Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/XTUSKyEuLv7K0Xl19x1hnxGxmqE.roa
File:                     XTUSKyEuLv7K0Xl19x1hnxGxmqE.roa (raw, json)
Hash identifier:          z7f1yF0NI9XnSL2KIafsEW7CQLHE+uHsqjcQB6Vn33k=
Subject key identifier:   5D:35:12:2B:21:2E:2E:FE:CA:D1:79:75:F7:1D:61:9F:11:B1:9A:A1
Certificate issuer:       /CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
Certificate serial:       018571FA0BF497414490EA045F13751336A8
Authority key identifier: BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/XTUSKyEuLv7K0Xl19x1hnxGxmqE.roa
Signing time:             Mon 02 Jan 2023 10:14:50 +0000
ROA not before:           Mon 02 Jan 2023 10:14:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48944
IP address blocks:        91.232.72.0/23 maxlen: 23
                          185.222.120.0/22 maxlen: 22
                          185.222.120.0/24 maxlen: 24
                          185.222.123.0/24 maxlen: 24
                          185.222.122.0/24 maxlen: 24
                          185.222.121.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:fa:0b:f4:97:41:44:90:ea:04:5f:13:75:13:36:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb9b56d8d96ebcb5fcf87de2ec2b52c194ccf9f9
        Validity
            Not Before: Jan  2 10:14:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d35122b212e2efecad17975f71d619f11b19aa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:63:34:0c:9d:6c:c0:66:08:3e:0e:10:28:f4:
                    b4:f1:0f:a4:39:08:8d:5a:57:d3:fb:bf:fc:9a:2b:
                    c5:73:fd:db:a6:1a:ea:56:3e:80:d0:74:d6:16:69:
                    64:a6:7c:68:09:59:a8:54:08:4a:32:e2:b9:36:4b:
                    24:b8:aa:28:cf:5d:1b:b4:b2:fb:b8:75:7f:81:12:
                    4c:c9:b4:c7:94:2a:6d:b3:98:64:a9:bf:1d:d4:bd:
                    2c:fd:0c:37:77:ed:44:80:7c:23:60:2f:b7:9f:e4:
                    14:47:b4:9b:1b:29:05:52:52:d4:42:44:db:e3:e0:
                    91:5f:fc:19:37:36:4a:77:9c:58:16:ad:00:fe:ff:
                    dc:8d:de:5f:64:b5:9f:88:29:38:d8:dd:7f:ee:8c:
                    49:18:5f:8a:0b:5c:f3:68:54:ca:87:0c:4d:ce:9e:
                    00:76:8f:47:0d:83:91:22:a1:0a:1d:35:77:e7:f5:
                    e5:0a:3f:38:5c:cd:cd:44:79:8b:e9:6c:37:2d:17:
                    db:18:25:90:36:cd:35:9c:cc:49:8e:ed:35:c8:8b:
                    e7:6a:45:27:3f:e8:af:11:79:b1:3d:05:25:33:26:
                    56:04:ba:f4:9e:c8:1e:83:6e:f9:a9:f5:9d:a9:4a:
                    ba:0c:d1:00:36:3a:37:83:96:43:94:2c:74:ad:7b:
                    7a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:35:12:2B:21:2E:2E:FE:CA:D1:79:75:F7:1D:61:9F:11:B1:9A:A1
            X509v3 Authority Key Identifier:
