Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/kRiE99fnfBRs7un_HbtrBd7NPxg.roa
File:                     kRiE99fnfBRs7un_HbtrBd7NPxg.roa (raw, json)
Hash identifier:          tDrO1rbHN3IoUqWcParkJMQK1HbVaw7/t3G3k8rrtGA=
Subject key identifier:   91:18:84:F7:D7:E7:7C:14:6C:EE:E9:FF:1D:BB:6B:05:DE:CD:3F:18
Certificate issuer:       /CN=27280cc534516d1c1d9ea024eaafbd01fdc68c97
Certificate serial:       01857246D9EF7F902D5DA63D75BCCABA375A
Authority key identifier: 27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/kRiE99fnfBRs7un_HbtrBd7NPxg.roa
Signing time:             Mon 02 Jan 2023 11:38:43 +0000
ROA not before:           Mon 02 Jan 2023 11:38:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39238
IP address blocks:        185.38.160.0/22 maxlen: 32
                          194.36.148.0/22 maxlen: 32
                          79.143.64.0/22 maxlen: 32
                          79.143.76.0/22 maxlen: 32
                          217.29.50.0/23 maxlen: 32
                          217.29.52.0/22 maxlen: 32
                          217.29.56.0/21 maxlen: 32
                          2a0c:f540::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:d9:ef:7f:90:2d:5d:a6:3d:75:bc:ca:ba:37:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27280cc534516d1c1d9ea024eaafbd01fdc68c97
        Validity
            Not Before: Jan  2 11:38:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=911884f7d7e77c146ceee9ff1dbb6b05decd3f18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:9c:bd:e9:cc:bd:49:a9:d2:c3:06:20:12:2a:
                    76:bb:c9:e9:07:9a:e8:12:9f:ae:ce:61:f5:b8:b0:
                    57:ae:0d:52:e3:b2:5e:87:d3:e4:0c:7c:7c:c3:72:
                    aa:76:a6:a7:b0:c3:d5:e0:d8:55:b0:b1:8f:b4:05:
                    d2:f6:cf:66:e6:46:75:e2:66:dc:7b:a4:b7:43:16:
                    76:b8:7e:41:09:1f:f2:c4:3b:9d:16:88:8f:af:97:
                    22:a6:d9:6f:cb:6c:7c:f3:6d:d9:62:98:a9:f5:7b:
                    34:d5:e9:c1:bc:ef:59:ac:a0:d6:1a:9d:9e:23:f2:
                    63:dc:f9:89:1d:f1:a3:d1:ce:0b:70:47:48:55:52:
                    e8:3c:82:7f:be:84:ee:ba:29:76:3f:67:11:c3:41:
                    df:4f:be:49:0e:91:05:d5:0a:7b:06:99:ca:25:f0:
                    a9:38:6a:42:9e:16:f1:71:55:f6:da:63:34:dc:14:
                    ed:c6:a6:e1:aa:3b:cb:c3:65:14:fd:06:8b:86:4f:
                    d9:0c:e9:6e:ed:f9:c6:92:d2:1e:0a:f2:dd:31:0f:
                    51:8a:5f:d9:3b:d0:55:78:d1:b8:cc:6d:89:16:1a:
                    aa:70:4d:01:47:f8:f5:e9:bf:e1:5f:07:77:f0:3c:
                    2d:d0:4f:98:51:5e:7a:31:86:43:6e:ab:37:22:2b:
                    9a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:18:84:F7:D7:E7:7C:14:6C:EE:E9:FF:1D:BB:6B:05:DE:CD:3F:18
            X509v3 Authority Key Identifier:
                keyid:27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/kRiE99fnfBRs7un_HbtrBd7NPxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.143.64.0/22
