Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/P9mAUoGQcDt-glc07WpHfVzKiS8.roa
File:                     P9mAUoGQcDt-glc07WpHfVzKiS8.roa (raw, json)
Hash identifier:          xoxY6k2kgFkWlw2acDxu5DgHyb7xIXs37K6u5jhhd0o=
Subject key identifier:   3F:D9:80:52:81:90:70:3B:7E:82:57:34:ED:6A:47:7D:5C:CA:89:2F
Certificate issuer:       /CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
Certificate serial:       0189DB05D0137966CB38F5179E23EB3E2CA5
Authority key identifier: 31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/P9mAUoGQcDt-glc07WpHfVzKiS8.roa
Signing time:             Wed 09 Aug 2023 15:58:58 +0000
ROA not before:           Wed 09 Aug 2023 15:58:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     0
IP address blocks:        193.105.232.0/24 maxlen: 24
                          37.49.232.0/23 maxlen: 24
                          37.49.236.0/22 maxlen: 24
                          185.1.144.0/24 maxlen: 24
                          77.95.71.0/24 maxlen: 24
                          77.95.70.0/23 maxlen: 24
                          2001:7f8:54::/48 maxlen: 64
                          2001:7f8:47:47::/64 maxlen: 64

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:db:05:d0:13:79:66:cb:38:f5:17:9e:23:eb:3e:2c:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311d62b7fd9fcfc87dfea987515767c838e21bb9
        Validity
            Not Before: Aug  9 15:58:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3fd980528190703b7e825734ed6a477d5cca892f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:46:1b:ff:2c:a1:d1:e7:9a:47:a6:42:99:25:
                    aa:54:7d:17:c3:8c:f8:c1:ec:8b:ed:eb:19:05:49:
                    e3:b4:0a:c8:ac:12:a3:d8:1e:7c:0e:30:eb:59:c2:
                    5f:cf:be:60:01:1e:8a:57:1c:b1:56:c5:a4:79:24:
                    9d:5f:62:2c:11:41:23:32:af:dc:30:a0:d9:a6:8d:
                    72:6f:a1:98:a6:fb:83:f1:2f:40:82:4d:89:4e:00:
                    fc:63:48:cb:31:91:00:ee:22:6f:13:d2:54:9d:d0:
                    69:e2:e1:89:f4:cf:27:eb:44:b1:e0:2d:59:15:d7:
                    95:df:d1:92:c7:c7:0c:03:93:25:2f:88:15:f2:0c:
                    40:e0:db:c3:3c:7c:1e:fc:03:d7:c8:f1:4f:6c:2c:
                    70:ba:5a:cf:82:64:6c:b4:80:89:71:88:cf:09:ea:
                    b4:a1:d5:f1:49:a1:20:87:fc:22:df:19:57:9c:23:
                    25:16:29:ad:6d:d8:93:44:23:40:a9:61:69:b7:ee:
                    01:db:3a:97:33:53:27:a5:48:8c:b5:56:f1:7b:8c:
                    e4:24:2e:a0:ad:b6:b6:4e:e4:a9:f0:3a:9e:3f:8f:
                    92:0d:29:92:22:0c:79:07:db:ec:d5:1a:52:40:f2:
                    c1:2e:28:1a:08:0f:04:8e:1c:b1:2c:9b:01:f4:c1:
                    37:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D9:80:52:81:90:70:3B:7E:82:57:34:ED:6A:47:7D:5C:CA:89:2F
            X509v3 Authority Key Identifier:
                keyid:31:1D:62:B7:FD:9F:CF:C8:7D:FE:A9:87:51:57:67:C8:38:E2:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MR1it_2fz8h9_qmHUVdnyDjiG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/P9mAUoGQcDt-glc07WpHfVzKiS8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/57688e-a964-4933-8631-850f34906229/1/MR1it_2fz8h9_qmHUVdnyDjiG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.232.0/23
