Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/cHnR5lwVyQdhVuVIoXz8VY-lvQE.roa
File:                     cHnR5lwVyQdhVuVIoXz8VY-lvQE.roa (raw, json)
Hash identifier:          PngeaLaMBf/z39dgAAYAWd81K8LyYhTArFHNaVGMoTc=
Subject key identifier:   70:79:D1:E6:5C:15:C9:07:61:56:E5:48:A1:7C:FC:55:8F:A5:BD:01
Certificate issuer:       /CN=9c4d86afb59f1d9dd16c1125009b998382e36ed3
Certificate serial:       018570C2ADD7E09CCF16D26F459698409C8E
Authority key identifier: 9C:4D:86:AF:B5:9F:1D:9D:D1:6C:11:25:00:9B:99:83:82:E3:6E:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/cHnR5lwVyQdhVuVIoXz8VY-lvQE.roa
Signing time:             Mon 02 Jan 2023 04:34:44 +0000
ROA not before:           Mon 02 Jan 2023 04:34:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48847
IP address blocks:        193.84.118.0/24 maxlen: 24
                          193.84.114.0/23 maxlen: 23
                          193.84.114.224/27 maxlen: 27
                          193.84.114.0/24 maxlen: 24
                          193.84.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 31 Jan 2023 12:17:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:c2:ad:d7:e0:9c:cf:16:d2:6f:45:96:98:40:9c:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c4d86afb59f1d9dd16c1125009b998382e36ed3
        Validity
            Not Before: Jan  2 04:34:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7079d1e65c15c9076156e548a17cfc558fa5bd01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:54:12:cd:ea:c7:8d:9c:9c:6d:38:23:e1:59:
                    b4:79:ed:cd:2f:c0:e1:df:00:a6:dd:f2:36:12:e9:
                    b4:d5:f5:2d:3f:c1:d1:12:60:f8:e6:75:b4:3b:fa:
                    cd:f0:3d:f3:ca:e6:17:45:c8:29:83:8d:7c:58:8a:
                    a0:b7:d7:23:88:9b:8b:6b:e2:08:2a:19:ca:f6:06:
                    7f:e1:fd:2d:16:71:84:8b:48:e5:d7:8a:00:34:4a:
                    76:0b:2c:13:e7:6b:b7:2b:4f:dd:84:3b:85:5d:aa:
                    b7:2e:52:40:2f:47:b3:6d:b8:36:a2:6c:83:e4:2f:
                    6b:e1:e3:22:4e:14:f3:61:22:62:42:ee:0d:0d:4a:
                    22:87:a3:7c:94:de:06:c1:36:92:a6:28:db:df:4f:
                    82:3f:30:52:3d:2c:ec:9c:1c:0f:d0:fd:6f:6d:f3:
                    cf:d6:99:dd:66:27:4f:df:f0:44:dd:95:86:99:41:
                    7b:7e:ef:17:3c:d1:e6:36:c5:18:f3:87:31:4b:25:
                    eb:3f:a1:d7:44:70:f2:ea:fe:cb:54:cc:8b:81:21:
                    72:54:33:f4:fe:d0:10:2c:e8:80:97:fc:83:2a:4b:
                    b6:bd:a8:cb:2f:55:a1:93:ef:b1:fe:b3:df:d9:35:
                    d1:ae:aa:3d:c4:b3:0a:fe:1f:1d:e3:73:8d:02:82:
                    59:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:79:D1:E6:5C:15:C9:07:61:56:E5:48:A1:7C:FC:55:8F:A5:BD:01
            X509v3 Authority Key Identifier:
                keyid:9C:4D:86:AF:B5:9F:1D:9D:D1:6C:11:25:00:9B:99:83:82:E3:6E:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/cHnR5lwVyQdhVuVIoXz8VY-lvQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/76dc25-b389-4024-bf28-f4f0561b7a57/1/nE2Gr7WfHZ3RbBElAJuZg4LjbtM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.114.0/23
                  193.84.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:74:c8:77:c7:d0:55:52:e0:57:45:98:32:07:39:b1:ab:4a:
         32:81:dc:be:54:91:09:0b:4e:15:77:99:c1:f5:22:e0:da:10:
         2f:f8:7e:55:6c:f0:1f:a7:9c:58:65:53:0c:b3:48:23:eb:41:
         92:b1:5d:8d:a7:0a:de:13:33:a7:99:40:28:3b:7f:8a:96:ee:
         5b:67:87:db:28:8c:83:61:44:ee:74:f8:f0:e5:fd:9f:4c:80:
         a4:c5:c7:ab:ad:07:8d:4b:62:bc:fc:37:39:d8:59:6a:bb:fd:
         99:0a:12:f2:27:24:d2:37:a1:aa:9f:b5:b8:66:f7:88:cd:8e:
         0e:c0:19:f9:5d:e2:2b:e6:dd:6f:21:ee:3c:91:e2:bc:e4:81:
         ac:1d:e8:3f:7d:58:42:45:5d:68:8f:a9:ae:53:d5:48:5a:28:
         22:c8:a4:19:7b:c7:dc:20:1e:ef:0f:bb:3d:67:ee:fd:de:b4:
         4c:80:a8:83:6b:8a:af:45:6d:57:8c:60:92:10:1f:e8:35:4e:
         40:95:e6:c8:84:86:b9:24:92:cd:83:e3:f9:9c:fd:27:5a:29:
         c5:54:33:da:9f:5b:db:00:80:40:85:de:af:18:aa:13:28:20:
         8d:61:17:8e:51:f6:51:85:6a:18:16:7d:a5:56:1e:4b:1d:83:
         7a:e2:2b:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwwq3X4JzPFtJvRZaYQJyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNGQ4NmFmYjU5ZjFkOWRkMTZjMTEyNTAwOWI5OTgzODJl
MzZlZDMwHhcNMjMwMTAyMDQzNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc5ZDFlNjVjMTVjOTA3NjE1NmU1NDhhMTdjZmM1NThmYTViZDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1QSzerHjZycbTgj4Vm0ee3NL8Dh
3wCm3fI2Eum01fUtP8HREmD45nW0O/rN8D3zyuYXRcgpg418WIqgt9cjiJuLa+II
KhnK9gZ/4f0tFnGEi0jl14oANEp2CywT52u3K0/dhDuFXaq3LlJAL0ezbbg2omyD
5C9r4eMiThTzYSJiQu4NDUoih6N8lN4GwTaSpijb30+CPzBSPSzsnBwP0P1vbfPP
1pndZidP3/BE3ZWGmUF7fu8XPNHmNsUY84cxSyXrP6HXRHDy6v7LVMyLgSFyVDP0
/tAQLOiAl/yDKku2vajLL1Whk++x/rPf2TXRrqo9xLMK/h8d43ONAoJZ9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHB50eZcFckHYVblSKF8/FWPpb0BMB8GA1UdIwQY
MBaAFJxNhq+1nx2d0WwRJQCbmYOC427TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkUyR3I3V2ZIWjNSYkJFbEFKdVpnNExqYnRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC83NmRjMjUtYjM4OS00MDI0LWJmMjgt
ZjRmMDU2MWI3YTU3LzEvY0huUjVsd1Z5UWRoVnVWSW9YejhWWS1sdlFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC83NmRjMjUtYjM4OS00MDI0LWJmMjgtZjRmMDU2MWI3YTU3
LzEvbkUyR3I3V2ZIWjNSYkJFbEFKdVpnNExqYnRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwVRyAwQA
wVR2MA0GCSqGSIb3DQEBCwUAA4IBAQCAdMh3x9BVUuBXRZgyBzmxq0oygdy+VJEJ
C04Vd5nB9SLg2hAv+H5VbPAfp5xYZVMMs0gj60GSsV2NpwreEzOnmUAoO3+Klu5b
Z4fbKIyDYUTudPjw5f2fTICkxcerrQeNS2K8/Dc52Flqu/2ZChLyJyTSN6Gqn7W4
ZveIzY4OwBn5XeIr5t1vIe48keK85IGsHeg/fVhCRV1oj6muU9VIWigiyKQZe8fc
IB7vD7s9Z+793rRMgKiDa4qvRW1XjGCSEB/oNU5AlebIhIa5JJLNg+P5nP0nWinF
VDPan1vbAIBAhd6vGKoTKCCNYReOUfZRhWoYFn2lVh5LHYN64iti
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:49 2024 by rpki-client on console-fra.rpki-client.org