Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ZjExKFqRAqCuLBKhkMaBRiWyH5I.roa
File:                     ZjExKFqRAqCuLBKhkMaBRiWyH5I.roa (raw, json)
Hash identifier:          IX7NOiTCodELFZtckJ2M+JMT2rOmRyrZAcN10SOASLs=
Subject key identifier:   66:31:31:28:5A:91:02:A0:AE:2C:12:A1:90:C6:81:46:25:B2:1F:92
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018DEB90F5710204248F80E3FDD0A2A7B372
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ZjExKFqRAqCuLBKhkMaBRiWyH5I.roa
Signing time:             Tue 27 Feb 2024 17:16:02 +0000
ROA not before:           Tue 27 Feb 2024 17:16:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        78.31.207.0/24 maxlen: 24
                          104.232.37.0/24 maxlen: 24
                          162.218.92.0/24 maxlen: 24
                          162.218.94.0/24 maxlen: 24
                          185.187.213.0/24 maxlen: 24
                          185.205.207.0/24 maxlen: 24
                          185.230.120.0/24 maxlen: 24
                          185.230.123.0/24 maxlen: 24
                          2a0a:8f40:31::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 27 Feb 2024 23:29:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:eb:90:f5:71:02:04:24:8f:80:e3:fd:d0:a2:a7:b3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Feb 27 17:16:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663131285a9102a0ae2c12a190c6814625b21f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e7:77:82:eb:8e:36:f0:fe:7f:3c:cf:82:06:
                    e0:58:f9:2f:02:ad:8c:1d:72:64:13:e3:bb:4d:48:
                    af:e8:1c:89:c1:61:6d:cd:3d:ae:37:62:bd:9d:db:
                    28:ca:cc:4b:e6:39:d5:f8:06:33:ad:88:78:fb:5e:
                    a5:61:3b:1e:00:63:95:eb:79:c6:6b:be:99:e4:c4:
                    22:4c:ed:6c:fc:72:15:94:18:74:95:59:73:53:37:
                    21:47:e8:fe:fa:e4:95:9e:df:bd:68:5e:4a:8d:f6:
                    15:1f:84:fa:b1:b9:d2:25:0a:e5:7a:30:2f:26:41:
                    45:2d:3e:62:5b:91:54:d2:f9:fd:4a:fa:c4:d7:8d:
                    a1:a5:79:3a:d1:ea:60:9c:73:b0:0f:a6:4d:74:02:
                    f1:2b:92:42:37:76:9b:c7:43:3b:76:1a:a2:fd:0a:
                    c9:36:a9:b0:46:50:c2:4f:bb:17:56:9e:e6:a6:10:
                    f1:d3:b5:bd:47:cf:08:57:7f:a6:4f:f0:24:37:b3:
                    71:7f:67:cc:44:02:9a:bb:15:98:d3:9e:45:37:e0:
                    be:8b:53:a3:ad:d6:4f:53:eb:23:10:1b:97:82:5e:
                    9d:87:f2:da:4c:90:1a:db:d3:07:8a:95:31:41:6f:
                    71:40:93:f9:e7:a0:3c:40:50:2d:d1:f8:38:0d:2b:
                    48:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:31:31:28:5A:91:02:A0:AE:2C:12:A1:90:C6:81:46:25:B2:1F:92
