Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/gUV1vm3xa6eL8ZBvu8375eK1CHE.roa
File:                     gUV1vm3xa6eL8ZBvu8375eK1CHE.roa (raw, json)
Hash identifier:          RCSMpUNx9Wy3lJ7TTs8j7Mgvid54k/NZ7dA4jPU2xF8=
Subject key identifier:   81:45:75:BE:6D:F1:6B:A7:8B:F1:90:6F:BB:CD:FB:E5:E2:B5:08:71
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       018AD85A4AE4B963DE31A3EE39ED483DF0B8
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/gUV1vm3xa6eL8ZBvu8375eK1CHE.roa
Signing time:             Wed 27 Sep 2023 20:35:10 +0000
ROA not before:           Wed 27 Sep 2023 20:35:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        91.243.179.0/24 maxlen: 24
                          195.242.241.0/24 maxlen: 24
                          195.242.243.0/24 maxlen: 24
                          185.81.181.0/24 maxlen: 24
                          185.81.180.0/23 maxlen: 23
                          93.114.61.0/24 maxlen: 24
                          89.46.10.0/24 maxlen: 24
                          89.46.11.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 03 Oct 2023 08:28:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d8:5a:4a:e4:b9:63:de:31:a3:ee:39:ed:48:3d:f0:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Sep 27 20:35:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=814575be6df16ba78bf1906fbbcdfbe5e2b50871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:75:ed:9b:e8:52:96:2d:46:90:0a:c2:1f:
                    96:2a:0b:c0:b6:c2:d7:4e:49:6d:e9:16:06:e2:c1:
                    8c:66:44:9c:f8:dc:16:b7:2c:5d:86:ee:df:96:f1:
                    a6:ed:9d:13:78:d7:fa:5a:52:2f:51:80:58:6a:61:
                    52:71:1b:03:6c:b2:d7:51:be:ba:9d:09:3c:a2:1b:
                    cd:91:d2:26:8c:28:72:cb:0e:33:ff:57:fd:ab:cd:
                    d0:62:7b:63:f1:50:e1:1b:37:af:e1:36:13:44:98:
                    a4:8f:2a:69:fd:5e:a8:04:94:c1:78:c0:bb:60:84:
                    cd:9f:1b:b7:e1:92:5a:f4:df:88:b0:1b:48:c6:d6:
                    b4:f6:ab:47:52:27:dd:c8:40:46:e1:be:ff:24:40:
                    06:23:63:01:71:9b:84:1d:e8:41:0b:d6:f6:ce:f2:
                    d2:5d:03:e4:81:31:dd:3a:ae:ce:75:ab:22:2d:16:
                    2b:61:c5:a8:9d:56:45:8f:35:04:34:60:98:92:46:
                    30:45:e5:2a:d7:69:0e:54:22:b7:1a:f1:79:89:6f:
                    92:50:65:77:e9:34:24:0c:46:b3:41:f6:d2:b0:a6:
                    8d:c5:86:a7:e7:83:80:ab:3c:76:62:8f:c7:3a:44:
                    25:07:6f:5e:5c:fa:b2:af:5f:cf:3e:14:7f:53:61:
                    f4:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:45:75:BE:6D:F1:6B:A7:8B:F1:90:6F:BB:CD:FB:E5:E2:B5:08:71
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/gUV1vm3xa6eL8ZBvu8375eK1CHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.46.10.0/23
                  91.243.179.0/24
                  93.114.61.0/24
                  185.81.180.0/23
                  195.242.241.0/24
                  195.242.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:e2:09:2a:0c:c9:11:69:d2:59:98:e1:89:53:71:8d:59:03:
         a6:0c:4b:6a:4d:88:83:ef:49:b0:04:94:30:d3:29:af:f8:6b:
         aa:1f:99:2a:b0:96:f1:aa:df:4b:38:a5:dc:68:a7:1a:ef:12:
         a0:a1:09:0c:ec:67:93:35:b4:6d:49:a2:1e:36:54:5c:17:61:
         54:cd:18:4d:95:0f:59:43:1d:04:76:42:18:c5:2d:a2:bb:45:
         07:e0:ab:29:a5:ad:f4:40:e3:b9:5d:59:f9:4e:e9:d8:1d:ae:
         e7:60:ac:77:3b:13:77:7f:21:e5:bb:aa:5d:2a:6c:04:be:8e:
         1c:6f:09:e7:c5:fa:95:b3:64:38:40:07:73:4b:e4:55:c2:e0:
         72:82:af:54:af:b0:8a:15:e8:2a:90:b2:dd:8f:20:19:9e:34:
         1e:c2:08:e5:1a:de:39:48:24:23:48:f2:58:44:2f:08:8d:2d:
         9d:54:b6:c2:66:ba:44:a1:b7:58:fd:1a:47:4a:98:76:62:27:
         f7:ef:76:02:b3:43:66:7d:00:8b:2b:de:f2:f1:33:bf:ec:97:
         57:bd:ed:4d:3e:a7:32:c8:3f:8f:a6:ee:b1:8d:cb:00:73:0e:
         8e:3c:bd:6e:45:49:53:3a:92:4e:b3:a6:3d:5e:ee:b4:36:b2:
         80:ec:28:fd
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYrYWkrkuWPeMaPuOe1IPfC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwOTI3MjAzNTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTQ1NzViZTZkZjE2YmE3OGJmMTkwNmZiYmNkZmJlNWUyYjUwODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnR17ZvoUpYtRpAKwh+WKgvAtsLX
Tklt6RYG4sGMZkSc+NwWtyxdhu7flvGm7Z0TeNf6WlIvUYBYamFScRsDbLLXUb66
nQk8ohvNkdImjChyyw4z/1f9q83QYntj8VDhGzev4TYTRJikjypp/V6oBJTBeMC7
YITNnxu34ZJa9N+IsBtIxta09qtHUifdyEBG4b7/JEAGI2MBcZuEHehBC9b2zvLS
XQPkgTHdOq7OdasiLRYrYcWonVZFjzUENGCYkkYwReUq12kOVCK3GvF5iW+SUGV3
6TQkDEazQfbSsKaNxYan54OAqzx2Yo/HOkQlB29eXPqyr1/PPhR/U2H02QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIFFdb5t8Wuni/GQb7vN++XitQhxMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvZ1VWMXZtM3hhNmVMOFpCdnU4Mzc1ZUsxQ0hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBWS4KAwQA
W/OzAwQAXXI9AwQBuVG0AwQAw/LxAwQAw/LzMA0GCSqGSIb3DQEBCwUAA4IBAQCk
4gkqDMkRadJZmOGJU3GNWQOmDEtqTYiD70mwBJQw0ymv+GuqH5kqsJbxqt9LOKXc
aKca7xKgoQkM7GeTNbRtSaIeNlRcF2FUzRhNlQ9ZQx0EdkIYxS2iu0UH4Ksppa30
QOO5XVn5TunYHa7nYKx3OxN3fyHlu6pdKmwEvo4cbwnnxfqVs2Q4QAdzS+RVwuBy
gq9Ur7CKFegqkLLdjyAZnjQewgjlGt45SCQjSPJYRC8IjS2dVLbCZrpEobdY/RpH
Sph2Yif373YCs0NmfQCLK97y8TO/7JdXve1NPqcyyD+Ppu6xjcsAcw6OPL1uRUlT
OpJOs6Y9Xu60NrKA7Cj9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:55 2024 by rpki-client on console-fra.rpki-client.org