Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/Rzlc0bMX7A8c7w3IQU1b35VoGck.roa
File:                     Rzlc0bMX7A8c7w3IQU1b35VoGck.roa (raw, json)
Hash identifier:          xyAs9SZVcz8ZvHr89jHA5JlXAxNBpKFu0iIcEzYvpgA=
Subject key identifier:   47:39:5C:D1:B3:17:EC:0F:1C:EF:0D:C8:41:4D:5B:DF:95:68:19:C9
Certificate issuer:       /CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
Certificate serial:       018AFAFEC3B2DF9DA22CD9763E0095377D7A
Authority key identifier: 22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/Rzlc0bMX7A8c7w3IQU1b35VoGck.roa
Signing time:             Wed 04 Oct 2023 14:01:54 +0000
ROA not before:           Wed 04 Oct 2023 14:01:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200845
IP address blocks:        91.209.234.0/24 maxlen: 24
                          213.148.221.0/24 maxlen: 24
                          212.121.248.0/24 maxlen: 24
                          185.154.8.0/22 maxlen: 24
                          77.75.180.0/24 maxlen: 24
                          185.193.68.0/22 maxlen: 24
                          213.148.192.0/19 maxlen: 24
                          212.121.224.0/19 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 Nov 2023 13:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:fa:fe:c3:b2:df:9d:a2:2c:d9:76:3e:00:95:37:7d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
        Validity
            Not Before: Oct  4 14:01:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47395cd1b317ec0f1cef0dc8414d5bdf956819c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ec:0b:86:f6:e2:0c:e3:35:9a:5c:3e:34:66:
                    98:38:5f:5b:a6:25:1a:68:a7:b2:07:5f:a6:9c:ba:
                    f9:40:2d:04:16:b9:3a:86:72:7e:0c:1e:cf:0e:1d:
                    9a:e2:35:6a:c5:8e:e8:fb:6b:de:ca:f0:61:e6:3c:
                    08:d5:65:7a:37:12:83:4e:8c:0d:60:13:24:7e:4e:
                    9c:8d:89:6c:e5:d3:f7:b7:26:bb:c1:2f:bc:56:3c:
                    34:85:13:a5:ac:98:45:3b:3f:b4:9c:4d:75:e2:1b:
                    84:6a:ca:44:42:cd:95:1b:91:73:f1:3e:e0:4b:51:
                    5a:a2:57:0d:fe:3c:2f:10:ab:b5:0a:61:89:75:e3:
                    ae:c2:b9:bc:e6:8b:10:92:e7:f7:2f:11:60:93:c2:
                    3e:77:51:5a:88:1f:cd:2e:31:cd:28:c6:b0:5e:47:
                    fa:02:2a:7a:22:89:13:d9:7e:54:7c:eb:6b:9b:05:
                    8d:b6:4d:1b:c6:e0:c2:e9:e3:27:a3:4e:8f:16:7b:
                    71:e5:d4:86:a8:d6:f3:ca:8d:0b:6e:b8:b7:27:f5:
                    d1:45:41:f8:9b:a3:36:d3:ca:5a:c1:b4:9e:af:e2:
                    82:c0:36:97:a3:74:51:82:49:b4:e9:fd:f2:9a:63:
                    e3:ea:21:ae:32:4d:08:cd:99:f5:ef:78:25:76:8f:
                    c1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:39:5C:D1:B3:17:EC:0F:1C:EF:0D:C8:41:4D:5B:DF:95:68:19:C9
            X509v3 Authority Key Identifier:
