Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/rLp8Hy7fPF5ALVPV6GK-RL5nkiQ.roa
File:                     rLp8Hy7fPF5ALVPV6GK-RL5nkiQ.roa (raw, json)
Hash identifier:          ex+c3PcQzp+LO1WtpqiCiISgHjc+mR6UKIx54L40RfQ=
Subject key identifier:   AC:BA:7C:1F:2E:DF:3C:5E:40:2D:53:D5:E8:62:BE:44:BE:67:92:24
Certificate issuer:       /CN=408025c7de0400e0f3c88d4a122a317e32c5e21c
Certificate serial:       018573717DCE40C090096D49D311C389A999
Authority key identifier: 40:80:25:C7:DE:04:00:E0:F3:C8:8D:4A:12:2A:31:7E:32:C5:E2:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/rLp8Hy7fPF5ALVPV6GK-RL5nkiQ.roa
Signing time:             Mon 02 Jan 2023 17:04:55 +0000
ROA not before:           Mon 02 Jan 2023 17:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30818
IP address blocks:        82.221.0.0/20 maxlen: 20
                          82.221.164.0/24 maxlen: 24
                          82.221.166.0/24 maxlen: 24
                          82.221.167.0/24 maxlen: 24
                          82.221.168.0/24 maxlen: 24
                          82.221.170.0/24 maxlen: 24
                          82.221.80.0/20 maxlen: 20
                          82.221.96.0/20 maxlen: 20
                          82.221.112.0/20 maxlen: 20
                          82.221.16.0/20 maxlen: 20
                          82.221.32.0/20 maxlen: 20
                          82.221.48.0/20 maxlen: 20
                          82.221.57.0/24 maxlen: 24
                          82.221.64.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Fri 17 Feb 2023 18:27:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:71:7d:ce:40:c0:90:09:6d:49:d3:11:c3:89:a9:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408025c7de0400e0f3c88d4a122a317e32c5e21c
        Validity
            Not Before: Jan  2 17:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=acba7c1f2edf3c5e402d53d5e862be44be679224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:83:81:0b:19:a0:e8:bd:9d:64:3b:b7:82:ff:
                    2e:cd:f9:63:7c:07:b8:c3:08:28:93:83:29:1c:a4:
                    e3:9e:76:a6:7f:6e:b1:24:f4:77:5a:c2:12:0b:5f:
                    16:f6:5c:f6:13:3a:6a:01:39:54:73:71:2e:1c:43:
                    1b:57:30:2e:b6:78:5e:b6:9a:a7:56:fa:39:eb:2f:
                    96:19:da:97:e8:03:d6:51:c2:44:5a:1f:60:5d:05:
                    6c:74:6a:9e:ad:e6:46:1b:33:30:9b:9e:43:ff:81:
                    80:c0:98:70:d7:f2:66:5d:9b:4c:9a:4d:f2:d0:b3:
                    5c:e1:ff:ac:1c:6e:e0:a4:5a:23:e3:37:4e:c0:1b:
                    31:d4:11:7a:f0:78:08:56:c6:5f:5b:dc:57:cb:46:
                    a1:8c:65:26:9d:28:50:df:31:9c:9f:b7:be:b8:e8:
                    d9:ea:96:2b:0c:93:d1:a3:37:51:d5:9c:ff:2a:ea:
                    4d:88:40:67:fa:d8:b8:bd:9f:a3:2d:d3:88:f2:dd:
                    c1:c2:18:b8:aa:bd:36:c4:ee:19:23:4b:6d:95:e1:
                    9a:b5:bc:9f:39:33:fd:b3:bf:89:bd:fd:8b:65:e5:
                    f2:c3:59:ca:94:38:2a:44:61:ea:20:7a:65:4b:52:
                    80:df:54:1b:fc:49:b2:7d:cf:cc:39:93:11:96:2c:
                    96:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:BA:7C:1F:2E:DF:3C:5E:40:2D:53:D5:E8:62:BE:44:BE:67:92:24
            X509v3 Authority Key Identifier:
                keyid:40:80:25:C7:DE:04:00:E0:F3:C8:8D:4A:12:2A:31:7E:32:C5:E2:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIAlx94EAODzyI1KEioxfjLF4hw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/rLp8Hy7fPF5ALVPV6GK-RL5nkiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/59303d-748a-4797-811e-fee2e8d4084f/1/QIAlx94EAODzyI1KEioxfjLF4hw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.221.0.0/17
                  82.221.164.0/24
                  82.221.166.0-82.221.168.255
                  82.221.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:91:19:b8:16:c3:c2:bd:ed:ae:5f:00:00:e2:44:e1:3d:d4:
         b9:7e:34:14:31:a4:3c:d3:5b:5f:e5:48:63:f1:bf:dd:94:40:
         91:ad:6d:41:7a:84:e8:c9:69:6c:24:30:ff:8c:69:9c:23:88:
         cc:ea:e3:1e:64:fa:d8:43:0e:ab:ea:10:55:fb:9f:f3:63:88:
         7d:55:55:77:9a:5e:92:8b:44:dd:82:ab:f3:60:8e:48:cb:7f:
         05:ec:ba:2d:b2:c5:65:f5:8c:e9:e4:88:8c:d1:77:3c:cb:f9:
         84:78:92:9c:d7:32:90:29:07:7f:5d:f0:35:03:c8:57:69:03:
         9c:4c:28:6b:54:da:e8:c1:85:04:00:dd:9b:9b:12:57:a5:cc:
         1b:c2:31:34:c8:60:b4:65:a4:35:e6:d4:19:3e:fb:62:1e:70:
         27:4e:0a:8b:a2:87:b9:4d:e3:de:c4:0c:b9:b4:d3:b0:17:c5:
         06:47:c9:aa:79:58:2e:78:37:87:93:e0:51:89:3a:66:54:2e:
         17:69:f3:fd:b2:5c:3b:b6:56:16:d6:b9:21:1f:50:59:3b:4e:
         8d:b9:bb:47:7a:90:d2:83:fc:41:53:31:4d:26:2b:e1:d5:6a:
         77:ba:0f:fa:f3:b0:c5:b7:6a:9a:ac:38:f5:45:f9:7f:6c:cc:
         52:8f:b5:f9
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVzcX3OQMCQCW1J0xHDiamZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwODAyNWM3ZGUwNDAwZTBmM2M4OGQ0YTEyMmEzMTdlMzJj
NWUyMWMwHhcNMjMwMTAyMTcwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2JhN2MxZjJlZGYzYzVlNDAyZDUzZDVlODYyYmU0NGJlNjc5MjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYOBCxmg6L2dZDu3gv8uzfljfAe4
wwgok4MpHKTjnnamf26xJPR3WsISC18W9lz2EzpqATlUc3EuHEMbVzAutnhetpqn
Vvo56y+WGdqX6APWUcJEWh9gXQVsdGqereZGGzMwm55D/4GAwJhw1/JmXZtMmk3y
0LNc4f+sHG7gpFoj4zdOwBsx1BF68HgIVsZfW9xXy0ahjGUmnShQ3zGcn7e+uOjZ
6pYrDJPRozdR1Zz/KupNiEBn+ti4vZ+jLdOI8t3Bwhi4qr02xO4ZI0ttleGatbyf
OTP9s7+Jvf2LZeXyw1nKlDgqRGHqIHplS1KA31Qb/Emyfc/MOZMRliyWXwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFKy6fB8u3zxeQC1T1ehivkS+Z5IkMB8GA1UdIwQY
MBaAFECAJcfeBADg88iNShIqMX4yxeIcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlBbHg5NEVBT0R6eUkxS0Vpb3hmakxGNGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy81OTMwM2QtNzQ4YS00Nzk3LTgxMWUt
ZmVlMmU4ZDQwODRmLzEvckxwOEh5N2ZQRjVBTFZQVjZHSy1STDVua2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy81OTMwM2QtNzQ4YS00Nzk3LTgxMWUtZmVlMmU4ZDQwODRm
LzEvUUlBbHg5NEVBT0R6eUkxS0Vpb3hmakxGNGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQHUt0AAwQA
Ut2kMAwDBAFS3aYDBABS3agDBABS3aowDQYJKoZIhvcNAQELBQADggEBALyRGbgW
w8K97a5fAADiROE91Ll+NBQxpDzTW1/lSGPxv92UQJGtbUF6hOjJaWwkMP+MaZwj
iMzq4x5k+thDDqvqEFX7n/NjiH1VVXeaXpKLRN2Cq/NgjkjLfwXsui2yxWX1jOnk
iIzRdzzL+YR4kpzXMpApB39d8DUDyFdpA5xMKGtU2ujBhQQA3ZubElelzBvCMTTI
YLRlpDXm1Bk++2IecCdOCouih7lN497EDLm007AXxQZHyap5WC54N4eT4FGJOmZU
Lhdp8/2yXDu2VhbWuSEfUFk7To25u0d6kNKD/EFTMU0mK+HVane6D/rzsMW3apqs
OPVF+X9szFKPtfk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:36 2024 by rpki-client on console-fra.rpki-client.org