Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/8e1122-8cb9-4872-8811-1c2800831c64/1/R-lTglY1-uvOlhPcLBzSzzNwAQA.roa
File:                     R-lTglY1-uvOlhPcLBzSzzNwAQA.roa (raw, json)
Hash identifier:          W4rkizPZw3gASVQnw3+VRwzZTKz4oFrd+yAs7ypx3vQ=
Subject key identifier:   47:E9:53:82:56:35:FA:EB:CE:96:13:DC:2C:1C:D2:CF:33:70:01:00
Certificate issuer:       /CN=a8438eacf4d064e87a76bb462d3b4b2cc3858a4c
Certificate serial:       018571A7A4EED0A3A069AFA87FD3106F4132
Authority key identifier: A8:43:8E:AC:F4:D0:64:E8:7A:76:BB:46:2D:3B:4B:2C:C3:85:8A:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qEOOrPTQZOh6drtGLTtLLMOFikw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/8e1122-8cb9-4872-8811-1c2800831c64/1/R-lTglY1-uvOlhPcLBzSzzNwAQA.roa
Signing time:             Mon 02 Jan 2023 08:44:50 +0000
ROA not before:           Mon 02 Jan 2023 08:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57457
IP address blocks:        185.210.203.0/24 maxlen: 24
                          185.210.200.0/24 maxlen: 24
                          185.210.201.0/24 maxlen: 24
                          185.210.202.0/24 maxlen: 24
                          91.232.64.0/24 maxlen: 24
                          91.232.65.0/24 maxlen: 24
                          91.232.69.0/24 maxlen: 24
                          91.232.66.0/24 maxlen: 24
                          91.232.67.0/24 maxlen: 24
                          91.232.68.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:30:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:a7:a4:ee:d0:a3:a0:69:af:a8:7f:d3:10:6f:41:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8438eacf4d064e87a76bb462d3b4b2cc3858a4c
        Validity
            Not Before: Jan  2 08:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47e953825635faebce9613dc2c1cd2cf33700100
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b8:87:72:79:a5:4d:86:2d:95:ce:b3:69:92:
                    9b:cc:9c:bf:f2:cb:57:1f:e7:be:f5:2f:52:16:fc:
                    7f:31:83:5c:a7:3d:10:82:99:d1:d8:95:98:7a:5e:
                    38:b4:2e:11:99:c8:eb:03:e0:36:01:f3:4a:7f:8e:
                    d3:59:cc:db:f3:6b:f6:51:a1:16:06:2a:d1:85:95:
                    b8:ce:86:9e:ae:66:de:4f:d1:95:3c:f7:7a:ad:15:
                    7e:1d:07:b9:b7:23:bc:0c:b5:a8:02:f1:be:18:84:
                    78:8f:40:02:8c:96:0f:8a:d6:9d:0d:e3:06:fe:92:
                    c6:20:42:b8:d5:03:fd:a5:31:a2:5d:9d:91:70:1d:
                    be:ac:e9:46:97:71:79:73:f7:c2:46:92:ad:ce:b9:
                    54:f6:55:81:c4:1f:34:16:fc:97:40:07:fd:2e:e8:
                    64:17:fd:45:96:7d:63:46:38:cb:60:8d:e1:bd:17:
                    e6:8c:d2:da:97:a5:f7:d5:96:d9:27:68:bd:44:89:
                    8b:c6:9d:ab:bc:01:14:a0:5d:ef:da:fd:aa:f6:68:
                    8b:8c:0e:89:21:32:45:80:c9:79:67:40:23:35:b6:
                    8d:93:8a:19:f9:62:82:01:fa:b9:c7:5b:30:2a:43:
                    89:45:3f:14:94:95:3e:4f:1f:b0:13:4d:c5:ce:94:
                    1e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E9:53:82:56:35:FA:EB:CE:96:13:DC:2C:1C:D2:CF:33:70:01:00
            X509v3 Authority Key Identifier:
