Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/mKikTdEfYhkqtPthsI8iPes1KjE.roa
File:                     mKikTdEfYhkqtPthsI8iPes1KjE.roa (raw, json)
Hash identifier:          Q+FZmKIFMlshQrzrWVVl0PdlBpS294rCvEuRR6Qcuwk=
Subject key identifier:   98:A8:A4:4D:D1:1F:62:19:2A:B4:FB:61:B0:8F:22:3D:EB:35:2A:31
Certificate issuer:       /CN=ef7dd1ebee513ffa318cdc88b81ac18cfe726b30
Certificate serial:       018CC6B7DD4CD882F28A39F3731C3ABD2B3F
Authority key identifier: EF:7D:D1:EB:EE:51:3F:FA:31:8C:DC:88:B8:1A:C1:8C:FE:72:6B:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/733R6-5RP_oxjNyIuBrBjP5yazA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/mKikTdEfYhkqtPthsI8iPes1KjE.roa
Signing time:             Mon 01 Jan 2024 20:29:47 +0000
ROA not before:           Mon 01 Jan 2024 20:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30972
IP address blocks:        141.138.88.0/21 maxlen: 21
                          193.22.143.0/24 maxlen: 24
                          193.242.217.0/24 maxlen: 24
                          195.88.194.0/23 maxlen: 23
                          185.97.184.0/22 maxlen: 22
                          2a0a:21c0::/29 maxlen: 29
                          2a01:a580::/32 maxlen: 32
                          2a01:a580::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 30 May 2024 15:10:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:dd:4c:d8:82:f2:8a:39:f3:73:1c:3a:bd:2b:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7dd1ebee513ffa318cdc88b81ac18cfe726b30
        Validity
            Not Before: Jan  1 20:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=98a8a44dd11f62192ab4fb61b08f223deb352a31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c9:7c:91:99:a8:ec:36:28:dc:e1:d4:7e:97:
                    a4:3f:bb:38:36:e5:89:a6:58:a5:22:68:60:1b:a3:
                    f7:50:24:92:b9:04:f2:e7:17:23:40:ce:70:e3:13:
                    ed:55:01:17:0b:92:ca:cb:b1:50:8b:49:b9:ce:90:
                    3c:8a:d4:de:95:a0:24:a7:b9:84:6a:41:5b:77:2e:
                    7c:2e:1c:5f:ed:3f:b5:a6:93:a2:b3:49:b4:4d:9f:
                    d4:3e:74:62:2c:df:b7:9e:47:60:2b:a3:e3:84:0f:
                    22:a9:af:bd:07:5b:16:ca:e5:1e:a1:0b:4f:ac:e9:
                    fc:be:d6:40:73:6a:c0:79:2c:63:bf:d4:5a:97:dc:
                    73:ed:60:64:e6:ad:a7:2f:e4:53:3b:81:15:b8:e5:
                    3c:93:80:9b:41:92:00:4c:84:41:6e:89:43:d5:d0:
                    27:a4:b6:b1:e3:0a:13:89:b3:d0:3d:a5:98:fd:03:
                    ad:bf:66:53:88:81:85:7e:61:5d:f7:15:68:e2:09:
                    ad:b6:f2:33:26:8d:7b:58:93:10:e7:12:e5:f4:31:
                    3e:95:d5:8e:58:06:23:ea:bc:28:90:4e:69:8f:3e:
                    1e:da:46:44:09:51:11:b4:a4:bb:39:62:2d:6d:2a:
                    8e:41:b9:9a:c5:dc:66:e8:70:d0:98:b5:b6:53:af:
                    61:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:A8:A4:4D:D1:1F:62:19:2A:B4:FB:61:B0:8F:22:3D:EB:35:2A:31
            X509v3 Authority Key Identifier:
                keyid:EF:7D:D1:EB:EE:51:3F:FA:31:8C:DC:88:B8:1A:C1:8C:FE:72:6B:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/733R6-5RP_oxjNyIuBrBjP5yazA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/mKikTdEfYhkqtPthsI8iPes1KjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/f9ee6d-7640-4e3d-9b45-e56feca612e7/1/733R6-5RP_oxjNyIuBrBjP5yazA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.88.0/21
                  185.97.184.0/22
                  193.22.143.0/24
                  193.242.217.0/24
                  195.88.194.0/23
                IPv6:
                  2a01:a580::/29
                  2a0a:21c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:05:c8:ab:8a:0e:00:a3:9a:76:97:6d:09:48:68:3c:9d:c1:
         4f:cd:d8:17:11:8e:c5:d7:08:b9:ad:66:99:26:9e:f2:f2:9c:
         3e:13:10:4b:34:44:0a:00:46:50:83:c5:93:5f:40:eb:72:02:
         5b:b6:30:e4:37:c7:72:81:b8:97:96:a4:12:d4:63:db:2e:14:
         24:06:c4:f7:30:6f:53:6d:46:43:23:41:bd:97:6f:8f:fa:91:
         c2:82:be:3a:6b:b0:24:5d:25:97:7d:5d:19:c4:d2:ea:14:e4:
         36:f5:d2:94:3b:30:4c:c7:58:73:c9:54:2d:04:86:35:ed:82:
         1e:f8:f4:9f:59:2c:c2:34:11:3c:21:13:d2:80:15:99:55:69:
         68:ef:ca:e7:28:45:ca:dc:d7:b1:f8:42:cb:fa:0c:81:d2:67:
         43:24:dd:18:d4:3c:90:06:65:0e:29:8a:fe:0e:45:72:ff:9b:
         ab:d7:57:7d:cd:84:20:d6:46:a0:bf:fa:81:9c:04:d9:92:d2:
         1f:ae:1d:be:32:8c:b1:d7:3b:fe:ee:71:ed:c9:7a:af:22:d0:
         90:84:16:74:b5:9f:a5:46:d8:23:81:49:08:7a:a2:87:10:90:
         dd:a1:eb:a7:e7:25:b5:97:5a:83:4b:79:df:fa:a6:a4:c8:47:
         77:82:b1:7c
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzGt91M2ILyijnzcxw6vSs/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2RkMWViZWU1MTNmZmEzMThjZGM4OGI4MWFjMThjZmU3
MjZiMzAwHhcNMjQwMTAxMjAyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGE4YTQ0ZGQxMWY2MjE5MmFiNGZiNjFiMDhmMjIzZGViMzUyYTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicl8kZmo7DYo3OHUfpekP7s4NuWJ
plilImhgG6P3UCSSuQTy5xcjQM5w4xPtVQEXC5LKy7FQi0m5zpA8itTelaAkp7mE
akFbdy58Lhxf7T+1ppOis0m0TZ/UPnRiLN+3nkdgK6PjhA8iqa+9B1sWyuUeoQtP
rOn8vtZAc2rAeSxjv9Ral9xz7WBk5q2nL+RTO4EVuOU8k4CbQZIATIRBbolD1dAn
pLax4woTibPQPaWY/QOtv2ZTiIGFfmFd9xVo4gmttvIzJo17WJMQ5xLl9DE+ldWO
WAYj6rwokE5pjz4e2kZECVERtKS7OWItbSqOQbmaxdxm6HDQmLW2U69hrQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFJiopE3RH2IZKrT7YbCPIj3rNSoxMB8GA1UdIwQY
MBaAFO990evuUT/6MYzciLgawYz+cmswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzMzUjYtNVJQX294ak55SXVCckJqUDV5YXpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9mOWVlNmQtNzY0MC00ZTNkLTliNDUt
ZTU2ZmVjYTYxMmU3LzEvbUtpa1RkRWZZaGtxdFB0aHNJOGlQZXMxS2pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9mOWVlNmQtNzY0MC00ZTNkLTliNDUtZTU2ZmVjYTYxMmU3
LzEvNzMzUjYtNVJQX294ak55SXVCckJqUDV5YXpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDjYpYAwQC
uWG4AwQAwRaPAwQAwfLZAwQBw1jCMBQEAgACMA4DBQMqAaWAAwUDKgohwDANBgkq
hkiG9w0BAQsFAAOCAQEAwAXIq4oOAKOadpdtCUhoPJ3BT83YFxGOxdcIua1mmSae
8vKcPhMQSzRECgBGUIPFk19A63ICW7Yw5DfHcoG4l5akEtRj2y4UJAbE9zBvU21G
QyNBvZdvj/qRwoK+OmuwJF0ll31dGcTS6hTkNvXSlDswTMdYc8lULQSGNe2CHvj0
n1kswjQRPCET0oAVmVVpaO/K5yhFytzXsfhCy/oMgdJnQyTdGNQ8kAZlDimK/g5F
cv+bq9dXfc2EINZGoL/6gZwE2ZLSH64dvjKMsdc7/u5x7cl6ryLQkIQWdLWfpUbY
I4FJCHqihxCQ3aHrp+cltZdag0t53/qmpMhHd4KxfA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:22 2024 by rpki-client on console-fra.rpki-client.org