Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/XHMhPOvsML-LFbVSH-bDUsPFCWM.roa
File:                     XHMhPOvsML-LFbVSH-bDUsPFCWM.roa (raw, json)
Hash identifier:          3QEGg7asrWc8hqFvelT28ICq34X6EPdzXzo7fQtCn3M=
Subject key identifier:   5C:73:21:3C:EB:EC:30:BF:8B:15:B5:52:1F:E6:C3:52:C3:C5:09:63
Certificate issuer:       /CN=cd108c225f2478cd4230179890d07284be1636cd
Certificate serial:       018CC870001DF8A3C7184B1901F9278D4484
Authority key identifier: CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/XHMhPOvsML-LFbVSH-bDUsPFCWM.roa
Signing time:             Tue 02 Jan 2024 04:30:32 +0000
ROA not before:           Tue 02 Jan 2024 04:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205960
IP address blocks:        91.204.224.0/24 maxlen: 24
                          2.59.153.0/24 maxlen: 24
                          91.204.226.0/24 maxlen: 24
                          91.204.225.0/24 maxlen: 24
                          91.204.227.0/24 maxlen: 24
                          185.202.101.0/24 maxlen: 24
                          193.239.151.0/24 maxlen: 24
                          45.91.225.0/24 maxlen: 24
                          194.126.215.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 22 Jun 2024 15:43:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:00:1d:f8:a3:c7:18:4b:19:01:f9:27:8d:44:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd108c225f2478cd4230179890d07284be1636cd
        Validity
            Not Before: Jan  2 04:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c73213cebec30bf8b15b5521fe6c352c3c50963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ec:42:36:f3:13:3f:27:3b:36:f5:8b:92:01:
                    21:22:fe:40:67:b2:87:e4:df:85:85:80:3e:6a:4f:
                    33:33:21:f0:78:12:d0:1f:68:2b:39:25:2e:80:1c:
                    46:2c:56:39:21:9e:8b:e8:c1:d1:2b:bb:12:a7:4e:
                    47:87:68:c4:ae:a3:47:cc:fb:71:fd:88:51:b7:9a:
                    f2:26:b9:5f:e1:55:10:8f:aa:58:52:3c:08:2d:b4:
                    98:a2:d9:11:e3:6e:ed:ac:70:5f:b0:1f:f2:74:49:
                    02:26:85:82:90:0c:dc:c7:39:a5:f7:2b:12:5d:eb:
                    22:95:b6:2f:60:ee:a2:1d:3e:2d:e5:4a:f2:70:d5:
                    82:df:5b:21:31:5b:ec:c6:54:f0:34:b7:0b:0c:93:
                    00:45:84:8e:60:22:f6:17:af:1e:f0:55:2b:1c:eb:
                    d3:76:01:73:72:0c:b8:a1:64:03:f9:ec:b9:71:42:
                    e4:95:45:06:f8:47:e0:cb:32:a7:e4:4a:41:85:f0:
                    86:b5:b1:68:09:4c:f0:d2:af:6f:15:ea:4f:35:8d:
                    0f:40:35:1d:21:a7:32:6d:63:06:c7:05:45:21:d4:
                    68:78:18:e9:a9:48:04:6e:b8:ee:11:23:95:f4:5f:
                    28:48:b2:6f:3e:c7:9e:51:5f:f1:66:64:ef:38:88:
                    75:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:73:21:3C:EB:EC:30:BF:8B:15:B5:52:1F:E6:C3:52:C3:C5:09:63
            X509v3 Authority Key Identifier:
