Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/JrqQFO3gXN3-z_-boQISHa-Nu20.roa
File:                     JrqQFO3gXN3-z_-boQISHa-Nu20.roa (raw, json)
Hash identifier:          D/sFK0Ll58CAP2jDsUGAwABd6rFN6+TbGGOXTEgYkpE=
Subject key identifier:   26:BA:90:14:ED:E0:5C:DD:FE:CF:FF:9B:A1:02:12:1D:AF:8D:BB:6D
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       018570CBE595543814A1F2D0EA3DE68378F3
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/JrqQFO3gXN3-z_-boQISHa-Nu20.roa
Signing time:             Mon 02 Jan 2023 04:44:48 +0000
ROA not before:           Mon 02 Jan 2023 04:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43075
IP address blocks:        109.229.192.0/19 maxlen: 19
                          88.135.128.0/19 maxlen: 19
                          213.110.64.0/19 maxlen: 19
                          176.106.48.0/20 maxlen: 20
                          176.106.160.0/20 maxlen: 20
                          171.25.218.0/23 maxlen: 23
                          176.106.176.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:cb:e5:95:54:38:14:a1:f2:d0:ea:3d:e6:83:78:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Jan  2 04:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=26ba9014ede05cddfecfff9ba102121daf8dbb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f7:f9:ad:dc:c5:6a:15:e7:f8:e4:53:ef:c6:
                    82:4c:dc:fc:cd:a7:bc:99:b9:7e:64:e9:e8:ef:6b:
                    b0:a6:bc:9a:80:70:ca:25:bd:5c:bf:06:9f:2b:4d:
                    d6:5e:08:ea:dc:62:ad:ce:b1:4b:66:4a:cd:a4:57:
                    a2:ac:8e:b6:24:e3:ba:f8:12:02:92:16:6a:79:d5:
                    37:ca:a0:77:21:ae:bd:db:c1:80:ac:cd:6d:f1:36:
                    d2:22:47:b5:63:a7:1c:6a:c9:25:a7:c0:03:4c:1d:
                    30:0a:a9:d9:95:61:0d:7d:d2:d4:ca:ae:54:ec:26:
                    3a:e1:a4:f4:48:64:9e:8a:f9:6f:97:5f:f8:6c:94:
                    8b:1e:88:d7:3c:a1:8c:2c:73:cc:1e:2e:e1:91:0b:
                    7d:f3:c9:d9:2b:98:cd:dc:0e:fb:73:28:4e:51:27:
                    92:fe:cc:4e:42:d4:40:c6:0d:ba:bc:b1:33:43:6c:
                    00:41:3d:57:55:09:66:9b:77:70:d2:3b:c6:52:39:
                    06:dd:80:22:cf:1f:32:06:d3:3e:43:86:e3:79:0a:
                    89:9e:a6:fe:b4:d4:fe:62:e1:11:60:27:4a:8e:32:
                    36:ba:66:72:2b:6a:49:5c:ed:9f:43:ee:fd:c6:fc:
                    2b:74:6c:23:f9:61:67:aa:00:da:2a:03:c3:cd:35:
                    d2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:BA:90:14:ED:E0:5C:DD:FE:CF:FF:9B:A1:02:12:1D:AF:8D:BB:6D
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/JrqQFO3gXN3-z_-boQISHa-Nu20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.128.0/19
                  109.229.192.0/19
                  171.25.218.0/23
                  176.106.48.0/20
                  176.106.160.0-176.106.183.255
                  213.110.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         80:e8:cf:5f:bd:ee:00:b2:cf:9e:77:7e:19:bb:91:7c:7f:2d:
         98:a3:ac:f4:61:17:4c:5e:ab:2a:f5:4d:d6:ec:a1:ae:e2:0f:
         3a:b4:03:09:55:35:2e:66:e9:4b:e7:69:50:b0:b2:3c:f2:cf:
         6f:c4:3f:a9:bb:43:ab:26:0a:5c:9f:2e:48:75:01:a2:fc:fa:
         2a:93:cd:e2:e3:19:76:fe:0f:1d:cd:d6:31:2e:43:d8:f4:95:
         56:f3:07:69:96:91:b9:db:14:bf:2d:78:4d:5c:a0:8a:4a:41:
         3e:28:d7:72:ce:62:74:08:b1:c3:e6:c2:76:53:7c:8e:4e:58:
         e0:a1:94:7b:0f:06:9b:74:3f:55:a2:78:f8:b7:b9:8e:c8:74:
         c8:51:7f:09:64:91:1c:e0:fa:1a:e9:f8:a5:23:4b:51:b0:ba:
         6a:10:52:b9:ae:86:5c:d5:ce:80:b7:83:2c:2d:49:14:0e:4d:
         1a:7f:4c:f2:26:1f:d9:ae:0c:de:c7:65:32:74:4d:1f:63:9f:
         33:7c:03:9c:e4:5a:da:0a:20:1b:5d:04:ff:48:0a:ab:c5:5b:
         60:ce:32:04:e2:e7:da:69:86:de:30:89:12:bc:92:40:29:b6:
         c6:dc:f2:ea:5c:03:54:db:cb:0e:03:ca:aa:25:27:52:80:fb:
         aa:e2:58:fc
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVwy+WVVDgUofLQ6j3mg3jzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjMwMTAyMDQ0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmJhOTAxNGVkZTA1Y2RkZmVjZmZmOWJhMTAyMTIxZGFmOGRiYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/f5rdzFahXn+ORT78aCTNz8zae8
mbl+ZOno72uwpryagHDKJb1cvwafK03WXgjq3GKtzrFLZkrNpFeirI62JOO6+BIC
khZqedU3yqB3Ia6928GArM1t8TbSIke1Y6ccasklp8ADTB0wCqnZlWENfdLUyq5U
7CY64aT0SGSeivlvl1/4bJSLHojXPKGMLHPMHi7hkQt988nZK5jN3A77cyhOUSeS
/sxOQtRAxg26vLEzQ2wAQT1XVQlmm3dw0jvGUjkG3YAizx8yBtM+Q4bjeQqJnqb+
tNT+YuERYCdKjjI2umZyK2pJXO2fQ+79xvwrdGwj+WFnqgDaKgPDzTXSKQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFCa6kBTt4Fzd/s//m6ECEh2vjbttMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvSnJxUUZPM2dYTjMtel8tYm9RSVNIYS1OdTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQFWIeAAwQF
beXAAwQBqxnaAwQEsGowMAwDBAWwaqADBAOwarADBAXVbkAwDQYJKoZIhvcNAQEL
BQADggEBAIDoz1+97gCyz553fhm7kXx/LZijrPRhF0xeqyr1Tdbsoa7iDzq0AwlV
NS5m6UvnaVCwsjzyz2/EP6m7Q6smClyfLkh1AaL8+iqTzeLjGXb+Dx3N1jEuQ9j0
lVbzB2mWkbnbFL8teE1coIpKQT4o13LOYnQIscPmwnZTfI5OWOChlHsPBpt0P1Wi
ePi3uY7IdMhRfwlkkRzg+hrp+KUjS1GwumoQUrmuhlzVzoC3gywtSRQOTRp/TPIm
H9muDN7HZTJ0TR9jnzN8A5zkWtoKIBtdBP9ICqvFW2DOMgTi59ppht4wiRK8kkAp
tsbc8upcA1Tbyw4DyqolJ1KA+6riWPw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:49 2024 by rpki-client on console-fra.rpki-client.org