ8Rbu/yzgnXFjzt66LW81ucGiP21mme/npJovxlfv+NZkLz37KR
o8ee/Ak9Y+VKhAaAR1TN2YWLTEdXJowlV5UiXqrW0ztI1V0SHtvA185pelTUsMfJ
HqcSd5vBDqevY/1EscimVj1c8lU4F5QcXmvbtTF1rkULAmigD2pQ+OpWHQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFImDm5APEyC+rZTC0sS+PgnOAC5AMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaVlPYmtBOFRJTDZ0bE1MU3hMNC1DYzRBTGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCJd14AwQA
LVHxAwQALZCZAwQAXpwLAwQAXpzsAwQAjWIBAwQAud1AAwQBwZUCMA0GCSqGSIb3
DQEBCwUAA4IBAQBAmhtX5FosxvpK7FOsrd28ux3Il69gprM8sruCJdzYWgpIPMAc
yCkSb4NnnGU7xIe10Wz083xaLb1NbG531+tdcReJ3GIyZW80tWm59IZkhhFGRFad
LtzGS1syiaSJrvS8FxTLaCXiH+l5NzbpgzvsW8KXALqzg9lyvGuZKN6ci/PMeako
iy/pQYdDy8KbuS8t89ZYKzGnbk9+sMrzeY0pyaVFR+DmyP34OdQlOx3E19TuOh7Y
8pJBVMXgWYAQP11rj4UZul/KGU3/y+6AEOMpxIaL/R6LtFKCApQiugV+Onuq/4Q4
jp08rptxFVopruBpFbbmLtIiGKrmb+VyTT3w
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:41 2024 by rpki-client on console-ams.rpki-client.org