Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ffMk0CC01C7ywP5EuV2uu5FD9ww.roa
File:                     ffMk0CC01C7ywP5EuV2uu5FD9ww.roa (raw, json)
Hash identifier:          kqMBh1Ej+fy5WlKVNTrnw9jGhoT0vl9nGtTOQ0FKJ8w=
Subject key identifier:   7D:F3:24:D0:20:B4:D4:2E:F2:C0:FE:44:B9:5D:AE:BB:91:43:F7:0C
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018ECE5EDBD61FDB2863A213DAAC77864C20
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ffMk0CC01C7ywP5EuV2uu5FD9ww.roa
Signing time:             Thu 11 Apr 2024 18:15:06 +0000
ROA not before:           Thu 11 Apr 2024 18:15:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        83.147.232.0/22 maxlen: 24
                          83.147.244.0/22 maxlen: 24
                          91.186.194.0/23 maxlen: 23
                          91.186.204.0/22 maxlen: 24
                          94.241.160.0/23 maxlen: 24
                          94.241.168.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 09:09:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ce:5e:db:d6:1f:db:28:63:a2:13:da:ac:77:86:4c:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Apr 11 18:15:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7df324d020b4d42ef2c0fe44b95daebb9143f70c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7a:99:a7:38:85:0b:70:4e:92:41:e5:68:21:
                    5e:0a:9e:1b:ee:dc:9f:ce:f8:a3:04:74:64:32:20:
                    53:1b:7a:73:a1:0f:82:90:23:dd:3e:fb:75:39:25:
                    4e:ab:12:7b:de:eb:bb:a0:9d:b5:4e:68:e6:92:2b:
                    8b:7f:b1:77:82:43:b1:f7:1d:e6:5a:9c:74:d8:f2:
                    d9:ae:1b:01:96:62:f1:9e:49:17:8b:01:db:d2:56:
                    2a:1b:32:7d:e3:c2:e9:0e:9d:e9:41:80:3a:80:36:
                    49:3b:95:ed:48:dc:11:d1:db:f0:77:bd:d7:3f:11:
                    1b:a3:45:01:e7:64:93:87:19:9b:50:3c:04:8f:0a:
                    51:9d:2f:06:23:c6:9e:cf:68:4f:74:a6:4c:8a:1a:
                    b4:96:96:d2:54:56:78:19:2d:1a:bd:da:4d:72:ed:
                    6b:85:ee:4b:da:cd:03:44:e7:60:0d:ca:4e:d5:48:
                    41:8f:a1:9b:bf:8a:13:11:42:d7:66:3a:01:d0:71:
                    cc:5b:7c:7b:35:06:68:90:72:3d:00:28:dd:f1:44:
                    1d:7a:1a:6b:e2:35:a9:b0:8c:b9:a0:84:03:3a:7c:
                    93:b2:9f:a3:f8:ec:62:a4:82:9d:76:b9:f9:c3:20:
                    52:2b:38:c9:aa:1f:a4:a2:87:e7:4f:47:8f:39:b5:
                    7f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F3:24:D0:20:B4:D4:2E:F2:C0:FE:44:B9:5D:AE:BB:91:43:F7:0C
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/ffMk0CC01C7ywP5EuV2uu5FD9ww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.232.0/22
                  83.147.244.0/22
                  91.186.194.0/23
                  91.186.204.0/22
                  94.241.160.0/23
                  94.241.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         66:59:11:66:ee:53:b6:36:19:d9:e0:d0:af:5d:c4:f5:37:48:
         a7:00:71:d0:1b:21:99:f3:98:84:04:3a:24:6d:01:58:de:41:
         17:95:ee:fa:da:ec:4e:67:1c:9f:9e:03:1c:73:39:ab:dc:ab:
         57:65:0b:89:05:40:88:8e:b6:a2:09:6e:d3:5e:82:88:6a:2d:
         ab:c2:09:46:d3:e3:63:21:ef:c5:06:b8:83:d9:23:80:9a:7e:
         58:92:48:c0:3c:37:a4:b3:07:4f:91:a1:0e:30:da:18:a5:db:
         6b:43:de:13:b8:7b:19:7c:ec:7f:c0:3b:cb:41:90:88:cf:ef:
         95:d8:ba:70:16:8c:7f:e5:83:02:c5:e7:9b:d1:db:42:6f:05:
         ce:50:78:48:19:2e:ad:ef:06:14:55:a7:5a:bd:ba:f6:ed:bb:
         b5:97:bc:90:04:80:4a:e9:6b:63:8b:c0:52:e1:93:90:39:5c:
         a1:51:a0:aa:ed:14:32:c4:91:7f:3d:8a:e1:40:2b:ad:7d:d7:
         f7:ac:fe:8e:7f:e9:b5:97:f4:14:8e:66:66:85:1c:3f:56:b9:
         90:14:e3:33:04:20:1f:cb:45:c0:a5:7d:a7:b8:21:8e:28:38:
         8e:e4:e1:af:70:ab:ac:f0:43:c4:f7:17:4e:a0:c6:c6:04:fd:
         46:a0:e3:af
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY7OXtvWH9soY6IT2qx3hkwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNDExMTgxNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGYzMjRkMDIwYjRkNDJlZjJjMGZlNDRiOTVkYWViYjkxNDNmNzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHqZpziFC3BOkkHlaCFeCp4b7tyf
zvijBHRkMiBTG3pzoQ+CkCPdPvt1OSVOqxJ73uu7oJ21TmjmkiuLf7F3gkOx9x3m
Wpx02PLZrhsBlmLxnkkXiwHb0lYqGzJ948LpDp3pQYA6gDZJO5XtSNwR0dvwd73X
PxEbo0UB52SThxmbUDwEjwpRnS8GI8aez2hPdKZMihq0lpbSVFZ4GS0avdpNcu1r
he5L2s0DROdgDcpO1UhBj6Gbv4oTEULXZjoB0HHMW3x7NQZokHI9ACjd8UQdehpr
4jWpsIy5oIQDOnyTsp+j+OxipIKddrn5wyBSKzjJqh+koofnT0ePObV/7QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFH3zJNAgtNQu8sD+RLldrruRQ/cMMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvZmZNazBDQzAxQzd5d1A1RXVWMnV1NUZEOXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCU5PoAwQC
U5P0AwQBW7rCAwQCW7rMAwQBXvGgAwQDXvGoMA0GCSqGSIb3DQEBCwUAA4IBAQBm
WRFm7lO2NhnZ4NCvXcT1N0inAHHQGyGZ85iEBDokbQFY3kEXle762uxOZxyfngMc
czmr3KtXZQuJBUCIjraiCW7TXoKIai2rwglG0+NjIe/FBriD2SOAmn5YkkjAPDek
swdPkaEOMNoYpdtrQ94TuHsZfOx/wDvLQZCIz++V2LpwFox/5YMCxeeb0dtCbwXO
UHhIGS6t7wYUVadavbr27bu1l7yQBIBK6Wtji8BS4ZOQOVyhUaCq7RQyxJF/PYrh
QCutfdf3rP6Of+m1l/QUjmZmhRw/VrmQFOMzBCAfy0XApX2nuCGOKDiO5OGvcKus
8EPE9xdOoMbGBP1GoOOv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:19 2024 by rpki-client on console-ams.rpki-client.org