Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/PiPdEHpuXajDYITJiQyQTlscLps.roa
File:                     PiPdEHpuXajDYITJiQyQTlscLps.roa (raw, json)
Hash identifier:          jSumJOggvyNVIa/+678GPNNYirSqjCauB2AbvNN2JyM=
Subject key identifier:   3E:23:DD:10:7A:6E:5D:A8:C3:60:84:C9:89:0C:90:4E:5B:1C:2E:9B
Certificate issuer:       /CN=cd3bbc195cda7e58245a61cb30b96fe572fd7811
Certificate serial:       018B5BE37857D46F0F86E08EE91975FED899
Authority key identifier: CD:3B:BC:19:5C:DA:7E:58:24:5A:61:CB:30:B9:6F:E5:72:FD:78:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zTu8GVzaflgkWmHLMLlv5XL9eBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/PiPdEHpuXajDYITJiQyQTlscLps.roa
Signing time:             Mon 23 Oct 2023 09:35:16 +0000
ROA not before:           Mon 23 Oct 2023 09:35:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210692
IP address blocks:        62.106.88.0/24 maxlen: 24
                          94.154.112.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:5b:e3:78:57:d4:6f:0f:86:e0:8e:e9:19:75:fe:d8:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd3bbc195cda7e58245a61cb30b96fe572fd7811
        Validity
            Not Before: Oct 23 09:35:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3e23dd107a6e5da8c36084c9890c904e5b1c2e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ce:09:3e:4d:5f:d9:a2:7a:53:ca:b8:fd:be:
                    ee:3d:5c:5a:7d:6b:b7:94:55:4e:b4:cd:df:c4:d2:
                    d4:01:64:7a:e8:f5:64:87:3e:77:d3:85:f8:19:76:
                    13:8e:20:9d:28:f3:f8:a7:fb:85:f2:df:82:17:9c:
                    ea:6a:f7:ab:4f:5a:1e:3b:7d:68:55:b2:8d:e7:36:
                    73:41:d2:62:08:8e:6c:f5:3c:1f:78:85:d3:15:c1:
                    b7:e4:36:f7:d5:b1:8b:af:66:11:ee:ee:de:ce:14:
                    fb:95:7c:b2:d2:71:71:2d:0e:cc:55:de:2d:64:02:
                    2d:cb:a2:72:b0:a3:97:b7:e9:37:d4:3f:64:ca:b1:
                    c6:a5:f1:9c:ea:d3:41:d0:af:83:4b:95:39:35:9c:
                    c8:4d:a0:db:e1:08:5f:de:56:48:f5:19:68:69:37:
                    d1:98:d3:90:65:8e:10:b4:61:8c:7a:cb:bf:5b:a6:
                    fb:5f:07:dd:75:14:5a:c9:b7:38:20:8e:12:ce:c7:
                    56:9f:57:c1:fe:ea:e7:ad:08:22:07:b1:2f:aa:0e:
                    f9:a1:a5:f7:5e:50:e3:c6:66:96:19:0c:1f:4b:19:
                    5c:95:5d:83:c7:b6:31:e5:11:57:37:0b:07:68:37:
                    14:ea:75:b4:22:d4:20:90:83:40:b2:de:17:b3:a2:
                    9d:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:23:DD:10:7A:6E:5D:A8:C3:60:84:C9:89:0C:90:4E:5B:1C:2E:9B
            X509v3 Authority Key Identifier:
                keyid:CD:3B:BC:19:5C:DA:7E:58:24:5A:61:CB:30:B9:6F:E5:72:FD:78:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zTu8GVzaflgkWmHLMLlv5XL9eBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/PiPdEHpuXajDYITJiQyQTlscLps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5af7a5-b67c-459a-9893-c6fadeb285ba/1/zTu8GVzaflgkWmHLMLlv5XL9eBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.88.0/24
