Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/lbK4YSDUHdYiV0EKoSm4jyOdeqo.roa
File:                     lbK4YSDUHdYiV0EKoSm4jyOdeqo.roa (raw, json)
Hash identifier:          lhoDtlryuCi34qA75tIT74ng4eA0+vcTnx3lgwOgc+s=
Subject key identifier:   95:B2:B8:61:20:D4:1D:D6:22:57:41:0A:A1:29:B8:8F:23:9D:7A:AA
Certificate issuer:       /CN=35f1fd69e7196aef5e29ba795680dac3e34868c8
Certificate serial:       01856ECB91E867116DB39E66B999479C71BA
Authority key identifier: 35:F1:FD:69:E7:19:6A:EF:5E:29:BA:79:56:80:DA:C3:E3:48:68:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/lbK4YSDUHdYiV0EKoSm4jyOdeqo.roa
Signing time:             Sun 01 Jan 2023 19:25:12 +0000
ROA not before:           Sun 01 Jan 2023 19:25:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50862
IP address blocks:        194.29.78.0/24 maxlen: 24
                          194.29.73.0/24 maxlen: 24
                          91.229.49.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:cb:91:e8:67:11:6d:b3:9e:66:b9:99:47:9c:71:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35f1fd69e7196aef5e29ba795680dac3e34868c8
        Validity
            Not Before: Jan  1 19:25:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95b2b86120d41dd62257410aa129b88f239d7aaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ab:2d:c3:63:ee:f8:dc:ef:26:8f:da:6e:34:
                    fb:1d:24:ba:a8:29:5d:15:f7:62:52:99:51:b1:67:
                    7f:ab:0d:80:1e:64:2f:fe:a0:9d:89:c5:77:03:fe:
                    e6:68:d0:f5:e2:c2:99:8a:53:83:9f:ef:fc:f0:6e:
                    2e:e2:a5:f4:ba:7f:93:76:a6:97:1b:86:d7:b2:b3:
                    f4:a2:28:12:5a:fd:b9:e7:86:76:a6:7a:8b:77:8b:
                    a8:d4:b0:9f:58:8e:9e:ce:62:1c:30:a3:5d:82:4d:
                    18:8d:a3:be:b9:4e:ef:ec:ce:de:87:65:09:69:db:
                    91:03:79:49:ab:1a:58:51:54:97:a8:46:a1:88:db:
                    35:8a:ab:98:54:cd:04:df:15:99:1e:9f:c8:46:b0:
                    14:f6:ed:c0:52:04:69:e1:0e:7d:01:39:4f:92:11:
                    41:e5:e2:18:1b:12:cc:1b:f1:27:de:5f:b5:88:a9:
                    9b:de:3f:ef:10:83:4b:1f:e9:d2:ce:37:3f:2e:30:
                    a0:2a:92:8d:a4:a8:bc:95:a5:c3:14:45:bb:e3:f9:
                    22:6b:27:7c:f9:ca:c2:16:b1:92:fc:5e:4d:d9:fb:
                    cd:e0:da:8c:b1:be:2c:4a:09:33:b0:cc:61:a6:02:
                    81:a3:0d:30:af:4a:53:f7:27:e0:14:86:ba:d9:bd:
                    35:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B2:B8:61:20:D4:1D:D6:22:57:41:0A:A1:29:B8:8F:23:9D:7A:AA
            X509v3 Authority Key Identifier:
                keyid:35:F1:FD:69:E7:19:6A:EF:5E:29:BA:79:56:80:DA:C3:E3:48:68:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NfH9aecZau9eKbp5VoDaw-NIaMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/lbK4YSDUHdYiV0EKoSm4jyOdeqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/66f379-f598-4e60-b493-f9ca7124f098/1/NfH9aecZau9eKbp5VoDaw-NIaMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.49.0/24
