Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa
File:                     FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa (raw, json)
Hash identifier:          4VMW9HuI8tHuC8nGunZ8f5LzG6Tw03HfnyGNLMluLV8=
Subject key identifier:   16:78:09:F2:B1:E3:73:04:F4:A6:76:F2:4B:50:0A:64:EE:33:57:E2
Certificate issuer:       /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial:       018712FA4F8E075F3CD32F782336ABCD36A2
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa
Signing time:             Fri 24 Mar 2023 09:36:46 +0000
ROA not before:           Fri 24 Mar 2023 09:36:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        85.28.56.0/22 maxlen: 22
                          85.28.56.0/24 maxlen: 24
                          85.28.58.0/24 maxlen: 24
                          109.238.196.0/23 maxlen: 23
                          109.238.201.0/24 maxlen: 24
                          109.238.202.0/24 maxlen: 24
                          109.238.203.0/24 maxlen: 24
                          109.238.204.0/24 maxlen: 24
                          109.238.206.0/24 maxlen: 24
                          109.238.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:29:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:12:fa:4f:8e:07:5f:3c:d3:2f:78:23:36:ab:cd:36:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
        Validity
            Not Before: Mar 24 09:36:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=167809f2b1e37304f4a676f24b500a64ee3357e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:48:26:1e:f9:bc:66:0a:3e:54:ac:8b:f7:c3:
                    5d:53:47:9b:9c:e3:86:65:1e:3a:5d:c8:58:ef:3c:
                    84:b7:14:59:f3:2c:58:3f:b3:6e:29:d0:c4:fa:19:
                    d4:e5:aa:55:5f:72:1b:1b:a4:21:4d:15:67:20:8a:
                    14:da:49:dd:f9:21:24:3a:1c:fd:59:9f:8e:6b:f4:
                    fa:f3:14:7e:e8:70:26:05:63:73:c1:6b:10:20:98:
                    19:00:c9:12:45:df:04:84:b0:d4:28:66:50:a5:d4:
                    42:75:d7:d0:99:c9:10:11:ec:ae:2c:15:3c:4e:d6:
                    41:5e:fe:b0:7d:42:d4:ea:04:c3:b0:a5:b5:73:92:
                    74:b3:6b:6d:cd:53:e4:bd:07:96:74:6d:21:12:fd:
                    7b:8c:2b:d3:ad:07:76:b6:c8:2f:83:fb:20:eb:37:
                    b4:63:4d:ad:36:4c:8d:ea:e2:52:98:45:4c:22:8a:
                    2b:91:af:3e:69:a4:8c:ab:7a:89:05:95:d2:24:5d:
                    5b:1f:ae:d3:02:a2:81:ea:c7:56:3b:20:eb:61:8c:
                    29:38:43:ed:3e:2f:fc:17:6e:ee:0c:7f:34:80:39:
                    dd:86:db:30:cd:8f:53:c3:f5:64:94:fe:ff:b5:37:
                    f5:d7:5e:8b:ce:21:a5:c7:2b:05:66:ca:84:56:04:
                    55:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:78:09:F2:B1:E3:73:04:F4:A6:76:F2:4B:50:0A:64:EE:33:57:E2
            X509v3 Authority Key Identifier:
                keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/FngJ8rHjcwT0pnbyS1AKZO4zV-I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.28.56.0/22
                  109.238.196.0/23
                  109.238.201.0-109.238.204.255
                  109.238.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:fe:51:f6:e2:00:53:87:00:63:01:61:b0:53:96:fa:b8:7a:
         58:c0:a8:a0:a3:d7:26:70:16:19:84:09:ce:e6:1e:82:89:4f:
         cf:e4:5b:fe:ab:92:53:20:c6:f0:05:1a:4f:a2:a1:e6:82:48:
         62:98:fe:f9:2e:ac:d8:27:4c:55:63:0d:8d:3d:a0:49:28:b6:
         45:6a:3f:e6:b7:1c:ea:80:5b:f3:4d:29:88:d6:e7:73:fe:36:
         04:c2:b9:0e:84:d1:db:d7:2f:0f:c7:bf:7d:a8:14:4d:86:19:
         6c:84:9f:07:d4:01:c1:b2:d7:aa:4e:3d:a1:49:91:28:9c:35:
         90:5d:9f:da:df:ce:78:91:81:88:de:10:61:5f:b1:22:7d:63:
         0b:98:28:e2:2f:54:8c:5a:20:3f:ab:0a:ac:f1:37:6b:24:92:
         8c:86:85:4e:91:3f:bf:d6:a1:1a:74:48:d6:12:ba:2d:c1:89:
         71:09:17:a3:21:fb:bb:3c:7b:a9:76:8b:2f:a9:2c:a8:47:d4:
         96:b9:fc:23:3b:c6:1e:58:6f:5e:4b:99:65:5c:c0:a2:33:22:
         8b:b8:e3:6f:d9:f5:56:d7:3a:cb:e0:a7:40:71:15:66:18:97:
         12:6d:c2:bc:67:57:5a:4f:a5:a5:d7:4d:98:85:c8:d7:ad:c9:
         03:26:1a:f7
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYcS+k+OB1880y94IzarzTaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjMwMzI0MDkzNjQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjc4MDlmMmIxZTM3MzA0ZjRhNjc2ZjI0YjUwMGE2NGVlMzM1N2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEgmHvm8Zgo+VKyL98NdU0ebnOOG
ZR46XchY7zyEtxRZ8yxYP7NuKdDE+hnU5apVX3IbG6QhTRVnIIoU2knd+SEkOhz9
WZ+Oa/T68xR+6HAmBWNzwWsQIJgZAMkSRd8EhLDUKGZQpdRCddfQmckQEeyuLBU8
TtZBXv6wfULU6gTDsKW1c5J0s2ttzVPkvQeWdG0hEv17jCvTrQd2tsgvg/sg6ze0
Y02tNkyN6uJSmEVMIoorka8+aaSMq3qJBZXSJF1bH67TAqKB6sdWOyDrYYwpOEPt
Pi/8F27uDH80gDndhtswzY9Tw/VklP7/tTf1116LziGlxysFZsqEVgRVMwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFBZ4CfKx43ME9KZ28ktQCmTuM1fiMB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvRm5nSjhySGpjd1QwcG5ieVMxQUtaTzR6Vi1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCVRw4AwQB
be7EMAwDBABt7skDBABt7swDBAFt7s4wDQYJKoZIhvcNAQELBQADggEBAEv+Ufbi
AFOHAGMBYbBTlvq4eljAqKCj1yZwFhmECc7mHoKJT8/kW/6rklMgxvAFGk+ioeaC
SGKY/vkurNgnTFVjDY09oEkotkVqP+a3HOqAW/NNKYjW53P+NgTCuQ6E0dvXLw/H
v32oFE2GGWyEnwfUAcGy16pOPaFJkSicNZBdn9rfzniRgYjeEGFfsSJ9YwuYKOIv
VIxaID+rCqzxN2skkoyGhU6RP7/WoRp0SNYSui3BiXEJF6Mh+7s8e6l2iy+pLKhH
1Ja5/CM7xh5Yb15LmWVcwKIzIou442/Z9VbXOsvgp0BxFWYYlxJtwrxnV1pPpaXX
TZiFyNetyQMmGvc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:55 2024 by rpki-client on console-fra.rpki-client.org