Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/X3bVgJ3m3KOzCXPjJ5x5t_NFF30.roa
File:                     X3bVgJ3m3KOzCXPjJ5x5t_NFF30.roa (raw, json)
Hash identifier:          2wpmHIMxO6cw+zAhCesBM0WxM9v8sZ8X2K3l2Qd6kSw=
Subject key identifier:   5F:76:D5:80:9D:E6:DC:A3:B3:09:73:E3:27:9C:79:B7:F3:45:17:7D
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       018570F0A554C1AF8E42607959608016244F
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/X3bVgJ3m3KOzCXPjJ5x5t_NFF30.roa
Signing time:             Mon 02 Jan 2023 05:24:57 +0000
ROA not before:           Mon 02 Jan 2023 05:24:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     262287
IP address blocks:        194.38.26.0/23 maxlen: 23
                          194.38.24.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:f0:a5:54:c1:af:8e:42:60:79:59:60:80:16:24:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Jan  2 05:24:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f76d5809de6dca3b30973e3279c79b7f345177d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4d:19:ce:39:b0:72:bb:f6:69:bc:69:cf:ef:
                    f6:28:8c:7a:7d:c3:76:50:7d:25:7e:8a:3f:64:c8:
                    47:51:ed:11:73:0d:a5:f4:15:1a:05:97:66:08:be:
                    89:e7:ed:1c:d0:35:32:dd:e0:47:74:4c:28:8d:44:
                    a1:4e:65:5e:3f:8a:0b:56:c9:0e:7b:b1:b0:cc:f6:
                    48:61:3d:0c:36:e7:e7:00:a9:45:de:8b:ee:2f:cf:
                    f6:a8:fb:64:0c:9e:f4:a2:2d:13:d7:29:9f:8c:53:
                    d9:9d:29:c2:70:66:d5:61:f5:da:7a:02:45:c5:66:
                    87:bc:c6:54:07:a0:17:0d:68:4d:20:cb:53:00:57:
                    79:bc:25:11:29:da:ac:34:de:f0:1c:50:de:f8:58:
                    8a:31:89:63:c3:1b:b5:02:96:97:6e:9a:88:cb:8c:
                    28:6b:c6:ef:3d:22:47:4a:b0:ec:ae:bf:a2:ae:9b:
                    11:49:ec:71:fe:29:a7:f9:99:12:55:7f:4c:0a:d1:
                    da:f9:80:8e:1a:6f:3d:e5:d3:98:f3:47:37:a3:78:
                    b4:c7:5e:c8:bc:a1:ab:29:bc:fb:4e:ae:9b:c1:58:
                    fd:6c:98:a0:4f:91:05:32:88:3c:f6:a3:1d:a5:3d:
                    33:9b:1c:9f:91:f4:95:16:e2:30:6a:5c:d0:87:08:
                    b0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:76:D5:80:9D:E6:DC:A3:B3:09:73:E3:27:9C:79:B7:F3:45:17:7D
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/X3bVgJ3m3KOzCXPjJ5x5t_NFF30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.38.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:95:de:41:03:14:0f:ef:bc:a2:d7:b2:b0:25:25:fa:54:71:
         d5:0b:4b:cb:a1:c2:e8:b4:53:f4:91:18:1f:16:09:53:0c:4a:
         ce:93:53:a1:2f:3b:8b:32:40:b2:35:01:3b:05:22:27:6c:16:
         a6:b6:e4:4a:d3:c4:6a:e3:29:6a:9e:30:53:fe:5a:d3:ee:87:
         d6:d1:16:eb:0c:fe:34:17:61:15:f6:0b:3f:83:f4:9c:64:a3:
         d6:51:09:53:22:d0:35:66:5f:18:95:b2:43:d9:75:9d:7b:65:
         72:8b:79:ba:a0:f4:8b:6a:2a:ca:3c:d1:e6:15:1d:5e:aa:48:
         b0:2d:ee:32:73:4d:fc:c6:69:6a:30:a3:c0:5d:4c:b8:8b:97:
         4d:ce:c4:a0:70:e6:5a:ce:2c:27:c3:9e:be:d9:44:f0:7e:6d:
         59:dd:05:64:ee:98:15:6b:e3:73:fe:ba:5c:bd:e8:8a:cd:f9:
         c1:28:73:b5:ef:36:3c:ea:64:1e:6f:b4:1b:f9:52:25:34:f0:
         3f:c1:a9:63:80:71:d3:96:ba:05:39:1a:0f:7c:ea:33:7d:08:
         93:ec:ca:0d:bc:d1:96:d7:2d:05:7d:8c:68:89:bc:29:1b:6c:
         48:cb:37:e0:cf:9f:22:75:77:1e:9a:96:32:da:74:86:9f:ec:
         8c:a4:b2:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw8KVUwa+OQmB5WWCAFiRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjMwMTAyMDUyNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc2ZDU4MDlkZTZkY2EzYjMwOTczZTMyNzljNzliN2YzNDUxNzdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0U0Zzjmwcrv2abxpz+/2KIx6fcN2
UH0lfoo/ZMhHUe0Rcw2l9BUaBZdmCL6J5+0c0DUy3eBHdEwojUShTmVeP4oLVskO
e7GwzPZIYT0MNufnAKlF3ovuL8/2qPtkDJ70oi0T1ymfjFPZnSnCcGbVYfXaegJF
xWaHvMZUB6AXDWhNIMtTAFd5vCURKdqsNN7wHFDe+FiKMYljwxu1ApaXbpqIy4wo
a8bvPSJHSrDsrr+irpsRSexx/imn+ZkSVX9MCtHa+YCOGm895dOY80c3o3i0x17I
vKGrKbz7Tq6bwVj9bJigT5EFMog89qMdpT0zmxyfkfSVFuIwalzQhwiwOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF921YCd5tyjswlz4yecebfzRRd9MB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvWDNiVmdKM20zS096Q1hQako1eDV0X05GRjMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiYYMA0G
CSqGSIb3DQEBCwUAA4IBAQBxld5BAxQP77yi17KwJSX6VHHVC0vLocLotFP0kRgf
FglTDErOk1OhLzuLMkCyNQE7BSInbBamtuRK08Rq4ylqnjBT/lrT7ofW0RbrDP40
F2EV9gs/g/ScZKPWUQlTItA1Zl8YlbJD2XWde2Vyi3m6oPSLairKPNHmFR1eqkiw
Le4yc038xmlqMKPAXUy4i5dNzsSgcOZaziwnw56+2UTwfm1Z3QVk7pgVa+Nz/rpc
veiKzfnBKHO17zY86mQeb7Qb+VIlNPA/waljgHHTlroFORoPfOozfQiT7MoNvNGW
1y0FfYxoibwpG2xIyzfgz58idXcempYy2nSGn+yMpLIZ
-----END CERTIFICATE-----
Generated at Mon Jan 1 23:37:04 2024 by rpki-client on console-fra.rpki-client.org