                keyid:A8:43:8E:AC:F4:D0:64:E8:7A:76:BB:46:2D:3B:4B:2C:C3:85:8A:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qEOOrPTQZOh6drtGLTtLLMOFikw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/8e1122-8cb9-4872-8811-1c2800831c64/1/R-lTglY1-uvOlhPcLBzSzzNwAQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/8e1122-8cb9-4872-8811-1c2800831c64/1/qEOOrPTQZOh6drtGLTtLLMOFikw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.64.0-91.232.69.255
                  185.210.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         66:19:01:b5:b7:44:a4:33:dd:c0:16:3c:84:8a:09:0f:09:5c:
         0b:68:25:eb:8c:dc:4f:8c:bc:4a:6d:19:b0:c4:fc:a2:0f:56:
         a0:e2:ac:17:88:ce:f3:24:27:2b:0b:e5:5e:9e:9c:8a:26:bc:
         fb:ee:fc:fc:01:9e:68:95:77:e0:03:b9:bd:0b:0f:af:1a:04:
         a6:fc:3c:25:e9:80:03:13:b1:c5:36:37:01:bf:6b:07:9d:b6:
         21:1b:7d:1b:f6:8b:73:f1:25:e6:d7:03:2e:56:4a:32:a5:a0:
         60:b8:c1:e7:93:d0:df:b1:9a:23:2f:5e:bc:06:82:8e:4d:b9:
         4a:22:50:11:39:66:58:7c:e9:d0:e5:a0:ea:c4:21:f3:f2:53:
         a9:93:02:96:cd:59:97:bf:95:71:fc:a9:97:5f:f3:88:14:45:
         a9:73:3d:38:fe:c6:ae:4b:a4:f0:72:ce:71:6d:89:ef:1d:ad:
         48:ba:2d:7f:29:aa:66:d2:22:6e:17:7b:c6:13:b7:a2:31:22:
         45:2a:36:14:f4:59:c9:ba:87:66:1a:99:b3:6e:08:34:94:0b:
         39:3b:30:6e:d6:24:6d:c2:38:b4:c4:79:1d:82:3c:1d:b3:17:
         f4:ae:d3:c9:09:8a:1a:32:0e:79:ec:2b:e1:db:30:18:25:c5:
         3e:dd:1d:36
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVxp6Tu0KOgaa+of9MQb0EyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4NDM4ZWFjZjRkMDY0ZTg3YTc2YmI0NjJkM2I0YjJjYzM4
NThhNGMwHhcNMjMwMTAyMDg0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2U5NTM4MjU2MzVmYWViY2U5NjEzZGMyYzFjZDJjZjMzNzAwMTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLiHcnmlTYYtlc6zaZKbzJy/8stX
H+e+9S9SFvx/MYNcpz0QgpnR2JWYel44tC4RmcjrA+A2AfNKf47TWczb82v2UaEW
BirRhZW4zoaermbeT9GVPPd6rRV+HQe5tyO8DLWoAvG+GIR4j0ACjJYPitadDeMG
/pLGIEK41QP9pTGiXZ2RcB2+rOlGl3F5c/fCRpKtzrlU9lWBxB80FvyXQAf9Luhk
F/1Fln1jRjjLYI3hvRfmjNLal6X31ZbZJ2i9RImLxp2rvAEUoF3v2v2q9miLjA6J
ITJFgMl5Z0AjNbaNk4oZ+WKCAfq5x1swKkOJRT8UlJU+Tx+wE03FzpQeywIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEfpU4JWNfrrzpYT3Cwc0s8zcAEAMB8GA1UdIwQY
MBaAFKhDjqz00GToena7Ri07SyzDhYpMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUVPT3JQVFFaT2g2ZHJ0R0xUdExMTU9GaWt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS84ZTExMjItOGNiOS00ODcyLTg4MTEt
MWMyODAwODMxYzY0LzEvUi1sVGdsWTEtdXZPbGhQY0xCelN6ek53QVFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS84ZTExMjItOGNiOS00ODcyLTg4MTEtMWMyODAwODMxYzY0
LzEvcUVPT3JQVFFaT2g2ZHJ0R0xUdExMTU9GaWt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAZb6EAD
BAFb6EQDBAK50sgwDQYJKoZIhvcNAQELBQADggEBAGYZAbW3RKQz3cAWPISKCQ8J
XAtoJeuM3E+MvEptGbDE/KIPVqDirBeIzvMkJysL5V6enIomvPvu/PwBnmiVd+AD
ub0LD68aBKb8PCXpgAMTscU2NwG/awedtiEbfRv2i3PxJebXAy5WSjKloGC4weeT
0N+xmiMvXrwGgo5NuUoiUBE5Zlh86dDloOrEIfPyU6mTApbNWZe/lXH8qZdf84gU
RalzPTj+xq5LpPByznFtie8drUi6LX8pqmbSIm4Xe8YTt6IxIkUqNhT0Wcm6h2Ya
mbNuCDSUCzk7MG7WJG3COLTEeR2CPB2zF/Su08kJihoyDnnsK+HbMBglxT7dHTY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:35 2024 by rpki-client on console-fra.rpki-client.org