Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/4L8nYkJpNZ_SPUyqE3Aiwrj5MmY.roa
File:                     4L8nYkJpNZ_SPUyqE3Aiwrj5MmY.roa (raw, json)
Hash identifier:          HWbOMaSp5Wp5Ybz1oprdS30I2cshS47RHFJ4ij9UErY=
Subject key identifier:   E0:BF:27:62:42:69:35:9F:D2:3D:4C:AA:13:70:22:C2:B8:F9:32:66
Certificate issuer:       /CN=d2f38d4aeb4d0288dbb854d1eae0bd8ad3f841fa
Certificate serial:       01856D53F19F9D8C6BEA20F46AF1932B2CCF
Authority key identifier: D2:F3:8D:4A:EB:4D:02:88:DB:B8:54:D1:EA:E0:BD:8A:D3:F8:41:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0vONSutNAojbuFTR6uC9itP4Qfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/4L8nYkJpNZ_SPUyqE3Aiwrj5MmY.roa
Signing time:             Sun 01 Jan 2023 12:34:55 +0000
ROA not before:           Sun 01 Jan 2023 12:34:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210303
IP address blocks:        194.107.252.0/22 maxlen: 22
                          2a09:8900::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:53:f1:9f:9d:8c:6b:ea:20:f4:6a:f1:93:2b:2c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2f38d4aeb4d0288dbb854d1eae0bd8ad3f841fa
        Validity
            Not Before: Jan  1 12:34:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e0bf27624269359fd23d4caa137022c2b8f93266
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c8:cc:02:0a:94:ce:af:bd:52:8e:11:44:bc:
                    9d:83:d9:1e:89:aa:e8:25:6a:2b:4e:1e:fb:4a:58:
                    9d:8a:d5:35:02:5c:df:15:8a:eb:0d:d0:fe:5a:16:
                    a2:bd:46:62:34:29:91:fb:9a:ae:2c:fd:43:15:f9:
                    1c:7a:9a:ea:74:44:04:07:ff:d3:c8:65:c6:95:83:
                    9d:ac:ce:05:19:29:a9:5c:85:94:a4:27:e1:09:95:
                    23:21:30:ac:49:94:7d:55:4c:38:52:ab:ca:6c:c0:
                    f9:97:20:a2:0b:5a:f3:5d:65:ef:81:53:d5:24:b3:
                    50:b5:e4:2c:5c:a3:16:84:cf:8e:d0:ae:37:ba:9f:
                    01:9e:08:a2:da:0f:16:93:70:22:d0:01:b2:07:cc:
                    6e:fe:28:15:92:f1:a6:da:87:f8:28:4a:14:5f:97:
                    a7:f2:64:0b:f0:58:d4:2d:cc:2e:a5:0a:43:b2:c4:
                    7d:26:26:37:de:f6:e0:bc:97:26:77:41:45:75:04:
                    3f:2d:70:51:26:5c:8c:22:d5:a9:10:0f:ee:2a:35:
                    2c:2f:cb:a1:75:d6:b8:17:91:01:ba:5e:31:4a:74:
                    75:9e:3b:bd:5b:68:b0:6d:40:5a:15:04:73:1d:3a:
                    52:b2:04:e8:3a:d5:53:f3:33:63:20:89:b3:bf:0e:
                    df:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BF:27:62:42:69:35:9F:D2:3D:4C:AA:13:70:22:C2:B8:F9:32:66
            X509v3 Authority Key Identifier:
                keyid:D2:F3:8D:4A:EB:4D:02:88:DB:B8:54:D1:EA:E0:BD:8A:D3:F8:41:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0vONSutNAojbuFTR6uC9itP4Qfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/4L8nYkJpNZ_SPUyqE3Aiwrj5MmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/48ef27-5858-424b-add1-0f6455f05276/1/0vONSutNAojbuFTR6uC9itP4Qfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.107.252.0/22