                keyid:CD:10:8C:22:5F:24:78:CD:42:30:17:98:90:D0:72:84:BE:16:36:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRCMIl8keM1CMBeYkNByhL4WNs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/XHMhPOvsML-LFbVSH-bDUsPFCWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/348ce5-ca20-4848-8844-ae50273681a7/1/zRCMIl8keM1CMBeYkNByhL4WNs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.153.0/24
                  45.91.225.0/24
                  91.204.224.0/22
                  185.202.101.0/24
                  193.239.151.0/24
                  194.126.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:90:24:12:01:2b:35:58:98:eb:95:1a:0b:87:74:cd:c1:a9:
         1a:7f:4c:16:b7:31:93:85:96:c5:7e:4d:db:c8:f2:fc:a3:75:
         b5:5c:96:7f:f2:42:51:20:4f:65:6b:73:17:60:35:85:22:60:
         55:4e:70:10:5e:2f:f8:20:0b:ad:3a:43:68:9e:21:92:6e:42:
         fc:43:a8:6b:8d:0f:18:0d:3d:a4:93:b4:b7:56:79:62:e5:78:
         68:71:20:ec:d1:77:ae:5a:a4:cf:77:8c:4f:8d:64:dd:40:c4:
         1f:d4:04:3e:c3:51:5c:cc:08:5e:7a:a2:d4:9b:89:e0:ed:47:
         10:f7:08:7e:8e:bc:88:3a:f9:64:f5:99:b6:af:5d:12:81:9b:
         32:a6:86:3b:f3:d9:c2:4a:fe:43:a2:09:de:63:b4:a0:ce:7e:
         28:0e:1f:a6:33:74:0c:51:79:6e:26:b7:3b:ee:2f:c9:48:0b:
         cb:99:57:57:28:5a:2c:af:fa:73:13:00:8d:f3:14:c0:61:01:
         f7:a2:67:66:fd:9f:01:7d:ac:f5:39:52:a4:3f:17:62:ce:4d:
         f5:2c:7e:0d:c8:cd:14:6a:37:7c:eb:04:f7:03:e6:6c:8b:ad:
         99:63:39:1c:70:7e:fc:8e:d5:b9:54:95:bd:7c:7b:b3:13:d6:
         3b:66:21:ed
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYzIcAAd+KPHGEsZAfknjUSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTA4YzIyNWYyNDc4Y2Q0MjMwMTc5ODkwZDA3Mjg0YmUx
NjM2Y2QwHhcNMjQwMTAyMDQzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzczMjEzY2ViZWMzMGJmOGIxNWI1NTIxZmU2YzM1MmMzYzUwOTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoexCNvMTPyc7NvWLkgEhIv5AZ7KH
5N+FhYA+ak8zMyHweBLQH2grOSUugBxGLFY5IZ6L6MHRK7sSp05Hh2jErqNHzPtx
/YhRt5ryJrlf4VUQj6pYUjwILbSYotkR427trHBfsB/ydEkCJoWCkAzcxzml9ysS
XesilbYvYO6iHT4t5UrycNWC31shMVvsxlTwNLcLDJMARYSOYCL2F68e8FUrHOvT
dgFzcgy4oWQD+ey5cULklUUG+EfgyzKn5EpBhfCGtbFoCUzw0q9vFepPNY0PQDUd
IacybWMGxwVFIdRoeBjpqUgEbrjuESOV9F8oSLJvPseeUV/xZmTvOIh1LwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFxzITzr7DC/ixW1Uh/mw1LDxQljMB8GA1UdIwQY
MBaAFM0QjCJfJHjNQjAXmJDQcoS+FjbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQt
YWU1MDI3MzY4MWE3LzEvWEhNaFBPdnNNTC1MRmJWU0gtYkRVc1BGQ1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zNDhjZTUtY2EyMC00ODQ4LTg4NDQtYWU1MDI3MzY4MWE3
LzEvelJDTUlsOGtlTTFDTUJlWWtOQnloTDRXTnMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAAjuZAwQA
LVvhAwQCW8zgAwQAucplAwQAwe+XAwQAwn7XMA0GCSqGSIb3DQEBCwUAA4IBAQBm
kCQSASs1WJjrlRoLh3TNwakaf0wWtzGThZbFfk3byPL8o3W1XJZ/8kJRIE9la3MX
YDWFImBVTnAQXi/4IAutOkNoniGSbkL8Q6hrjQ8YDT2kk7S3Vnli5XhocSDs0Xeu
WqTPd4xPjWTdQMQf1AQ+w1FczAheeqLUm4ng7UcQ9wh+jryIOvlk9Zm2r10SgZsy
poY789nCSv5DogneY7Sgzn4oDh+mM3QMUXluJrc77i/JSAvLmVdXKFosr/pzEwCN
8xTAYQH3omdm/Z8Bfaz1OVKkPxdizk31LH4NyM0Uajd86wT3A+Zsi62ZYzkccH78
jtW5VJW9fHuzE9Y7ZiHt
-----END CERTIFICATE-----
Generated at Sat Jun 22 17:58:21 2024 by rpki-client on console-fra.rpki-client.org