                keyid:22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/Rzlc0bMX7A8c7w3IQU1b35VoGck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.75.180.0/24
                  91.209.234.0/24
                  185.154.8.0/22
                  185.193.68.0/22
                  212.121.224.0/19
                  213.148.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0d:01:2f:f6:57:5d:38:f4:fb:ec:b6:68:c7:59:68:1d:41:fa:
         39:7f:65:d5:21:82:a8:13:5d:8f:f8:5b:6b:8e:64:60:a4:ec:
         33:46:9a:ab:d9:6d:66:ec:35:09:dd:27:9c:56:18:6c:81:52:
         ec:0c:d4:fe:96:5d:d2:23:77:2b:5e:26:8a:31:d5:cc:3c:94:
         4d:7b:14:c0:35:b9:e2:9b:8a:fd:20:45:b4:8c:a6:e2:8a:61:
         cb:54:70:ed:f3:e4:a4:a7:7a:9a:c1:45:29:8e:16:02:ea:9f:
         4c:b2:96:7d:79:f3:aa:33:a8:b8:08:8c:9e:67:ce:77:97:d0:
         57:66:c0:55:29:a5:55:e7:e7:4f:2e:6d:c4:60:8a:b9:0a:65:
         40:72:77:5c:a0:23:cc:67:28:55:d8:4a:05:e9:ba:1c:fe:8e:
         b3:95:2b:e0:bf:86:5f:42:12:3b:db:2a:61:0f:a5:5b:42:58:
         f9:3f:a6:e0:45:46:c4:24:1c:9f:1a:fc:2a:ea:19:22:85:e3:
         71:2b:a0:78:c2:bd:6f:3f:7c:b5:f8:01:fc:7d:81:19:8a:ba:
         33:c1:fa:a5:81:b6:31:95:1c:aa:5b:42:78:76:06:37:c9:95:
         ce:5b:75:25:28:6a:52:4b:d1:f6:77:18:fc:ae:da:f9:96:51:
         3b:bd:18:d9
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYr6/sOy352iLNl2PgCVN316MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzdjZGE3NWY0ZTE1ZTQ4NmRlZTVhNjUwMWNiZTIwMThi
YzBlMGYwHhcNMjMxMDA0MTQwMTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzM5NWNkMWIzMTdlYzBmMWNlZjBkYzg0MTRkNWJkZjk1NjgxOWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouwLhvbiDOM1mlw+NGaYOF9bpiUa
aKeyB1+mnLr5QC0EFrk6hnJ+DB7PDh2a4jVqxY7o+2veyvBh5jwI1WV6NxKDTowN
YBMkfk6cjYls5dP3tya7wS+8Vjw0hROlrJhFOz+0nE114huEaspEQs2VG5Fz8T7g
S1FaolcN/jwvEKu1CmGJdeOuwrm85osQkuf3LxFgk8I+d1FaiB/NLjHNKMawXkf6
Aip6IokT2X5UfOtrmwWNtk0bxuDC6eMno06PFntx5dSGqNbzyo0Lbri3J/XRRUH4
m6M208pawbSer+KCwDaXo3RRgkm06f3ymmPj6iGuMk0IzZn173gldo/BrQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFEc5XNGzF+wPHO8NyEFNW9+VaBnJMB8GA1UdIwQY
MBaAFCLHzadfThXkht7lplAcviAYvA4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5Nzgt
NzUxYjE3ZDFjNDM3LzEvUnpsYzBiTVg3QThjN3czSVFVMWIzNVZvR2NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5NzgtNzUxYjE3ZDFjNDM3
LzEvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQATUu0AwQA
W9HqAwQCuZoIAwQCucFEAwQF1HngAwQF1ZTAMA0GCSqGSIb3DQEBCwUAA4IBAQAN
AS/2V1049PvstmjHWWgdQfo5f2XVIYKoE12P+FtrjmRgpOwzRpqr2W1m7DUJ3Sec
VhhsgVLsDNT+ll3SI3crXiaKMdXMPJRNexTANbnim4r9IEW0jKbiimHLVHDt8+Sk
p3qawUUpjhYC6p9MspZ9efOqM6i4CIyeZ853l9BXZsBVKaVV5+dPLm3EYIq5CmVA
cndcoCPMZyhV2EoF6boc/o6zlSvgv4ZfQhI72yphD6VbQlj5P6bgRUbEJByfGvwq
6hkiheNxK6B4wr1vP3y1+AH8fYEZirozwfqlgbYxlRyqW0J4dgY3yZXOW3UlKGpS
S9H2dxj8rtr5llE7vRjZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:15 2024 by rpki-client on console-ams.rpki-client.org