Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/oFizDJ4lZ9NuEyyFaCuU3xK5XHc.roa
File:                     oFizDJ4lZ9NuEyyFaCuU3xK5XHc.roa (raw, json)
Hash identifier:          wj7vzyGE1R/5qrp5D/xiButHt5M7KTiD2QG30UFIrZE=
Subject key identifier:   A0:58:B3:0C:9E:25:67:D3:6E:13:2C:85:68:2B:94:DF:12:B9:5C:77
Certificate issuer:       /CN=e8d062a969d2142bb8506a571180b45bd0fab934
Certificate serial:       01856F39192C88954363D0B3B33EFD2BDDCD
Authority key identifier: E8:D0:62:A9:69:D2:14:2B:B8:50:6A:57:11:80:B4:5B:D0:FA:B9:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/oFizDJ4lZ9NuEyyFaCuU3xK5XHc.roa
Signing time:             Sun 01 Jan 2023 21:24:51 +0000
ROA not before:           Sun 01 Jan 2023 21:24:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     24663
IP address blocks:        94.127.216.0/21 maxlen: 24
                          178.23.224.0/21 maxlen: 24
                          80.250.224.0/20 maxlen: 24
                          37.200.120.0/21 maxlen: 24
                          45.150.204.0/23 maxlen: 24
                          45.150.207.0/24 maxlen: 24
                          185.30.228.0/22 maxlen: 24
                          2a03:8080::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:39:19:2c:88:95:43:63:d0:b3:b3:3e:fd:2b:dd:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8d062a969d2142bb8506a571180b45bd0fab934
        Validity
            Not Before: Jan  1 21:24:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a058b30c9e2567d36e132c85682b94df12b95c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:25:41:ef:0f:b7:d8:98:44:d7:eb:34:4f:e2:
                    35:f3:ed:34:77:4f:66:1e:af:17:a9:85:0c:13:0a:
                    de:d8:d0:c2:fb:85:78:04:63:67:21:df:6a:7f:d6:
                    4e:ab:19:27:93:32:49:69:d7:be:e2:5e:53:34:a6:
                    9c:9a:75:b4:a9:08:9b:84:30:0c:59:50:5e:a6:f6:
                    63:4b:6e:19:74:86:a8:f7:34:2b:d6:98:91:5f:94:
                    9f:db:32:18:38:de:9c:2d:da:b3:9c:87:3c:c1:37:
                    f2:eb:40:2b:db:d7:11:8c:f2:1f:2c:c3:ea:60:2f:
                    02:e2:ea:92:a4:49:5c:0c:2e:a3:78:68:6c:d9:80:
                    06:1c:d1:b3:d6:8e:b3:f9:be:02:af:fc:8e:73:87:
                    f9:67:dd:3f:c5:1f:2c:da:d2:e4:15:8b:2b:78:df:
                    0d:76:3d:04:c5:36:b5:d7:82:86:25:2a:81:4c:6b:
                    bb:7e:19:36:6b:94:9a:cb:6b:67:8f:a8:6e:ef:67:
                    70:fc:61:7e:2e:c6:20:dd:e9:88:81:23:83:2c:03:
                    8b:b2:df:52:33:da:d3:6b:89:30:b5:ef:7a:a5:f5:
                    b9:87:4c:cc:fe:ea:64:62:3f:93:98:91:a3:dc:a7:
                    14:99:a7:4e:a7:e1:73:9e:78:be:d7:75:e2:d7:43:
                    8f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:58:B3:0C:9E:25:67:D3:6E:13:2C:85:68:2B:94:DF:12:B9:5C:77
            X509v3 Authority Key Identifier:
                keyid:E8:D0:62:A9:69:D2:14:2B:B8:50:6A:57:11:80:B4:5B:D0:FA:B9:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/oFizDJ4lZ9NuEyyFaCuU3xK5XHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/a9916a-13bf-4770-8e44-58b6a5784ab7/1/6NBiqWnSFCu4UGpXEYC0W9D6uTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.200.120.0/21