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/ZjExKFqRAqCuLBKhkMaBRiWyH5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.31.207.0/24
                  104.232.37.0/24
                  162.218.92.0/24
                  162.218.94.0/24
                  185.187.213.0/24
                  185.205.207.0/24
                  185.230.120.0/24
                  185.230.123.0/24
                IPv6:
                  2a0a:8f40:31::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:1f:30:fc:ec:60:27:9c:0d:5b:09:36:41:14:2b:05:59:ac:
         23:f3:4f:30:a5:5e:06:7d:aa:9b:6b:fa:af:e5:17:49:db:6a:
         8f:0f:7a:bd:d0:ba:18:ca:66:1a:07:54:6b:08:0e:df:92:c2:
         7c:dd:4c:75:ec:2b:a7:a7:8b:6a:9c:64:a0:f4:5d:a7:56:cf:
         fc:96:35:e3:58:f1:a1:9e:81:bf:6a:7f:e7:f0:6c:d8:7a:ab:
         72:78:ed:bf:e3:ac:6c:8a:5f:95:9f:84:a2:8b:17:65:e6:ef:
         19:35:d0:4c:11:45:99:13:de:2f:c5:bf:c2:59:0c:cc:cd:2b:
         95:0d:da:8e:3c:e7:5c:76:5d:a9:65:67:b1:5f:26:86:3d:79:
         ee:26:f3:07:3b:e7:08:ff:17:23:30:ca:de:97:c2:cb:40:d5:
         eb:c5:ec:11:3e:0c:47:d2:5c:82:78:76:69:1a:e6:7d:12:11:
         f2:29:d5:60:66:5d:e2:be:59:82:9a:d1:08:0b:73:54:9c:7f:
         a0:e2:02:b6:a9:dc:74:13:d9:b5:e5:6a:61:6e:e3:f4:e0:27:
         82:84:11:52:a5:9d:50:93:8b:2a:8b:5a:61:d7:52:84:7f:ae:
         f6:72:6a:be:e5:53:48:89:4f:7d:c1:d5:42:e3:20:0c:3b:52:
         13:d7:e5:26
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAY3rkPVxAgQkj4Dj/dCip7NyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMjI3MTcxNjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjMxMzEyODVhOTEwMmEwYWUyYzEyYTE5MGM2ODE0NjI1YjIxZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAled3guuONvD+fzzPggbgWPkvAq2M
HXJkE+O7TUiv6ByJwWFtzT2uN2K9ndsoysxL5jnV+AYzrYh4+16lYTseAGOV63nG
a76Z5MQiTO1s/HIVlBh0lVlzUzchR+j++uSVnt+9aF5KjfYVH4T6sbnSJQrlejAv
JkFFLT5iW5FU0vn9SvrE142hpXk60epgnHOwD6ZNdALxK5JCN3abx0M7dhqi/QrJ
NqmwRlDCT7sXVp7mphDx07W9R88IV3+mT/AkN7Nxf2fMRAKauxWY055FN+C+i1Oj
rdZPU+sjEBuXgl6dh/LaTJAa29MHipUxQW9xQJP556A8QFAt0fg4DStIrQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFGYxMShakQKgriwSoZDGgUYlsh+SMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvWmpFeEtGcVJBcUN1TEJLaGtNYUJSaVd5SDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA2BAIAATAwAwQATh/PAwQA
aOglAwQAotpcAwQAotpeAwQAubvVAwQAuc3PAwQAueZ4AwQAueZ7MA8EAgACMAkD
BwAqCo9AADEwDQYJKoZIhvcNAQELBQADggEBAE4fMPzsYCecDVsJNkEUKwVZrCPz
TzClXgZ9qptr+q/lF0nbao8Per3QuhjKZhoHVGsIDt+SwnzdTHXsK6eni2qcZKD0
XadWz/yWNeNY8aGegb9qf+fwbNh6q3J47b/jrGyKX5WfhKKLF2Xm7xk10EwRRZkT
3i/Fv8JZDMzNK5UN2o4851x2XallZ7FfJoY9ee4m8wc75wj/FyMwyt6XwstA1evF
7BE+DEfSXIJ4dmka5n0SEfIp1WBmXeK+WYKa0QgLc1Scf6DiArap3HQT2bXlamFu
4/TgJ4KEEVKlnVCTiyqLWmHXUoR/rvZyar7lU0iJT33B1ULjIAw7UhPX5SY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:55 2024 by rpki-client on console-fra.rpki-client.org