Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/jIxWn4O9JooJa5oCXsmsD1voEvo.roa
File:                     jIxWn4O9JooJa5oCXsmsD1voEvo.roa (raw, json)
Hash identifier:          4BdJdcEg7tyFutBbaGQNVCdVx73Y1oCNI7srvDvlqq0=
Subject key identifier:   8C:8C:56:9F:83:BD:26:8A:09:6B:9A:02:5E:C9:AC:0F:5B:E8:12:FA
Certificate issuer:       /CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
Certificate serial:       01856EB91629EFE9784C0E396301DBD9196F
Authority key identifier: 43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/jIxWn4O9JooJa5oCXsmsD1voEvo.roa
Signing time:             Sun 01 Jan 2023 19:05:01 +0000
ROA not before:           Sun 01 Jan 2023 19:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42093
IP address blocks:        195.22.100.0/22 maxlen: 22
                          185.10.156.0/22 maxlen: 24
                          178.251.24.0/21 maxlen: 21
                          2a00:1938::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b9:16:29:ef:e9:78:4c:0e:39:63:01:db:d9:19:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43ca7f3f65d2947af94f398bb3c7c9c320019084
        Validity
            Not Before: Jan  1 19:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8c8c569f83bd268a096b9a025ec9ac0f5be812fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a2:f3:ca:0e:ac:9c:b1:84:a1:e4:4a:27:fa:
                    ce:c0:fd:b7:58:8b:8a:52:15:ff:42:97:a7:36:3f:
                    6c:2d:31:62:97:dd:10:b7:fc:95:ff:c0:6f:d3:4f:
                    ba:30:13:2a:d6:91:39:f8:28:fe:1e:26:bc:05:f6:
                    a5:a4:be:16:56:63:ec:3b:f0:3b:5a:33:22:94:46:
                    8c:e6:81:89:5d:c3:f1:bb:41:a4:8e:89:23:2b:a6:
                    6a:51:ce:1b:46:1a:00:84:58:1a:4d:85:ce:aa:cf:
                    07:4d:08:e4:bf:89:48:57:32:45:74:a9:24:39:6e:
                    d0:b4:70:38:58:63:30:0f:ec:bd:fb:71:a9:59:92:
                    db:04:98:37:cd:f5:41:a8:29:26:37:65:21:65:4b:
                    31:1f:27:18:d8:00:5c:e0:67:7e:a3:10:d6:0b:42:
                    71:42:f6:53:f8:01:39:e7:16:79:75:df:ad:20:f5:
                    d6:00:be:a2:6f:46:0c:7c:99:7c:dd:8b:36:3c:e2:
                    19:6a:b3:50:81:0c:f4:d0:59:41:67:9c:96:97:ae:
                    0c:22:83:54:ac:92:91:cf:72:7b:d4:0c:ca:fb:7a:
                    f9:f1:51:1c:91:a5:1c:0d:83:3d:e5:56:be:8d:05:
                    7e:3e:15:ab:ac:f1:e0:76:21:e8:38:94:ef:1c:5a:
                    2d:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:8C:56:9F:83:BD:26:8A:09:6B:9A:02:5E:C9:AC:0F:5B:E8:12:FA
            X509v3 Authority Key Identifier:
                keyid:43:CA:7F:3F:65:D2:94:7A:F9:4F:39:8B:B3:C7:C9:C3:20:01:90:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/jIxWn4O9JooJa5oCXsmsD1voEvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/f6cf44-66d3-4f0b-8132-d53811fbd7b0/1/Q8p_P2XSlHr5TzmLs8fJwyABkIQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.251.24.0/21
