Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kQhb-vX7ck7lX6C6GjzALR3ksRg.roa
File:                     kQhb-vX7ck7lX6C6GjzALR3ksRg.roa (raw, json)
Hash identifier:          6X279yNpoX59e9GhjQyRn3+F0nllNMG0HRKY9UBc4PU=
Subject key identifier:   91:08:5B:FA:F5:FB:72:4E:E5:5F:A0:BA:1A:3C:C0:2D:1D:E4:B1:18
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018D694E0299C7C94700F9D9FE00662A9193
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kQhb-vX7ck7lX6C6GjzALR3ksRg.roa
Signing time:             Fri 02 Feb 2024 10:12:16 +0000
ROA not before:           Fri 02 Feb 2024 10:12:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        31.13.211.0/24 maxlen: 24
                          87.120.68.0/23 maxlen: 24
                          87.121.146.0/24 maxlen: 24
                          87.121.147.0/24 maxlen: 24
                          91.92.26.0/24 maxlen: 24
                          93.123.74.0/23 maxlen: 23
                          93.123.100.0/24 maxlen: 24
                          93.123.101.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 03 Feb 2024 00:36:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:4e:02:99:c7:c9:47:00:f9:d9:fe:00:66:2a:91:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Feb  2 10:12:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91085bfaf5fb724ee55fa0ba1a3cc02d1de4b118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:39:a9:33:a1:4d:e9:01:29:a5:dd:24:44:8c:
                    ca:a4:37:f0:ef:b2:f3:09:c0:e9:dc:82:2c:a9:01:
                    09:37:9b:70:03:98:50:ec:18:6b:c0:83:c7:f7:6a:
                    47:18:24:22:50:54:cc:a0:80:2e:0a:22:93:a3:aa:
                    93:39:a1:ba:a0:19:1f:65:ed:fc:85:10:9d:cc:dd:
                    10:8d:61:7f:af:8a:8d:27:36:e7:f6:ee:3f:13:f9:
                    b2:e4:86:98:16:e9:86:c2:80:8a:ee:cc:3d:33:e4:
                    26:df:15:f5:a0:f4:54:53:a7:d4:48:ab:3e:42:81:
                    1f:6c:d7:63:e4:03:ee:1d:3f:2b:b3:2e:8e:4e:b8:
                    b3:5c:b0:f0:dd:dd:37:f1:49:7e:6f:d0:86:26:25:
                    9d:20:d3:ad:93:b9:90:98:52:12:72:69:24:a8:2f:
                    7d:94:de:0a:8f:97:75:66:b0:03:1e:32:b6:51:2b:
                    80:8b:26:33:21:35:f4:b9:fc:38:1f:1d:5c:6d:ab:
                    81:fa:29:00:00:ec:f6:6d:c8:66:ac:25:87:f5:db:
                    30:e9:9f:b5:2b:63:a4:05:0e:56:ef:77:a6:3a:24:
                    84:cb:43:ff:e5:e0:36:d3:42:d1:61:d0:64:98:fd:
                    49:25:ad:c9:fa:10:e1:0c:55:1a:8e:06:96:ba:e7:
                    d3:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:08:5B:FA:F5:FB:72:4E:E5:5F:A0:BA:1A:3C:C0:2D:1D:E4:B1:18
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kQhb-vX7ck7lX6C6GjzALR3ksRg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.211.0/24
                  87.120.68.0/23
                  87.121.146.0/23
                  91.92.26.0/24
                  93.123.74.0/23
                  93.123.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:3a:b5:52:5d:04:c3:9d:b8:17:fc:7c:c0:15:11:9f:85:bf:
         5e:93:c3:6c:da:02:8d:d5:fe:ae:35:7c:b5:69:26:db:f4:f1:
         5f:7e:4a:88:25:28:92:7d:53:c2:03:c6:c2:b4:05:a5:f6:84:
         4a:9b:bf:43:3c:3b:c1:b1:04:b5:5f:44:8f:4e:ab:55:01:15:
         a8:cb:2c:53:54:75:42:50:67:8d:2b:b0:b1:72:44:0e:4b:f0:
         41:f1:04:5a:6b:bc:70:6d:65:85:2c:64:76:50:bb:f3:f4:72:
         dd:29:09:2f:c4:cb:a5:0e:28:29:1b:c2:f2:24:8b:57:79:d3:
         34:9e:15:6b:d5:1c:43:6e:4a:27:29:f1:5b:dc:2d:a4:01:62:
         9a:3b:09:eb:90:56:78:52:fc:63:33:96:a0:a7:bc:7b:06:73:
         c2:60:38:d7:8e:b4:25:0e:83:9e:ad:60:e0:e5:4b:f4:b3:83:
         d4:76:fa:3c:b1:40:b5:aa:df:45:de:fe:94:21:a6:a4:4f:0e:
         9b:49:74:08:8c:67:25:a4:fa:ff:9a:03:85:ed:1a:36:a6:47:
         72:20:1f:b2:ac:d0:3a:02:90:a9:e0:df:f9:2d:ff:18:48:b1:
         b2:bd:82:10:ec:79:a2:5f:1f:6d:0e:39:2a:5a:79:f4:74:4c:
         92:75:9d:b7
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY1pTgKZx8lHAPnZ/gBmKpGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjAyMTAxMjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA4NWJmYWY1ZmI3MjRlZTU1ZmEwYmExYTNjYzAyZDFkZTRiMTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTmpM6FN6QEppd0kRIzKpDfw77Lz
CcDp3IIsqQEJN5twA5hQ7BhrwIPH92pHGCQiUFTMoIAuCiKTo6qTOaG6oBkfZe38
hRCdzN0QjWF/r4qNJzbn9u4/E/my5IaYFumGwoCK7sw9M+Qm3xX1oPRUU6fUSKs+
QoEfbNdj5APuHT8rsy6OTrizXLDw3d038Ul+b9CGJiWdINOtk7mQmFIScmkkqC99
lN4Kj5d1ZrADHjK2USuAiyYzITX0ufw4Hx1cbauB+ikAAOz2bchmrCWH9dsw6Z+1
K2OkBQ5W73emOiSEy0P/5eA200LRYdBkmP1JJa3J+hDhDFUajgaWuufTUwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFJEIW/r1+3JO5V+guho8wC0d5LEYMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva1FoYi12WDdjazdsWDZDNkdqekFMUjNrc1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAHw3TAwQB
V3hEAwQBV3mSAwQAW1waAwQBXXtKAwQBXXtkMA0GCSqGSIb3DQEBCwUAA4IBAQBZ
OrVSXQTDnbgX/HzAFRGfhb9ek8Ns2gKN1f6uNXy1aSbb9PFffkqIJSiSfVPCA8bC
tAWl9oRKm79DPDvBsQS1X0SPTqtVARWoyyxTVHVCUGeNK7CxckQOS/BB8QRaa7xw
bWWFLGR2ULvz9HLdKQkvxMulDigpG8LyJItXedM0nhVr1RxDbkonKfFb3C2kAWKa
OwnrkFZ4UvxjM5agp7x7BnPCYDjXjrQlDoOerWDg5Uv0s4PUdvo8sUC1qt9F3v6U
IaakTw6bSXQIjGclpPr/mgOF7Ro2pkdyIB+yrNA6ApCp4N/5Lf8YSLGyvYIQ7Hmi
Xx9tDjkqWnn0dEySdZ23
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:17 2024 by rpki-client on console-fra.rpki-client.org