Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/sItBVDx47sEpQz8uGQxzBEC_spY.roa
File:                     sItBVDx47sEpQz8uGQxzBEC_spY.roa (raw, json)
Hash identifier:          uuKpFPMtB+xgp8YOccUDaHpsmgeIr7pVuNxLtXj++C4=
Subject key identifier:   B0:8B:41:54:3C:78:EE:C1:29:43:3F:2E:19:0C:73:04:40:BF:B2:96
Certificate issuer:       /CN=28f8ede20b78f995993da98f434a966074d562c2
Certificate serial:       01856ED4D3B707B3B80B81E8841B3152D4A1
Authority key identifier: 28:F8:ED:E2:0B:78:F9:95:99:3D:A9:8F:43:4A:96:60:74:D5:62:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/sItBVDx47sEpQz8uGQxzBEC_spY.roa
Signing time:             Sun 01 Jan 2023 19:35:19 +0000
ROA not before:           Sun 01 Jan 2023 19:35:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15518
IP address blocks:        212.86.160.0/20 maxlen: 20
                          213.153.64.0/22 maxlen: 22
                          212.86.180.0/22 maxlen: 22
                          212.86.188.0/22 maxlen: 22
                          213.153.74.0/24 maxlen: 24
                          213.153.73.0/24 maxlen: 24
                          213.153.72.0/24 maxlen: 24
                          213.153.75.0/24 maxlen: 24
                          213.153.72.0/22 maxlen: 22
                          2a00:1180::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:d3:b7:07:b3:b8:0b:81:e8:84:1b:31:52:d4:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28f8ede20b78f995993da98f434a966074d562c2
        Validity
            Not Before: Jan  1 19:35:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b08b41543c78eec129433f2e190c730440bfb296
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:33:7e:11:01:de:9c:71:5f:78:1a:77:5a:f2:
                    40:96:a1:a3:b7:2c:bb:74:cc:69:4b:fa:af:2a:04:
                    70:85:0c:c1:79:ef:c3:0f:7c:22:64:a4:e3:c4:61:
                    ba:29:1d:8b:dd:fb:18:48:cd:7b:3b:2a:9f:87:c3:
                    e5:ce:e6:14:e7:90:03:b2:f6:d3:50:44:01:f9:53:
                    19:53:62:42:93:ac:21:47:d5:26:b0:05:1e:07:0b:
                    69:e6:b3:d1:96:82:98:4e:5b:7b:08:52:77:84:5d:
                    85:a6:d8:1e:9a:31:3c:f5:28:02:03:1d:9c:44:f1:
                    5d:81:00:f2:33:0c:7d:17:fd:4d:76:2b:b1:54:e7:
                    a2:8c:2f:85:37:12:be:f3:2d:bd:ea:95:a5:f9:d8:
                    c2:ef:68:9b:80:11:35:d9:cc:3f:33:db:ab:4c:15:
                    cc:bc:99:4b:cb:a7:23:59:25:82:57:24:11:60:4d:
                    e1:2b:5c:eb:a6:05:95:b0:b2:94:c6:5e:aa:3a:62:
                    f6:62:f4:c7:fa:cf:c8:a5:48:84:72:ab:f8:8c:88:
                    20:29:5a:5e:12:01:54:02:61:e4:b7:c7:3f:b1:3f:
                    bc:c6:54:e5:e6:7a:a7:8e:63:56:29:75:a5:b3:5e:
                    27:ac:90:5a:9a:a5:77:e1:35:a2:a1:bc:f1:1f:7e:
                    3d:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:8B:41:54:3C:78:EE:C1:29:43:3F:2E:19:0C:73:04:40:BF:B2:96
            X509v3 Authority Key Identifier:
                keyid:28:F8:ED:E2:0B:78:F9:95:99:3D:A9:8F:43:4A:96:60:74:D5:62:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/sItBVDx47sEpQz8uGQxzBEC_spY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/cfcffa-6029-42dd-9ef8-9d3a0f23cbe7/1/KPjt4gt4-ZWZPamPQ0qWYHTVYsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.86.160.0/20
                  212.86.180.0/22
                  212.86.188.0/22
                  213.153.64.0/22
                  213.153.72.0/22
                IPv6:
                  2a00:1180::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:84:9d:29:34:e6:85:7f:9d:64:e1:33:bc:c4:d3:48:54:37:
         78:1e:5a:00:b3:e7:75:fc:70:86:4e:5f:5c:93:fd:1e:8c:f4:
         e4:2c:96:52:b0:c8:46:55:92:70:8a:5d:19:94:e9:ee:2d:9c:
         18:96:ab:96:cd:8d:05:69:8a:48:1e:1b:66:b2:97:30:11:64:
         e1:41:4e:5c:50:21:39:d2:d5:88:6b:09:0d:e9:3a:9e:a9:43:
         23:fb:da:70:18:6f:6e:d6:69:9c:bc:11:98:bf:8c:6c:8a:94:
         b1:b0:4d:7e:15:26:9d:d5:02:a2:fb:85:7a:17:42:26:20:d7:
         1c:03:50:77:ad:de:5b:25:dd:c7:a8:40:45:0b:af:74:4a:56:
         4a:76:7e:dc:cd:e5:35:ae:23:60:1e:64:db:94:55:e3:16:a2:
         8b:9e:1f:d3:95:c3:a9:7e:08:d6:fb:7e:73:bd:a5:d4:ff:cd:
         ff:16:42:93:71:ec:cc:18:35:a3:aa:0c:2b:4f:95:60:91:24:
         ca:a2:64:c3:c0:4e:6d:f6:8b:59:81:54:80:03:76:85:7c:70:
         01:7a:79:11:07:dd:3e:e3:90:b6:a1:32:bf:62:36:57:5d:66:
         a4:a0:d1:ca:ce:04:13:29:63:4f:d5:95:ea:e2:0d:6d:b6:a6:
         14:de:18:cc
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVu1NO3B7O4C4HohBsxUtShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ZjhlZGUyMGI3OGY5OTU5OTNkYTk4ZjQzNGE5NjYwNzRk
NTYyYzIwHhcNMjMwMTAxMTkzNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDhiNDE1NDNjNzhlZWMxMjk0MzNmMmUxOTBjNzMwNDQwYmZiMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzN+EQHenHFfeBp3WvJAlqGjtyy7
dMxpS/qvKgRwhQzBee/DD3wiZKTjxGG6KR2L3fsYSM17Oyqfh8PlzuYU55ADsvbT
UEQB+VMZU2JCk6whR9UmsAUeBwtp5rPRloKYTlt7CFJ3hF2FptgemjE89SgCAx2c
RPFdgQDyMwx9F/1NdiuxVOeijC+FNxK+8y296pWl+djC72ibgBE12cw/M9urTBXM
vJlLy6cjWSWCVyQRYE3hK1zrpgWVsLKUxl6qOmL2YvTH+s/IpUiEcqv4jIggKVpe
EgFUAmHkt8c/sT+8xlTl5nqnjmNWKXWls14nrJBamqV34TWiobzxH349DQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFLCLQVQ8eO7BKUM/LhkMcwRAv7KWMB8GA1UdIwQY
MBaAFCj47eILePmVmT2pj0NKlmB01WLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1BqdDRndDQtWldaUGFtUFEwcVdZSFRWWXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9jZmNmZmEtNjAyOS00MmRkLTllZjgt
OWQzYTBmMjNjYmU3LzEvc0l0QlZEeDQ3c0VwUXo4dUdReHpCRUNfc3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9jZmNmZmEtNjAyOS00MmRkLTllZjgtOWQzYTBmMjNjYmU3
LzEvS1BqdDRndDQtWldaUGFtUFEwcVdZSFRWWXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQE1FagAwQC
1Fa0AwQC1Fa8AwQC1ZlAAwQC1ZlIMA0EAgACMAcDBQAqABGAMA0GCSqGSIb3DQEB
CwUAA4IBAQBIhJ0pNOaFf51k4TO8xNNIVDd4HloAs+d1/HCGTl9ck/0ejPTkLJZS
sMhGVZJwil0ZlOnuLZwYlquWzY0FaYpIHhtmspcwEWThQU5cUCE50tWIawkN6Tqe
qUMj+9pwGG9u1mmcvBGYv4xsipSxsE1+FSad1QKi+4V6F0ImINccA1B3rd5bJd3H
qEBFC690SlZKdn7czeU1riNgHmTblFXjFqKLnh/TlcOpfgjW+35zvaXU/83/FkKT
cezMGDWjqgwrT5VgkSTKomTDwE5t9otZgVSAA3aFfHABenkRB90+45C2oTK/YjZX
XWakoNHKzgQTKWNP1ZXq4g1ttqYU3hjM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:06 2024 by rpki-client on console-fra.rpki-client.org