Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/a1f9df-c48e-497f-ad33-82faf8f3b180/1/VXPUZvLNtwrUklpbIa7shOVtyh4.roa
File:                     VXPUZvLNtwrUklpbIa7shOVtyh4.roa (raw, json)
Hash identifier:          YVc6fSnuRBjLPh0QyDUv9bRYot39X28iubH4VD5/++o=
Subject key identifier:   55:73:D4:66:F2:CD:B7:0A:D4:92:5A:5B:21:AE:EC:84:E5:6D:CA:1E
Certificate issuer:       /CN=aa8b798ce7adaeae9e70915ba2cbcf83fe65d9dd
Certificate serial:       01856C6EFC18B11272F22D8F0ED44AFEE809
Authority key identifier: AA:8B:79:8C:E7:AD:AE:AE:9E:70:91:5B:A2:CB:CF:83:FE:65:D9:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qot5jOetrq6ecJFbosvPg_5l2d0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/a1f9df-c48e-497f-ad33-82faf8f3b180/1/VXPUZvLNtwrUklpbIa7shOVtyh4.roa
Signing time:             Sun 01 Jan 2023 08:24:50 +0000
ROA not before:           Sun 01 Jan 2023 08:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210200
IP address blocks:        185.98.86.0/24 maxlen: 24
                          185.98.87.0/24 maxlen: 24
                          2.57.186.0/23 maxlen: 23
                          2.57.185.0/24 maxlen: 24
                          2.57.184.0/24 maxlen: 24
                          92.242.44.0/24 maxlen: 24
                          92.242.40.0/24 maxlen: 24
                          92.242.45.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:fc:18:b1:12:72:f2:2d:8f:0e:d4:4a:fe:e8:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa8b798ce7adaeae9e70915ba2cbcf83fe65d9dd
        Validity
            Not Before: Jan  1 08:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5573d466f2cdb70ad4925a5b21aeec84e56dca1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:1f:18:5b:8f:c9:33:6b:00:15:dd:2f:be:3f:
                    3b:f8:35:d8:7c:33:1c:bd:1d:ee:a4:a8:c2:f5:38:
                    f4:e3:67:60:4d:a8:a3:e8:a2:26:4c:d5:2e:3e:23:
                    36:09:56:ce:c5:1e:e7:2f:3c:5a:04:2c:e6:7e:d8:
                    4b:ba:da:b6:0d:09:21:7b:e8:75:a1:98:c3:8f:33:
                    19:35:ef:0d:c0:ef:5e:43:47:a7:a2:b3:6d:a4:8f:
                    4b:8f:a4:74:71:e4:f5:91:80:88:69:7d:75:7e:54:
                    73:a0:b7:36:2f:e7:9f:a7:d8:b4:7a:2a:97:17:33:
                    4f:7c:28:6f:97:f7:7b:48:25:7b:fa:76:9f:59:48:
                    d3:08:a7:e8:96:de:41:f8:8e:c4:1c:cc:94:ef:41:
                    5c:6a:38:d2:64:92:8b:f5:8b:e0:3c:04:6e:5a:b2:
                    7a:a0:a3:a3:2d:8e:ca:b7:fa:46:4f:27:21:36:94:
                    0c:59:66:bb:06:0a:19:f1:d5:02:35:9a:d8:0e:a2:
                    d4:93:a9:0d:4e:68:c3:49:61:30:28:04:a0:8f:cd:
                    09:dd:e9:23:40:d6:e9:5f:ea:6a:34:e2:ba:9e:db:
                    03:f2:57:40:e5:e3:2b:a5:18:df:d2:03:c4:27:55:
                    24:2f:fb:79:46:18:d0:b4:8e:8a:ac:c8:cf:73:a1:
                    95:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:73:D4:66:F2:CD:B7:0A:D4:92:5A:5B:21:AE:EC:84:E5:6D:CA:1E
            X509v3 Authority Key Identifier:
                keyid:AA:8B:79:8C:E7:AD:AE:AE:9E:70:91:5B:A2:CB:CF:83:FE:65:D9:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qot5jOetrq6ecJFbosvPg_5l2d0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/a1f9df-c48e-497f-ad33-82faf8f3b180/1/VXPUZvLNtwrUklpbIa7shOVtyh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/a1f9df-c48e-497f-ad33-82faf8f3b180/1/qot5jOetrq6ecJFbosvPg_5l2d0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.184.0/22
                  92.242.40.0/24
                  92.242.44.0/23
                  185.98.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:49:5d:1e:f8:33:ce:5a:eb:6d:4f:33:38:f1:94:c7:57:bc:
         da:36:78:03:21:43:b8:db:98:d8:ec:5c:74:be:cd:74:9b:f0:
         7a:c9:62:76:65:e0:58:87:c9:be:44:51:33:fb:9f:7a:32:70:
         80:ae:1c:1d:b4:4c:aa:54:f8:8f:5a:93:80:87:5c:8e:d2:13:
         f6:f6:c3:07:2c:80:cb:2f:f0:69:81:5f:84:08:15:b6:68:fe:
         be:9e:99:12:c8:17:f2:5a:63:83:3c:49:8b:d2:92:0f:d7:d3:
         15:32:6e:30:b7:18:0b:a1:95:40:61:31:32:67:f3:08:08:b7:
         7f:15:d2:64:33:6b:2b:4d:a5:63:6c:7a:6a:e7:e8:0b:3b:e6:
         24:a0:46:ce:a8:5f:32:aa:d9:4a:57:8b:41:de:a4:31:77:8b:
         e2:ed:f4:e6:c7:db:70:07:dd:7e:f9:80:30:79:89:1f:8d:24:
         9a:8d:cf:27:4b:b9:ba:cb:d2:ae:c1:23:ba:38:eb:98:30:61:
         f1:cf:63:aa:29:36:51:c8:c8:e9:bf:eb:7f:bc:8f:c0:dd:a3:
         54:19:c2:64:fb:e3:24:07:e3:81:72:e5:c2:5f:58:6d:44:ff:
         6c:ec:39:0e:df:ee:c5:8f:10:5a:e7:56:e6:79:3f:6a:06:c6:
         59:0d:3c:5c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVsbvwYsRJy8i2PDtRK/ugJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhOGI3OThjZTdhZGFlYWU5ZTcwOTE1YmEyY2JjZjgzZmU2
NWQ5ZGQwHhcNMjMwMTAxMDgyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTczZDQ2NmYyY2RiNzBhZDQ5MjVhNWIyMWFlZWM4NGU1NmRjYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkR8YW4/JM2sAFd0vvj87+DXYfDMc
vR3upKjC9Tj042dgTaij6KImTNUuPiM2CVbOxR7nLzxaBCzmfthLutq2DQkhe+h1
oZjDjzMZNe8NwO9eQ0enorNtpI9Lj6R0ceT1kYCIaX11flRzoLc2L+efp9i0eiqX
FzNPfChvl/d7SCV7+nafWUjTCKfolt5B+I7EHMyU70FcajjSZJKL9YvgPARuWrJ6
oKOjLY7Kt/pGTychNpQMWWa7BgoZ8dUCNZrYDqLUk6kNTmjDSWEwKASgj80J3ekj
QNbpX+pqNOK6ntsD8ldA5eMrpRjf0gPEJ1UkL/t5RhjQtI6KrMjPc6GVgQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFFVz1GbyzbcK1JJaWyGu7ITlbcoeMB8GA1UdIwQY
MBaAFKqLeYznra6unnCRW6LLz4P+ZdndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW90NWpPZXRycTZlY0pGYm9zdlBnXzVsMmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9hMWY5ZGYtYzQ4ZS00OTdmLWFkMzMt
ODJmYWY4ZjNiMTgwLzEvVlhQVVp2TE50d3JVa2xwYklhN3NoT1Z0eWg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9hMWY5ZGYtYzQ4ZS00OTdmLWFkMzMtODJmYWY4ZjNiMTgw
LzEvcW90NWpPZXRycTZlY0pGYm9zdlBnXzVsMmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCAjm4AwQA
XPIoAwQBXPIsAwQBuWJWMA0GCSqGSIb3DQEBCwUAA4IBAQBnSV0e+DPOWuttTzM4
8ZTHV7zaNngDIUO425jY7Fx0vs10m/B6yWJ2ZeBYh8m+RFEz+596MnCArhwdtEyq
VPiPWpOAh1yO0hP29sMHLIDLL/BpgV+ECBW2aP6+npkSyBfyWmODPEmL0pIP19MV
Mm4wtxgLoZVAYTEyZ/MICLd/FdJkM2srTaVjbHpq5+gLO+YkoEbOqF8yqtlKV4tB
3qQxd4vi7fTmx9twB91++YAweYkfjSSajc8nS7m6y9KuwSO6OOuYMGHxz2OqKTZR
yMjpv+t/vI/A3aNUGcJk++MkB+OBcuXCX1htRP9s7DkO3+7FjxBa51bmeT9qBsZZ
DTxc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:44 2024 by rpki-client on console-fra.rpki-client.org