Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/0vzEcJtmxnmA3wF1p0SKTnS6Ezo.roa
File:                     0vzEcJtmxnmA3wF1p0SKTnS6Ezo.roa (raw, json)
Hash identifier:          +5xUOUj8b1tybxpktR4zyyFiUX5lfwnBI2fdwIyln90=
Subject key identifier:   D2:FC:C4:70:9B:66:C6:79:80:DF:01:75:A7:44:8A:4E:74:BA:13:3A
Certificate issuer:       /CN=321ec4626ecde25335aff088b04c71395ae6bc24
Certificate serial:       018570DE71133203B7AFCA19288131696C2E
Authority key identifier: 32:1E:C4:62:6E:CD:E2:53:35:AF:F0:88:B0:4C:71:39:5A:E6:BC:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mh7EYm7N4lM1r_CIsExxOVrmvCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/0vzEcJtmxnmA3wF1p0SKTnS6Ezo.roa
Signing time:             Mon 02 Jan 2023 05:05:04 +0000
ROA not before:           Mon 02 Jan 2023 05:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62217
IP address blocks:        91.220.127.0/24 maxlen: 24
                          91.216.93.0/24 maxlen: 24
                          185.43.108.0/22 maxlen: 24
                          91.212.182.0/24 maxlen: 24
                          91.227.220.0/22 maxlen: 22
                          194.0.252.0/24 maxlen: 24
                          2a01:6c62::/32 maxlen: 32
                          2a01:6c61::/32 maxlen: 32
                          2a01:6c63::/32 maxlen: 32
                          2a01:6c60::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:de:71:13:32:03:b7:af:ca:19:28:81:31:69:6c:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=321ec4626ecde25335aff088b04c71395ae6bc24
        Validity
            Not Before: Jan  2 05:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d2fcc4709b66c67980df0175a7448a4e74ba133a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5c:3f:f5:f6:dd:0c:ac:cc:4e:2b:c0:47:a6:
                    6a:1e:0a:bc:c8:fc:52:58:2a:5d:d4:1c:9b:d5:6d:
                    79:5a:08:a1:25:7e:1c:ca:e9:65:3d:39:37:c2:5f:
                    c1:1b:5c:6f:59:3a:3b:5c:4c:77:e3:d2:29:52:45:
                    75:ab:eb:26:e8:27:b8:2f:f1:e2:41:ad:f5:57:bf:
                    1f:67:88:2c:21:61:2a:59:f8:00:9c:88:d9:ab:6c:
                    91:dd:2b:fa:81:ab:d0:44:11:0d:8f:5c:e6:f7:7d:
                    7e:87:74:95:9f:0d:03:fa:40:f8:bd:4d:f1:43:77:
                    63:f0:32:a1:cf:85:9c:a4:38:a0:0a:c1:cd:99:0f:
                    e1:50:32:3e:c5:b0:06:10:ac:aa:e5:90:29:d4:da:
                    99:d6:ba:d4:34:02:75:21:46:b4:0b:67:12:b3:5e:
                    de:54:1b:8f:c7:5a:95:25:3a:68:cc:33:31:a0:02:
                    c9:a2:f9:b8:be:4a:21:cc:cf:a7:5f:e5:d1:2e:01:
                    b4:ef:ca:26:29:20:19:cf:d4:4e:9a:12:3f:bc:1c:
                    fd:e3:7d:ef:34:39:05:2d:16:af:84:b3:47:67:98:
                    ef:32:79:49:98:06:7d:a5:20:92:79:15:cd:ab:83:
                    e4:96:6c:8e:4d:c5:58:f1:bc:d3:33:09:8b:2b:f6:
                    ca:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:FC:C4:70:9B:66:C6:79:80:DF:01:75:A7:44:8A:4E:74:BA:13:3A
            X509v3 Authority Key Identifier:
