Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/83ff8f-16ca-4249-b774-62a28f3e001c/1/3C2hHVA1uO3MJatOu0JXtnS1pXI.roa
File:                     3C2hHVA1uO3MJatOu0JXtnS1pXI.roa (raw, json)
Hash identifier:          I0uSv2hmunlxKZY/StvTVLmd+PAl+pQx24LWmyJ+HtY=
Subject key identifier:   DC:2D:A1:1D:50:35:B8:ED:CC:25:AB:4E:BB:42:57:B6:74:B5:A5:72
Certificate issuer:       /CN=e10fbb9b3cd1c216adc699e5edad5f531d9afcb6
Certificate serial:       018573284BB5C18EAF8AE9F3C734D115B163
Authority key identifier: E1:0F:BB:9B:3C:D1:C2:16:AD:C6:99:E5:ED:AD:5F:53:1D:9A:FC:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Q-7mzzRwhatxpnl7a1fUx2a_LY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/83ff8f-16ca-4249-b774-62a28f3e001c/1/3C2hHVA1uO3MJatOu0JXtnS1pXI.roa
Signing time:             Mon 02 Jan 2023 15:44:58 +0000
ROA not before:           Mon 02 Jan 2023 15:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43530
IP address blocks:        176.62.240.0/20 maxlen: 20
                          78.110.144.0/20 maxlen: 20
                          37.75.192.0/21 maxlen: 21
                          46.245.128.0/21 maxlen: 21
                          5.35.128.0/19 maxlen: 19
                          185.222.236.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:28:4b:b5:c1:8e:af:8a:e9:f3:c7:34:d1:15:b1:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e10fbb9b3cd1c216adc699e5edad5f531d9afcb6
        Validity
            Not Before: Jan  2 15:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc2da11d5035b8edcc25ab4ebb4257b674b5a572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:b5:a5:08:46:25:6d:5d:81:f1:79:11:b4:be:
                    f3:e7:69:ec:b1:ab:8a:3b:07:0e:66:ac:c0:8f:2d:
                    41:41:c5:68:86:71:5a:87:57:02:27:a0:58:52:fb:
                    c7:44:05:32:df:df:c5:aa:ab:6f:41:6a:4c:22:27:
                    85:ac:b3:69:32:62:56:0c:c9:15:16:32:51:c6:68:
                    02:f9:de:78:6e:32:b3:ee:97:f4:8c:34:7f:4e:84:
                    78:0c:5f:85:a4:29:4f:3a:44:bd:b5:58:e6:a1:a4:
                    ba:64:3e:c1:29:a5:51:18:6e:71:a6:52:f5:17:57:
                    6a:7b:40:1b:ea:52:9f:25:b3:99:96:b0:e5:da:fc:
                    f1:2d:76:15:b4:05:c8:e5:fe:c7:f8:ee:ae:92:df:
                    d1:93:99:fc:8a:3d:bd:b5:ff:28:82:87:71:39:4a:
                    c0:7c:4f:33:f7:8a:13:aa:fa:f1:b0:71:06:48:e1:
                    f4:d9:43:8a:cf:2d:a2:7f:43:b3:d4:bf:b1:84:69:
                    18:da:39:ca:2a:84:b0:2e:67:05:b3:3d:3f:31:3f:
                    16:f9:62:6e:ab:ce:0d:8f:d9:87:10:af:09:4d:89:
                    d0:b2:73:60:e4:9b:c7:3c:57:dc:04:da:7e:b7:61:
                    eb:75:54:05:dc:44:d8:82:35:d1:f0:3c:08:a7:b1:
                    71:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:2D:A1:1D:50:35:B8:ED:CC:25:AB:4E:BB:42:57:B6:74:B5:A5:72
            X509v3 Authority Key Identifier:
                keyid:E1:0F:BB:9B:3C:D1:C2:16:AD:C6:99:E5:ED:AD:5F:53:1D:9A:FC:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Q-7mzzRwhatxpnl7a1fUx2a_LY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/83ff8f-16ca-4249-b774-62a28f3e001c/1/3C2hHVA1uO3MJatOu0JXtnS1pXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/83ff8f-16ca-4249-b774-62a28f3e001c/1/4Q-7mzzRwhatxpnl7a1fUx2a_LY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.128.0/19
