Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/czhNrx9n-lA7-gNwm_3NoCNZQIk.roa
File:                     czhNrx9n-lA7-gNwm_3NoCNZQIk.roa (raw, json)
Hash identifier:          XFBJdpqOWqHABPXx4rt5mjW5fIEM9dYVbgcYG+a7GYE=
Subject key identifier:   73:38:4D:AF:1F:67:FA:50:3B:FA:03:70:9B:FD:CD:A0:23:59:40:89
Certificate issuer:       /CN=df0198a7b3afdcdd7003562a0871878e238760ad
Certificate serial:       018CE9092895BD7E60A5AA8AC5660CBE208C
Authority key identifier: DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/czhNrx9n-lA7-gNwm_3NoCNZQIk.roa
Signing time:             Mon 08 Jan 2024 12:25:40 +0000
ROA not before:           Mon 08 Jan 2024 12:25:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        195.184.160.0/19 maxlen: 24
                          94.44.0.0/16 maxlen: 24
                          89.223.128.0/17 maxlen: 24
                          212.48.240.0/20 maxlen: 24
                          37.220.192.0/18 maxlen: 24
                          212.96.32.0/19 maxlen: 24
                          5.63.192.0/18 maxlen: 24
                          213.222.128.0/18 maxlen: 24
                          5.206.128.0/18 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 17:12:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e9:09:28:95:bd:7e:60:a5:aa:8a:c5:66:0c:be:20:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df0198a7b3afdcdd7003562a0871878e238760ad
        Validity
            Not Before: Jan  8 12:25:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=73384daf1f67fa503bfa03709bfdcda023594089
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:e7:53:7b:f4:23:90:ce:63:64:cf:76:b7:58:
                    28:e6:a3:fd:c0:52:60:8c:9b:4e:e4:fd:18:cb:44:
                    3d:60:09:d8:56:46:7f:ba:8a:ba:ba:de:15:45:9c:
                    96:a9:82:77:49:56:c4:db:13:9d:77:f7:d0:a7:d1:
                    3f:50:f9:f8:13:f7:8b:dd:1c:d0:39:00:31:75:ff:
                    01:15:5a:28:be:97:63:c3:d7:49:27:63:a2:04:72:
                    a5:1f:9a:9d:da:a2:98:2d:07:2f:09:6c:fa:fc:3a:
                    0c:f3:c7:c0:8a:af:b0:a6:53:2a:59:72:b3:40:37:
                    4d:ff:fd:ad:3d:1b:be:94:f5:7e:af:4b:8b:f1:61:
                    de:1f:3e:cc:ce:4b:77:f8:10:e4:93:03:1a:9c:4a:
                    15:33:3e:ce:f6:43:83:7c:4e:a9:69:f5:c9:3e:0d:
                    bc:9b:0b:96:49:0c:73:3b:11:26:a6:e6:78:0e:94:
                    ed:23:f7:41:3b:a2:8e:6c:be:0a:2a:a4:28:45:01:
                    ee:61:8f:cf:3d:58:ef:6b:63:d7:37:56:5c:79:7e:
                    87:b0:fb:04:26:59:a7:5d:0d:79:34:31:41:40:45:
                    2a:93:46:3c:56:a5:67:e9:21:8b:06:a2:53:c1:f2:
                    9d:ef:83:7c:b2:0e:01:e8:0c:0f:cb:71:25:de:60:
                    3e:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:38:4D:AF:1F:67:FA:50:3B:FA:03:70:9B:FD:CD:A0:23:59:40:89
            X509v3 Authority Key Identifier:
