Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/DIW3F0EAoPo-LUuqJ7MYsZCg6TE.roa
File:                     DIW3F0EAoPo-LUuqJ7MYsZCg6TE.roa (raw, json)
Hash identifier:          kIAiT3ZA2mnaoQzcK4aNC8MCRRMc5zMW2al2AHdvdrI=
Subject key identifier:   0C:85:B7:17:41:00:A0:FA:3E:2D:4B:AA:27:B3:18:B1:90:A0:E9:31
Certificate issuer:       /CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
Certificate serial:       018572B43B8B7DC4609394A05E75EB177552
Authority key identifier: 05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/DIW3F0EAoPo-LUuqJ7MYsZCg6TE.roa
Signing time:             Mon 02 Jan 2023 13:38:12 +0000
ROA not before:           Mon 02 Jan 2023 13:38:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6658
IP address blocks:        194.1.128.0/24 maxlen: 24
                          194.1.129.0/24 maxlen: 24
                          194.1.136.0/22 maxlen: 22
                          194.1.140.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 Feb 2023 14:09:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:b4:3b:8b:7d:c4:60:93:94:a0:5e:75:eb:17:75:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0562d5a67b7a20f865e753163a6ed0e5f347e839
        Validity
            Not Before: Jan  2 13:38:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0c85b7174100a0fa3e2d4baa27b318b190a0e931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:2a:46:f2:97:35:94:1e:a2:4d:f1:7a:4b:f0:
                    be:85:03:01:63:6f:9a:fc:d3:7f:45:38:a2:06:66:
                    b5:55:56:f9:b3:cb:ec:6a:54:2c:6d:73:bc:ba:a1:
                    e6:66:ab:ef:86:26:47:17:bb:58:67:1b:64:76:93:
                    fc:58:0c:c3:b9:b7:f3:91:0e:81:09:f8:60:43:4d:
                    bd:10:bb:8e:04:e8:1d:e6:d4:cb:82:8e:42:7d:ed:
                    03:e1:ae:2e:97:50:a2:78:bb:18:05:7f:14:f0:68:
                    1c:b7:00:23:99:23:e4:2c:f8:f2:78:7a:35:a6:29:
                    d9:43:48:78:73:25:95:64:d1:76:11:81:5a:2b:55:
                    98:c8:24:eb:ef:27:5e:87:64:f8:0a:f5:96:68:8b:
                    79:17:df:84:9b:a4:0c:ca:24:02:3a:42:7a:0b:cc:
                    30:c4:1f:e6:cf:c7:d4:39:e8:6e:45:93:d1:64:ee:
                    b0:8b:7a:19:4f:20:c6:85:87:77:ed:00:3f:34:8e:
                    11:53:09:c8:a0:2d:45:2c:16:cf:bd:48:57:44:dc:
                    25:de:d1:08:e7:28:b2:d3:b4:ee:8c:fa:08:20:7e:
                    0a:41:57:11:0c:d7:91:00:17:af:59:54:0d:5f:85:
                    36:6a:c8:eb:66:d1:b3:73:91:b7:b8:f0:73:51:d0:
                    4e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:85:B7:17:41:00:A0:FA:3E:2D:4B:AA:27:B3:18:B1:90:A0:E9:31
            X509v3 Authority Key Identifier:
