Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/ca2213-e5a1-4ad2-8a22-768d3fb08e70/1/XL7yQKMo6QsQBeVGV_5MHvX34Ks.roa
File:                     XL7yQKMo6QsQBeVGV_5MHvX34Ks.roa (raw, json)
Hash identifier:          zU5NsaxNBIw1yqgpgfas8zaTgF6FzF0OCKqGzTZyNdA=
Subject key identifier:   5C:BE:F2:40:A3:28:E9:0B:10:05:E5:46:57:FE:4C:1E:F5:F7:E0:AB
Certificate issuer:       /CN=2cf6136315a52d5247124b7cf369aafb8312227e
Certificate serial:       018CC94E62B9C4E4A8F5EB50854B70D949F3
Authority key identifier: 2C:F6:13:63:15:A5:2D:52:47:12:4B:7C:F3:69:AA:FB:83:12:22:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LPYTYxWlLVJHEkt882mq-4MSIn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/ca2213-e5a1-4ad2-8a22-768d3fb08e70/1/XL7yQKMo6QsQBeVGV_5MHvX34Ks.roa
Signing time:             Tue 02 Jan 2024 08:33:26 +0000
ROA not before:           Tue 02 Jan 2024 08:33:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200735
IP address blocks:        85.208.237.0/24 maxlen: 24
                          85.208.236.0/24 maxlen: 24
                          2a09:8e40:5000::/36 maxlen: 36
                          2a09:8e40:4000::/36 maxlen: 36
                          2a09:8e40:3000::/36 maxlen: 36
                          2a09:8e40:2000::/36 maxlen: 36
                          2a09:8e40:1000::/36 maxlen: 36
                          2a09:8e40::/36 maxlen: 36
                          2a09:8e40:6000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 07 Mar 2024 15:29:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:62:b9:c4:e4:a8:f5:eb:50:85:4b:70:d9:49:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cf6136315a52d5247124b7cf369aafb8312227e
        Validity
            Not Before: Jan  2 08:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cbef240a328e90b1005e54657fe4c1ef5f7e0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ae:8e:54:3b:65:c4:1d:8c:63:af:8a:8d:20:
                    01:a2:ec:f6:63:1d:26:81:a0:46:d3:aa:06:14:e7:
                    a4:91:19:1b:96:96:9f:6d:2a:c2:21:5f:6b:ca:f1:
                    47:b6:d5:21:9d:18:73:5a:45:01:11:af:93:77:28:
                    fe:19:ea:c2:df:9f:d8:f5:16:e0:d6:aa:e2:00:84:
                    cd:4e:3d:45:92:ad:1a:d2:15:06:85:74:2e:23:fa:
                    e3:78:41:b5:26:6c:8b:5b:ad:80:ac:22:64:cd:d9:
                    b0:0d:46:be:1b:36:d2:c6:b8:ad:7c:19:b8:7f:1b:
                    6e:5e:d2:a0:27:bd:f1:8b:10:44:65:e5:42:fa:3b:
                    15:8a:24:5d:75:f0:2a:95:66:6c:28:1e:76:ec:13:
                    1b:9c:30:d0:c6:40:20:82:3b:66:96:44:2f:72:4e:
                    2f:ec:3b:7b:69:15:e4:7f:ce:13:9d:c7:4a:61:63:
                    65:4d:14:48:51:05:7d:e0:71:46:d8:b3:95:9b:b8:
                    0a:ac:20:d9:8b:58:d8:e5:31:1f:da:06:5d:48:ca:
                    d7:96:5d:81:93:e0:57:0e:ee:0c:6d:51:24:0d:5b:
                    8a:76:37:c7:d7:72:b6:40:8a:bc:e2:a5:a6:fa:3c:
                    2e:58:1f:f5:e7:9a:66:0b:bb:0f:56:cd:2b:9c:8f:
                    ae:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:BE:F2:40:A3:28:E9:0B:10:05:E5:46:57:FE:4C:1E:F5:F7:E0:AB
            X509v3 Authority Key Identifier:
                keyid:2C:F6:13:63:15:A5:2D:52:47:12:4B:7C:F3:69:AA:FB:83:12:22:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LPYTYxWlLVJHEkt882mq-4MSIn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ca2213-e5a1-4ad2-8a22-768d3fb08e70/1/XL7yQKMo6QsQBeVGV_5MHvX34Ks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/ca2213-e5a1-4ad2-8a22-768d3fb08e70/1/LPYTYxWlLVJHEkt882mq-4MSIn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.236.0/23
                IPv6:
                  2a09:8e40::-2a09:8e40:6fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         24:26:ce:60:f9:49:f4:59:81:73:7b:4f:45:b9:d9:8d:0d:2a:
         da:5b:7a:25:d0:67:c1:5e:f4:b2:9d:04:72:b3:0f:f0:c9:4f:
         e2:3a:d3:bc:b2:b0:33:6d:19:c5:5e:7d:ae:79:90:34:a1:ff:
         10:24:30:27:a0:61:9c:d3:cc:de:49:ce:cc:94:80:78:60:a3:
         3c:c5:9b:99:92:be:b1:88:7a:c4:d8:f0:7b:7f:31:19:39:da:
         9c:25:9e:de:64:68:11:bd:52:b9:d9:81:86:62:4b:5a:f0:87:
         ec:aa:df:b4:f4:1c:86:ce:c7:a9:24:02:e5:70:ab:6d:40:57:
         b0:fc:67:6a:5b:f6:e9:88:37:0a:65:9b:c9:49:63:69:e3:ae:
         0b:b5:92:f6:b4:5e:b1:fb:e1:67:ca:38:83:1e:51:6b:2e:c9:
         f6:7b:c4:df:8b:71:cf:2d:12:26:0a:82:f8:0b:5c:1b:2e:76:
         fe:88:d4:73:6a:2d:27:c9:7b:cf:c5:e5:19:2c:d6:d9:00:76:
         a0:93:c8:71:eb:06:e2:fb:e7:2a:4d:66:17:8f:3b:82:89:57:
         36:37:76:cf:0b:96:3a:ef:e7:d8:27:68:4d:06:2b:0e:fc:58:
         0e:92:5d:19:4d:94:88:7d:e4:a3:f3:71:1f:45:0a:c7:31:b1:
         93:df:e5:84
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzJTmK5xOSo9etQhUtw2UnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZjYxMzYzMTVhNTJkNTI0NzEyNGI3Y2YzNjlhYWZiODMx
MjIyN2UwHhcNMjQwMTAyMDgzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JlZjI0MGEzMjhlOTBiMTAwNWU1NDY1N2ZlNGMxZWY1ZjdlMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA466OVDtlxB2MY6+KjSABouz2Yx0m
gaBG06oGFOekkRkblpafbSrCIV9ryvFHttUhnRhzWkUBEa+Tdyj+GerC35/Y9Rbg
1qriAITNTj1Fkq0a0hUGhXQuI/rjeEG1JmyLW62ArCJkzdmwDUa+GzbSxritfBm4
fxtuXtKgJ73xixBEZeVC+jsViiRddfAqlWZsKB527BMbnDDQxkAggjtmlkQvck4v
7Dt7aRXkf84TncdKYWNlTRRIUQV94HFG2LOVm7gKrCDZi1jY5TEf2gZdSMrXll2B
k+BXDu4MbVEkDVuKdjfH13K2QIq84qWm+jwuWB/155pmC7sPVs0rnI+uAwIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFFy+8kCjKOkLEAXlRlf+TB719+CrMB8GA1UdIwQY
MBaAFCz2E2MVpS1SRxJLfPNpqvuDEiJ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFBZVFl4V2xMVkpIRWt0ODgybXEtNE1TSW40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9jYTIyMTMtZTVhMS00YWQyLThhMjIt
NzY4ZDNmYjA4ZTcwLzEvWEw3eVFLTW82UXNRQmVWR1ZfNU1IdlgzNEtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9jYTIyMTMtZTVhMS00YWQyLThhMjItNzY4ZDNmYjA4ZTcw
LzEvTFBZVFl4V2xMVkpIRWt0ODgybXEtNE1TSW40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAMBAIAATAGAwQBVdDsMBcE
AgACMBEwDwMFBioJjkADBgQqCY5AYDANBgkqhkiG9w0BAQsFAAOCAQEAJCbOYPlJ
9FmBc3tPRbnZjQ0q2lt6JdBnwV70sp0EcrMP8MlP4jrTvLKwM20ZxV59rnmQNKH/
ECQwJ6BhnNPM3knOzJSAeGCjPMWbmZK+sYh6xNjwe38xGTnanCWe3mRoEb1SudmB
hmJLWvCH7KrftPQchs7HqSQC5XCrbUBXsPxnalv26Yg3CmWbyUljaeOuC7WS9rRe
sfvhZ8o4gx5Ray7J9nvE34txzy0SJgqC+AtcGy52/ojUc2otJ8l7z8XlGSzW2QB2
oJPIcesG4vvnKk1mF487golXNjd2zwuWOu/n2CdoTQYrDvxYDpJdGU2UiH3ko/Nx
H0UKxzGxk9/lhA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:05 2024 by rpki-client on console-fra.rpki-client.org