Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/9wfldRR4JaDkV0uCmlRMiZHni_g.roa
File:                     9wfldRR4JaDkV0uCmlRMiZHni_g.roa (raw, json)
Hash identifier:          7JWEXUE6pVXBaytx7myy9lzYcdyh4WlZfHqI8a1qSfQ=
Subject key identifier:   F7:07:E5:75:14:78:25:A0:E4:57:4B:82:9A:54:4C:89:91:E7:8B:F8
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018AF60B3344E59EDB951748C0C2ADF2F2A7
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/9wfldRR4JaDkV0uCmlRMiZHni_g.roa
Signing time:             Tue 03 Oct 2023 14:57:23 +0000
ROA not before:           Tue 03 Oct 2023 14:57:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        168.199.212.0/22 maxlen: 24
                          147.136.68.0/22 maxlen: 24
                          147.136.76.0/22 maxlen: 24
                          147.136.84.0/22 maxlen: 24
                          168.199.128.0/22 maxlen: 24
                          147.136.92.0/22 maxlen: 24
                          168.199.160.0/22 maxlen: 24
                          185.101.244.0/23 maxlen: 24
                          185.101.246.0/23 maxlen: 24
                          168.199.192.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 03 Oct 2023 15:05:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f6:0b:33:44:e5:9e:db:95:17:48:c0:c2:ad:f2:f2:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Oct  3 14:57:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f707e575147825a0e4574b829a544c8991e78bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d3:83:ab:dc:66:3d:2e:0a:59:d9:f3:70:3f:
                    d4:35:88:7a:a3:14:1f:d5:ec:1d:bf:c5:ea:52:78:
                    b7:d8:21:60:c0:26:f9:bf:6e:1d:d9:63:f7:cc:95:
                    e8:f2:bc:4a:0d:56:51:d7:fc:b5:b4:10:3d:da:c5:
                    c8:03:1d:4c:b8:f9:fc:db:ea:c9:5f:7e:d4:10:ba:
                    73:6e:aa:f5:0b:1f:14:fb:f3:7a:85:ee:99:cc:16:
                    bd:39:2d:3f:e0:8f:15:6b:bf:a1:7d:9b:fb:d4:df:
                    be:63:bc:1b:ea:41:85:79:8f:13:76:29:aa:8d:81:
                    19:d4:c9:d1:f2:a3:c9:cd:13:0b:8b:84:c3:58:c4:
                    d3:b3:9d:8f:12:d5:82:cc:80:f9:65:37:2a:3c:bc:
                    9d:d2:e4:86:49:1a:1a:61:20:23:5e:aa:c2:32:3c:
                    4a:1f:d2:32:f2:b4:b4:4f:18:fe:f2:5c:f1:7c:e4:
                    cb:6f:2e:f8:10:8f:cc:33:a8:16:4b:6f:51:44:7c:
                    e5:aa:73:da:81:17:1c:cb:0c:9f:a9:72:b0:71:57:
                    2c:a2:cc:cd:97:49:11:56:ec:bf:ab:d8:75:38:60:
                    17:21:c5:af:ff:84:94:39:46:36:13:e9:81:ba:ac:
                    a1:29:46:15:d5:4d:3b:ac:9a:37:69:53:7c:09:4a:
                    46:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:07:E5:75:14:78:25:A0:E4:57:4B:82:9A:54:4C:89:91:E7:8B:F8