                keyid:32:1E:C4:62:6E:CD:E2:53:35:AF:F0:88:B0:4C:71:39:5A:E6:BC:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mh7EYm7N4lM1r_CIsExxOVrmvCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/0vzEcJtmxnmA3wF1p0SKTnS6Ezo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8e08b3-487c-485a-9479-b084c73861b8/1/Mh7EYm7N4lM1r_CIsExxOVrmvCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.182.0/24
                  91.216.93.0/24
                  91.220.127.0/24
                  91.227.220.0/22
                  185.43.108.0/22
                  194.0.252.0/24
                IPv6:
                  2a01:6c60::/30

    Signature Algorithm: sha256WithRSAEncryption
         03:b9:9f:32:0f:c1:93:e8:2d:e8:81:38:9e:32:fb:3e:ca:c1:
         30:fd:62:9f:fc:c8:10:47:c3:5c:14:35:b6:50:1b:24:4e:1e:
         02:f1:ae:33:95:c2:f8:59:b0:f4:aa:c1:4a:27:00:0c:4f:58:
         99:6a:e4:f4:f8:df:c2:44:70:3a:f5:dd:ce:bf:bd:e0:40:be:
         e3:af:11:1b:4c:78:d2:b5:5f:d1:db:ce:b1:6b:dc:e8:69:9e:
         d6:54:eb:e8:c7:dd:2a:e9:08:ec:e5:25:11:f1:88:25:2e:ba:
         ca:31:da:cb:8d:e6:c9:64:d9:7f:93:6c:8a:d9:ee:11:13:b5:
         82:5c:19:ea:39:c7:2a:5c:fc:c0:83:5d:bf:89:1a:e4:c1:19:
         7a:f2:98:8e:41:c4:aa:6d:a1:05:84:f1:88:36:d1:a3:37:19:
         eb:74:7b:00:40:1c:7d:80:e1:8c:27:80:cb:32:70:aa:34:1c:
         c2:0c:10:47:35:d3:83:36:76:6b:5a:80:2c:3d:c0:cf:93:f4:
         5d:d5:7c:cc:2c:4f:8c:63:3d:d2:01:a5:bc:2e:0b:18:c0:19:
         4b:a9:d4:44:c1:89:93:c2:28:b0:31:fc:c0:49:bf:1e:7a:77:
         4e:0f:84:a5:fa:e6:56:3a:c3:18:5d:45:1c:cf:71:59:ea:b9:
         70:9f:2e:5b
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVw3nETMgO3r8oZKIExaWwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMWVjNDYyNmVjZGUyNTMzNWFmZjA4OGIwNGM3MTM5NWFl
NmJjMjQwHhcNMjMwMTAyMDUwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmZjYzQ3MDliNjZjNjc5ODBkZjAxNzVhNzQ0OGE0ZTc0YmExMzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFw/9fbdDKzMTivAR6ZqHgq8yPxS
WCpd1Byb1W15WgihJX4cyullPTk3wl/BG1xvWTo7XEx349IpUkV1q+sm6Ce4L/Hi
Qa31V78fZ4gsIWEqWfgAnIjZq2yR3Sv6gavQRBENj1zm931+h3SVnw0D+kD4vU3x
Q3dj8DKhz4WcpDigCsHNmQ/hUDI+xbAGEKyq5ZAp1NqZ1rrUNAJ1IUa0C2cSs17e
VBuPx1qVJTpozDMxoALJovm4vkohzM+nX+XRLgG078omKSAZz9ROmhI/vBz9433v
NDkFLRavhLNHZ5jvMnlJmAZ9pSCSeRXNq4PklmyOTcVY8bzTMwmLK/bKjwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFNL8xHCbZsZ5gN8BdadEik50uhM6MB8GA1UdIwQY
MBaAFDIexGJuzeJTNa/wiLBMcTla5rwkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWg3RVltN040bE0xcl9DSXNFeHhPVnJtdkNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84ZTA4YjMtNDg3Yy00ODVhLTk0Nzkt
YjA4NGM3Mzg2MWI4LzEvMHZ6RWNKdG14bm1BM3dGMXAwU0tUblM2RXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84ZTA4YjMtNDg3Yy00ODVhLTk0NzktYjA4NGM3Mzg2MWI4
LzEvTWg3RVltN040bE0xcl9DSXNFeHhPVnJtdkNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAW9S2AwQA
W9hdAwQAW9x/AwQCW+PcAwQCuStsAwQAwgD8MA0EAgACMAcDBQIqAWxgMA0GCSqG
SIb3DQEBCwUAA4IBAQADuZ8yD8GT6C3ogTieMvs+ysEw/WKf/MgQR8NcFDW2UBsk
Th4C8a4zlcL4WbD0qsFKJwAMT1iZauT0+N/CRHA69d3Ov73gQL7jrxEbTHjStV/R
286xa9zoaZ7WVOvox90q6Qjs5SUR8YglLrrKMdrLjebJZNl/k2yK2e4RE7WCXBnq
OccqXPzAg12/iRrkwRl68piOQcSqbaEFhPGINtGjNxnrdHsAQBx9gOGMJ4DLMnCq
NBzCDBBHNdODNnZrWoAsPcDPk/Rd1XzMLE+MYz3SAaW8LgsYwBlLqdREwYmTwiiw
MfzASb8eendOD4Sl+uZWOsMYXUUcz3FZ6rlwny5b
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:23 2024 by rpki-client on console-ams.rpki-client.org