Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/CYf0FS6FOMDQLhFJGF3JnFjFJow.roa
File:                     CYf0FS6FOMDQLhFJGF3JnFjFJow.roa (raw, json)
Hash identifier:          GaonGVbHvWD8tq8W7Mm7mtbLGPUd+SS5jz20eH38iAA=
Subject key identifier:   09:87:F4:15:2E:85:38:C0:D0:2E:11:49:18:5D:C9:9C:58:C5:26:8C
Certificate issuer:       /CN=954a2aee086174b01272fae779ad431eb092aeb7
Certificate serial:       01856FC266E28235F0C3F8599C4AB2071418
Authority key identifier: 95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/CYf0FS6FOMDQLhFJGF3JnFjFJow.roa
Signing time:             Sun 01 Jan 2023 23:54:49 +0000
ROA not before:           Sun 01 Jan 2023 23:54:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29141
IP address blocks:        93.89.24.0/24 maxlen: 24
                          37.247.112.0/24 maxlen: 24
                          37.247.118.0/24 maxlen: 24
                          37.247.113.0/24 maxlen: 24
                          37.247.115.0/24 maxlen: 24
                          37.247.114.0/24 maxlen: 24
                          185.7.82.0/24 maxlen: 24
                          185.7.83.0/24 maxlen: 24
                          2a03:402::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 08 Nov 2023 10:53:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:66:e2:82:35:f0:c3:f8:59:9c:4a:b2:07:14:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=954a2aee086174b01272fae779ad431eb092aeb7
        Validity
            Not Before: Jan  1 23:54:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0987f4152e8538c0d02e1149185dc99c58c5268c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:97:3a:32:f2:1d:07:a9:99:df:f3:dc:35:d8:
                    8c:5a:87:8b:0f:8a:eb:c3:84:81:2c:3d:9d:16:c7:
                    0a:f7:ce:dd:e3:b6:41:e0:9e:b5:9a:ca:ce:6a:7e:
                    41:70:87:6d:65:7e:f4:a9:5a:04:3e:63:29:28:1e:
                    69:ff:ff:2e:0d:0f:6e:19:e1:66:85:23:98:81:14:
                    e6:12:28:b7:16:31:d6:01:0a:eb:92:be:a4:1b:c2:
                    2c:43:d0:a8:4f:b3:9e:3d:f7:69:9f:dd:10:e2:40:
                    95:2d:a7:79:bb:f0:7c:82:29:88:43:3b:70:9c:67:
                    68:9b:de:15:51:b2:d8:ec:9d:f0:c7:1e:fd:bc:83:
                    a7:ee:98:dd:0f:31:f0:b0:c9:5a:49:8d:5b:ed:49:
                    1c:57:fd:5c:91:bb:05:3b:a0:98:d6:97:79:dd:a3:
                    a2:0f:1c:a1:45:8d:93:88:55:1d:22:59:75:30:84:
                    8f:6a:35:44:90:ee:2a:ad:07:33:60:57:0d:c8:2e:
                    2e:2f:04:32:a4:0a:15:d6:c7:79:b9:f3:c0:65:df:
                    64:4c:ba:07:08:4d:5b:e1:17:74:5d:d1:85:55:82:
                    31:68:bd:58:1c:f3:ea:94:c2:25:b1:30:b4:58:33:
                    4d:a6:b3:ea:6a:5d:54:48:d0:32:32:cd:de:fe:68:
                    80:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:87:F4:15:2E:85:38:C0:D0:2E:11:49:18:5D:C9:9C:58:C5:26:8C
            X509v3 Authority Key Identifier:
