Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/61f3d8-1a24-446f-a2b2-0d07652e4cab/1/Kfic39ycA3W9IRUpBHleEUNPwvA.roa
File:                     Kfic39ycA3W9IRUpBHleEUNPwvA.roa (raw, json)
Hash identifier:          psffTg5OQvDsqoDo9/Y37r334e0YFKZlBf0rL9WBnb8=
Subject key identifier:   29:F8:9C:DF:DC:9C:03:75:BD:21:15:29:04:79:5E:11:43:4F:C2:F0
Certificate issuer:       /CN=c1eee2cab86b5ee40fc2770ca8cb5c50c62b755b
Certificate serial:       01856F1DA1F83C1C96E39411F8878D41292B
Authority key identifier: C1:EE:E2:CA:B8:6B:5E:E4:0F:C2:77:0C:A8:CB:5C:50:C6:2B:75:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/we7iyrhrXuQPwncMqMtcUMYrdVs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/61f3d8-1a24-446f-a2b2-0d07652e4cab/1/Kfic39ycA3W9IRUpBHleEUNPwvA.roa
Signing time:             Sun 01 Jan 2023 20:54:51 +0000
ROA not before:           Sun 01 Jan 2023 20:54:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43067
IP address blocks:        91.196.82.0/24 maxlen: 32
                          91.196.80.0/22 maxlen: 32
                          91.196.80.0/24 maxlen: 32
                          91.196.83.0/24 maxlen: 32
                          91.196.81.0/24 maxlen: 32
                          91.234.72.0/22 maxlen: 32
                          91.234.72.0/24 maxlen: 32
                          91.234.75.0/24 maxlen: 32
                          91.234.73.0/24 maxlen: 32
                          91.234.74.0/24 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:a1:f8:3c:1c:96:e3:94:11:f8:87:8d:41:29:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eee2cab86b5ee40fc2770ca8cb5c50c62b755b
        Validity
            Not Before: Jan  1 20:54:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=29f89cdfdc9c0375bd21152904795e11434fc2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:a4:a6:eb:af:f4:ab:5e:f5:8f:f1:7e:fe:47:
                    c4:df:50:41:bf:8e:5e:61:c9:43:46:78:25:3e:87:
                    3b:44:88:b0:9d:33:c3:a0:e0:d0:f3:18:44:a4:56:
                    5c:56:3e:44:54:c2:b4:6c:36:47:e0:0b:97:3b:18:
                    8c:b2:51:9d:5d:3a:dd:fb:4c:55:0c:44:59:16:09:
                    c4:ae:08:63:ae:f8:d9:2d:56:2c:28:13:12:c4:05:
                    45:e6:09:e2:98:c4:ba:fb:79:4b:b7:48:dc:11:04:
                    19:9c:b1:2c:5f:de:7f:23:9e:29:d4:8a:3e:b8:8c:
                    95:e6:12:51:7c:6d:d2:df:0c:c1:dc:00:42:54:b8:
                    19:68:4e:bb:b3:27:ab:5e:87:8b:0f:bf:c4:da:74:
                    f9:12:f9:dd:3c:72:6e:b5:03:25:54:ce:fe:e7:eb:
                    bf:37:df:e8:df:39:cf:84:00:c5:04:f0:6f:0d:9a:
                    91:46:27:a2:9c:86:29:78:37:2e:b2:39:86:b0:a6:
                    de:76:a7:20:73:41:33:4e:de:54:86:84:78:7e:06:
                    0e:2b:6a:7e:8a:44:ba:cf:4a:12:03:91:4c:ee:2e:
                    d3:84:94:a5:ba:07:fb:c6:b0:11:ab:2e:4a:77:11:
                    e3:22:6f:31:f6:3a:e1:48:99:bb:24:2a:fa:cb:13:
                    b9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F8:9C:DF:DC:9C:03:75:BD:21:15:29:04:79:5E:11:43:4F:C2:F0
            X509v3 Authority Key Identifier:
                keyid:C1:EE:E2:CA:B8:6B:5E:E4:0F:C2:77:0C:A8:CB:5C:50:C6:2B:75:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/we7iyrhrXuQPwncMqMtcUMYrdVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/61f3d8-1a24-446f-a2b2-0d07652e4cab/1/Kfic39ycA3W9IRUpBHleEUNPwvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/61f3d8-1a24-446f-a2b2-0d07652e4cab/1/we7iyrhrXuQPwncMqMtcUMYrdVs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.196.80.0/22
                  91.234.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:0b:4b:83:0e:29:57:b2:06:a8:9e:b1:ad:51:0d:c9:3e:24:
         39:37:9f:78:55:73:d2:89:1f:4d:cc:c7:77:88:17:a0:de:4f:
         fa:de:5a:a1:2e:c0:d5:9e:67:96:e9:0a:9e:12:6f:15:f4:51:
         51:84:b6:f3:a2:f0:91:90:a8:be:cc:b0:89:de:c9:60:3d:9b:
         c1:a5:dd:a2:fe:4f:b0:8f:80:9b:16:e4:ec:ac:29:16:3a:6f:
         56:ee:a5:d4:0b:51:80:f3:dc:96:8a:be:48:03:fe:72:a3:8f:
         17:35:e3:45:f3:8e:f7:b1:3a:3a:05:8f:3f:10:45:19:71:50:
         fb:b7:e9:41:e4:a1:3c:6b:85:03:9e:84:d5:1f:bf:46:57:f0:
         d4:b5:e4:ec:17:eb:6b:db:af:91:84:77:b9:9e:bc:67:e8:db:
         8f:43:99:ac:72:63:a3:42:56:09:c9:97:b5:d7:70:24:86:2d:
         55:a4:ce:8d:cd:6f:83:15:b7:38:90:6f:4a:b0:dd:94:5d:ec:
         48:4c:de:5c:53:1f:6f:71:28:c2:5e:20:bd:07:2d:b6:a0:b7:
         7b:77:78:00:fd:ca:f5:b7:92:9a:a8:f0:4a:d7:7c:c6:f9:02:
         9e:0f:41:fd:26:2f:3c:88:4a:21:83:89:f2:f1:49:18:8f:70:
         e1:e0:87:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvHaH4PByW45QR+IeNQSkrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWVlMmNhYjg2YjVlZTQwZmMyNzcwY2E4Y2I1YzUwYzYy
Yjc1NWIwHhcNMjMwMTAxMjA1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWY4OWNkZmRjOWMwMzc1YmQyMTE1MjkwNDc5NWUxMTQzNGZjMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKSm66/0q171j/F+/kfE31BBv45e
YclDRnglPoc7RIiwnTPDoODQ8xhEpFZcVj5EVMK0bDZH4AuXOxiMslGdXTrd+0xV
DERZFgnErghjrvjZLVYsKBMSxAVF5gnimMS6+3lLt0jcEQQZnLEsX95/I54p1Io+
uIyV5hJRfG3S3wzB3ABCVLgZaE67syerXoeLD7/E2nT5EvndPHJutQMlVM7+5+u/
N9/o3znPhADFBPBvDZqRRieinIYpeDcusjmGsKbedqcgc0EzTt5UhoR4fgYOK2p+
ikS6z0oSA5FM7i7ThJSlugf7xrARqy5KdxHjIm8x9jrhSJm7JCr6yxO5dwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCn4nN/cnAN1vSEVKQR5XhFDT8LwMB8GA1UdIwQY
MBaAFMHu4sq4a17kD8J3DKjLXFDGK3VbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2U3aXlyaHJYdVFQd25jTXFNdGNVTVlyZFZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny82MWYzZDgtMWEyNC00NDZmLWEyYjIt
MGQwNzY1MmU0Y2FiLzEvS2ZpYzM5eWNBM1c5SVJVcEJIbGVFVU5Qd3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny82MWYzZDgtMWEyNC00NDZmLWEyYjItMGQwNzY1MmU0Y2Fi
LzEvd2U3aXlyaHJYdVFQd25jTXFNdGNVTVlyZFZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8RQAwQC
W+pIMA0GCSqGSIb3DQEBCwUAA4IBAQA3C0uDDilXsgaonrGtUQ3JPiQ5N594VXPS
iR9NzMd3iBeg3k/63lqhLsDVnmeW6QqeEm8V9FFRhLbzovCRkKi+zLCJ3slgPZvB
pd2i/k+wj4CbFuTsrCkWOm9W7qXUC1GA89yWir5IA/5yo48XNeNF8473sTo6BY8/
EEUZcVD7t+lB5KE8a4UDnoTVH79GV/DUteTsF+tr26+RhHe5nrxn6NuPQ5mscmOj
QlYJyZe113Akhi1VpM6NzW+DFbc4kG9KsN2UXexITN5cUx9vcSjCXiC9By22oLd7
d3gA/cr1t5KaqPBK13zG+QKeD0H9Ji88iEohg4ny8UkYj3Dh4Idg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:41 2024 by rpki-client on console-ams.rpki-client.org