Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/jzQXX6S4YDzkoE5KGepqGaSvHv8.roa
File:                     jzQXX6S4YDzkoE5KGepqGaSvHv8.roa (raw, json)
Hash identifier:          z8OImg9Esp3kmyhw94cVQkGVGG8NBln9y/OvuHgWe5g=
Subject key identifier:   8F:34:17:5F:A4:B8:60:3C:E4:A0:4E:4A:19:EA:6A:19:A4:AF:1E:FF
Certificate issuer:       /CN=f416539e74934d23a0572f6625dbfdb54e820873
Certificate serial:       018570399A522595B3B928F13B4FF71EC1AE
Authority key identifier: F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/jzQXX6S4YDzkoE5KGepqGaSvHv8.roa
Signing time:             Mon 02 Jan 2023 02:05:01 +0000
ROA not before:           Mon 02 Jan 2023 02:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     196838
IP address blocks:        194.156.253.0/24 maxlen: 24
                          194.156.252.0/24 maxlen: 24
                          194.156.255.0/24 maxlen: 24
                          194.156.254.0/24 maxlen: 24
                          109.69.164.0/24 maxlen: 24
                          109.69.163.0/24 maxlen: 24
                          109.69.166.0/24 maxlen: 24
                          109.69.165.0/24 maxlen: 24
                          109.69.160.0/24 maxlen: 24
                          109.69.162.0/24 maxlen: 24
                          109.69.161.0/24 maxlen: 24
                          93.159.192.0/24 maxlen: 24
                          109.69.167.0/24 maxlen: 24
                          93.159.198.0/24 maxlen: 24
                          93.159.197.0/24 maxlen: 24
                          93.159.199.0/24 maxlen: 24
                          93.159.194.0/24 maxlen: 24
                          93.159.193.0/24 maxlen: 24
                          93.159.196.0/24 maxlen: 24
                          93.159.195.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:39:9a:52:25:95:b3:b9:28:f1:3b:4f:f7:1e:c1:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f416539e74934d23a0572f6625dbfdb54e820873
        Validity
            Not Before: Jan  2 02:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8f34175fa4b8603ce4a04e4a19ea6a19a4af1eff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:95:16:49:9d:68:0f:6b:08:53:e1:bb:a1:
                    ff:1e:e5:b4:37:51:81:60:46:15:46:f7:17:d1:cd:
                    d0:fb:6b:1b:14:1c:80:78:c9:64:1c:1a:b3:bc:ad:
                    3a:c1:35:d5:14:84:ab:87:3f:d3:2d:c3:08:52:f6:
                    49:0b:be:cf:a9:53:c1:9a:e8:64:d1:b7:fc:4b:e3:
                    2e:f0:a5:d6:51:c1:7f:87:a5:3f:f4:75:03:8b:92:
                    99:89:f9:5b:8a:e8:35:74:bc:44:82:f6:7d:b5:37:
                    39:68:f7:c6:14:a9:db:a9:6c:94:32:93:37:7e:92:
                    fb:c2:92:12:c3:04:dc:5c:28:5f:08:0e:ce:83:12:
                    db:60:24:5e:18:31:39:de:70:af:30:a7:4b:0e:a8:
                    6a:de:af:85:4c:83:0d:26:36:b8:cc:19:30:c6:6b:
                    73:35:64:fa:24:14:f1:d0:66:7e:c6:3b:b6:c9:95:
                    89:ac:99:0b:1a:0a:18:5c:f3:b8:87:ee:c4:85:61:
                    c0:91:73:c4:bc:f7:3a:e4:dc:c8:83:e9:51:96:ef:
                    b4:8b:d1:eb:da:fe:31:20:be:2f:b4:da:79:5b:3f:
                    89:9b:c4:1b:8b:76:a8:7c:2d:27:61:50:8c:89:8b:
                    80:06:4d:2d:e0:44:a2:d8:64:88:fc:88:97:b3:f2:
