Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/Z_azgtmDJ6oA0743Err7qgbf4qA.roa
File:                     Z_azgtmDJ6oA0743Err7qgbf4qA.roa (raw, json)
Hash identifier:          DNwY/QxDsfycP4q/3TAjSu/yehz9lg6WCHCHdJcpkio=
Subject key identifier:   67:F6:B3:82:D9:83:27:AA:00:D3:BE:37:12:BA:FB:AA:06:DF:E2:A0
Certificate issuer:       /CN=3939f92b825ce110903c31d522b0f50cafd74a6f
Certificate serial:       018EA2F5DB8A7AB8DD007ECB46EBC82DC22D
Authority key identifier: 39:39:F9:2B:82:5C:E1:10:90:3C:31:D5:22:B0:F5:0C:AF:D7:4A:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OTn5K4Jc4RCQPDHVIrD1DK_XSm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/Z_azgtmDJ6oA0743Err7qgbf4qA.roa
Signing time:             Wed 03 Apr 2024 07:56:45 +0000
ROA not before:           Wed 03 Apr 2024 07:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34285
IP address blocks:        185.197.244.0/22 maxlen: 22
                          217.12.16.0/22 maxlen: 22
                          217.12.16.0/24 maxlen: 24
                          217.12.17.0/24 maxlen: 24
                          217.12.18.0/24 maxlen: 24
                          217.12.19.0/24 maxlen: 24
                          217.12.24.0/22 maxlen: 22
                          217.12.24.0/24 maxlen: 24
                          217.12.25.0/24 maxlen: 24
                          217.12.26.0/24 maxlen: 24
                          217.12.27.0/24 maxlen: 24
                          217.12.28.0/22 maxlen: 22
                          217.12.28.0/24 maxlen: 24
                          217.12.29.0/24 maxlen: 24
                          217.12.30.0/24 maxlen: 24
                          217.12.31.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 05 Apr 2024 06:39:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a2:f5:db:8a:7a:b8:dd:00:7e:cb:46:eb:c8:2d:c2:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3939f92b825ce110903c31d522b0f50cafd74a6f
        Validity
            Not Before: Apr  3 07:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67f6b382d98327aa00d3be3712bafbaa06dfe2a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f4:2c:97:ff:a2:83:ab:a7:18:17:9e:c2:fe:
                    1a:26:26:4b:75:a0:4e:7f:a1:df:5a:81:0b:13:c6:
                    d0:8d:69:58:a6:65:5a:40:aa:9e:eb:05:f7:89:87:
                    c3:f1:4a:37:39:31:dc:e1:fe:03:49:05:cd:05:ba:
                    41:5e:5a:1d:57:49:da:ed:8e:e9:a8:6a:1d:81:b9:
                    b9:ce:7f:00:dd:3b:fc:79:85:06:c9:31:4c:f0:28:
                    ce:ef:4d:dc:a8:75:33:b4:51:1a:1f:2c:bb:5a:fb:
                    b0:83:b2:51:0f:bb:e6:89:81:53:9a:7b:d2:ab:a4:
                    b9:a3:ff:f5:d0:a9:e2:35:5b:c1:39:dd:22:c6:c4:
                    fd:9f:0b:0f:4a:d4:c5:19:d2:1b:75:55:7c:3a:00:
                    b7:8b:39:e7:f1:6b:6a:88:d1:bf:91:f6:e4:69:17:
                    01:f8:27:fa:c7:9e:d1:4e:20:69:fd:f1:25:77:e4:
                    20:0d:fa:3f:85:83:30:9d:7c:62:4a:70:36:1a:17:
                    5b:7e:5c:15:39:b4:4d:8c:7c:d0:28:cb:3b:cb:13:
                    35:e6:90:ce:40:d7:f5:fc:f5:22:d4:fb:95:d7:aa:
                    e6:2f:84:f5:5d:5d:a3:3e:4e:bb:74:8a:42:a6:34:
                    69:28:ad:26:2c:f9:0a:7a:1e:1a:86:e5:e8:3d:0c:
