Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/OLD3Ii5A1SeWln8Ii3qgjBXR-Qk.roa
File:                     OLD3Ii5A1SeWln8Ii3qgjBXR-Qk.roa (raw, json)
Hash identifier:          ki4ktUjeyKtEi4dRNSIdisL6Yleuctom1rNgVBElJhw=
Subject key identifier:   38:B0:F7:22:2E:40:D5:27:96:96:7F:08:8B:7A:A0:8C:15:D1:F9:09
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       018732B8A5A3D10ED788F3232F1F74A34255
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/OLD3Ii5A1SeWln8Ii3qgjBXR-Qk.roa
Signing time:             Thu 30 Mar 2023 13:32:54 +0000
ROA not before:           Thu 30 Mar 2023 13:32:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8849
IP address blocks:        91.192.81.0/24 maxlen: 24
                          88.210.36.0/23 maxlen: 24
                          185.140.210.0/24 maxlen: 24
                          185.140.211.0/24 maxlen: 24
                          2a06:f902:4000::/36 maxlen: 36
                          2a06:f901:4000::/36 maxlen: 36
                          2a06:f901:8000::/36 maxlen: 36
                          2a06:f901:c000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Tue 18 Jul 2023 10:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:32:b8:a5:a3:d1:0e:d7:88:f3:23:2f:1f:74:a3:42:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Mar 30 13:32:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38b0f7222e40d52796967f088b7aa08c15d1f909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:cd:c7:d9:0f:9c:a4:5c:69:53:9c:0e:1d:4f:
                    48:ac:f3:a8:c8:10:6d:c8:48:50:5c:bd:aa:ed:35:
                    e4:f4:b2:b6:2f:b5:7f:44:49:f8:c9:06:75:94:8b:
                    63:a8:61:2c:a3:96:b1:97:66:74:28:7f:89:fc:cb:
                    76:a3:7b:d9:36:5b:da:8f:90:ac:5d:cd:11:02:7d:
                    6c:11:13:e6:34:c9:48:fc:d8:67:23:cf:c0:a9:7e:
                    a5:75:7b:b2:ae:50:44:75:93:f5:ba:0f:8f:cf:1e:
                    5e:f4:c1:4f:6a:78:5c:79:c1:2d:14:d6:d2:f2:08:
                    87:15:3b:7d:ce:3f:a4:d2:b0:30:c2:33:86:fe:73:
                    3a:c4:c8:d9:dc:ee:d8:83:68:ef:87:01:2a:26:68:
                    56:48:91:99:6e:33:7b:1b:d5:89:6b:5a:9f:e4:67:
                    39:37:d5:d8:77:bb:77:9b:b1:fe:54:81:e1:1b:d8:
                    82:ca:84:cd:af:f6:7b:72:3e:96:9d:70:3e:c5:f3:
                    c8:65:26:d3:15:32:62:ab:95:82:aa:53:69:73:49:
                    70:26:94:5d:8c:36:67:bb:76:3f:1b:fb:a6:91:68:
                    9a:9b:7a:81:19:b1:23:91:cd:8d:6d:7f:5f:9d:15:
                    0f:7d:6b:d5:2c:34:24:fe:be:d4:1a:5b:73:d4:57:
                    b7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:B0:F7:22:2E:40:D5:27:96:96:7F:08:8B:7A:A0:8C:15:D1:F9:09
