Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/OLNkJ0vbTphRCLVn-4MmOr2g1Tk.roa
File:                     OLNkJ0vbTphRCLVn-4MmOr2g1Tk.roa (raw, json)
Hash identifier:          mNln9pcZjb+sVHHu31uLhEkLWTP2dGaNLAfF4iPVrxo=
Subject key identifier:   38:B3:64:27:4B:DB:4E:98:51:08:B5:67:FB:83:26:3A:BD:A0:D5:39
Certificate issuer:       /CN=9ff1503210fe06ed35490b0231dbdb5967e12987
Certificate serial:       018CC9BC50750CEF754FE2D568CF05B2E557
Authority key identifier: 9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/OLNkJ0vbTphRCLVn-4MmOr2g1Tk.roa
Signing time:             Tue 02 Jan 2024 10:33:30 +0000
ROA not before:           Tue 02 Jan 2024 10:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56465
IP address blocks:        195.140.224.0/24 maxlen: 24
                          195.140.225.0/24 maxlen: 24
                          195.140.226.0/24 maxlen: 24
                          195.140.227.0/24 maxlen: 24
                          31.128.182.0/24 maxlen: 24
                          94.124.162.0/24 maxlen: 24
                          94.124.163.0/24 maxlen: 24
                          94.124.167.0/24 maxlen: 24
                          2a0c:29c1::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 11 Oct 2024 08:38:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:50:75:0c:ef:75:4f:e2:d5:68:cf:05:b2:e5:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ff1503210fe06ed35490b0231dbdb5967e12987
        Validity
            Not Before: Jan  2 10:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38b364274bdb4e985108b567fb83263abda0d539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e4:26:01:ba:a7:a0:10:13:b4:a4:15:ba:3e:
                    f1:81:45:a0:7a:9c:72:68:e1:59:cc:73:b0:45:d2:
                    5b:ca:0e:60:74:c0:d7:6f:ad:af:82:d7:3c:6e:dc:
                    a5:9b:2f:14:fd:b3:5d:ef:22:93:4e:d3:ba:84:92:
                    fd:4b:fe:51:b4:8d:1b:30:9f:aa:f9:1e:fd:6f:03:
                    bf:ec:0d:03:5d:d0:c9:ea:37:d3:05:3f:52:0a:b2:
                    15:c9:53:d3:05:39:3d:cd:b9:59:90:d3:9c:1d:b1:
                    fe:dc:02:fb:81:ad:5c:0b:3a:da:fd:d6:20:bb:c0:
                    29:cf:03:62:22:3c:14:f9:ea:c8:db:d1:07:a4:5a:
                    bc:c7:ac:f1:db:52:03:ac:9b:b1:7e:90:74:fd:21:
                    7c:51:19:7f:81:30:61:6a:df:52:c6:f7:2b:53:1c:
                    63:a2:5b:fa:eb:88:f5:1f:b1:7f:9c:4a:30:43:9e:
                    c4:90:05:d6:05:02:3e:f0:89:eb:73:cb:de:8c:17:
                    57:81:ce:1b:b3:e1:25:26:9b:c6:19:59:a7:96:31:
                    85:93:15:39:3a:81:0a:37:67:50:9f:02:0d:e6:31:
                    54:94:8b:21:c7:89:7f:07:95:6f:d5:17:e7:0a:71:
                    ec:ed:08:2d:8c:33:57:5e:93:99:00:e2:77:f2:ad:
                    a6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B3:64:27:4B:DB:4E:98:51:08:B5:67:FB:83:26:3A:BD:A0:D5:39
            X509v3 Authority Key Identifier:
                keyid:9F:F1:50:32:10:FE:06:ED:35:49:0B:02:31:DB:DB:59:67:E1:29:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n_FQMhD-Bu01SQsCMdvbWWfhKYc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/OLNkJ0vbTphRCLVn-4MmOr2g1Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/8421d3-506a-4f0c-b9c0-46322e02f08d/1/n_FQMhD-Bu01SQsCMdvbWWfhKYc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.182.0/24
                  94.124.162.0/23
                  94.124.167.0/24
                  195.140.224.0/22
                IPv6:
                  2a0c:29c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:61:2f:5f:3b:1d:7d:28:34:8b:9e:c2:1d:69:88:e6:cc:92:
         ae:c3:18:70:f2:b6:7a:18:29:38:5e:3d:ab:fe:21:d7:43:fe:
         00:5f:01:68:8d:51:c6:5e:21:15:78:53:a8:f0:0d:5c:13:79:
         f0:0f:05:5d:3f:28:e9:44:92:5e:c0:32:3a:a6:81:67:79:fb:
         a6:de:a0:eb:60:18:ec:01:1c:1f:7f:1b:a3:02:c7:df:93:86:
         69:b2:22:a8:80:56:28:79:54:38:35:d0:ea:33:30:48:49:00:
         2f:16:c9:81:46:cf:b2:5c:f8:9e:2b:ab:f4:1f:24:06:6f:1f:
         36:14:c8:5e:31:2a:ab:e4:82:c6:21:87:93:b6:45:2f:16:dd:
         8e:ad:38:97:9e:9d:31:ad:aa:9d:52:b4:7d:18:7a:af:0d:2f:
         75:b4:0f:33:fb:c2:0c:79:1e:3d:5b:18:87:39:e7:f1:5d:2c:
         a1:aa:d5:62:70:91:38:69:4e:a1:8e:cd:12:1b:8d:48:96:81:
         ad:e3:cc:90:81:e9:e6:08:8b:ae:95:16:75:86:d7:4c:14:42:
         cb:25:27:07:7d:45:de:06:c9:8a:0a:50:4e:06:3c:c4:97:e0:
         4e:96:d2:f0:d5:2a:68:ae:5b:78:e6:97:21:4e:8c:47:d3:18:
         9f:f8:e9:ea
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzJvFB1DO91T+LVaM8FsuVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmZjE1MDMyMTBmZTA2ZWQzNTQ5MGIwMjMxZGJkYjU5Njdl
MTI5ODcwHhcNMjQwMTAyMTAzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGIzNjQyNzRiZGI0ZTk4NTEwOGI1NjdmYjgzMjYzYWJkYTBkNTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuQmAbqnoBATtKQVuj7xgUWgepxy
aOFZzHOwRdJbyg5gdMDXb62vgtc8btylmy8U/bNd7yKTTtO6hJL9S/5RtI0bMJ+q
+R79bwO/7A0DXdDJ6jfTBT9SCrIVyVPTBTk9zblZkNOcHbH+3AL7ga1cCzra/dYg
u8ApzwNiIjwU+erI29EHpFq8x6zx21IDrJuxfpB0/SF8URl/gTBhat9SxvcrUxxj
olv664j1H7F/nEowQ57EkAXWBQI+8Inrc8vejBdXgc4bs+ElJpvGGVmnljGFkxU5
OoEKN2dQnwIN5jFUlIshx4l/B5Vv1RfnCnHs7QgtjDNXXpOZAOJ38q2mQQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFDizZCdL206YUQi1Z/uDJjq9oNU5MB8GA1UdIwQY
MBaAFJ/xUDIQ/gbtNUkLAjHb21ln4SmHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAt
NDYzMjJlMDJmMDhkLzEvT0xOa0owdmJUcGhSQ0xWbi00TW1PcjJnMVRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC84NDIxZDMtNTA2YS00ZjBjLWI5YzAtNDYzMjJlMDJmMDhk
LzEvbl9GUU1oRC1CdTAxU1FzQ01kdmJXV2ZoS1ljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAH4C2AwQB
XnyiAwQAXnynAwQCw4zgMA0EAgACMAcDBQAqDCnBMA0GCSqGSIb3DQEBCwUAA4IB
AQABYS9fOx19KDSLnsIdaYjmzJKuwxhw8rZ6GCk4Xj2r/iHXQ/4AXwFojVHGXiEV
eFOo8A1cE3nwDwVdPyjpRJJewDI6poFnefum3qDrYBjsARwffxujAsffk4ZpsiKo
gFYoeVQ4NdDqMzBISQAvFsmBRs+yXPieK6v0HyQGbx82FMheMSqr5ILGIYeTtkUv
Ft2OrTiXnp0xraqdUrR9GHqvDS91tA8z+8IMeR49WxiHOefxXSyhqtVicJE4aU6h
js0SG41IloGt48yQgenmCIuulRZ1htdMFELLJScHfUXeBsmKClBOBjzEl+BOltLw
1Sporlt45pchToxH0xif+Onq
-----END CERTIFICATE-----
Generated at Fri Oct 11 10:45:23 2024 by rpki-client on console-fra.rpki-client.org