                  79.143.76.0/22
                  185.38.160.0/22
                  194.36.148.0/22
                  217.29.50.0-217.29.63.255
                IPv6:
                  2a0c:f540::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:12:03:59:3c:1f:f8:a0:68:51:a7:86:b1:ce:9a:4c:e8:cc:
         36:9d:13:b3:31:be:cf:bd:6a:cc:f6:ab:47:65:01:45:fd:9e:
         eb:d5:a3:48:4a:b7:a0:17:59:85:cc:57:2e:71:db:c9:85:cd:
         f0:1f:6b:f6:92:84:66:62:81:12:5c:f2:fb:98:be:68:3c:40:
         c1:64:a5:1f:cb:2b:a1:cd:c2:0c:93:e4:16:18:59:87:74:7a:
         78:9f:4c:6f:dd:2e:b4:00:7b:c6:db:10:6d:6c:de:2c:9c:6c:
         f7:eb:af:32:72:74:97:dd:43:21:df:85:d5:33:c3:50:23:0d:
         6e:5a:af:8d:ab:9d:01:0f:ad:6d:6d:88:9b:53:e0:2c:91:ce:
         c3:63:fa:44:06:3c:89:05:1c:81:bc:cc:43:c9:ba:50:00:19:
         f7:fb:45:ec:f2:4c:55:03:9f:d7:8b:2e:44:6b:f7:d5:bf:8a:
         69:b4:e1:4c:14:0e:c3:87:01:17:0c:82:d5:36:e0:46:3c:ba:
         58:93:79:7c:9f:c6:0d:aa:fe:d6:e6:17:f6:ca:08:c4:92:58:
         80:00:bc:9a:d4:0c:c9:d0:ab:c4:49:1c:5d:fc:cb:c1:16:f8:
         fe:ed:1b:8f:cb:0c:16:37:85:cc:eb:f2:65:c4:d0:d5:0d:0b:
         65:f7:67:6f
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVyRtnvf5AtXaY9dbzKujdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MjgwY2M1MzQ1MTZkMWMxZDllYTAyNGVhYWZiZDAxZmRj
NjhjOTcwHhcNMjMwMTAyMTEzODQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTE4ODRmN2Q3ZTc3YzE0NmNlZWU5ZmYxZGJiNmIwNWRlY2QzZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZy96cy9SanSwwYgEip2u8npB5ro
Ep+uzmH1uLBXrg1S47Jeh9PkDHx8w3KqdqansMPV4NhVsLGPtAXS9s9m5kZ14mbc
e6S3QxZ2uH5BCR/yxDudFoiPr5ciptlvy2x8823ZYpip9Xs01enBvO9ZrKDWGp2e
I/Jj3PmJHfGj0c4LcEdIVVLoPIJ/voTuuil2P2cRw0HfT75JDpEF1Qp7BpnKJfCp
OGpCnhbxcVX22mM03BTtxqbhqjvLw2UU/QaLhk/ZDOlu7fnGktIeCvLdMQ9Ril/Z
O9BVeNG4zG2JFhqqcE0BR/j16b/hXwd38Dwt0E+YUV56MYZDbqs3IiuaWQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFJEYhPfX53wUbO7p/x27awXezT8YMB8GA1UdIwQY
MBaAFCcoDMU0UW0cHZ6gJOqvvQH9xoyXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnlnTXhUUlJiUndkbnFBazZxLTlBZjNHakpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wY2M2YjUtNTQ3Ny00OTBhLWEyOTUt
MTViNzliMDI5NDNlLzEva1JpRTk5Zm5mQlJzN3VuX0hidHJCZDdOUHhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wY2M2YjUtNTQ3Ny00OTBhLWEyOTUtMTViNzliMDI5NDNl
LzEvSnlnTXhUUlJiUndkbnFBazZxLTlBZjNHakpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQCT49AAwQC
T49MAwQCuSagAwQCwiSUMAwDBAHZHTIDBAbZHQAwDQQCAAIwBwMFAyoM9UAwDQYJ
KoZIhvcNAQELBQADggEBABASA1k8H/igaFGnhrHOmkzozDadE7Mxvs+9asz2q0dl
AUX9nuvVo0hKt6AXWYXMVy5x28mFzfAfa/aShGZigRJc8vuYvmg8QMFkpR/LK6HN
wgyT5BYYWYd0enifTG/dLrQAe8bbEG1s3iycbPfrrzJydJfdQyHfhdUzw1AjDW5a
r42rnQEPrW1tiJtT4CyRzsNj+kQGPIkFHIG8zEPJulAAGff7RezyTFUDn9eLLkRr
99W/imm04UwUDsOHARcMgtU24EY8uliTeXyfxg2q/tbmF/bKCMSSWIAAvJrUDMnQ
q8RJHF38y8EW+P7tG4/LDBY3hczr8mXE0NUNC2X3Z28=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:27 2024 by rpki-client on console-fra.rpki-client.org