                  37.49.236.0/22
                  77.95.70.0/23
                  185.1.144.0/24
                  193.105.232.0/24
                IPv6:
                  2001:7f8:47:47::/64
                  2001:7f8:54::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:94:98:13:33:f1:78:ff:85:80:72:26:71:db:64:af:3d:52:
         c2:dc:ce:ad:3e:7e:a0:34:57:21:fb:88:80:59:d4:ff:dc:5f:
         b9:30:60:83:e9:71:f5:65:90:b3:06:ba:ae:c1:f2:fa:d9:e4:
         3d:61:b7:8d:bc:67:16:9e:1a:cb:c6:c2:d4:7b:ef:72:a4:80:
         91:c3:32:f2:9c:40:eb:c5:ee:0c:66:fd:6e:f4:56:f3:ce:d0:
         10:dc:8e:bf:75:dc:09:05:ca:7e:9d:84:4f:51:0a:17:40:a3:
         dc:01:63:56:81:66:a0:e3:b3:1c:47:0d:b4:13:b1:c0:3f:14:
         2a:de:83:4f:d1:39:c4:8a:1c:39:e3:fa:c1:2a:4e:d3:41:d5:
         52:bb:b0:d0:bd:6a:4c:28:74:f4:11:ba:f0:62:11:7d:26:fd:
         96:19:a7:3a:17:e8:9d:c1:36:e3:0f:79:cc:73:2a:59:cc:3a:
         9b:e7:f9:88:6c:f7:3c:1a:54:d0:f5:20:ed:a4:01:3a:dc:8e:
         d5:26:fd:56:87:28:72:62:55:fa:48:b1:db:14:a1:4b:51:3b:
         36:5a:07:a3:0c:93:0f:4c:bd:08:e0:b3:7a:1b:01:85:32:d8:
         aa:e6:cd:8f:9c:4d:71:de:cb:fd:7f:8e:b2:9e:bf:8d:da:3c:
         15:50:51:7c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYnbBdATeWbLOPUXniPrPiylMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMWQ2MmI3ZmQ5ZmNmYzg3ZGZlYTk4NzUxNTc2N2M4Mzhl
MjFiYjkwHhcNMjMwODA5MTU1ODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmQ5ODA1MjgxOTA3MDNiN2U4MjU3MzRlZDZhNDc3ZDVjY2E4OTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEYb/yyh0eeaR6ZCmSWqVH0Xw4z4
weyL7esZBUnjtArIrBKj2B58DjDrWcJfz75gAR6KVxyxVsWkeSSdX2IsEUEjMq/c
MKDZpo1yb6GYpvuD8S9Agk2JTgD8Y0jLMZEA7iJvE9JUndBp4uGJ9M8n60Sx4C1Z
FdeV39GSx8cMA5MlL4gV8gxA4NvDPHwe/APXyPFPbCxwulrPgmRstICJcYjPCeq0
odXxSaEgh/wi3xlXnCMlFimtbdiTRCNAqWFpt+4B2zqXM1MnpUiMtVbxe4zkJC6g
rba2TuSp8DqeP4+SDSmSIgx5B9vs1RpSQPLBLigaCA8EjhyxLJsB9ME3tQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFD/ZgFKBkHA7foJXNO1qR31cyokvMB8GA1UdIwQY
MBaAFDEdYrf9n8/Iff6ph1FXZ8g44hu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEt
ODUwZjM0OTA2MjI5LzEvUDltQVVvR1FjRHQtZ2xjMDdXcEhmVnpLaVM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy81NzY4OGUtYTk2NC00OTMzLTg2MzEtODUwZjM0OTA2MjI5
LzEvTVIxaXRfMmZ6OGg5X3FtSFVWZG55RGppRzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAkBAIAATAeAwQBJTHoAwQC
JTHsAwQBTV9GAwQAuQGQAwQAwWnoMBoEAgACMBQDCQAgAQf4AEcARwMHACABB/gA
VDANBgkqhkiG9w0BAQsFAAOCAQEAVJSYEzPxeP+FgHImcdtkrz1SwtzOrT5+oDRX
IfuIgFnU/9xfuTBgg+lx9WWQswa6rsHy+tnkPWG3jbxnFp4ay8bC1HvvcqSAkcMy
8pxA68XuDGb9bvRW887QENyOv3XcCQXKfp2ET1EKF0Cj3AFjVoFmoOOzHEcNtBOx
wD8UKt6DT9E5xIocOeP6wSpO00HVUruw0L1qTCh09BG68GIRfSb9lhmnOhfoncE2
4w95zHMqWcw6m+f5iGz3PBpU0PUg7aQBOtyO1Sb9VococmJV+kix2xShS1E7NloH
owyTD0y9COCzehsBhTLYqubNj5xNcd7L/X+Osp6/jdo8FVBRfA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:35 2024 by rpki-client on console-ams.rpki-client.org