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/9wfldRR4JaDkV0uCmlRMiZHni_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.136.68.0/22
                  147.136.76.0/22
                  147.136.84.0/22
                  147.136.92.0/22
                  168.199.128.0/22
                  168.199.160.0/22
                  168.199.192.0/22
                  168.199.212.0/22
                  185.101.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:2a:de:f6:28:86:e8:85:41:a7:06:cf:7a:af:32:05:c7:15:
         be:5a:32:99:78:61:80:4c:11:52:50:8d:23:b5:8a:75:65:00:
         33:fc:b7:a0:9a:0e:4b:6e:a7:ac:f6:dc:2a:7a:ff:b9:f2:3e:
         81:70:1e:05:eb:3e:2f:bb:5d:29:24:e1:ab:72:88:a6:b2:7d:
         0f:64:84:34:50:aa:8b:d2:56:57:10:0f:2a:d7:d8:9d:f8:8e:
         05:84:46:f4:36:1a:2d:cf:d9:f0:c2:0d:80:9f:5e:4c:31:ce:
         69:d9:d3:7c:e4:fb:a3:19:bb:9b:d9:32:2b:0d:26:95:28:07:
         99:90:13:23:7f:c1:8f:b5:98:d1:51:a5:99:a2:d5:e9:18:b3:
         72:22:2c:fc:3c:2c:7f:bb:60:1e:aa:a8:90:0d:42:9c:4a:81:
         3b:55:83:82:be:4d:c9:53:ef:43:40:16:5b:cb:dd:f3:0a:28:
         11:b0:62:48:4b:8c:e0:7c:4e:49:bf:9a:f6:7a:6b:cb:0b:8e:
         69:25:cc:e3:a9:f5:e5:b1:18:95:68:77:16:c9:07:0c:3d:81:
         e3:8d:cd:2f:67:52:ad:b4:d7:7d:bf:0a:73:72:f6:30:15:49:
         f5:49:2c:0d:a9:c9:aa:3f:0d:86:ea:cb:34:1a:e9:08:3b:dc:
         1b:b9:c2:f2
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYr2CzNE5Z7blRdIwMKt8vKnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjMxMDAzMTQ1NzIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzA3ZTU3NTE0NzgyNWEwZTQ1NzRiODI5YTU0NGM4OTkxZTc4YmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9ODq9xmPS4KWdnzcD/UNYh6oxQf
1ewdv8XqUni32CFgwCb5v24d2WP3zJXo8rxKDVZR1/y1tBA92sXIAx1MuPn82+rJ
X37UELpzbqr1Cx8U+/N6he6ZzBa9OS0/4I8Va7+hfZv71N++Y7wb6kGFeY8Tdimq
jYEZ1MnR8qPJzRMLi4TDWMTTs52PEtWCzID5ZTcqPLyd0uSGSRoaYSAjXqrCMjxK
H9Iy8rS0Txj+8lzxfOTLby74EI/MM6gWS29RRHzlqnPagRccywyfqXKwcVcsoszN
l0kRVuy/q9h1OGAXIcWv/4SUOUY2E+mBuqyhKUYV1U07rJo3aVN8CUpGDwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFPcH5XUUeCWg5FdLgppUTImR54v4MB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvOXdmbGRSUjRKYURrVjB1Q21sUk1pWkhuaV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCk4hEAwQC
k4hMAwQCk4hUAwQCk4hcAwQCqMeAAwQCqMegAwQCqMfAAwQCqMfUAwQCuWX0MA0G
CSqGSIb3DQEBCwUAA4IBAQAYKt72KIbohUGnBs96rzIFxxW+WjKZeGGATBFSUI0j
tYp1ZQAz/Legmg5Lbqes9twqev+58j6BcB4F6z4vu10pJOGrcoimsn0PZIQ0UKqL
0lZXEA8q19id+I4FhEb0Nhotz9nwwg2An15MMc5p2dN85PujGbub2TIrDSaVKAeZ
kBMjf8GPtZjRUaWZotXpGLNyIiz8PCx/u2AeqqiQDUKcSoE7VYOCvk3JU+9DQBZb
y93zCigRsGJIS4zgfE5Jv5r2emvLC45pJczjqfXlsRiVaHcWyQcMPYHjjc0vZ1Kt
tNd9vwpzcvYwFUn1SSwNqcmqPw2G6ss0GukIO9wbucLy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:50 2024 by rpki-client on console-fra.rpki-client.org