                IPv6:
                  2a09:8900::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:66:b1:b7:c7:b4:76:16:09:db:31:1b:a7:c6:63:f8:d2:98:
         98:c3:78:23:bc:c0:c7:71:f2:ea:fc:a8:2f:d5:24:3d:3d:cc:
         22:d1:52:39:bc:de:1d:51:40:9c:82:83:04:88:0a:ec:a7:87:
         e1:4d:c4:70:5d:d9:a7:41:3d:b7:c1:09:dc:72:af:35:98:72:
         c7:a3:a0:a3:a5:e5:b8:c2:b1:4d:52:76:a2:5f:93:23:63:e2:
         3e:60:81:4e:ab:ff:d3:fa:a5:63:26:fc:fc:2a:97:8c:01:e0:
         94:d0:63:f9:1b:ee:57:cb:e3:94:a1:31:3b:c2:be:92:fe:a2:
         1a:40:94:08:a6:5b:83:ad:5d:97:38:1c:30:99:78:64:03:34:
         e8:8a:25:67:1d:a6:0a:d2:5b:b4:f0:d7:c4:cd:2e:5b:34:d5:
         ac:b6:26:3b:64:ef:00:a0:76:22:3a:10:72:d0:6a:f7:00:ca:
         99:f3:ef:c9:b8:16:09:3a:6a:04:91:f7:06:5f:49:95:53:6e:
         e9:fd:2f:52:6e:35:7a:29:87:03:5c:c1:6e:f5:7c:83:05:e7:
         d7:2e:70:b9:42:72:77:81:fe:d6:0a:49:f6:75:34:42:93:59:
         9d:a5:11:15:ae:61:a1:83:9b:b4:5f:e8:15:70:0b:bc:43:aa:
         8a:2f:65:69
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtU/GfnYxr6iD0avGTKyzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZjM4ZDRhZWI0ZDAyODhkYmI4NTRkMWVhZTBiZDhhZDNm
ODQxZmEwHhcNMjMwMTAxMTIzNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJmMjc2MjQyNjkzNTlmZDIzZDRjYWExMzcwMjJjMmI4ZjkzMjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcjMAgqUzq+9Uo4RRLydg9keiaro
JWorTh77SliditU1AlzfFYrrDdD+WhaivUZiNCmR+5quLP1DFfkceprqdEQEB//T
yGXGlYOdrM4FGSmpXIWUpCfhCZUjITCsSZR9VUw4UqvKbMD5lyCiC1rzXWXvgVPV
JLNQteQsXKMWhM+O0K43up8Bngii2g8Wk3Ai0AGyB8xu/igVkvGm2of4KEoUX5en
8mQL8FjULcwupQpDssR9JiY33vbgvJcmd0FFdQQ/LXBRJlyMItWpEA/uKjUsL8uh
dda4F5EBul4xSnR1nju9W2iwbUBaFQRzHTpSsgToOtVT8zNjIImzvw7fdwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOC/J2JCaTWf0j1MqhNwIsK4+TJmMB8GA1UdIwQY
MBaAFNLzjUrrTQKI27hU0ergvYrT+EH6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHZPTlN1dE5Bb2pidUZUUjZ1QzlpdFA0UWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS80OGVmMjctNTg1OC00MjRiLWFkZDEt
MGY2NDU1ZjA1Mjc2LzEvNEw4bllrSnBOWl9TUFV5cUUzQWl3cmo1TW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS80OGVmMjctNTg1OC00MjRiLWFkZDEtMGY2NDU1ZjA1Mjc2
LzEvMHZPTlN1dE5Bb2pidUZUUjZ1QzlpdFA0UWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwmv8MA0E
AgACMAcDBQMqCYkAMA0GCSqGSIb3DQEBCwUAA4IBAQB8ZrG3x7R2FgnbMRunxmP4
0piYw3gjvMDHcfLq/Kgv1SQ9Pcwi0VI5vN4dUUCcgoMEiArsp4fhTcRwXdmnQT23
wQnccq81mHLHo6CjpeW4wrFNUnaiX5MjY+I+YIFOq//T+qVjJvz8KpeMAeCU0GP5
G+5Xy+OUoTE7wr6S/qIaQJQIpluDrV2XOBwwmXhkAzToiiVnHaYK0lu08NfEzS5b
NNWstiY7ZO8AoHYiOhBy0Gr3AMqZ8+/JuBYJOmoEkfcGX0mVU27p/S9SbjV6KYcD
XMFu9XyDBefXLnC5QnJ3gf7WCkn2dTRCk1mdpREVrmGhg5u0X+gVcAu8Q6qKL2Vp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:01 2024 by rpki-client on console-fra.rpki-client.org