                  37.75.192.0/21
                  46.245.128.0/21
                  78.110.144.0/20
                  176.62.240.0/20
                  185.222.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         dc:2b:88:25:8a:06:e6:9b:20:18:81:be:a6:fd:b0:3c:4f:37:
         20:63:b9:76:e7:54:db:3d:35:c3:3e:9b:a8:09:15:53:9d:fb:
         c8:a0:10:4f:40:5f:a5:b6:e0:3a:f7:9f:d6:0a:b0:7a:6b:29:
         11:3d:db:bf:54:9f:da:da:e1:be:7b:ed:f6:c6:84:71:20:ce:
         64:c9:bb:50:c8:48:1d:2c:0e:fa:6c:80:70:71:a2:5a:46:01:
         a4:bb:a7:bb:ce:30:52:82:a1:27:79:bb:92:a2:89:54:66:5d:
         a1:c0:4c:a1:42:3d:80:28:f4:9e:64:c2:d8:d1:16:6b:1a:ad:
         40:8f:8d:a7:f0:1d:9b:5f:bf:46:a0:19:71:68:89:11:46:47:
         8a:4d:d9:b5:1a:6b:00:55:4b:a7:77:ed:31:00:c9:c1:6b:1a:
         8a:93:14:20:d9:8b:ec:80:59:99:c4:04:55:79:34:f2:1f:a0:
         0a:33:71:ef:62:16:ad:96:6e:8a:55:38:ce:d6:f3:5d:6e:f1:
         c4:fb:65:aa:ea:0d:2a:fc:63:f1:fc:e3:13:47:ef:44:fb:e4:
         c2:e3:bf:6d:12:2e:c9:58:e4:0c:06:ab:92:ee:22:26:20:ec:
         a0:f8:d7:20:4d:41:2f:d9:b3:c1:cb:13:5b:a3:7b:c0:de:36:
         3e:f0:6f:1d
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVzKEu1wY6viunzxzTRFbFjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMGZiYjliM2NkMWMyMTZhZGM2OTllNWVkYWQ1ZjUzMWQ5
YWZjYjYwHhcNMjMwMTAyMTU0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzJkYTExZDUwMzViOGVkY2MyNWFiNGViYjQyNTdiNjc0YjVhNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLWlCEYlbV2B8XkRtL7z52nssauK
OwcOZqzAjy1BQcVohnFah1cCJ6BYUvvHRAUy39/FqqtvQWpMIieFrLNpMmJWDMkV
FjJRxmgC+d54bjKz7pf0jDR/ToR4DF+FpClPOkS9tVjmoaS6ZD7BKaVRGG5xplL1
F1dqe0Ab6lKfJbOZlrDl2vzxLXYVtAXI5f7H+O6ukt/Rk5n8ij29tf8ogodxOUrA
fE8z94oTqvrxsHEGSOH02UOKzy2if0Oz1L+xhGkY2jnKKoSwLmcFsz0/MT8W+WJu
q84Nj9mHEK8JTYnQsnNg5JvHPFfcBNp+t2HrdVQF3ETYgjXR8DwIp7FxZwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFNwtoR1QNbjtzCWrTrtCV7Z0taVyMB8GA1UdIwQY
MBaAFOEPu5s80cIWrcaZ5e2tX1Mdmvy2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFEtN216elJ3aGF0eHBubDdhMWZVeDJhX0xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi84M2ZmOGYtMTZjYS00MjQ5LWI3NzQt
NjJhMjhmM2UwMDFjLzEvM0MyaEhWQTF1TzNNSmF0T3UwSlh0blMxcFhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi84M2ZmOGYtMTZjYS00MjQ5LWI3NzQtNjJhMjhmM2UwMDFj
LzEvNFEtN216elJ3aGF0eHBubDdhMWZVeDJhX0xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQFBSOAAwQD
JUvAAwQDLvWAAwQETm6QAwQEsD7wAwQCud7sMA0GCSqGSIb3DQEBCwUAA4IBAQDc
K4gligbmmyAYgb6m/bA8TzcgY7l251TbPTXDPpuoCRVTnfvIoBBPQF+ltuA695/W
CrB6aykRPdu/VJ/a2uG+e+32xoRxIM5kybtQyEgdLA76bIBwcaJaRgGku6e7zjBS
gqEnebuSoolUZl2hwEyhQj2AKPSeZMLY0RZrGq1Aj42n8B2bX79GoBlxaIkRRkeK
Tdm1GmsAVUund+0xAMnBaxqKkxQg2YvsgFmZxARVeTTyH6AKM3HvYhatlm6KVTjO
1vNdbvHE+2Wq6g0q/GPx/OMTR+9E++TC479tEi7JWOQMBquS7iImIOyg+NcgTUEv
2bPByxNbo3vA3jY+8G8d
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:21 2024 by rpki-client on console-fra.rpki-client.org