Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/l8M9kUPMhHcqTGnRn4ZTvAE9RdI.roa
File:                     l8M9kUPMhHcqTGnRn4ZTvAE9RdI.roa (raw, json)
Hash identifier:          6a5/Oc9uNHrYRWbnptq5E8Pe1r62xKeEZgBdlTrvqTE=
Subject key identifier:   97:C3:3D:91:43:CC:84:77:2A:4C:69:D1:9F:86:53:BC:01:3D:45:D2
Certificate issuer:       /CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
Certificate serial:       0185701EE97683997DE4266C8B0BE78830CC
Authority key identifier: C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/l8M9kUPMhHcqTGnRn4ZTvAE9RdI.roa
Signing time:             Mon 02 Jan 2023 01:35:52 +0000
ROA not before:           Mon 02 Jan 2023 01:35:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39347
IP address blocks:        185.122.221.0/24 maxlen: 24
                          185.122.222.0/24 maxlen: 24
                          89.33.88.0/21 maxlen: 21
                          93.119.176.0/23 maxlen: 23
                          93.119.182.0/23 maxlen: 23
                          2a06:a880::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:1e:e9:76:83:99:7d:e4:26:6c:8b:0b:e7:88:30:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c0591e2eb49d0559e6fce7ee2aa81f0f59ba6f
        Validity
            Not Before: Jan  2 01:35:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=97c33d9143cc84772a4c69d19f8653bc013d45d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fa:82:36:26:27:89:28:23:35:24:19:34:5e:
                    a6:5b:cf:28:d9:fd:b2:54:6a:8b:56:e2:7a:d3:7b:
                    0b:41:44:cb:ab:6d:d9:d4:f3:34:2a:d0:8f:82:a3:
                    e5:66:c4:c1:63:cb:2c:58:c2:14:8c:40:d8:b6:0c:
                    22:a6:fd:77:b6:22:17:23:b4:f9:ca:8d:2c:f5:47:
                    4d:3a:e7:e9:c5:f9:15:04:f3:df:6f:e3:3c:4b:d5:
                    ff:9c:e5:7a:9e:43:e3:37:5c:51:82:53:f2:98:23:
                    54:3e:61:65:df:0d:c5:bb:5c:88:fc:ae:85:9d:d5:
                    14:b5:89:21:16:96:2d:73:df:29:35:b9:21:84:1a:
                    3d:d1:85:5c:7f:d0:1f:c0:c9:e9:cd:b9:b4:f5:db:
                    e1:57:2e:bc:f5:9f:59:11:30:ce:a9:bf:c9:67:03:
                    c1:82:65:6f:74:f1:8b:50:78:d5:6b:eb:f0:c5:10:
                    1c:22:8f:6c:42:a3:ac:0c:28:d2:62:79:3a:bd:39:
                    f1:23:e2:43:b4:bc:0c:2c:fd:54:83:af:b4:c8:14:
                    3f:07:0f:1f:5d:5d:51:67:60:76:e4:e0:a4:a3:62:
                    9e:11:3e:b3:46:91:10:82:f9:f4:24:c5:16:d5:84:
                    3b:63:73:1d:68:35:9c:72:15:26:27:3c:c2:cf:68:
                    f5:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:C3:3D:91:43:CC:84:77:2A:4C:69:D1:9F:86:53:BC:01:3D:45:D2
            X509v3 Authority Key Identifier:
                keyid:C3:C0:59:1E:2E:B4:9D:05:59:E6:FC:E7:EE:2A:A8:1F:0F:59:BA:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8BZHi60nQVZ5vzn7iqoHw9Zum8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/l8M9kUPMhHcqTGnRn4ZTvAE9RdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/4b8aab-2099-43af-b41d-e3407174663b/1/w8BZHi60nQVZ5vzn7iqoHw9Zum8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.33.88.0/21