                keyid:05:62:D5:A6:7B:7A:20:F8:65:E7:53:16:3A:6E:D0:E5:F3:47:E8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/DIW3F0EAoPo-LUuqJ7MYsZCg6TE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/8b01c2-ecbe-4f88-ae37-504c8fc220ea/1/BWLVpnt6IPhl51MWOm7Q5fNH6Dk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.1.128.0/23
                  194.1.136.0-194.1.140.255

    Signature Algorithm: sha256WithRSAEncryption
         6d:4d:1e:fb:7e:66:3e:3a:ae:ad:5f:59:60:34:7b:e0:90:74:
         1c:7a:ae:0c:72:1d:7f:8c:1f:3f:08:69:d0:f7:02:00:35:43:
         7a:b0:d9:89:d3:6b:da:5e:a8:5c:7e:70:7b:2b:0a:04:fc:dd:
         68:1e:00:5b:56:b0:e6:d6:a3:06:73:83:fc:5f:f2:ea:0a:bf:
         d8:33:b1:f0:06:58:85:1f:a3:31:d9:20:ab:35:9a:75:65:91:
         0c:66:af:af:ff:bb:7e:24:f2:70:6e:1b:f5:52:71:5c:77:be:
         34:d6:dc:a9:61:2c:22:28:95:8c:94:10:11:81:48:68:30:fd:
         8d:ef:06:61:e1:30:1d:71:00:6b:7a:00:e2:95:90:fb:fc:a6:
         2a:f8:0c:27:36:73:73:92:c6:e6:16:66:dc:67:82:05:d5:7d:
         53:ad:4d:f4:6c:07:f1:3c:7e:28:9f:af:4d:f6:86:eb:ea:7a:
         2d:fa:2d:ab:22:97:29:8d:ae:62:1b:66:a5:62:c7:46:f4:7a:
         c3:4e:f7:b0:4f:59:de:c2:44:d2:a5:ce:86:5c:f0:9c:c3:a2:
         6d:64:d2:dd:a4:96:98:16:36:14:5d:a2:6b:04:01:d7:83:a3:
         af:60:ae:8e:2a:c0:39:57:ba:d9:2b:9a:9d:4e:41:6a:4b:b1:
         f7:fe:69:48
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVytDuLfcRgk5SgXnXrF3VSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NjJkNWE2N2I3YTIwZjg2NWU3NTMxNjNhNmVkMGU1ZjM0
N2U4MzkwHhcNMjMwMTAyMTMzODEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzg1YjcxNzQxMDBhMGZhM2UyZDRiYWEyN2IzMThiMTkwYTBlOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4SpG8pc1lB6iTfF6S/C+hQMBY2+a
/NN/RTiiBma1VVb5s8vsalQsbXO8uqHmZqvvhiZHF7tYZxtkdpP8WAzDubfzkQ6B
CfhgQ029ELuOBOgd5tTLgo5Cfe0D4a4ul1CieLsYBX8U8GgctwAjmSPkLPjyeHo1
pinZQ0h4cyWVZNF2EYFaK1WYyCTr7ydeh2T4CvWWaIt5F9+Em6QMyiQCOkJ6C8ww
xB/mz8fUOehuRZPRZO6wi3oZTyDGhYd37QA/NI4RUwnIoC1FLBbPvUhXRNwl3tEI
5yiy07TujPoIIH4KQVcRDNeRABevWVQNX4U2asjrZtGzc5G3uPBzUdBOvQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAyFtxdBAKD6Pi1LqiezGLGQoOkxMB8GA1UdIwQY
MBaAFAVi1aZ7eiD4ZedTFjpu0OXzR+g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzct
NTA0YzhmYzIyMGVhLzEvRElXM0YwRUFvUG8tTFV1cUo3TVlzWkNnNlRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi84YjAxYzItZWNiZS00Zjg4LWFlMzctNTA0YzhmYzIyMGVh
LzEvQldMVnBudDZJUGhsNTFNV09tN1E1Zk5INkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQBwgGAMAwD
BAPCAYgDBADCAYwwDQYJKoZIhvcNAQELBQADggEBAG1NHvt+Zj46rq1fWWA0e+CQ
dBx6rgxyHX+MHz8IadD3AgA1Q3qw2YnTa9peqFx+cHsrCgT83WgeAFtWsObWowZz
g/xf8uoKv9gzsfAGWIUfozHZIKs1mnVlkQxmr6//u34k8nBuG/VScVx3vjTW3Klh
LCIolYyUEBGBSGgw/Y3vBmHhMB1xAGt6AOKVkPv8pir4DCc2c3OSxuYWZtxnggXV
fVOtTfRsB/E8fiifr032huvqei36LasilymNrmIbZqVix0b0esNO97BPWd7CRNKl
zoZc8JzDom1k0t2klpgWNhRdomsEAdeDo69gro4qwDlXutkrmp1OQWpLsff+aUg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:10 2024 by rpki-client on console-fra.rpki-client.org