                keyid:DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/czhNrx9n-lA7-gNwm_3NoCNZQIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.192.0/18
                  5.206.128.0/18
                  37.220.192.0/18
                  89.223.128.0/17
                  94.44.0.0/16
                  195.184.160.0/19
                  212.48.240.0/20
                  212.96.32.0/19
                  213.222.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         c7:b8:fb:fa:86:f3:b8:55:8c:3a:f7:c4:96:bd:c1:70:d0:5e:
         32:8d:d9:cb:9b:ef:fb:05:01:ad:2d:4a:ed:4c:7e:00:2a:bd:
         4e:40:e1:4e:4d:7d:bc:0c:46:4b:fe:12:4d:c1:db:ad:45:04:
         23:8d:80:b4:a3:4f:6d:81:78:e6:10:2c:97:a2:bb:37:22:28:
         ce:6b:89:3c:97:a7:a2:17:5b:6e:aa:81:69:c9:7a:89:d6:b3:
         ca:cb:fd:31:93:5c:28:13:c1:1d:f5:91:e9:a0:6e:b7:f4:63:
         50:60:a8:31:0e:9d:34:b2:f1:f7:0d:a1:d9:7f:96:d7:8b:4b:
         de:75:73:cd:9e:96:b4:02:37:1b:6a:24:54:4c:21:e9:55:3f:
         6c:95:f2:db:95:a5:79:16:68:10:fe:78:3a:f1:f1:67:c7:73:
         6a:21:59:d6:22:a3:5e:c6:2b:8a:45:87:5a:b1:e9:8d:c4:a6:
         cd:36:49:b2:15:89:6c:4c:80:c4:00:13:d7:9d:86:38:6c:1a:
         f0:5d:eb:47:3a:9b:5e:dc:1c:36:92:f2:18:93:3b:07:ca:ce:
         88:7e:63:56:23:5a:48:26:95:6c:d9:61:99:f0:ea:5f:7d:ad:
         53:e5:3b:05:a6:79:66:34:56:02:6d:5b:f9:e8:4e:64:2a:2a:
         e2:02:e2:73
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYzpCSiVvX5gpaqKxWYMviCMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMDE5OGE3YjNhZmRjZGQ3MDAzNTYyYTA4NzE4NzhlMjM4
NzYwYWQwHhcNMjQwMTA4MTIyNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM4NGRhZjFmNjdmYTUwM2JmYTAzNzA5YmZkY2RhMDIzNTk0MDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OdTe/QjkM5jZM92t1go5qP9wFJg
jJtO5P0Yy0Q9YAnYVkZ/uoq6ut4VRZyWqYJ3SVbE2xOdd/fQp9E/UPn4E/eL3RzQ
OQAxdf8BFVoovpdjw9dJJ2OiBHKlH5qd2qKYLQcvCWz6/DoM88fAiq+wplMqWXKz
QDdN//2tPRu+lPV+r0uL8WHeHz7Mzkt3+BDkkwManEoVMz7O9kODfE6pafXJPg28
mwuWSQxzOxEmpuZ4DpTtI/dBO6KObL4KKqQoRQHuYY/PPVjva2PXN1ZceX6HsPsE
JlmnXQ15NDFBQEUqk0Y8VqVn6SGLBqJTwfKd74N8sg4B6AwPy3El3mA+YwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFHM4Ta8fZ/pQO/oDcJv9zaAjWUCJMB8GA1UdIwQY
MBaAFN8BmKezr9zdcANWKghxh44jh2CtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQt
MGZjYzZjMzAxMWZjLzEvY3poTnJ4OW4tbEE3LWdOd21fM05vQ05aUUlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQtMGZjYzZjMzAxMWZj
LzEvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1AwQGBT/AAwQG
Bc6AAwQGJdzAAwQHWd+AAwMAXiwDBAXDuKADBATUMPADBAXUYCADBAbV3oAwDQYJ
KoZIhvcNAQELBQADggEBAMe4+/qG87hVjDr3xJa9wXDQXjKN2cub7/sFAa0tSu1M
fgAqvU5A4U5NfbwMRkv+Ek3B261FBCONgLSjT22BeOYQLJeiuzciKM5riTyXp6IX
W26qgWnJeonWs8rL/TGTXCgTwR31kemgbrf0Y1BgqDEOnTSy8fcNodl/lteLS951
c82elrQCNxtqJFRMIelVP2yV8tuVpXkWaBD+eDrx8WfHc2ohWdYio17GK4pFh1qx
6Y3Eps02SbIViWxMgMQAE9edhjhsGvBd60c6m17cHDaS8hiTOwfKzoh+Y1YjWkgm
lWzZYZnw6l99rVPlOwWmeWY0VgJtW/noTmQqKuIC4nM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:54 2024 by rpki-client on console-fra.rpki-client.org