                  94.154.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:84:fa:f9:e9:4b:60:6c:8c:e9:90:7d:b5:12:20:03:67:76:
         c0:47:b0:93:cc:0b:d3:49:51:8c:91:c2:5f:bb:e1:e2:e0:a3:
         ee:17:61:f0:15:ae:f5:af:fe:93:80:f2:56:ba:ef:33:76:4e:
         91:28:c0:69:41:51:3e:e5:8c:f3:58:1d:16:ad:c1:da:3a:4b:
         65:7c:61:34:cc:e0:80:16:d6:12:e5:ad:27:6d:bf:ce:6e:ff:
         99:32:75:f4:f7:dd:5f:36:a5:cd:f1:4b:0f:5c:a5:0b:1a:a0:
         07:55:25:89:89:f9:fe:89:0e:1e:21:65:f9:df:56:4b:1d:0a:
         e6:5f:ea:5d:ab:6a:2b:92:e8:84:98:77:b2:f9:b1:93:83:91:
         64:62:54:68:e8:42:03:b1:4d:28:a2:80:0b:66:a5:2d:15:9f:
         a5:3b:0f:1c:73:ef:83:d8:42:fe:ad:3c:61:d9:8b:7e:22:cd:
         74:1b:08:ae:fd:17:6d:1c:49:63:1d:dd:de:92:67:55:ab:42:
         58:4d:4e:a0:4b:bd:3a:9d:93:a9:7a:a6:bc:95:da:e5:8b:92:
         a3:b2:b4:65:83:fe:ae:fa:54:a8:0f:e6:20:b3:1d:d4:62:f4:
         6b:c2:86:b8:7f:4b:4c:21:24:6c:72:fa:bc:e9:e5:9b:33:1c:
         91:50:44:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYtb43hX1G8PhuCO6Rl1/tiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkM2JiYzE5NWNkYTdlNTgyNDVhNjFjYjMwYjk2ZmU1NzJm
ZDc4MTEwHhcNMjMxMDIzMDkzNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTIzZGQxMDdhNmU1ZGE4YzM2MDg0Yzk4OTBjOTA0ZTViMWMyZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt84JPk1f2aJ6U8q4/b7uPVxafWu3
lFVOtM3fxNLUAWR66PVkhz5304X4GXYTjiCdKPP4p/uF8t+CF5zqaverT1oeO31o
VbKN5zZzQdJiCI5s9TwfeIXTFcG35Db31bGLr2YR7u7ezhT7lXyy0nFxLQ7MVd4t
ZAIty6JysKOXt+k31D9kyrHGpfGc6tNB0K+DS5U5NZzITaDb4Qhf3lZI9RloaTfR
mNOQZY4QtGGMesu/W6b7XwfddRRaybc4II4SzsdWn1fB/urnrQgiB7Evqg75oaX3
XlDjxmaWGQwfSxlclV2Dx7Yx5RFXNwsHaDcU6nW0ItQgkINAst4Xs6KdZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD4j3RB6bl2ow2CEyYkMkE5bHC6bMB8GA1UdIwQY
MBaAFM07vBlc2n5YJFphyzC5b+Vy/XgRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelR1OEdWemFmbGdrV21ITE1MbHY1WEw5ZUJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny81YWY3YTUtYjY3Yy00NTlhLTk4OTMt
YzZmYWRlYjI4NWJhLzEvUGlQZEVIcHVYYWpEWUlUSmlReVFUbHNjTHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny81YWY3YTUtYjY3Yy00NTlhLTk4OTMtYzZmYWRlYjI4NWJh
LzEvelR1OEdWemFmbGdrV21ITE1MbHY1WEw5ZUJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPmpYAwQA
XppwMA0GCSqGSIb3DQEBCwUAA4IBAQAFhPr56UtgbIzpkH21EiADZ3bAR7CTzAvT
SVGMkcJfu+Hi4KPuF2HwFa71r/6TgPJWuu8zdk6RKMBpQVE+5YzzWB0WrcHaOktl
fGE0zOCAFtYS5a0nbb/Obv+ZMnX0991fNqXN8UsPXKULGqAHVSWJifn+iQ4eIWX5
31ZLHQrmX+pdq2orkuiEmHey+bGTg5FkYlRo6EIDsU0oooALZqUtFZ+lOw8cc++D
2EL+rTxh2Yt+Is10Gwiu/RdtHEljHd3ekmdVq0JYTU6gS706nZOpeqa8ldrli5Kj
srRlg/6u+lSoD+Ygsx3UYvRrwoa4f0tMISRscvq86eWbMxyRUER2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:44 2024 by rpki-client on console-ams.rpki-client.org