Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/9fR0LIdyMle5FOAUTscFPpCuG_s.roa
File:                     9fR0LIdyMle5FOAUTscFPpCuG_s.roa (raw, json)
Hash identifier:          ntuvWgBgcjo8BnaRVTFO9FV5z7ETLaMcMoWTr/kdABo=
Subject key identifier:   F5:F4:74:2C:87:72:32:57:B9:14:E0:14:4E:C7:05:3E:90:AE:1B:FB
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       01857014FD70E0D9937C8EEA3A97586D3999
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/9fR0LIdyMle5FOAUTscFPpCuG_s.roa
Signing time:             Mon 02 Jan 2023 01:25:01 +0000
ROA not before:           Mon 02 Jan 2023 01:25:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43139
IP address blocks:        185.199.96.0/22 maxlen: 22
                          91.196.148.0/22 maxlen: 22
                          94.158.80.0/20 maxlen: 20
                          178.158.192.0/18 maxlen: 24
                          109.207.192.0/20 maxlen: 20
                          2a0a:9b40::/29 maxlen: 29
                          2001:67c:738::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:14:fd:70:e0:d9:93:7c:8e:ea:3a:97:58:6d:39:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: Jan  2 01:25:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f5f4742c87723257b914e0144ec7053e90ae1bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:72:21:bf:5e:3b:e0:b4:1e:ca:0a:8a:6a:85:
                    25:6a:28:fa:d4:04:23:e4:bf:54:54:b1:ef:1f:57:
                    0b:0d:30:c5:13:0a:3a:a9:55:f2:31:77:aa:23:9a:
                    97:42:af:b9:5a:34:0b:9a:79:89:11:fb:04:77:f7:
                    8e:3d:92:1a:1f:59:c9:58:34:0b:09:ea:f5:ef:e0:
                    49:a1:18:29:f2:87:6c:47:d1:d0:f0:70:26:72:69:
                    55:8d:d3:de:6b:92:d8:e0:a2:67:f4:26:33:2a:60:
                    13:a8:c8:6c:94:c9:4a:86:5d:4b:5c:ea:6d:f5:7a:
                    2b:5d:80:23:e5:38:c5:cb:e6:6a:52:43:ac:6e:a9:
                    40:fa:6b:31:b2:ba:e4:1e:ee:d8:d5:ab:e6:af:2a:
                    90:ae:86:48:e2:76:8a:ab:51:b1:1b:d8:dd:07:8d:
                    f3:eb:ca:24:fa:da:08:11:27:ba:be:b0:31:91:89:
                    64:52:3e:7d:3e:7e:62:8f:cb:6c:42:75:3e:f1:6f:
                    07:ed:65:55:0d:39:d2:ae:a7:7a:c5:5f:ab:71:de:
                    b6:7b:0d:f7:3f:f0:9b:2b:cc:a0:9a:28:73:1c:75:
                    ae:e9:a5:36:ea:ea:bb:a2:07:37:c1:a0:c0:c5:5c:
                    a3:8a:02:a0:98:72:8e:48:d3:fe:99:8c:46:42:f9:
                    87:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:F4:74:2C:87:72:32:57:B9:14:E0:14:4E:C7:05:3E:90:AE:1B:FB
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/9fR0LIdyMle5FOAUTscFPpCuG_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.148.0/22
                  94.158.80.0/20
                  109.207.192.0/20
                  178.158.192.0/18
                  185.199.96.0/22
                IPv6:
                  2001:67c:738::/48
                  2a0a:9b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:3a:ea:ad:7d:cd:51:11:e6:2d:74:a6:21:59:b3:71:74:8c:
         c8:2a:f1:8f:28:76:b8:37:41:a8:89:c0:73:e3:61:c7:5d:14:
         20:31:0d:5c:d0:e9:99:9c:68:02:77:ba:68:dc:94:fe:77:98:
         00:8d:67:92:7c:d1:0c:1a:30:25:ee:24:07:b4:89:8d:10:23:
         15:95:23:fb:59:20:94:b4:e0:0e:d5:3c:11:a6:9b:95:d0:75:
         10:a3:43:12:2f:66:41:7b:32:49:ba:88:2c:5a:c8:0a:91:ad:
         76:8d:c8:47:18:cc:ae:87:10:35:e3:ab:c5:ff:4d:82:29:75:
         d4:04:33:dd:c3:16:b0:71:ad:c0:34:25:4e:36:fa:4f:e2:25:
         4b:74:c7:c0:c8:f1:20:e9:f9:1e:fa:3a:e6:c2:49:a7:92:d1:
         51:e1:9e:b2:b8:c1:de:5f:c6:da:df:44:c6:07:f2:65:01:37:
         40:16:15:55:84:7b:97:1c:09:fc:0e:97:c2:1a:f4:23:e8:15:
         e6:52:4b:4d:9c:8c:63:7f:8f:b6:8b:41:1c:1b:02:7b:fa:96:
         b0:ef:2f:14:2e:e5:77:1a:7d:50:c4:b0:d4:0b:d0:4f:86:00:
         9d:74:06:18:4a:e6:53:71:01:30:dd:a0:4f:7c:92:82:4f:9d:
         6e:e5:7f:0e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYVwFP1w4NmTfI7qOpdYbTmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjMwMTAyMDEyNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWY0NzQyYzg3NzIzMjU3YjkxNGUwMTQ0ZWM3MDUzZTkwYWUxYmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3Ihv1474LQeygqKaoUlaij61AQj
5L9UVLHvH1cLDTDFEwo6qVXyMXeqI5qXQq+5WjQLmnmJEfsEd/eOPZIaH1nJWDQL
Cer17+BJoRgp8odsR9HQ8HAmcmlVjdPea5LY4KJn9CYzKmATqMhslMlKhl1LXOpt
9XorXYAj5TjFy+ZqUkOsbqlA+msxsrrkHu7Y1avmryqQroZI4naKq1GxG9jdB43z
68ok+toIESe6vrAxkYlkUj59Pn5ij8tsQnU+8W8H7WVVDTnSrqd6xV+rcd62ew33
P/CbK8ygmihzHHWu6aU26uq7ogc3waDAxVyjigKgmHKOSNP+mYxGQvmHlQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPX0dCyHcjJXuRTgFE7HBT6Qrhv7MB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvOWZSMExJZHlNbGU1Rk9BVVRzY0ZQcEN1R19zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQCW8SUAwQE
Xp5QAwQEbc/AAwQGsp7AAwQCucdgMBYEAgACMBADBwAgAQZ8BzgDBQMqCptAMA0G
CSqGSIb3DQEBCwUAA4IBAQAGOuqtfc1REeYtdKYhWbNxdIzIKvGPKHa4N0GoicBz
42HHXRQgMQ1c0OmZnGgCd7po3JT+d5gAjWeSfNEMGjAl7iQHtImNECMVlSP7WSCU
tOAO1TwRppuV0HUQo0MSL2ZBezJJuogsWsgKka12jchHGMyuhxA146vF/02CKXXU
BDPdwxawca3ANCVONvpP4iVLdMfAyPEg6fke+jrmwkmnktFR4Z6yuMHeX8ba30TG
B/JlATdAFhVVhHuXHAn8DpfCGvQj6BXmUktNnIxjf4+2i0EcGwJ7+paw7y8ULuV3
Gn1QxLDUC9BPhgCddAYYSuZTcQEw3aBPfJKCT51u5X8O
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:08 2024 by rpki-client on console-fra.rpki-client.org