Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/CNiXqi2iy9WZPDe119Xvfo637f4.roa
File:                     CNiXqi2iy9WZPDe119Xvfo637f4.roa (raw, json)
Hash identifier:          aGp9YgpyrR+9J8qvV+c3waViBzbXo7jHE3GEgdwGi6c=
Subject key identifier:   08:D8:97:AA:2D:A2:CB:D5:99:3C:37:B5:D7:D5:EF:7E:8E:B7:ED:FE
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01856B4A4677BA9E27CCFE6CC745281F2FE8
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/CNiXqi2iy9WZPDe119Xvfo637f4.roa
Signing time:             Sun 01 Jan 2023 03:05:07 +0000
ROA not before:           Sun 01 Jan 2023 03:05:07 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208356
IP address blocks:        188.72.90.0/24 maxlen: 24
                          188.72.91.0/24 maxlen: 24
                          188.72.88.0/24 maxlen: 24
                          188.72.125.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 21 Jul 2023 12:08:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:4a:46:77:ba:9e:27:cc:fe:6c:c7:45:28:1f:2f:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:05:07 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08d897aa2da2cbd5993c37b5d7d5ef7e8eb7edfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:da:e8:88:67:92:9f:59:ee:a0:2a:63:15:fb:
                    84:48:4e:2c:ff:81:19:44:bf:2b:c0:db:05:c0:9b:
                    ec:d2:82:5d:e2:98:5c:45:c2:6c:53:d2:93:b1:21:
                    f9:a5:94:06:b9:56:58:0b:03:a6:af:3e:a3:43:ba:
                    28:db:05:73:e1:00:80:c6:05:0e:7c:71:84:50:ef:
                    1f:0d:6f:77:8e:9b:17:d2:71:89:f8:b5:e3:88:18:
                    7a:d4:2a:32:3e:ae:fc:b9:6e:f4:04:dd:44:6e:78:
                    44:98:89:25:79:99:ba:26:f0:c1:d8:7c:40:fc:10:
                    b6:31:7d:1a:20:e5:e5:10:45:4c:05:5a:60:62:4a:
                    d3:90:35:12:22:0b:19:4e:4f:41:5c:e5:20:de:e3:
                    ac:32:da:82:8b:ac:05:85:e2:82:c2:60:b1:27:05:
                    0b:7b:bf:62:a7:d7:a0:b3:78:60:59:df:a8:f9:9d:
                    11:37:66:66:7c:de:a2:20:1b:b6:e8:4c:dc:dc:f0:
                    43:ba:47:c6:51:4e:69:f9:9c:f7:64:bf:df:fe:94:
                    a0:e4:f8:b9:42:3b:f1:d8:b2:5f:d8:d1:07:6a:00:
                    c5:14:de:4c:9d:61:92:81:99:ed:6a:e1:b2:f3:c6:
                    7b:41:b9:8b:ed:88:a8:6e:22:e1:94:f0:19:14:4e:
                    08:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D8:97:AA:2D:A2:CB:D5:99:3C:37:B5:D7:D5:EF:7E:8E:B7:ED:FE
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/CNiXqi2iy9WZPDe119Xvfo637f4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.72.88.0/24
                  188.72.90.0/23
                  188.72.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:da:57:88:a3:af:02:f6:16:53:01:ad:8b:c3:35:d1:2e:d8:
         11:33:fc:85:aa:ec:13:81:26:17:1d:23:57:fc:97:b9:8c:1d:
         67:e8:f7:57:87:68:cb:a1:85:be:88:bf:c0:7c:5e:52:c8:cc:
         8f:fe:30:e0:ca:e5:a6:ab:ea:da:ac:16:aa:bb:b1:46:b1:5c:
         36:ea:9b:01:2d:b2:08:f5:42:81:70:de:cf:e5:51:2d:07:94:
         d8:ee:2d:f5:c6:33:75:22:11:bf:da:04:56:71:b3:c1:23:1e:
         74:e1:12:ce:2d:3b:88:79:11:42:4e:0a:55:d0:59:7a:8e:3f:
         ee:3a:37:1c:65:62:5d:da:54:9f:47:45:ad:e9:4f:95:3c:32:
         9a:33:28:28:83:21:fa:66:bc:f7:b7:e9:d9:91:b8:c4:93:8b:
         4f:55:9b:13:2d:9c:56:81:57:55:54:5a:27:6f:ae:03:1b:07:
         35:84:35:bd:44:bc:a4:7a:49:2e:08:a0:2e:af:c8:eb:ab:7f:
         f9:b4:4b:7c:c2:e0:71:d4:55:bf:19:29:8a:55:ef:f5:07:59:
         3f:7e:01:b6:95:ae:5e:91:1e:80:5f:55:d2:a1:89:dc:57:a8:
         19:d9:ee:90:d9:ef:14:26:8f:e3:39:ca:cf:13:fc:d3:bf:82:
         a4:d0:7c:4c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVrSkZ3up4nzP5sx0UoHy/oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjMwMTAxMDMwNTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQ4OTdhYTJkYTJjYmQ1OTkzYzM3YjVkN2Q1ZWY3ZThlYjdlZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4troiGeSn1nuoCpjFfuESE4s/4EZ
RL8rwNsFwJvs0oJd4phcRcJsU9KTsSH5pZQGuVZYCwOmrz6jQ7oo2wVz4QCAxgUO
fHGEUO8fDW93jpsX0nGJ+LXjiBh61CoyPq78uW70BN1EbnhEmIkleZm6JvDB2HxA
/BC2MX0aIOXlEEVMBVpgYkrTkDUSIgsZTk9BXOUg3uOsMtqCi6wFheKCwmCxJwUL
e79ip9egs3hgWd+o+Z0RN2ZmfN6iIBu26Ezc3PBDukfGUU5p+Zz3ZL/f/pSg5Pi5
Qjvx2LJf2NEHagDFFN5MnWGSgZntauGy88Z7QbmL7YiobiLhlPAZFE4IIQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAjYl6otosvVmTw3tdfV736Ot+3+MB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvQ05pWHFpMml5OVdaUERlMTE5WHZmbzYzN2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAvEhYAwQB
vEhaAwQAvEh9MA0GCSqGSIb3DQEBCwUAA4IBAQCK2leIo68C9hZTAa2LwzXRLtgR
M/yFquwTgSYXHSNX/Je5jB1n6PdXh2jLoYW+iL/AfF5SyMyP/jDgyuWmq+rarBaq
u7FGsVw26psBLbII9UKBcN7P5VEtB5TY7i31xjN1IhG/2gRWcbPBIx504RLOLTuI
eRFCTgpV0Fl6jj/uOjccZWJd2lSfR0Wt6U+VPDKaMygogyH6Zrz3t+nZkbjEk4tP
VZsTLZxWgVdVVFonb64DGwc1hDW9RLykekkuCKAur8jrq3/5tEt8wuBx1FW/GSmK
Ve/1B1k/fgG2la5ekR6AX1XSoYncV6gZ2e6Q2e8UJo/jOcrPE/zTv4Kk0HxM
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:33 2024 by rpki-client on console-ams.rpki-client.org