Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfdlyE-Q1xuXO8yRywjwEtpbcrc.roa
File:                     tfdlyE-Q1xuXO8yRywjwEtpbcrc.roa (raw, json)
Hash identifier:          5c7sVh27kFnfd+/J2764WKSVo3E8ZsN7fEGbrHmwVqI=
Subject key identifier:   B5:F7:65:C8:4F:90:D7:1B:97:3B:CC:91:CB:08:F0:12:DA:5B:72:B7
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018843A853D5BBDFBBB2CB15B6AD35019FF7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfdlyE-Q1xuXO8yRywjwEtpbcrc.roa
Signing time:             Mon 22 May 2023 13:31:24 +0000
ROA not before:           Mon 22 May 2023 13:31:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     46308
IP address blocks:        109.206.242.0/24 maxlen: 24
                          2.59.255.0/24 maxlen: 24
                          79.110.49.0/24 maxlen: 24
                          87.121.47.0/24 maxlen: 24
                          87.120.88.0/24 maxlen: 24
                          185.252.179.0/24 maxlen: 24
                          85.208.139.0/24 maxlen: 24
                          185.246.222.0/24 maxlen: 24
                          194.59.31.0/24 maxlen: 24
                          194.59.30.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 10 Aug 2023 08:23:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:43:a8:53:d5:bb:df:bb:b2:cb:15:b6:ad:35:01:9f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May 22 13:31:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5f765c84f90d71b973bcc91cb08f012da5b72b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:31:a4:af:7f:c2:18:5a:43:ed:8b:c4:06:44:
                    48:85:c0:9e:2a:df:50:83:45:5b:c3:17:05:fa:35:
                    0d:c7:fc:3f:43:5f:44:f4:45:b8:0e:10:c1:9d:d0:
                    de:dd:cf:a0:46:7c:81:eb:25:95:e9:51:d3:44:24:
                    08:c4:d3:e8:65:95:52:20:3c:4c:f3:eb:c8:6a:d6:
                    6f:7b:22:c9:09:5b:e9:78:12:48:37:98:9d:e9:a2:
                    eb:9c:84:63:1d:56:4b:75:4a:c9:8b:df:bc:89:4b:
                    20:12:01:03:9d:5b:c6:5d:c7:43:42:01:75:2c:b0:
                    33:4f:ce:54:12:3d:66:95:66:29:64:3c:fe:92:3c:
                    73:1d:d0:b6:f3:39:01:2b:00:ea:9b:29:b7:f6:cf:
                    d2:f3:d5:f2:ff:0a:25:9f:70:37:3d:e9:84:19:21:
                    c9:f8:4d:9c:d8:91:bc:21:84:ef:48:53:70:7e:22:
                    2c:f0:cf:f1:b5:46:47:4c:16:31:3d:ba:fc:fe:1d:
                    2a:5c:4a:fa:1c:4d:ca:00:10:14:a7:6d:56:c4:cd:
                    31:7d:98:42:e7:c9:a2:0a:0e:e3:0a:50:19:d9:2a:
                    50:21:00:ee:a7:97:39:46:76:4c:85:9e:cc:4d:dd:
                    31:d7:db:89:bd:0f:f9:16:e2:c2:46:41:26:0e:1f:
                    14:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F7:65:C8:4F:90:D7:1B:97:3B:CC:91:CB:08:F0:12:DA:5B:72:B7
