Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/ZfTt_aBxWO4VMUWsNwwIWtPPHdk.roa
File:                     ZfTt_aBxWO4VMUWsNwwIWtPPHdk.roa (raw, json)
Hash identifier:          xAbCyvHCGhvXm8AuFykLDOi1tBke/E746sNEA6RWM64=
Subject key identifier:   65:F4:ED:FD:A0:71:58:EE:15:31:45:AC:37:0C:08:5A:D3:CF:1D:D9
Certificate issuer:       /CN=95b85e5ac055a12188ae50cdb007fa488b6aa88b
Certificate serial:       018571D7BDD43B2A40D44D1B1278F64BD546
Authority key identifier: 95:B8:5E:5A:C0:55:A1:21:88:AE:50:CD:B0:07:FA:48:8B:6A:A8:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbheWsBVoSGIrlDNsAf6SItqqIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/ZfTt_aBxWO4VMUWsNwwIWtPPHdk.roa
Signing time:             Mon 02 Jan 2023 09:37:22 +0000
ROA not before:           Mon 02 Jan 2023 09:37:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39637
IP address blocks:        37.203.56.0/21 maxlen: 21
                          94.124.136.0/21 maxlen: 21
                          91.201.164.0/22 maxlen: 22
                          185.215.252.0/22 maxlen: 22
                          195.246.236.0/23 maxlen: 23
                          2a00:dc8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:bd:d4:3b:2a:40:d4:4d:1b:12:78:f6:4b:d5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b85e5ac055a12188ae50cdb007fa488b6aa88b
        Validity
            Not Before: Jan  2 09:37:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65f4edfda07158ee153145ac370c085ad3cf1dd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:2c:0c:74:2c:66:9e:a6:4c:3d:04:24:44:d7:
                    4e:b9:05:02:67:33:94:b8:71:83:f1:f1:71:2d:99:
                    b6:e5:ab:e6:7f:6c:ad:79:88:29:2c:f5:9d:11:74:
                    e0:38:05:39:40:ed:8e:fa:34:7c:62:2a:d1:b4:12:
                    e1:96:e8:30:7f:fd:31:f1:a6:d7:01:89:61:e2:05:
                    78:8b:eb:29:69:d0:3b:e1:16:92:b7:c6:c0:20:8b:
                    9a:53:48:41:aa:d9:2c:39:b0:89:63:4f:f4:0c:60:
                    95:e9:b3:e7:b6:ab:d5:ff:35:5f:c7:53:b4:92:bb:
                    9a:4e:f4:0c:f7:d4:3b:8a:f7:eb:41:0f:82:83:77:
                    80:c2:f0:4f:fc:fb:f9:ff:6b:a8:82:e2:3c:3b:81:
                    e8:dd:ba:f4:99:34:ed:6f:79:87:11:d8:3e:ac:f8:
                    83:49:d8:59:d6:22:7b:2e:22:4e:41:ed:e9:6f:42:
                    5f:69:11:39:4c:a4:16:ef:59:7b:91:bf:b3:69:32:
                    15:02:d9:80:35:90:61:76:7e:2c:f8:0b:b3:8b:2d:
                    a1:04:17:e5:b5:58:08:8a:37:7f:5d:f6:e0:2b:91:
                    ec:a2:ca:46:2d:0b:5b:b2:10:c8:87:d9:b4:33:97:
                    91:f9:08:53:bb:44:fd:94:dd:18:c5:45:e6:8b:12:
                    2a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:F4:ED:FD:A0:71:58:EE:15:31:45:AC:37:0C:08:5A:D3:CF:1D:D9
            X509v3 Authority Key Identifier:
                keyid:95:B8:5E:5A:C0:55:A1:21:88:AE:50:CD:B0:07:FA:48:8B:6A:A8:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbheWsBVoSGIrlDNsAf6SItqqIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/ZfTt_aBxWO4VMUWsNwwIWtPPHdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/lbheWsBVoSGIrlDNsAf6SItqqIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.203.56.0/21