                  194.29.73.0/24
                  194.29.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:ac:ce:b6:02:4b:32:d6:d2:ad:8c:08:37:37:59:c4:ae:01:
         1e:31:8f:64:a3:03:1a:9e:90:d3:b8:86:51:fc:80:09:3b:b1:
         fa:4f:9e:22:8a:f8:bc:22:51:1d:9d:7a:3b:82:2c:ff:72:8a:
         a5:e9:12:0f:09:f1:57:e6:f8:f3:de:ac:f8:4f:92:d9:d5:b7:
         02:78:83:ed:c4:7c:65:c3:9e:b9:8b:b6:e7:59:36:6e:18:3b:
         3a:ac:76:bc:b6:5c:fa:28:96:db:31:22:4a:8d:bc:f3:7b:c4:
         2e:2b:56:f7:4a:a8:a5:bb:44:f7:41:a5:24:68:6d:20:5e:61:
         08:f0:18:f6:cb:52:2b:55:51:31:cb:d1:50:c7:7c:c4:2a:ed:
         93:b1:d4:e6:0a:38:af:32:7a:e2:6d:f8:d5:74:5a:19:7f:db:
         2b:d2:20:b5:ad:68:cd:73:e2:85:e5:2e:7b:70:42:0f:29:a7:
         41:82:28:8b:89:a5:28:3e:c8:68:93:06:d7:a0:73:36:8f:68:
         1c:84:57:f1:c2:b1:82:fe:32:8d:e5:f2:d2:1a:8e:d6:15:04:
         43:10:56:2b:21:c1:41:3d:82:10:d2:83:a6:1d:b9:46:d4:9a:
         65:4c:8a:c1:b0:3c:5e:3a:14:ef:79:18:3f:a5:ff:95:e5:b4:
         85:16:36:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVuy5HoZxFts55muZlHnHG6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZjFmZDY5ZTcxOTZhZWY1ZTI5YmE3OTU2ODBkYWMzZTM0
ODY4YzgwHhcNMjMwMTAxMTkyNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIyYjg2MTIwZDQxZGQ2MjI1NzQxMGFhMTI5Yjg4ZjIzOWQ3YWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqstw2Pu+NzvJo/abjT7HSS6qCld
FfdiUplRsWd/qw2AHmQv/qCdicV3A/7maND14sKZilODn+/88G4u4qX0un+TdqaX
G4bXsrP0oigSWv2554Z2pnqLd4uo1LCfWI6ezmIcMKNdgk0YjaO+uU7v7M7eh2UJ
aduRA3lJqxpYUVSXqEahiNs1iquYVM0E3xWZHp/IRrAU9u3AUgRp4Q59ATlPkhFB
5eIYGxLMG/En3l+1iKmb3j/vEINLH+nSzjc/LjCgKpKNpKi8laXDFEW74/kiayd8
+crCFrGS/F5N2fvN4NqMsb4sSgkzsMxhpgKBow0wr0pT9yfgFIa62b01kwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJWyuGEg1B3WIldBCqEpuI8jnXqqMB8GA1UdIwQY
MBaAFDXx/WnnGWrvXim6eVaA2sPjSGjIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmZIOWFlY1phdTllS2JwNVZvRGF3LU5JYU1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82NmYzNzktZjU5OC00ZTYwLWI0OTMt
ZjljYTcxMjRmMDk4LzEvbGJLNFlTRFVIZFlpVjBFS29TbTRqeU9kZXFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82NmYzNzktZjU5OC00ZTYwLWI0OTMtZjljYTcxMjRmMDk4
LzEvTmZIOWFlY1phdTllS2JwNVZvRGF3LU5JYU1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+UxAwQA
wh1JAwQAwh1OMA0GCSqGSIb3DQEBCwUAA4IBAQCYrM62Aksy1tKtjAg3N1nErgEe
MY9kowManpDTuIZR/IAJO7H6T54iivi8IlEdnXo7giz/coql6RIPCfFX5vjz3qz4
T5LZ1bcCeIPtxHxlw565i7bnWTZuGDs6rHa8tlz6KJbbMSJKjbzze8QuK1b3Sqil
u0T3QaUkaG0gXmEI8Bj2y1IrVVExy9FQx3zEKu2TsdTmCjivMnribfjVdFoZf9sr
0iC1rWjNc+KF5S57cEIPKadBgiiLiaUoPshokwbXoHM2j2gchFfxwrGC/jKN5fLS
Go7WFQRDEFYrIcFBPYIQ0oOmHblG1JplTIrBsDxeOhTveRg/pf+V5bSFFja1
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:50 2024 by rpki-client on console-ams.rpki-client.org