Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/xXmnQ51mWa_LgDnQ8UmwI4Csh8g.roa
File:                     xXmnQ51mWa_LgDnQ8UmwI4Csh8g.roa (raw, json)
Hash identifier:          6STqBcjr5KrhlFiNYbNfKP/B1QingYDXXd6J198cL5c=
Subject key identifier:   C5:79:A7:43:9D:66:59:AF:CB:80:39:D0:F1:49:B0:23:80:AC:87:C8
Certificate issuer:       /CN=cfcab8c9d217ac3079c3014b18d446e213f19492
Certificate serial:       018570799B62F93B190AC3F74A720C18CA36
Authority key identifier: CF:CA:B8:C9:D2:17:AC:30:79:C3:01:4B:18:D4:46:E2:13:F1:94:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8q4ydIXrDB5wwFLGNRG4hPxlJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/xXmnQ51mWa_LgDnQ8UmwI4Csh8g.roa
Signing time:             Mon 02 Jan 2023 03:14:55 +0000
ROA not before:           Mon 02 Jan 2023 03:14:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41332
IP address blocks:        194.76.10.0/23 maxlen: 24
                          194.76.12.0/23 maxlen: 24
                          185.108.236.0/22 maxlen: 22
                          185.116.176.0/22 maxlen: 24
                          2a06:8040::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:30:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:79:9b:62:f9:3b:19:0a:c3:f7:4a:72:0c:18:ca:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcab8c9d217ac3079c3014b18d446e213f19492
        Validity
            Not Before: Jan  2 03:14:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c579a7439d6659afcb8039d0f149b02380ac87c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c6:9b:95:15:33:4b:c7:04:3b:4f:0c:66:6f:
                    e4:03:9a:d7:06:f8:05:02:d6:d9:d4:77:a6:ff:53:
                    a0:d5:45:a7:43:c3:d9:c9:be:fc:7d:4a:c2:9e:93:
                    39:29:14:27:14:f0:14:61:cd:2a:9c:1c:8d:19:93:
                    16:c5:ff:9d:36:d3:8f:d5:2f:39:6b:21:da:81:08:
                    54:81:e9:a1:9e:9e:e9:72:e7:d4:95:df:ab:9f:97:
                    6f:a3:35:60:e4:90:60:8e:e2:95:79:7c:5f:fa:78:
                    2c:4a:b9:3c:78:70:b1:79:a1:11:07:50:b0:7f:f1:
                    a4:26:1b:af:3d:26:23:af:c2:5c:09:5e:59:46:07:
                    a2:88:1d:4a:9d:40:89:65:d6:21:66:01:06:b2:ca:
                    28:55:9b:bd:e3:cd:1c:ef:6f:47:b2:d6:f2:f9:a3:
                    ed:95:2e:35:41:c3:20:09:f7:b6:c4:89:1e:1e:0a:
                    ea:37:72:68:25:cc:d9:0c:98:5f:3f:6e:a8:11:bb:
                    1d:3e:81:03:57:93:b7:5e:8e:a6:ba:f3:cb:44:12:
                    e9:db:c8:84:1e:c4:45:fd:1f:3f:cb:15:50:10:b1:
                    68:cb:e1:29:81:0c:f9:e3:79:4c:04:9a:a3:5c:3f:
                    10:ea:c5:a0:52:3e:2e:4e:cb:2f:eb:d4:4c:fe:eb:
                    5a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:79:A7:43:9D:66:59:AF:CB:80:39:D0:F1:49:B0:23:80:AC:87:C8
            X509v3 Authority Key Identifier:
                keyid:CF:CA:B8:C9:D2:17:AC:30:79:C3:01:4B:18:D4:46:E2:13:F1:94:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8q4ydIXrDB5wwFLGNRG4hPxlJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/xXmnQ51mWa_LgDnQ8UmwI4Csh8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/10c000-77b0-466d-b4cf-445400d703c8/1/z8q4ydIXrDB5wwFLGNRG4hPxlJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.108.236.0/22