                  91.201.164.0/22
                  94.124.136.0/21
                  185.215.252.0/22
                  195.246.236.0/23
                IPv6:
                  2a00:dc8::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:e7:f3:0e:76:75:6b:20:a1:07:63:0d:a4:dd:86:4b:ab:b4:
         e0:8c:0a:95:3c:4c:20:f0:cf:4a:00:f4:d4:5d:ba:8b:68:a8:
         79:57:72:35:39:8c:60:aa:0c:ba:fe:1b:9a:f8:de:1b:50:f8:
         18:c6:b7:c2:75:47:1d:db:f8:a8:a1:bb:38:62:7f:96:5d:da:
         ea:ea:72:1f:42:86:4d:19:ab:bb:66:96:91:21:5d:1b:4c:7a:
         f6:62:85:99:29:47:15:a7:9b:77:bf:e9:a3:f7:1e:a5:4a:6f:
         bb:fe:06:ba:1a:7c:7c:30:cb:df:33:39:88:db:91:a9:21:de:
         41:ab:33:51:9d:55:86:7e:19:2d:f0:22:34:c6:aa:93:11:10:
         21:4f:8b:71:07:5c:72:6b:1c:6f:b3:29:d5:25:4e:1e:85:34:
         7a:91:35:a3:c6:dc:12:1a:a6:9c:01:4c:94:69:04:c5:f9:a7:
         1b:1c:65:6a:b7:4f:58:dd:90:f5:89:49:49:f8:68:c8:54:a2:
         db:56:f4:07:e5:6f:8c:76:68:83:35:e2:0e:98:7d:3a:ae:7e:
         52:16:cc:67:2c:28:25:59:2c:a5:67:5c:6b:8c:6c:ee:f9:cf:
         f6:37:fe:9a:db:38:e3:54:d3:8c:e6:0e:4b:1f:2d:16:5a:9f:
         33:f2:de:87
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVx173UOypA1E0bEnj2S9VGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1Yjg1ZTVhYzA1NWExMjE4OGFlNTBjZGIwMDdmYTQ4OGI2
YWE4OGIwHhcNMjMwMTAyMDkzNzIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWY0ZWRmZGEwNzE1OGVlMTUzMTQ1YWMzNzBjMDg1YWQzY2YxZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSwMdCxmnqZMPQQkRNdOuQUCZzOU
uHGD8fFxLZm25avmf2yteYgpLPWdEXTgOAU5QO2O+jR8YirRtBLhlugwf/0x8abX
AYlh4gV4i+spadA74RaSt8bAIIuaU0hBqtksObCJY0/0DGCV6bPntqvV/zVfx1O0
kruaTvQM99Q7ivfrQQ+Cg3eAwvBP/Pv5/2uoguI8O4Ho3br0mTTtb3mHEdg+rPiD
SdhZ1iJ7LiJOQe3pb0JfaRE5TKQW71l7kb+zaTIVAtmANZBhdn4s+Auziy2hBBfl
tVgIijd/XfbgK5HsospGLQtbshDIh9m0M5eR+QhTu0T9lN0YxUXmixIqQwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGX07f2gcVjuFTFFrDcMCFrTzx3ZMB8GA1UdIwQY
MBaAFJW4XlrAVaEhiK5QzbAH+kiLaqiLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJoZVdzQlZvU0dJcmxETnNBZjZTSXRxcUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGFlZTgtNDFhOC00ZWU3LWFlNGMt
MjE4M2JjMzg0NGQyLzEvWmZUdF9hQnhXTzRWTVVXc053d0lXdFBQSGRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGFlZTgtNDFhOC00ZWU3LWFlNGMtMjE4M2JjMzg0NGQy
LzEvbGJoZVdzQlZvU0dJcmxETnNBZjZTSXRxcUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDJcs4AwQC
W8mkAwQDXnyIAwQCudf8AwQBw/bsMA0EAgACMAcDBQAqAA3IMA0GCSqGSIb3DQEB
CwUAA4IBAQCX5/MOdnVrIKEHYw2k3YZLq7TgjAqVPEwg8M9KAPTUXbqLaKh5V3I1
OYxgqgy6/hua+N4bUPgYxrfCdUcd2/ioobs4Yn+WXdrq6nIfQoZNGau7ZpaRIV0b
THr2YoWZKUcVp5t3v+mj9x6lSm+7/ga6Gnx8MMvfMzmI25GpId5BqzNRnVWGfhkt
8CI0xqqTERAhT4txB1xyaxxvsynVJU4ehTR6kTWjxtwSGqacAUyUaQTF+acbHGVq
t09Y3ZD1iUlJ+GjIVKLbVvQH5W+MdmiDNeIOmH06rn5SFsxnLCglWSylZ1xrjGzu
+c/2N/6a2zjjVNOM5g5LHy0WWp8z8t6H
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:07 2024 by rpki-client on console-ams.rpki-client.org