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/OLD3Ii5A1SeWln8Ii3qgjBXR-Qk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.210.36.0/23
                  91.192.81.0/24
                  185.140.210.0/23
                IPv6:
                  2a06:f901:4000::/36
                  2a06:f901:8000::/36
                  2a06:f901:c000::/36
                  2a06:f902:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         2a:33:0f:47:ee:ca:f3:0a:67:f9:76:91:81:a7:47:84:ff:5f:
         26:3f:a1:ca:01:4a:0d:68:a4:1e:ca:58:ad:98:6b:8c:a0:52:
         96:f8:b1:3a:5f:73:6a:95:37:5d:6d:4d:2b:68:e2:6e:b2:55:
         74:89:52:4a:43:76:af:de:a2:88:24:7f:7d:96:89:e2:f6:f0:
         eb:9e:ef:53:56:ff:91:fa:b1:f6:e4:e1:20:49:d0:32:71:21:
         e3:f3:e6:00:f4:25:6c:44:00:31:16:eb:64:8c:0c:36:1d:d7:
         99:e6:5a:f7:f1:38:dd:aa:b9:c7:66:d2:9e:1e:3b:82:f8:eb:
         28:3f:27:4a:4b:2f:2a:36:35:5f:16:a5:cd:4c:7b:92:e9:fd:
         bf:72:4a:fb:c5:dd:ab:f6:64:4d:9a:e8:14:73:06:06:e1:ba:
         ea:84:b6:5c:1c:3a:64:9d:5a:88:bf:eb:80:4b:c9:d0:8b:13:
         76:fa:9c:7b:0c:e2:29:81:4a:bf:00:4e:3e:8f:1e:fb:cd:e9:
         ba:55:cc:6f:ed:26:57:64:18:ce:74:3c:12:2c:ed:e8:9a:71:
         ba:94:82:28:e3:ef:44:10:0f:d0:e5:03:9e:bb:5b:e3:20:61:
         d5:40:f1:8f:e0:3d:14:b0:c3:c3:c1:43:1a:d0:ca:13:ec:f4:
         46:47:71:e1
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYcyuKWj0Q7XiPMjLx90o0JVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjMwMzMwMTMzMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGIwZjcyMjJlNDBkNTI3OTY5NjdmMDg4YjdhYTA4YzE1ZDFmOTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA683H2Q+cpFxpU5wOHU9IrPOoyBBt
yEhQXL2q7TXk9LK2L7V/REn4yQZ1lItjqGEso5axl2Z0KH+J/Mt2o3vZNlvaj5Cs
Xc0RAn1sERPmNMlI/NhnI8/AqX6ldXuyrlBEdZP1ug+Pzx5e9MFPanhcecEtFNbS
8giHFTt9zj+k0rAwwjOG/nM6xMjZ3O7Yg2jvhwEqJmhWSJGZbjN7G9WJa1qf5Gc5
N9XYd7t3m7H+VIHhG9iCyoTNr/Z7cj6WnXA+xfPIZSbTFTJiq5WCqlNpc0lwJpRd
jDZnu3Y/G/umkWiam3qBGbEjkc2NbX9fnRUPfWvVLDQk/r7UGltz1Fe3zwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFDiw9yIuQNUnlpZ/CIt6oIwV0fkJMB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvT0xEM0lpNUExU2VXbG44SWkzcWdqQlhSLVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAYBAIAATASAwQBWNIkAwQA
W8BRAwQBuYzSMCYEAgACMCADBgQqBvkBQAMGBCoG+QGAAwYEKgb5AcADBgQqBvkC
QDANBgkqhkiG9w0BAQsFAAOCAQEAKjMPR+7K8wpn+XaRgadHhP9fJj+hygFKDWik
HspYrZhrjKBSlvixOl9zapU3XW1NK2jibrJVdIlSSkN2r96iiCR/fZaJ4vbw657v
U1b/kfqx9uThIEnQMnEh4/PmAPQlbEQAMRbrZIwMNh3XmeZa9/E43aq5x2bSnh47
gvjrKD8nSksvKjY1XxalzUx7kun9v3JK+8Xdq/ZkTZroFHMGBuG66oS2XBw6ZJ1a
iL/rgEvJ0IsTdvqcewziKYFKvwBOPo8e+83pulXMb+0mV2QYznQ8Eizt6JpxupSC
KOPvRBAP0OUDnrtb4yBh1UDxj+A9FLDDw8FDGtDKE+z0Rkdx4Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:04 2024 by rpki-client on console-fra.rpki-client.org