Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa
File:                     9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa (raw, json)
Hash identifier:          VxjzqRATwRndx+vW8zCa5DfmRWpGatBv7+yxP6Miz/4=
Subject key identifier:   F4:8E:89:26:3E:BE:7D:21:97:95:70:71:E4:AF:C2:8D:F0:AC:17:A9
Certificate issuer:       /CN=f258b3a9741b431d7becd64286b9e6bce0e975da
Certificate serial:       01856BF7D7BE73F4FB13CCB76BCB88F9D649
Authority key identifier: F2:58:B3:A9:74:1B:43:1D:7B:EC:D6:42:86:B9:E6:BC:E0:E9:75:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8lizqXQbQx177NZChrnmvODpddo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa
Signing time:             Sun 01 Jan 2023 06:14:42 +0000
ROA not before:           Sun 01 Jan 2023 06:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205823
IP address blocks:        193.32.105.0/24 maxlen: 24
                          193.32.104.0/23 maxlen: 23
                          193.32.104.0/24 maxlen: 24
                          193.32.116.0/24 maxlen: 24
                          193.32.116.0/23 maxlen: 23
                          193.32.117.0/24 maxlen: 24
                          185.205.57.0/24 maxlen: 24
                          185.205.56.0/22 maxlen: 22
                          185.205.56.0/24 maxlen: 24
                          185.205.58.0/24 maxlen: 24
                          185.205.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:30:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:f7:d7:be:73:f4:fb:13:cc:b7:6b:cb:88:f9:d6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f258b3a9741b431d7becd64286b9e6bce0e975da
        Validity
            Not Before: Jan  1 06:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f48e89263ebe7d2197957071e4afc28df0ac17a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:f4:44:19:bb:ca:cb:63:15:70:e5:e9:c2:51:
                    e5:36:36:2b:61:79:8c:68:30:59:b0:0a:f3:09:71:
                    d3:2b:fc:08:c9:b3:67:9e:63:32:31:8c:5e:f4:eb:
                    af:c3:14:e7:80:06:5a:2e:f9:11:a3:7a:95:4f:f1:
                    ed:6b:39:3e:9b:22:29:e2:44:08:78:09:17:a9:91:
                    82:e7:0b:ac:be:fe:e8:be:e0:0a:34:c9:2d:b8:d3:
                    46:c9:cc:74:c9:e7:72:31:52:e6:7f:dd:55:92:4e:
                    90:0b:a9:21:49:d7:91:ee:69:80:7b:dc:47:d2:24:
                    10:f0:d2:fe:4c:64:4e:a0:23:32:18:49:e0:68:8b:
                    88:77:c3:09:39:7b:15:fc:8b:92:b2:1e:99:f6:8a:
                    a7:21:cc:e4:b9:45:a5:6a:0a:34:a6:e0:7b:e3:54:
                    2e:42:2a:1c:5d:d3:a1:4c:35:b2:09:02:02:35:8f:
                    48:05:2f:13:8d:08:6a:18:97:73:ff:9b:fb:0a:cc:
                    1b:43:53:20:41:fc:61:b5:0e:e6:35:22:29:6a:8d:
                    a8:fe:c1:cd:33:0a:2e:c9:91:9e:3e:3d:17:6d:25:
                    fc:8b:fd:f5:5f:7f:7b:56:c6:2a:17:ef:28:d5:d2:
                    48:eb:2d:6d:db:fd:2a:14:8d:60:2a:19:5e:98:ea:
                    42:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8E:89:26:3E:BE:7D:21:97:95:70:71:E4:AF:C2:8D:F0:AC:17:A9
            X509v3 Authority Key Identifier:
                keyid:F2:58:B3:A9:74:1B:43:1D:7B:EC:D6:42:86:B9:E6:BC:E0:E9:75:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8lizqXQbQx177NZChrnmvODpddo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/9I6JJj6-fSGXlXBx5K_CjfCsF6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/095d5f-2693-4182-9397-cda94fb796d1/1/8lizqXQbQx177NZChrnmvODpddo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.56.0/22
                  193.32.104.0/23
                  193.32.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:75:cb:b7:63:5f:4e:d6:f1:6b:22:af:50:20:38:f9:f5:39:
         84:ac:10:90:ea:44:21:5c:ad:73:3a:b0:01:86:5b:50:ee:6a:
         17:20:4a:99:82:f3:9c:fe:fd:1b:a9:22:c9:ed:1f:3c:6e:0d:
         5e:bc:51:4d:f1:01:9e:fc:ef:73:d3:75:8a:fe:bd:07:cc:d1:
         67:a9:90:e6:30:91:2e:38:9a:45:aa:b1:ef:73:26:cf:1a:bc:
         1f:4d:f2:c6:1d:0b:69:bd:3a:e5:f0:1d:1f:39:b1:8b:5c:c8:
         0b:0a:b7:c5:21:a2:ce:7e:aa:14:25:ea:ab:7c:5c:80:56:d3:
         6d:22:35:8f:16:c1:7d:48:1b:2c:63:15:e3:82:cf:29:e4:61:
         eb:57:da:69:dc:ea:75:46:22:41:ab:eb:f6:28:28:58:a2:c2:
         91:61:ff:17:19:06:29:fd:13:5c:91:1d:ec:92:39:89:de:9c:
         06:d5:35:33:36:70:60:8f:bc:bb:28:10:22:6f:24:68:cf:bb:
         f3:9e:91:d7:4a:21:80:44:c0:02:a4:1c:ee:6d:0b:8e:44:b2:
         c6:ad:89:24:ea:5c:c0:d3:ad:56:c6:c8:5d:c9:9a:7b:60:21:
         ad:4e:36:99:69:60:0f:1e:b1:e6:5b:da:3c:df:cf:67:a7:3a:
         6c:7c:33:de
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVr99e+c/T7E8y3a8uI+dZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNThiM2E5NzQxYjQzMWQ3YmVjZDY0Mjg2YjllNmJjZTBl
OTc1ZGEwHhcNMjMwMTAxMDYxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDhlODkyNjNlYmU3ZDIxOTc5NTcwNzFlNGFmYzI4ZGYwYWMxN2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfREGbvKy2MVcOXpwlHlNjYrYXmM
aDBZsArzCXHTK/wIybNnnmMyMYxe9OuvwxTngAZaLvkRo3qVT/Htazk+myIp4kQI
eAkXqZGC5wusvv7ovuAKNMktuNNGycx0yedyMVLmf91Vkk6QC6khSdeR7mmAe9xH
0iQQ8NL+TGROoCMyGEngaIuId8MJOXsV/IuSsh6Z9oqnIczkuUWlago0puB741Qu
QiocXdOhTDWyCQICNY9IBS8TjQhqGJdz/5v7CswbQ1MgQfxhtQ7mNSIpao2o/sHN
MwouyZGePj0XbSX8i/31X397VsYqF+8o1dJI6y1t2/0qFI1gKhlemOpCxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPSOiSY+vn0hl5VwceSvwo3wrBepMB8GA1UdIwQY
MBaAFPJYs6l0G0Mde+zWQoa55rzg6XXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGxpenFYUWJReDE3N05aQ2hybm12T0RwZGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8wOTVkNWYtMjY5My00MTgyLTkzOTct
Y2RhOTRmYjc5NmQxLzEvOUk2SkpqNi1mU0dYbFhCeDVLX0NqZkNzRjZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8wOTVkNWYtMjY5My00MTgyLTkzOTctY2RhOTRmYjc5NmQx
LzEvOGxpenFYUWJReDE3N05aQ2hybm12T0RwZGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCuc04AwQB
wSBoAwQBwSB0MA0GCSqGSIb3DQEBCwUAA4IBAQBTdcu3Y19O1vFrIq9QIDj59TmE
rBCQ6kQhXK1zOrABhltQ7moXIEqZgvOc/v0bqSLJ7R88bg1evFFN8QGe/O9z03WK
/r0HzNFnqZDmMJEuOJpFqrHvcybPGrwfTfLGHQtpvTrl8B0fObGLXMgLCrfFIaLO
fqoUJeqrfFyAVtNtIjWPFsF9SBssYxXjgs8p5GHrV9pp3Op1RiJBq+v2KChYosKR
Yf8XGQYp/RNckR3skjmJ3pwG1TUzNnBgj7y7KBAibyRoz7vznpHXSiGARMACpBzu
bQuORLLGrYkk6lzA061WxshdyZp7YCGtTjaZaWAPHrHmW9o8389npzpsfDPe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:48 2024 by rpki-client on console-fra.rpki-client.org