Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oNKXjFb-Gy928-NkZD5tM9rw_fo.roa
File:                     oNKXjFb-Gy928-NkZD5tM9rw_fo.roa (raw, json)
Hash identifier:          3Tqg1SRVJzXXHeX2hogq7BWq1YHknDkLfBhU4yw++aM=
Subject key identifier:   A0:D2:97:8C:56:FE:1B:2F:76:F3:E3:64:64:3E:6D:33:DA:F0:FD:FA
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348AB29D4738E0D7AEB1CEBEEA7B80B
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oNKXjFb-Gy928-NkZD5tM9rw_fo.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39855
IP address blocks:        193.110.161.0/24 maxlen: 24
                          194.55.128.0/24 maxlen: 24
                          91.229.5.0/24 maxlen: 24
                          195.60.170.0/24 maxlen: 24
                          217.8.116.0/24 maxlen: 24
                          45.85.247.0/24 maxlen: 24
                          193.201.202.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 11 Mar 2024 08:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:ab:29:d4:73:8e:0d:7a:eb:1c:eb:ee:a7:b8:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0d2978c56fe1b2f76f3e364643e6d33daf0fdfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:f6:23:be:88:e6:1e:db:91:3b:d5:eb:1f:c3:
                    e1:b1:d7:7c:18:ff:f8:77:db:36:12:ca:e4:b3:a2:
                    61:43:c9:44:86:ab:26:07:bc:9d:17:ee:88:55:86:
                    68:ca:48:3f:32:4b:a2:71:f3:fa:b5:86:c7:47:1d:
                    bb:97:50:52:58:28:6f:43:5f:3f:4e:84:8b:d6:c6:
                    d0:bb:89:d8:65:b4:f4:ab:35:bd:0f:c0:c8:13:f2:
                    48:69:a9:70:15:c2:c6:4a:fd:e2:aa:85:1b:28:a2:
                    09:4c:eb:10:43:93:be:00:d9:66:55:2c:41:35:54:
                    21:16:a3:55:5b:60:0a:7e:66:88:20:e1:7a:ad:3e:
                    b8:2a:fe:bc:e9:70:49:c7:f9:44:d5:2e:64:d0:5f:
                    0c:9b:3b:40:85:e2:a4:9c:46:68:94:13:05:c1:87:
                    8a:4d:c8:ff:ff:9a:98:ad:1c:7b:cc:e5:3b:11:c5:
                    54:c8:cb:0c:1f:67:38:fd:ea:9c:f1:1e:f6:d0:67:
                    b9:69:c2:84:59:31:23:18:6c:bc:b5:f8:58:10:69:
                    0c:a4:6c:fe:e0:97:60:d9:30:5d:86:5d:37:12:a4:
                    1d:65:15:f4:8c:1f:33:64:1d:ec:3a:14:9d:7a:e0:
                    dc:10:43:a1:5e:fd:ef:10:5a:36:f3:8c:ba:71:e1:
                    9e:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:D2:97:8C:56:FE:1B:2F:76:F3:E3:64:64:3E:6D:33:DA:F0:FD:FA
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oNKXjFb-Gy928-NkZD5tM9rw_fo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.247.0/24
                  91.229.5.0/24
                  193.110.161.0/24
                  193.201.202.0/24
                  194.55.128.0/24
                  195.60.170.0/24
                  217.8.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:6d:f9:a6:6d:4f:32:41:a4:db:e1:ff:b2:aa:ce:e0:69:83:
         ef:1d:8e:93:9d:a6:eb:c1:d3:7a:3d:02:f3:d5:c0:34:fd:1b:
         61:00:e1:44:b6:25:e3:c0:68:32:d3:71:40:76:4f:73:85:91:
         a2:8e:4b:84:b5:4e:fa:a2:93:7b:4f:99:4a:29:55:77:03:0d:
         e4:31:c2:02:5e:91:9c:87:7c:38:18:48:ed:0e:e5:4e:0b:aa:
         48:e5:54:45:cb:3b:de:85:49:9b:11:db:41:5a:ee:a3:8d:bb:
         16:ae:0b:1a:28:6e:d1:30:93:47:b4:f2:53:71:b0:f5:b5:43:
         66:9c:ba:54:95:d5:11:d0:46:1a:4e:bf:6d:8f:a5:11:26:69:
         07:b2:cd:fb:15:52:e4:1c:a2:24:e1:82:85:b7:d5:85:03:c0:
         13:28:9c:44:35:5d:a2:b6:e8:7d:d7:00:61:92:11:91:79:0e:
         0b:a5:00:c9:9c:01:aa:75:ca:06:3e:af:82:0b:21:d3:38:f0:
         c4:b9:4f:0c:c6:cb:f4:20:69:d1:6c:a9:5a:15:a6:d1:42:1d:
         c1:04:ce:c0:b1:66:92:91:8f:dc:46:bb:ad:c4:bb:d8:de:0f:
         d8:21:05:33:62:5b:5d:de:b9:0d:88:84:94:4e:df:e3:ea:8d:
         1f:ff:76:ce
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzDSKsp1HOODXrrHOvup7gLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGQyOTc4YzU2ZmUxYjJmNzZmM2UzNjQ2NDNlNmQzM2RhZjBmZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/YjvojmHtuRO9XrH8Phsdd8GP/4
d9s2Esrks6JhQ8lEhqsmB7ydF+6IVYZoykg/MkuicfP6tYbHRx27l1BSWChvQ18/
ToSL1sbQu4nYZbT0qzW9D8DIE/JIaalwFcLGSv3iqoUbKKIJTOsQQ5O+ANlmVSxB
NVQhFqNVW2AKfmaIIOF6rT64Kv686XBJx/lE1S5k0F8MmztAheKknEZolBMFwYeK
Tcj//5qYrRx7zOU7EcVUyMsMH2c4/eqc8R720Ge5acKEWTEjGGy8tfhYEGkMpGz+
4Jdg2TBdhl03EqQdZRX0jB8zZB3sOhSdeuDcEEOhXv3vEFo284y6ceGeKQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKDSl4xW/hsvdvPjZGQ+bTPa8P36MB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvb05LWGpGYi1HeTkyOC1Oa1pENXRNOXJ3X2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALVX3AwQA
W+UFAwQAwW6hAwQAwcnKAwQAwjeAAwQAwzyqAwQA2Qh0MA0GCSqGSIb3DQEBCwUA
A4IBAQB1bfmmbU8yQaTb4f+yqs7gaYPvHY6TnabrwdN6PQLz1cA0/RthAOFEtiXj
wGgy03FAdk9zhZGijkuEtU76opN7T5lKKVV3Aw3kMcICXpGch3w4GEjtDuVOC6pI
5VRFyzvehUmbEdtBWu6jjbsWrgsaKG7RMJNHtPJTcbD1tUNmnLpUldUR0EYaTr9t
j6URJmkHss37FVLkHKIk4YKFt9WFA8ATKJxENV2ituh91wBhkhGReQ4LpQDJnAGq
dcoGPq+CCyHTOPDEuU8Mxsv0IGnRbKlaFabRQh3BBM7AsWaSkY/cRrutxLvY3g/Y
IQUzYltd3rkNiISUTt/j6o0f/3bO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:24 2024 by rpki-client on console-ams.rpki-client.org