                  45.150.204.0/23
                  45.150.207.0/24
                  80.250.224.0/20
                  94.127.216.0/21
                  178.23.224.0/21
                  185.30.228.0/22
                IPv6:
                  2a03:8080::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:f3:21:ec:1b:fa:03:8f:75:66:fe:4c:90:24:d2:d0:86:2a:
         38:71:e3:dc:3e:3e:f8:60:e3:75:8e:ae:89:2d:23:83:57:73:
         1b:e8:fd:b9:f8:6a:0a:78:07:42:30:fc:e6:e1:d2:f2:62:38:
         af:e7:5b:f1:6e:b8:da:a0:bd:07:45:d8:b5:55:af:38:3b:20:
         4b:da:5e:bf:df:c5:5e:17:9f:6e:c3:d8:3c:f4:f2:5f:5b:19:
         50:1f:ac:e1:98:66:73:94:b8:db:5f:59:90:f6:35:ea:72:c8:
         40:9a:c1:ee:da:98:38:04:b0:5e:2e:f7:44:bc:5f:f3:08:34:
         7a:31:52:00:fe:ee:a3:41:c3:56:a0:ac:51:54:53:db:fa:d1:
         6a:70:56:0f:20:69:4e:ca:77:50:7c:e6:31:63:03:37:37:c0:
         ca:5c:2f:89:72:6d:98:3e:50:97:97:9c:e4:79:5e:c2:87:95:
         ce:d8:6f:8d:a2:8b:4a:f6:1e:ad:ff:18:f0:bf:9f:ea:e6:77:
         d8:29:6a:e9:b5:41:95:d6:f1:6f:70:b2:eb:91:04:45:93:21:
         3f:a9:08:41:60:26:c2:7e:9e:18:84:8b:82:fb:46:a1:82:16:
         83:d3:ff:4d:a0:d2:a2:7e:32:09:cf:aa:40:57:d4:7a:37:db:
         bc:a3:18:9f
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVvORksiJVDY9Czsz79K93NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4ZDA2MmE5NjlkMjE0MmJiODUwNmE1NzExODBiNDViZDBm
YWI5MzQwHhcNMjMwMTAxMjEyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDU4YjMwYzllMjU2N2QzNmUxMzJjODU2ODJiOTRkZjEyYjk1Yzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkiVB7w+32JhE1+s0T+I18+00d09m
Hq8XqYUMEwre2NDC+4V4BGNnId9qf9ZOqxknkzJJade+4l5TNKacmnW0qQibhDAM
WVBepvZjS24ZdIao9zQr1piRX5Sf2zIYON6cLdqznIc8wTfy60Ar29cRjPIfLMPq
YC8C4uqSpElcDC6jeGhs2YAGHNGz1o6z+b4Cr/yOc4f5Z90/xR8s2tLkFYsreN8N
dj0ExTa114KGJSqBTGu7fhk2a5Say2tnj6hu72dw/GF+LsYg3emIgSODLAOLst9S
M9rTa4kwte96pfW5h0zM/upkYj+TmJGj3KcUmadOp+Fznni+13Xi10OPKQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKBYswyeJWfTbhMshWgrlN8SuVx3MB8GA1UdIwQY
MBaAFOjQYqlp0hQruFBqVxGAtFvQ+rk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk5CaXFXblNGQ3U0VUdwWEVZQzBXOUQ2dVRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9hOTkxNmEtMTNiZi00NzcwLThlNDQt
NThiNmE1Nzg0YWI3LzEvb0ZpekRKNGxaOU51RXl5RmFDdVUzeEs1WEhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9hOTkxNmEtMTNiZi00NzcwLThlNDQtNThiNmE1Nzg0YWI3
LzEvNk5CaXFXblNGQ3U0VUdwWEVZQzBXOUQ2dVRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDJch4AwQB
LZbMAwQALZbPAwQEUPrgAwQDXn/YAwQDshfgAwQCuR7kMA0EAgACMAcDBQAqA4CA
MA0GCSqGSIb3DQEBCwUAA4IBAQB48yHsG/oDj3Vm/kyQJNLQhio4cePcPj74YON1
jq6JLSODV3Mb6P25+GoKeAdCMPzm4dLyYjiv51vxbrjaoL0HRdi1Va84OyBL2l6/
38VeF59uw9g89PJfWxlQH6zhmGZzlLjbX1mQ9jXqcshAmsHu2pg4BLBeLvdEvF/z
CDR6MVIA/u6jQcNWoKxRVFPb+tFqcFYPIGlOyndQfOYxYwM3N8DKXC+Jcm2YPlCX
l5zkeV7Ch5XO2G+NootK9h6t/xjwv5/q5nfYKWrptUGV1vFvcLLrkQRFkyE/qQhB
YCbCfp4YhIuC+0ahghaD0/9NoNKifjIJz6pAV9R6N9u8oxif
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:04 2024 by rpki-client on console-fra.rpki-client.org