Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/CrXqCIUQOf91VolwFvuzLlT9NQ0.roa
File:                     CrXqCIUQOf91VolwFvuzLlT9NQ0.roa (raw, json)
Hash identifier:          TnUpcwLTu4Y6JoZUYA4x2SwNfU+qT6DRer/cKoQCK3U=
Subject key identifier:   0A:B5:EA:08:85:10:39:FF:75:56:89:70:16:FB:B3:2E:54:FD:35:0D
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018570CBE88CB9B1BBF15401647E278F18B5
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/CrXqCIUQOf91VolwFvuzLlT9NQ0.roa
Signing time:             Mon 02 Jan 2023 04:44:49 +0000
ROA not before:           Mon 02 Jan 2023 04:44:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57841
IP address blocks:        171.25.218.236/30 maxlen: 30
                          91.90.231.0/24 maxlen: 24
                          171.25.219.1/32 maxlen: 32
                          176.106.160.0/20 maxlen: 20
                          194.9.212.0/22 maxlen: 22
                          171.25.218.0/23 maxlen: 30
                          176.106.176.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:cb:e8:8c:b9:b1:bb:f1:54:01:64:7e:27:8f:18:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 04:44:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0ab5ea08851039ff7556897016fbb32e54fd350d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:41:d4:aa:51:99:37:0a:1e:dc:99:ca:62:82:
                    8a:9b:83:20:83:a0:b3:86:27:71:9d:92:60:b0:34:
                    a0:54:cf:6f:c9:fc:23:a0:03:2b:37:2a:9c:aa:32:
                    cf:24:98:90:1a:63:08:cc:d6:e1:e8:0e:bd:fc:a7:
                    73:8a:d3:21:a8:30:13:9e:9c:4d:2b:ee:d1:d4:f7:
                    d6:9e:1f:6f:4a:80:21:3d:41:20:8c:61:85:c0:c5:
                    91:95:92:e9:3f:63:84:ca:1c:5b:ca:08:f3:cf:9f:
                    b5:5c:d4:81:57:ce:77:dd:57:97:2e:3c:71:61:85:
                    fc:25:9d:a9:af:1e:f8:6f:04:59:9b:fa:c8:96:f3:
                    fa:4b:51:08:57:f8:1c:0d:e2:d1:b9:3d:10:17:9d:
                    02:ed:97:2d:13:a0:a3:e2:b3:e2:24:de:71:40:2a:
                    0a:e6:d7:78:25:9f:f4:4c:59:75:8d:6f:b1:6e:6a:
                    15:16:ad:e6:45:7b:96:a7:b1:32:eb:fd:67:a0:3b:
                    38:df:32:12:cb:b9:9f:8d:cd:3b:b8:58:11:3a:39:
                    96:68:98:00:aa:e6:97:ad:6d:e4:c3:cf:a9:4e:f9:
                    52:0b:7f:2c:5d:8b:bb:bd:6a:90:54:e6:11:50:1c:
                    f8:d5:15:67:2b:89:95:fc:cd:f7:38:1f:42:ce:0e:
                    53:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B5:EA:08:85:10:39:FF:75:56:89:70:16:FB:B3:2E:54:FD:35:0D
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/CrXqCIUQOf91VolwFvuzLlT9NQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.231.0/24
                  171.25.218.0/23
                  176.106.160.0-176.106.183.255
                  194.9.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:4d:3f:a8:f2:a2:d2:43:b3:af:97:23:dc:b8:7d:bf:7d:31:
         4e:d2:a1:bb:ce:54:34:12:cf:5f:ec:97:37:7e:c3:f8:3b:7b:
         bc:38:49:88:4b:4a:27:69:9b:8f:c7:ed:3c:0a:59:17:c3:be:
         ce:90:f3:41:09:c8:67:d7:2b:bc:db:33:66:a4:b5:8f:8f:d3:
         c4:b8:72:5a:d7:0f:03:f7:01:92:ea:ac:32:f8:48:a6:68:85:
         38:39:40:9c:8c:00:f8:da:35:59:b6:21:d8:d7:aa:07:18:f1:
         c6:02:55:0e:e9:b7:4b:b6:b7:12:58:90:54:ae:79:4f:ee:f8:
         2f:d4:da:40:1a:2e:b7:09:6c:cf:aa:5e:d6:5b:22:1d:f0:fd:
         f7:6a:01:e1:f3:f5:fc:f0:48:d6:76:a4:67:29:33:f6:a2:25:
         7d:be:3f:ed:1f:63:40:d5:98:26:a4:af:51:55:37:ad:4a:96:
         bb:b8:a5:7b:29:f4:a9:0d:7d:66:0e:3a:cd:26:f6:07:52:57:
         fa:65:eb:26:0d:72:a1:74:c5:68:e2:3f:96:d8:8e:6b:53:c7:
         21:cf:1b:69:8f:ae:4c:d6:ba:06:a8:41:b4:71:58:f4:51:7a:
         47:21:5a:46:33:46:39:30:49:17:40:23:7a:f9:6c:2c:b3:88:
         16:76:47:f9
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVwy+iMubG78VQBZH4njxi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjMwMTAyMDQ0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWI1ZWEwODg1MTAzOWZmNzU1Njg5NzAxNmZiYjMyZTU0ZmQzNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkHUqlGZNwoe3JnKYoKKm4Mgg6Cz
hidxnZJgsDSgVM9vyfwjoAMrNyqcqjLPJJiQGmMIzNbh6A69/KdzitMhqDATnpxN
K+7R1PfWnh9vSoAhPUEgjGGFwMWRlZLpP2OEyhxbygjzz5+1XNSBV8533VeXLjxx
YYX8JZ2prx74bwRZm/rIlvP6S1EIV/gcDeLRuT0QF50C7ZctE6Cj4rPiJN5xQCoK
5td4JZ/0TFl1jW+xbmoVFq3mRXuWp7Ey6/1noDs43zISy7mfjc07uFgROjmWaJgA
quaXrW3kw8+pTvlSC38sXYu7vWqQVOYRUBz41RVnK4mV/M33OB9Czg5T4wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAq16giFEDn/dVaJcBb7sy5U/TUNMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvQ3JYcUNJVVFPZjkxVm9sd0Z2dXpMbFQ5TlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAW1rnAwQB
qxnaMAwDBAWwaqADBAOwarADBALCCdQwDQYJKoZIhvcNAQELBQADggEBACtNP6jy
otJDs6+XI9y4fb99MU7SobvOVDQSz1/slzd+w/g7e7w4SYhLSidpm4/H7TwKWRfD
vs6Q80EJyGfXK7zbM2aktY+P08S4clrXDwP3AZLqrDL4SKZohTg5QJyMAPjaNVm2
IdjXqgcY8cYCVQ7pt0u2txJYkFSueU/u+C/U2kAaLrcJbM+qXtZbIh3w/fdqAeHz
9fzwSNZ2pGcpM/aiJX2+P+0fY0DVmCakr1FVN61Klru4pXsp9KkNfWYOOs0m9gdS
V/pl6yYNcqF0xWjiP5bYjmtTxyHPG2mPrkzWugaoQbRxWPRRekchWkYzRjkwSRdA
I3r5bCyziBZ2R/k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:06 2024 by rpki-client on console-ams.rpki-client.org