                keyid:BB:9B:56:D8:D9:6E:BC:B5:FC:F8:7D:E2:EC:2B:52:C1:94:CC:F9:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u5tW2NluvLX8-H3i7CtSwZTM-fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/XTUSKyEuLv7K0Xl19x1hnxGxmqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/8f3942-17f7-493c-bc6b-4f4fe803b015/1/u5tW2NluvLX8-H3i7CtSwZTM-fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.72.0/23
                  185.222.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         dc:05:cd:12:6d:36:3c:c9:be:e6:6d:7f:b3:83:23:37:9a:e4:
         93:b9:e2:d3:d5:73:af:00:09:7c:86:e1:99:61:5c:2a:9c:ba:
         d2:64:b2:81:36:d6:eb:15:7f:bd:20:fe:e6:33:ba:c4:1d:9b:
         5d:47:22:c8:c9:16:79:9d:fb:ea:62:1b:17:7b:0c:c2:eb:86:
         1a:3a:b1:ea:92:15:89:47:b8:5b:29:70:9f:6e:9a:ca:be:c4:
         36:a1:4f:ea:b8:a4:5f:dc:ff:09:8c:05:31:25:bb:8b:4b:f2:
         2c:2d:97:1a:6c:76:9f:c6:2a:2f:88:3b:1f:fe:d8:50:39:a2:
         e0:27:19:89:50:e6:49:31:fd:da:7e:87:bf:b5:9c:17:8c:90:
         3c:f9:40:4b:c7:f0:94:16:30:4a:10:17:78:dd:94:89:a2:3b:
         de:3f:0c:2b:e8:8e:23:58:58:4a:4e:41:64:10:3e:7a:9a:de:
         ac:f8:56:e9:66:3f:ff:48:78:18:7a:10:d0:65:9d:9f:36:f0:
         d0:3a:76:76:59:a3:d7:b4:e1:c5:2d:88:18:f0:c4:e1:e4:e9:
         03:23:ba:11:4c:3d:5b:b8:2c:80:5b:e9:f3:25:e6:89:d4:71:
         90:ba:8c:ee:79:55:e9:1b:5a:60:24:ae:47:ed:37:ee:26:af:
         b7:e9:75:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVx+gv0l0FEkOoEXxN1EzaoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiOWI1NmQ4ZDk2ZWJjYjVmY2Y4N2RlMmVjMmI1MmMxOTRj
Y2Y5ZjkwHhcNMjMwMTAyMTAxNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM1MTIyYjIxMmUyZWZlY2FkMTc5NzVmNzFkNjE5ZjExYjE5YWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2M0DJ1swGYIPg4QKPS08Q+kOQiN
WlfT+7/8mivFc/3bphrqVj6A0HTWFmlkpnxoCVmoVAhKMuK5NkskuKooz10btLL7
uHV/gRJMybTHlCpts5hkqb8d1L0s/Qw3d+1EgHwjYC+3n+QUR7SbGykFUlLUQkTb
4+CRX/wZNzZKd5xYFq0A/v/cjd5fZLWfiCk42N1/7oxJGF+KC1zzaFTKhwxNzp4A
do9HDYORIqEKHTV35/XlCj84XM3NRHmL6Ww3LRfbGCWQNs01nMxJju01yIvnakUn
P+ivEXmxPQUlMyZWBLr0nsgeg275qfWdqUq6DNEANjo3g5ZDlCx0rXt6DQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF01EishLi7+ytF5dfcdYZ8RsZqhMB8GA1UdIwQY
MBaAFLubVtjZbry1/Ph94uwrUsGUzPn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmIt
NGY0ZmU4MDNiMDE1LzEvWFRVU0t5RXVMdjdLMFhsMTl4MWhueEd4bXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84ZjM5NDItMTdmNy00OTNjLWJjNmItNGY0ZmU4MDNiMDE1
LzEvdTV0VzJObHV2TFg4LUgzaTdDdFN3WlRNLWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+hIAwQC
ud54MA0GCSqGSIb3DQEBCwUAA4IBAQDcBc0SbTY8yb7mbX+zgyM3muSTueLT1XOv
AAl8huGZYVwqnLrSZLKBNtbrFX+9IP7mM7rEHZtdRyLIyRZ5nfvqYhsXewzC64Ya
OrHqkhWJR7hbKXCfbprKvsQ2oU/quKRf3P8JjAUxJbuLS/IsLZcabHafxioviDsf
/thQOaLgJxmJUOZJMf3afoe/tZwXjJA8+UBLx/CUFjBKEBd43ZSJojvePwwr6I4j
WFhKTkFkED56mt6s+FbpZj//SHgYehDQZZ2fNvDQOnZ2WaPXtOHFLYgY8MTh5OkD
I7oRTD1buCyAW+nzJeaJ1HGQuozueVXpG1pgJK5H7TfuJq+36XW0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:34 2024 by rpki-client on console-fra.rpki-client.org