                keyid:95:4A:2A:EE:08:61:74:B0:12:72:FA:E7:79:AD:43:1E:B0:92:AE:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lUoq7ghhdLAScvrnea1DHrCSrrc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/CYf0FS6FOMDQLhFJGF3JnFjFJow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/235396-0e42-4377-855a-4565f04f8d85/1/lUoq7ghhdLAScvrnea1DHrCSrrc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.247.112.0/22
                  37.247.118.0/24
                  93.89.24.0/24
                  185.7.82.0/23
                IPv6:
                  2a03:402::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:6c:d6:6b:a2:1c:a8:67:c4:b3:43:e0:53:14:c3:cc:dc:62:
         88:82:e4:0d:44:f4:14:1f:99:bd:b6:4f:49:74:d5:20:10:09:
         e8:92:ae:80:ec:1e:53:1a:14:fd:9b:76:ad:2e:f1:b6:35:fc:
         bb:3d:fc:b7:c7:39:f9:e3:c7:71:0e:1f:5a:2d:b2:69:cd:0c:
         be:40:75:7c:8d:33:82:90:51:8b:1e:ef:73:63:a3:5f:85:2c:
         96:31:18:99:c5:1d:5e:f4:fe:7e:54:90:89:dd:14:fc:e6:e1:
         05:f7:1f:31:e3:91:ff:72:5f:58:c3:10:be:0a:0e:3b:c0:6b:
         e0:bf:72:51:96:00:6a:1c:b8:dc:70:10:00:ec:40:3e:62:cc:
         75:56:d9:a4:f1:cc:3b:64:12:9b:24:b8:04:a0:e7:12:f2:e4:
         a9:75:3b:43:aa:45:cc:b9:27:b0:71:8a:6e:c1:75:60:1c:61:
         5c:a2:50:5d:bf:d1:76:80:b5:23:17:c2:76:f6:8e:96:e7:6a:
         98:67:0a:b3:4b:87:aa:bd:99:07:bf:83:f2:21:5e:a0:7a:15:
         11:82:d2:5f:08:cc:28:ad:c1:d3:fe:d4:22:ba:e3:73:02:eb:
         dc:fb:a5:6a:0b:a7:c5:85:91:b1:c7:c9:9c:e1:27:16:8f:83:
         f2:f0:4d:2d
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVvwmbigjXww/hZnEqyBxQYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NGEyYWVlMDg2MTc0YjAxMjcyZmFlNzc5YWQ0MzFlYjA5
MmFlYjcwHhcNMjMwMTAxMjM1NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTg3ZjQxNTJlODUzOGMwZDAyZTExNDkxODVkYzk5YzU4YzUyNjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJc6MvIdB6mZ3/PcNdiMWoeLD4rr
w4SBLD2dFscK987d47ZB4J61msrOan5BcIdtZX70qVoEPmMpKB5p//8uDQ9uGeFm
hSOYgRTmEii3FjHWAQrrkr6kG8IsQ9CoT7OePfdpn90Q4kCVLad5u/B8gimIQztw
nGdom94VUbLY7J3wxx79vIOn7pjdDzHwsMlaSY1b7UkcV/1ckbsFO6CY1pd53aOi
DxyhRY2TiFUdIll1MISPajVEkO4qrQczYFcNyC4uLwQypAoV1sd5ufPAZd9kTLoH
CE1b4Rd0XdGFVYIxaL1YHPPqlMIlsTC0WDNNprPqal1USNAyMs3e/miApwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFAmH9BUuhTjA0C4RSRhdyZxYxSaMMB8GA1UdIwQY
MBaAFJVKKu4IYXSwEnL653mtQx6wkq63MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEt
NDU2NWYwNGY4ZDg1LzEvQ1lmMEZTNkZPTURRTGhGSkdGM0puRmpGSm93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8yMzUzOTYtMGU0Mi00Mzc3LTg1NWEtNDU2NWYwNGY4ZDg1
LzEvbFVvcTdnaGhkTEFTY3ZybmVhMURIckNTcnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCJfdwAwQA
Jfd2AwQAXVkYAwQBuQdSMA0EAgACMAcDBQAqAwQCMA0GCSqGSIb3DQEBCwUAA4IB
AQAdbNZrohyoZ8SzQ+BTFMPM3GKIguQNRPQUH5m9tk9JdNUgEAnokq6A7B5TGhT9
m3atLvG2Nfy7Pfy3xzn548dxDh9aLbJpzQy+QHV8jTOCkFGLHu9zY6NfhSyWMRiZ
xR1e9P5+VJCJ3RT85uEF9x8x45H/cl9YwxC+Cg47wGvgv3JRlgBqHLjccBAA7EA+
Ysx1Vtmk8cw7ZBKbJLgEoOcS8uSpdTtDqkXMuSewcYpuwXVgHGFcolBdv9F2gLUj
F8J29o6W52qYZwqzS4eqvZkHv4PyIV6gehURgtJfCMworcHT/tQiuuNzAuvc+6Vq
C6fFhZGxx8mc4ScWj4Py8E0t
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:39 2024 by rpki-client on console-fra.rpki-client.org