                    b3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:34:17:5F:A4:B8:60:3C:E4:A0:4E:4A:19:EA:6A:19:A4:AF:1E:FF
            X509v3 Authority Key Identifier:
                keyid:F4:16:53:9E:74:93:4D:23:A0:57:2F:66:25:DB:FD:B5:4E:82:08:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9BZTnnSTTSOgVy9mJdv9tU6CCHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/jzQXX6S4YDzkoE5KGepqGaSvHv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/53e496-0097-462a-a989-d67a61d5416d/1/9BZTnnSTTSOgVy9mJdv9tU6CCHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.192.0/21
                  109.69.160.0/21
                  194.156.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:27:f0:c4:43:87:39:fc:c2:d3:4c:22:c0:aa:a1:fd:1f:3b:
         c2:14:c3:9a:50:ed:94:b7:01:ce:59:0f:db:11:6d:87:55:09:
         5e:73:af:8c:ac:88:36:08:68:b8:4d:bc:70:45:49:23:8d:0f:
         6c:38:8c:42:e3:1d:95:d4:9a:47:73:ac:03:90:b7:b5:f0:be:
         1f:7f:38:3a:3b:33:43:d4:14:a9:e8:d9:0d:1b:5f:0e:12:70:
         9e:68:72:0a:96:1f:66:a9:cc:ab:96:3a:d6:bf:35:ee:64:a1:
         29:52:82:6f:92:6d:99:dc:1a:f1:fa:63:38:dc:99:99:12:1b:
         43:6a:d9:47:9d:b3:31:6c:47:0a:77:e1:46:17:cc:02:fa:b5:
         48:b1:2e:90:ba:b3:59:10:e9:8f:1e:c7:d7:e4:3f:1d:0b:e4:
         9f:d0:39:df:b4:30:56:a1:c4:a2:5d:26:8f:c7:43:61:ce:64:
         b4:d0:80:d5:88:d2:73:e1:09:6b:95:94:26:45:c2:40:ba:ff:
         3a:ff:e0:b4:73:34:f2:86:f4:29:be:e8:ac:a4:74:03:fd:a1:
         37:e2:55:bf:11:e4:b2:0a:34:f8:f5:9c:8a:fa:34:1d:12:84:
         1f:12:0c:fc:2c:af:19:f5:4c:21:5f:01:3a:34:7c:16:24:fa:
         6e:62:a6:a6
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVwOZpSJZWzuSjxO0/3HsGuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0MTY1MzllNzQ5MzRkMjNhMDU3MmY2NjI1ZGJmZGI1NGU4
MjA4NzMwHhcNMjMwMTAyMDIwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjM0MTc1ZmE0Yjg2MDNjZTRhMDRlNGExOWVhNmExOWE0YWYxZWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2yVFkmdaA9rCFPhu6H/HuW0N1GB
YEYVRvcX0c3Q+2sbFByAeMlkHBqzvK06wTXVFISrhz/TLcMIUvZJC77PqVPBmuhk
0bf8S+Mu8KXWUcF/h6U/9HUDi5KZiflbiug1dLxEgvZ9tTc5aPfGFKnbqWyUMpM3
fpL7wpISwwTcXChfCA7OgxLbYCReGDE53nCvMKdLDqhq3q+FTIMNJja4zBkwxmtz
NWT6JBTx0GZ+xju2yZWJrJkLGgoYXPO4h+7EhWHAkXPEvPc65NzIg+lRlu+0i9Hr
2v4xIL4vtNp5Wz+Jm8Qbi3aofC0nYVCMiYuABk0t4ESi2GSI/IiXs/KzCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFI80F1+kuGA85KBOShnqahmkrx7/MB8GA1UdIwQY
MBaAFPQWU550k00joFcvZiXb/bVOgghzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODkt
ZDY3YTYxZDU0MTZkLzEvanpRWFg2UzRZRHprb0U1S0dlcHFHYVN2SHY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy81M2U0OTYtMDA5Ny00NjJhLWE5ODktZDY3YTYxZDU0MTZk
LzEvOUJaVG5uU1RUU09nVnk5bUpkdjl0VTZDQ0hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXZ/AAwQD
bUWgAwQCwpz8MA0GCSqGSIb3DQEBCwUAA4IBAQAwJ/DEQ4c5/MLTTCLAqqH9HzvC
FMOaUO2UtwHOWQ/bEW2HVQlec6+MrIg2CGi4TbxwRUkjjQ9sOIxC4x2V1JpHc6wD
kLe18L4ffzg6OzND1BSp6NkNG18OEnCeaHIKlh9mqcyrljrWvzXuZKEpUoJvkm2Z
3Brx+mM43JmZEhtDatlHnbMxbEcKd+FGF8wC+rVIsS6QurNZEOmPHsfX5D8dC+Sf
0DnftDBWocSiXSaPx0NhzmS00IDViNJz4QlrlZQmRcJAuv86/+C0czTyhvQpvuis
pHQD/aE34lW/EeSyCjT49ZyK+jQdEoQfEgz8LK8Z9UwhXwE6NHwWJPpuYqam
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:49 2024 by rpki-client on console-fra.rpki-client.org