                    a6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:F6:B3:82:D9:83:27:AA:00:D3:BE:37:12:BA:FB:AA:06:DF:E2:A0
            X509v3 Authority Key Identifier:
                keyid:39:39:F9:2B:82:5C:E1:10:90:3C:31:D5:22:B0:F5:0C:AF:D7:4A:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OTn5K4Jc4RCQPDHVIrD1DK_XSm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/Z_azgtmDJ6oA0743Err7qgbf4qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/e75e41-a828-4dc5-8ed3-9fc36411accc/1/OTn5K4Jc4RCQPDHVIrD1DK_XSm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.244.0/22
                  217.12.16.0/22
                  217.12.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:6a:6c:de:2f:e2:fb:45:8c:44:c0:f3:32:34:79:09:41:c5:
         6e:ab:95:93:3d:2a:dc:7d:d4:1d:3d:1f:ee:70:f0:f2:6b:d4:
         c9:b3:c2:e6:55:7e:df:22:41:2c:83:c0:5c:23:63:5e:87:b6:
         3e:27:67:8d:5d:e6:93:cb:bc:2d:14:2b:06:34:71:94:26:2b:
         3e:25:0a:b2:0d:2e:76:28:2d:49:a4:2a:7c:e2:6b:30:4a:c8:
         74:e4:34:99:d8:88:10:24:5f:72:dc:4f:71:dd:42:13:4e:a4:
         2c:11:ed:ca:fc:de:32:12:a8:68:ea:d4:e1:a9:fb:48:dc:3d:
         50:c8:63:a2:db:72:19:1e:83:b6:83:c3:74:34:b7:11:ec:81:
         29:b1:71:a0:6e:60:8a:bb:6d:b2:55:d2:87:2e:c1:08:d4:5c:
         ec:7b:e1:8a:19:22:65:1d:99:37:2f:0e:40:82:9a:b9:f8:50:
         40:a5:4a:4d:f2:8c:13:f5:a9:64:dc:d0:50:5e:ce:70:9b:3e:
         78:dc:e7:08:46:6d:8d:6e:27:79:b9:19:36:f6:b9:2c:9e:84:
         e7:0e:69:e1:13:eb:a8:0b:78:b2:96:92:bc:59:66:a2:ef:4c:
         e9:ea:d3:26:d7:e6:4d:97:71:f7:ca:1a:70:cc:e5:e0:33:8c:
         c6:da:84:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY6i9duKerjdAH7LRuvILcItMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MzlmOTJiODI1Y2UxMTA5MDNjMzFkNTIyYjBmNTBjYWZk
NzRhNmYwHhcNMjQwNDAzMDc1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2Y2YjM4MmQ5ODMyN2FhMDBkM2JlMzcxMmJhZmJhYTA2ZGZlMmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PQsl/+ig6unGBeewv4aJiZLdaBO
f6HfWoELE8bQjWlYpmVaQKqe6wX3iYfD8Uo3OTHc4f4DSQXNBbpBXlodV0na7Y7p
qGodgbm5zn8A3Tv8eYUGyTFM8CjO703cqHUztFEaHyy7Wvuwg7JRD7vmiYFTmnvS
q6S5o//10KniNVvBOd0ixsT9nwsPStTFGdIbdVV8OgC3iznn8WtqiNG/kfbkaRcB
+Cf6x57RTiBp/fEld+QgDfo/hYMwnXxiSnA2GhdbflwVObRNjHzQKMs7yxM15pDO
QNf1/PUi1PuV16rmL4T1XV2jPk67dIpCpjRpKK0mLPkKeh4ahuXoPQymVwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGf2s4LZgyeqANO+NxK6+6oG3+KgMB8GA1UdIwQY
MBaAFDk5+SuCXOEQkDwx1SKw9Qyv10pvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1RuNUs0SmM0UkNRUERIVklyRDFES19YU204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lNzVlNDEtYTgyOC00ZGM1LThlZDMt
OWZjMzY0MTFhY2NjLzEvWl9hemd0bURKNm9BMDc0M0VycjdxZ2JmNHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lNzVlNDEtYTgyOC00ZGM1LThlZDMtOWZjMzY0MTFhY2Nj
LzEvT1RuNUs0SmM0UkNRUERIVklyRDFES19YU204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCucX0AwQC
2QwQAwQD2QwYMA0GCSqGSIb3DQEBCwUAA4IBAQAramzeL+L7RYxEwPMyNHkJQcVu
q5WTPSrcfdQdPR/ucPDya9TJs8LmVX7fIkEsg8BcI2Neh7Y+J2eNXeaTy7wtFCsG
NHGUJis+JQqyDS52KC1JpCp84mswSsh05DSZ2IgQJF9y3E9x3UITTqQsEe3K/N4y
Eqho6tThqftI3D1QyGOi23IZHoO2g8N0NLcR7IEpsXGgbmCKu22yVdKHLsEI1Fzs
e+GKGSJlHZk3Lw5Agpq5+FBApUpN8owT9alk3NBQXs5wmz543OcIRm2Nbid5uRk2
9rksnoTnDmnhE+uoC3iylpK8WWai70zp6tMm1+ZNl3H3yhpwzOXgM4zG2oTE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:48 2024 by rpki-client on console-fra.rpki-client.org