                  185.116.176.0/22
                  194.76.10.0-194.76.13.255
                IPv6:
                  2a06:8040::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:d7:cc:8b:56:05:f6:a9:5b:c3:41:c4:a2:df:a0:75:f5:e5:
         3c:bf:f9:29:00:b8:93:56:c7:7c:bc:bb:87:24:4e:4d:f0:79:
         61:c8:a6:0c:77:b6:53:4d:77:0e:4b:46:54:21:c2:b9:09:53:
         be:b4:6b:83:48:fe:ad:e1:b7:f6:46:2e:db:70:ae:e4:e8:26:
         87:a2:6a:f7:be:77:db:44:68:9d:6a:72:25:27:0c:df:08:16:
         e9:24:a8:59:17:70:e7:9a:57:c5:79:73:0d:e4:37:aa:0a:f8:
         a7:b3:7c:4b:7d:44:a8:a6:4f:ee:26:14:40:9c:e0:9d:c4:ae:
         7d:34:27:4f:03:06:48:ce:13:3b:6c:66:60:6b:da:cb:b0:16:
         1e:9c:87:23:97:eb:aa:63:16:0a:2e:a5:e8:81:d0:ad:94:68:
         29:39:12:04:46:62:45:e7:8b:0e:45:84:37:26:64:56:14:ae:
         d8:71:ec:e2:01:c5:ab:72:e0:26:53:30:cd:05:23:b9:fb:19:
         a0:82:db:16:d3:93:a7:95:f1:59:46:90:15:02:3e:e0:e5:ad:
         48:99:2d:58:d4:8e:7f:04:e2:da:d0:2e:7f:00:ae:87:1e:17:
         ff:6f:78:30:4c:3e:22:64:f7:74:53:44:f7:2f:10:4e:3d:6a:
         b2:78:59:cb
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYVweZti+TsZCsP3SnIMGMo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2FiOGM5ZDIxN2FjMzA3OWMzMDE0YjE4ZDQ0NmUyMTNm
MTk0OTIwHhcNMjMwMTAyMDMxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTc5YTc0MzlkNjY1OWFmY2I4MDM5ZDBmMTQ5YjAyMzgwYWM4N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcablRUzS8cEO08MZm/kA5rXBvgF
AtbZ1Hem/1Og1UWnQ8PZyb78fUrCnpM5KRQnFPAUYc0qnByNGZMWxf+dNtOP1S85
ayHagQhUgemhnp7pcufUld+rn5dvozVg5JBgjuKVeXxf+ngsSrk8eHCxeaERB1Cw
f/GkJhuvPSYjr8JcCV5ZRgeiiB1KnUCJZdYhZgEGssooVZu9480c729Hstby+aPt
lS41QcMgCfe2xIkeHgrqN3JoJczZDJhfP26oEbsdPoEDV5O3Xo6muvPLRBLp28iE
HsRF/R8/yxVQELFoy+EpgQz543lMBJqjXD8Q6sWgUj4uTssv69RM/utabwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMV5p0OdZlmvy4A50PFJsCOArIfIMB8GA1UdIwQY
MBaAFM/KuMnSF6wwecMBSxjURuIT8ZSSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhxNHlkSVhyREI1d3dGTEdOUkc0aFB4bEpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8xMGMwMDAtNzdiMC00NjZkLWI0Y2Yt
NDQ1NDAwZDcwM2M4LzEveFhtblE1MW1XYV9MZ0RuUThVbXdJNENzaDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8xMGMwMDAtNzdiMC00NjZkLWI0Y2YtNDQ1NDAwZDcwM2M4
LzEvejhxNHlkSVhyREI1d3dGTEdOUkc0aFB4bEpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQCuWzsAwQC
uXSwMAwDBAHCTAoDBAHCTAwwDQQCAAIwBwMFAyoGgEAwDQYJKoZIhvcNAQELBQAD
ggEBAHvXzItWBfapW8NBxKLfoHX15Ty/+SkAuJNWx3y8u4ckTk3weWHIpgx3tlNN
dw5LRlQhwrkJU760a4NI/q3ht/ZGLttwruToJoeiave+d9tEaJ1qciUnDN8IFukk
qFkXcOeaV8V5cw3kN6oK+KezfEt9RKimT+4mFECc4J3Ern00J08DBkjOEztsZmBr
2suwFh6chyOX66pjFgoupeiB0K2UaCk5EgRGYkXniw5FhDcmZFYUrthx7OIBxaty
4CZTMM0FI7n7GaCC2xbTk6eV8VlGkBUCPuDlrUiZLVjUjn8E4trQLn8AroceF/9v
eDBMPiJk93RTRPcvEE49arJ4Wcs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:04 2024 by rpki-client on console-fra.rpki-client.org