Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lx1RBQ4azprwLzFWaoZpEx-upF4.roa
File:                     lx1RBQ4azprwLzFWaoZpEx-upF4.roa (raw, json)
Hash identifier:          3KilRdSDeocRJBx4KFl3cDfHSK11khdIWHpoGnzCPwU=
Subject key identifier:   97:1D:51:05:0E:1A:CE:9A:F0:2F:31:56:6A:86:69:13:1F:AE:A4:5E
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018C8D0C3E6C0B0CEDBA0964CB7D83D09059
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lx1RBQ4azprwLzFWaoZpEx-upF4.roa
Signing time:             Thu 21 Dec 2023 15:43:59 +0000
ROA not before:           Thu 21 Dec 2023 15:43:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208885
IP address blocks:        2.59.255.0/24 maxlen: 24
                          94.156.10.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:8d:0c:3e:6c:0b:0c:ed:ba:09:64:cb:7d:83:d0:90:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Dec 21 15:43:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=971d51050e1ace9af02f31566a8669131faea45e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:16:1c:75:12:47:dd:8d:16:aa:67:de:fa:24:
                    0e:4e:06:34:a3:1b:84:eb:ad:67:91:2a:7f:61:b1:
                    77:2f:0f:73:3c:09:67:fd:52:7e:f1:f6:ad:44:6d:
                    93:e8:b8:7b:64:46:14:42:87:50:12:53:a9:6f:c7:
                    75:f3:98:1d:73:d4:b3:72:5a:f5:b9:bb:7f:4d:9c:
                    d9:f4:90:66:a7:ee:6a:42:63:3d:0e:7e:ac:c7:e5:
                    6a:23:cd:da:8b:91:4a:8d:77:d4:54:9c:84:c5:05:
                    75:34:9d:cc:63:2b:a3:69:5e:8d:56:db:05:00:ef:
                    5f:3d:27:ed:f1:22:fd:4d:23:ff:cb:8b:b9:2e:0e:
                    25:43:8a:e4:b4:5b:ba:a1:b2:9b:01:f0:24:d9:7f:
                    e7:70:95:58:29:d9:d3:50:cf:3f:af:96:20:e9:7a:
                    5c:3e:71:75:97:12:a1:f5:d9:86:00:30:37:05:d3:
                    52:23:71:b1:e3:70:50:23:30:dc:33:d9:4e:26:7e:
                    26:a0:e3:4e:88:92:98:f0:fa:23:5f:2c:99:ba:f7:
                    85:18:55:ba:04:d4:cf:26:e4:32:9f:61:4e:e7:45:
                    2d:c3:2a:56:a6:05:44:29:c9:7e:06:77:be:7e:dc:
                    84:ae:64:dc:60:bc:2a:87:30:81:54:98:67:31:01:
                    0d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:1D:51:05:0E:1A:CE:9A:F0:2F:31:56:6A:86:69:13:1F:AE:A4:5E
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lx1RBQ4azprwLzFWaoZpEx-upF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.255.0/24
                  94.156.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:d8:7d:2b:c4:4c:33:d8:09:55:36:67:db:c4:92:58:e0:e9:
         d6:46:7a:42:8a:53:cc:84:78:73:b4:12:7c:98:3d:b8:37:76:
         83:69:8f:f4:d7:0d:94:66:26:c4:1f:20:58:b1:66:3c:ec:bc:
         d4:8a:84:ff:86:21:8d:53:a9:5f:e7:f5:56:04:c4:82:26:ce:
         6a:e0:ac:0f:be:67:5f:d2:a8:33:52:3c:e4:d9:b4:dc:17:56:
         28:1e:22:15:82:14:11:22:4b:e4:bb:b4:10:62:23:6c:2c:a9:
         d0:01:1a:cf:1e:b9:28:8b:f1:e5:cf:99:cf:e4:d2:0d:b9:fb:
         b4:1c:49:af:0a:bb:8f:3c:99:65:aa:b1:14:17:eb:6d:98:8a:
         b0:b5:2d:b4:dc:77:a2:e5:1e:a1:d0:08:af:37:45:0d:50:34:
         a2:12:c1:e4:f1:3c:58:f1:c2:e3:55:8c:a5:94:83:38:aa:d6:
         3f:88:cf:d5:a6:07:3d:23:15:ef:9d:67:4e:76:d1:36:d3:ff:
         9e:e7:dc:3d:18:15:28:b9:a9:98:40:18:cb:94:18:1c:c6:d8:
         99:6b:52:1d:13:af:09:c3:91:5b:48:92:ad:f9:bb:df:1d:81:
         2d:c4:8d:2f:9d:b2:b3:b6:3d:d3:29:a3:41:8d:c3:70:5d:86:
         6b:f4:72:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyNDD5sCwztuglky32D0JBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjIxMTU0MzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzFkNTEwNTBlMWFjZTlhZjAyZjMxNTY2YTg2NjkxMzFmYWVhNDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxYcdRJH3Y0Wqmfe+iQOTgY0oxuE
661nkSp/YbF3Lw9zPAln/VJ+8fatRG2T6Lh7ZEYUQodQElOpb8d185gdc9Szclr1
ubt/TZzZ9JBmp+5qQmM9Dn6sx+VqI83ai5FKjXfUVJyExQV1NJ3MYyujaV6NVtsF
AO9fPSft8SL9TSP/y4u5Lg4lQ4rktFu6obKbAfAk2X/ncJVYKdnTUM8/r5Yg6Xpc
PnF1lxKh9dmGADA3BdNSI3Gx43BQIzDcM9lOJn4moONOiJKY8PojXyyZuveFGFW6
BNTPJuQyn2FO50UtwypWpgVEKcl+Bne+ftyErmTcYLwqhzCBVJhnMQENtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJcdUQUOGs6a8C8xVmqGaRMfrqReMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbHgxUkJRNGF6cHJ3THpGV2FvWnBFeC11cEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjv/AwQA
XpwKMA0GCSqGSIb3DQEBCwUAA4IBAQC12H0rxEwz2AlVNmfbxJJY4OnWRnpCilPM
hHhztBJ8mD24N3aDaY/01w2UZibEHyBYsWY87LzUioT/hiGNU6lf5/VWBMSCJs5q
4KwPvmdf0qgzUjzk2bTcF1YoHiIVghQRIkvku7QQYiNsLKnQARrPHrkoi/Hlz5nP
5NINufu0HEmvCruPPJllqrEUF+ttmIqwtS203Hei5R6h0AivN0UNUDSiEsHk8TxY
8cLjVYyllIM4qtY/iM/Vpgc9IxXvnWdOdtE20/+e59w9GBUouamYQBjLlBgcxtiZ
a1IdE68Jw5FbSJKt+bvfHYEtxI0vnbKztj3TKaNBjcNwXYZr9HJd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:18 2024 by rpki-client on console-fra.rpki-client.org