Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/8dTFsgAGGyHMWRBDOdUq7EAE51s.roa
File:                     8dTFsgAGGyHMWRBDOdUq7EAE51s.roa (raw, json)
Hash identifier:          T+RZr2nPzjnCADyGnGic/VSdvY8cbVyngO7jZFmIJc8=
Subject key identifier:   F1:D4:C5:B2:00:06:1B:21:CC:59:10:43:39:D5:2A:EC:40:04:E7:5B
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       018CA70121E06C474EAEDD98690E2118985A
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/8dTFsgAGGyHMWRBDOdUq7EAE51s.roa
Signing time:             Tue 26 Dec 2023 16:41:58 +0000
ROA not before:           Tue 26 Dec 2023 16:41:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205960
IP address blocks:        91.204.224.0/24 maxlen: 24
                          2.59.153.0/24 maxlen: 24
                          91.204.226.0/24 maxlen: 24
                          91.204.225.0/24 maxlen: 24
                          91.204.227.0/24 maxlen: 24
                          185.202.101.0/24 maxlen: 24
                          193.239.151.0/24 maxlen: 24
                          45.91.225.0/24 maxlen: 24
                          194.126.215.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:a7:01:21:e0:6c:47:4e:ae:dd:98:69:0e:21:18:98:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Dec 26 16:41:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f1d4c5b200061b21cc59104339d52aec4004e75b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3d:15:fb:f9:56:c5:8c:bc:3f:58:a7:c5:24:
                    35:46:80:95:f8:e8:99:e3:f2:7e:90:ea:c4:18:6b:
                    1b:d6:f0:f3:0c:ce:f8:d7:12:0e:d9:62:98:78:99:
                    a4:cf:82:73:d0:f0:f8:34:fe:82:26:ff:2d:6e:69:
                    a0:f7:0a:9c:21:e5:a2:f5:d6:42:1a:27:b3:67:5d:
                    b8:fc:c9:58:12:a6:9a:5e:6b:88:ba:14:07:c4:d5:
                    cc:42:26:b9:a7:b5:4c:52:fc:b8:6a:91:91:d6:67:
                    16:da:0c:91:41:b0:a6:cb:38:60:ae:72:cf:59:c2:
                    52:a4:66:d3:0a:45:18:ef:12:a2:a4:6e:87:e7:9d:
                    15:72:90:34:90:6f:d2:f6:22:3d:fc:d6:b6:f4:00:
                    d8:1b:9e:30:26:18:61:2d:51:82:b9:27:cd:63:56:
                    8b:93:85:22:11:e8:5b:ef:5e:ae:b1:c4:2d:10:27:
                    de:b2:e5:35:53:fa:5e:7c:b8:60:de:7e:1c:c0:bb:
                    54:a3:02:ae:24:b1:9b:d4:b9:c0:66:9b:ad:40:33:
                    7c:b7:81:1e:f9:d3:b2:cc:bc:83:a9:7c:2b:00:bd:
                    b0:7b:24:6b:23:38:ad:86:6d:99:ca:b6:3d:68:e6:
                    51:32:59:87:e6:6f:a9:96:53:6f:e5:0c:fb:d9:e0:
                    00:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:D4:C5:B2:00:06:1B:21:CC:59:10:43:39:D5:2A:EC:40:04:E7:5B
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/8dTFsgAGGyHMWRBDOdUq7EAE51s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.153.0/24
                  45.91.225.0/24
                  91.204.224.0/22
                  185.202.101.0/24
                  193.239.151.0/24
                  194.126.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:49:5c:13:83:20:ad:d2:89:eb:87:4c:bb:9a:87:0d:05:e7:
         e2:4f:17:c3:0f:41:b8:51:87:69:d7:e8:7b:53:87:1f:78:89:
         f2:b3:e3:96:d5:31:4c:87:94:ab:50:19:04:a4:a6:74:d2:aa:
         19:c8:16:1c:fb:03:ad:16:86:4e:84:f2:f9:9a:71:d3:9c:3b:
         f3:6a:58:0c:89:27:57:2d:8a:eb:ae:ba:34:e1:a8:db:8e:93:
         cb:59:fa:8c:d4:d4:f2:05:1b:cf:7c:bb:6e:8d:48:56:fa:84:
         f5:ee:73:11:ec:35:91:d8:15:79:68:6c:b5:5d:a6:a0:dd:8c:
         f2:c3:60:47:54:fe:9f:fe:3a:82:80:9d:95:fe:4d:00:78:ab:
         9a:63:29:01:e7:74:49:43:c5:22:40:fa:e2:c1:5d:0c:cb:b9:
         c4:94:16:92:74:95:45:da:22:32:54:e9:91:89:31:ec:89:a9:
         82:28:b6:89:36:25:55:db:61:41:0f:cd:ef:03:ef:d6:1b:dd:
         54:12:5f:f4:96:4e:dc:aa:8b:38:4a:af:d0:6f:80:43:49:5a:
         ad:56:e0:81:bc:21:1e:57:fd:93:4a:13:b3:c6:0a:9c:58:ff:
         01:2a:9c:39:a6:96:9c:e7:06:5b:43:73:a4:34:e5:28:47:fd:
         a8:fb:94:5a
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYynASHgbEdOrt2YaQ4hGJhaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjMxMjI2MTY0MTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWQ0YzViMjAwMDYxYjIxY2M1OTEwNDMzOWQ1MmFlYzQwMDRlNzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnj0V+/lWxYy8P1inxSQ1RoCV+OiZ
4/J+kOrEGGsb1vDzDM741xIO2WKYeJmkz4Jz0PD4NP6CJv8tbmmg9wqcIeWi9dZC
GiezZ124/MlYEqaaXmuIuhQHxNXMQia5p7VMUvy4apGR1mcW2gyRQbCmyzhgrnLP
WcJSpGbTCkUY7xKipG6H550VcpA0kG/S9iI9/Na29ADYG54wJhhhLVGCuSfNY1aL
k4UiEehb716uscQtECfesuU1U/pefLhg3n4cwLtUowKuJLGb1LnAZputQDN8t4Ee
+dOyzLyDqXwrAL2weyRrIzithm2ZyrY9aOZRMlmH5m+pllNv5Qz72eAAWQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFPHUxbIABhshzFkQQznVKuxABOdbMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvOGRURnNnQUdHeUhNV1JCRE9kVXE3RUFFNTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAAjuZAwQA
LVvhAwQCW8zgAwQAucplAwQAwe+XAwQAwn7XMA0GCSqGSIb3DQEBCwUAA4IBAQBm
SVwTgyCt0onrh0y7mocNBefiTxfDD0G4UYdp1+h7U4cfeInys+OW1TFMh5SrUBkE
pKZ00qoZyBYc+wOtFoZOhPL5mnHTnDvzalgMiSdXLYrrrro04ajbjpPLWfqM1NTy
BRvPfLtujUhW+oT17nMR7DWR2BV5aGy1Xaag3Yzyw2BHVP6f/jqCgJ2V/k0AeKua
YykB53RJQ8UiQPriwV0My7nElBaSdJVF2iIyVOmRiTHsiamCKLaJNiVV22FBD83v
A+/WG91UEl/0lk7cqos4Sq/Qb4BDSVqtVuCBvCEeV/2TShOzxgqcWP8BKpw5ppac
5wZbQ3OkNOUoR/2o+5Ra
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:56 2024 by rpki-client on console-fra.rpki-client.org