                  185.10.156.0/22
                  195.22.100.0/22
                IPv6:
                  2a00:1938::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:8b:03:ad:28:f2:57:95:68:a5:b0:b3:0f:4e:58:3d:05:99:
         7a:18:9b:40:ae:c6:99:08:4f:56:0d:e3:4f:72:6c:73:ae:40:
         b2:82:35:d6:e4:d8:e9:cb:13:bf:3b:e7:31:8a:0e:6c:e2:04:
         54:65:f7:ca:68:48:a7:18:19:08:d1:cf:27:4a:2f:88:94:b0:
         55:e6:17:14:28:05:ce:4e:c1:47:23:c1:e5:06:e1:6d:a7:71:
         51:7a:1e:a0:28:ed:0b:18:cd:68:68:51:dd:64:05:94:1e:9f:
         ea:cf:7d:94:2c:58:7b:c6:aa:9a:9f:7f:64:e3:0e:36:66:36:
         58:d5:f3:fc:2f:07:16:cd:25:73:21:ac:dc:29:0f:e4:c3:f4:
         b6:c6:10:6c:6a:89:c6:bc:f4:95:cb:f9:c5:61:2f:a8:96:a5:
         9c:97:82:5e:cc:43:c8:f0:0d:22:a7:43:04:55:f7:71:0b:6c:
         31:b9:c8:20:d1:86:79:0d:78:28:57:14:4a:07:5c:47:22:7d:
         2f:d2:83:7a:86:3e:6f:2d:32:05:57:bb:53:bb:6c:35:a4:ab:
         77:7a:5c:52:13:44:f6:7f:6e:34:b7:ba:8a:c5:50:12:d0:f3:
         09:2b:c9:56:98:82:c3:12:11:ac:62:d3:ed:a4:04:95:97:5c:
         da:98:b9:e7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVuuRYp7+l4TA45YwHb2RlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzY2E3ZjNmNjVkMjk0N2FmOTRmMzk4YmIzYzdjOWMzMjAw
MTkwODQwHhcNMjMwMTAxMTkwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzhjNTY5ZjgzYmQyNjhhMDk2YjlhMDI1ZWM5YWMwZjViZTgxMmZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKLzyg6snLGEoeRKJ/rOwP23WIuK
UhX/QpenNj9sLTFil90Qt/yV/8Bv00+6MBMq1pE5+Cj+Hia8BfalpL4WVmPsO/A7
WjMilEaM5oGJXcPxu0GkjokjK6ZqUc4bRhoAhFgaTYXOqs8HTQjkv4lIVzJFdKkk
OW7QtHA4WGMwD+y9+3GpWZLbBJg3zfVBqCkmN2UhZUsxHycY2ABc4Gd+oxDWC0Jx
QvZT+AE55xZ5dd+tIPXWAL6ib0YMfJl83Ys2POIZarNQgQz00FlBZ5yWl64MIoNU
rJKRz3J71AzK+3r58VEckaUcDYM95Va+jQV+PhWrrPHgdiHoOJTvHFotMwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIyMVp+DvSaKCWuaAl7JrA9b6BL6MB8GA1UdIwQY
MBaAFEPKfz9l0pR6+U85i7PHycMgAZCEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzIt
ZDUzODExZmJkN2IwLzEvakl4V240TzlKb29KYTVvQ1hzbXNEMXZvRXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9mNmNmNDQtNjZkMy00ZjBiLTgxMzItZDUzODExZmJkN2Iw
LzEvUThwX1AyWFNsSHI1VHptTHM4Zkp3eUFCa0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDsvsYAwQC
uQqcAwQCwxZkMA0EAgACMAcDBQAqABk4MA0GCSqGSIb3DQEBCwUAA4IBAQBTiwOt
KPJXlWilsLMPTlg9BZl6GJtArsaZCE9WDeNPcmxzrkCygjXW5NjpyxO/O+cxig5s
4gRUZffKaEinGBkI0c8nSi+IlLBV5hcUKAXOTsFHI8HlBuFtp3FReh6gKO0LGM1o
aFHdZAWUHp/qz32ULFh7xqqan39k4w42ZjZY1fP8LwcWzSVzIazcKQ/kw/S2xhBs
aonGvPSVy/nFYS+olqWcl4JezEPI8A0ip0MEVfdxC2wxucgg0YZ5DXgoVxRKB1xH
In0v0oN6hj5vLTIFV7tTu2w1pKt3elxSE0T2f240t7qKxVAS0PMJK8lWmILDEhGs
YtPtpASVl1zamLnn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:17 2024 by rpki-client on console-ams.rpki-client.org