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tfdlyE-Q1xuXO8yRywjwEtpbcrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.255.0/24
                  79.110.49.0/24
                  85.208.139.0/24
                  87.120.88.0/24
                  87.121.47.0/24
                  109.206.242.0/24
                  185.246.222.0/24
                  185.252.179.0/24
                  194.59.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:51:82:7c:7a:3e:dd:de:ed:74:9b:4c:86:bf:7d:1a:ea:0e:
         d7:40:d8:93:40:c8:d9:28:ee:48:ce:a8:a7:22:60:a1:88:14:
         ba:fe:ce:15:ca:cf:2d:c4:c5:5d:45:39:eb:1a:11:7d:1b:5c:
         bf:e2:09:3b:fd:14:3c:bd:f7:1a:32:a3:aa:81:57:32:6c:f2:
         90:92:e8:99:a5:37:36:a7:b8:6b:0d:4c:f5:bd:ef:0b:f1:a9:
         8f:fb:89:5a:7f:6d:11:8a:56:21:1f:a0:e5:91:fc:d8:e9:b8:
         0e:49:e5:73:ea:0b:78:21:4b:c8:d6:ca:21:e5:23:7b:54:b3:
         be:7f:c3:f2:13:cf:c2:97:51:64:1b:1a:72:90:72:72:b3:2f:
         a6:f5:64:53:90:e2:9f:39:f0:d3:5a:1f:ab:2a:fa:0c:e8:4a:
         dd:f0:87:53:d2:7d:de:21:ae:ae:49:dd:0f:ee:dd:9b:f8:c0:
         7b:7d:1c:40:ee:a4:f5:a6:cd:5e:cd:ae:8d:93:52:9d:52:25:
         9a:38:56:f2:7b:1b:88:16:72:58:09:d7:41:dc:39:fd:20:5b:
         d8:e0:bd:89:a6:f7:68:4c:ab:0c:d9:ba:24:fb:07:15:30:5c:
         41:4c:7e:a2:03:39:49:f1:e5:5a:22:f3:3e:aa:b4:e8:7d:2a:
         c9:79:fa:49
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYhDqFPVu9+7sssVtq01AZ/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTIyMTMzMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY3NjVjODRmOTBkNzFiOTczYmNjOTFjYjA4ZjAxMmRhNWI3MmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jGkr3/CGFpD7YvEBkRIhcCeKt9Q
g0VbwxcF+jUNx/w/Q19E9EW4DhDBndDe3c+gRnyB6yWV6VHTRCQIxNPoZZVSIDxM
8+vIatZveyLJCVvpeBJIN5id6aLrnIRjHVZLdUrJi9+8iUsgEgEDnVvGXcdDQgF1
LLAzT85UEj1mlWYpZDz+kjxzHdC28zkBKwDqmym39s/S89Xy/woln3A3PemEGSHJ
+E2c2JG8IYTvSFNwfiIs8M/xtUZHTBYxPbr8/h0qXEr6HE3KABAUp21WxM0xfZhC
58miCg7jClAZ2SpQIQDup5c5RnZMhZ7MTd0x19uJvQ/5FuLCRkEmDh8URwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLX3ZchPkNcblzvMkcsI8BLaW3K3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdGZkbHlFLVExeHVYTzh5Unl3andFdHBiY3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjv/AwQA
T24xAwQAVdCLAwQAV3hYAwQAV3kvAwQAbc7yAwQAufbeAwQAufyzAwQBwjseMA0G
CSqGSIb3DQEBCwUAA4IBAQCdUYJ8ej7d3u10m0yGv30a6g7XQNiTQMjZKO5Izqin
ImChiBS6/s4Vys8txMVdRTnrGhF9G1y/4gk7/RQ8vfcaMqOqgVcybPKQkuiZpTc2
p7hrDUz1ve8L8amP+4laf20RilYhH6DlkfzY6bgOSeVz6gt4IUvI1soh5SN7VLO+
f8PyE8/Cl1FkGxpykHJysy+m9WRTkOKfOfDTWh+rKvoM6Erd8IdT0n3eIa6uSd0P
7t2b+MB7fRxA7qT1ps1eza6Nk1KdUiWaOFbyexuIFnJYCddB3Dn9IFvY4L2Jpvdo
TKsM2bok+wcVMFxBTH6iAzlJ8eVaIvM+qrTofSrJefpJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:20 2024 by rpki-client on console-fra.rpki-client.org