                  93.119.176.0/23
                  93.119.182.0/23
                  185.122.221.0-185.122.222.255
                IPv6:
                  2a06:a880::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:7c:43:af:c2:b7:95:e3:e3:b3:17:af:3f:55:24:f2:fc:a4:
         c5:0f:66:3e:82:67:81:dd:53:83:9f:a4:6f:b3:b1:36:72:63:
         03:f0:f6:8f:c3:80:a8:d4:d5:83:e3:6b:1b:71:7e:75:27:39:
         fc:1a:da:cc:22:71:d3:ec:3e:89:32:38:9e:0a:14:3c:36:67:
         52:34:ae:59:f2:76:e8:e7:48:fb:95:2e:cf:a6:f1:a8:95:e4:
         40:b9:87:88:0b:35:78:2f:ae:1d:58:9a:2a:30:79:2a:18:60:
         6b:29:8f:54:87:d7:9c:3c:ea:0e:d5:47:e3:7c:17:fc:2c:b4:
         73:5d:cf:e3:9e:06:6f:f0:8c:ca:87:53:8e:e9:21:66:a2:b8:
         49:98:59:0c:61:17:b6:e6:e3:50:a8:b8:72:ab:c2:ba:89:6c:
         fb:3f:3c:fb:f2:0f:18:b1:5d:01:43:bd:54:6f:aa:12:9c:35:
         17:54:cb:48:29:5d:33:75:e2:90:87:13:06:65:f8:90:cc:60:
         30:92:d6:fd:9e:9e:3a:04:87:fe:04:cc:77:7e:cc:79:be:85:
         05:47:8e:8a:b1:a7:a3:6a:72:e7:b7:97:6f:f7:7f:b4:73:27:
         82:55:77:56:48:5f:52:ae:55:29:19:c0:35:0b:1a:88:ad:2a:
         dc:3d:4e:86
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYVwHul2g5l95CZsiwvniDDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzA1OTFlMmViNDlkMDU1OWU2ZmNlN2VlMmFhODFmMGY1
OWJhNmYwHhcNMjMwMTAyMDEzNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2MzM2Q5MTQzY2M4NDc3MmE0YzY5ZDE5Zjg2NTNiYzAxM2Q0NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivqCNiYniSgjNSQZNF6mW88o2f2y
VGqLVuJ603sLQUTLq23Z1PM0KtCPgqPlZsTBY8ssWMIUjEDYtgwipv13tiIXI7T5
yo0s9UdNOufpxfkVBPPfb+M8S9X/nOV6nkPjN1xRglPymCNUPmFl3w3Fu1yI/K6F
ndUUtYkhFpYtc98pNbkhhBo90YVcf9AfwMnpzbm09dvhVy689Z9ZETDOqb/JZwPB
gmVvdPGLUHjVa+vwxRAcIo9sQqOsDCjSYnk6vTnxI+JDtLwMLP1Ug6+0yBQ/Bw8f
XV1RZ2B25OCko2KeET6zRpEQgvn0JMUW1YQ7Y3MdaDWcchUmJzzCz2j1NQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFJfDPZFDzIR3Kkxp0Z+GU7wBPUXSMB8GA1UdIwQY
MBaAFMPAWR4utJ0FWeb85+4qqB8PWbpvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQt
ZTM0MDcxNzQ2NjNiLzEvbDhNOWtVUE1oSGNxVEduUm40WlR2QUU5UmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy80YjhhYWItMjA5OS00M2FmLWI0MWQtZTM0MDcxNzQ2NjNi
LzEvdzhCWkhpNjBuUVZaNXZ6bjdpcW9IdzladW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgAwQDWSFYAwQB
XXewAwQBXXe2MAwDBAC5et0DBAC5et4wDwQCAAIwCQMHACoGqIAAADANBgkqhkiG
9w0BAQsFAAOCAQEAq3xDr8K3lePjsxevP1Uk8vykxQ9mPoJngd1Tg5+kb7OxNnJj
A/D2j8OAqNTVg+NrG3F+dSc5/BrazCJx0+w+iTI4ngoUPDZnUjSuWfJ26OdI+5Uu
z6bxqJXkQLmHiAs1eC+uHViaKjB5KhhgaymPVIfXnDzqDtVH43wX/Cy0c13P454G
b/CMyodTjukhZqK4SZhZDGEXtubjUKi4cqvCuols+z88+/IPGLFdAUO9VG+qEpw1
F1TLSCldM3XikIcTBmX4kMxgMJLW/Z6eOgSH/gTMd37Meb6FBUeOirGno2py57eX
b/d/tHMnglV3VkhfUq5VKRnANQsaiK0q3D1Ohg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:38 2024 by rpki-client on console-fra.rpki-client.org