Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/zUNv1HfON0lV6mQyA01rM3lYb34.roa
File:                     zUNv1HfON0lV6mQyA01rM3lYb34.roa (raw, json)
Hash identifier:          aEepspt1LjSc/lySDb3mAzBhS2cVtsoeiZ7OfnmvlYc=
Subject key identifier:   CD:43:6F:D4:77:CE:37:49:55:EA:64:32:03:4D:6B:33:79:58:6F:7E
Certificate issuer:       /CN=3d9424b3c8e72f746a59eb199455aa3646a3a457
Certificate serial:       01856C65BAD8C0A1C66F67795A041806E7AC
Authority key identifier: 3D:94:24:B3:C8:E7:2F:74:6A:59:EB:19:94:55:AA:36:46:A3:A4:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZQks8jnL3RqWesZlFWqNkajpFc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/zUNv1HfON0lV6mQyA01rM3lYb34.roa
Signing time:             Sun 01 Jan 2023 08:14:44 +0000
ROA not before:           Sun 01 Jan 2023 08:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202283
IP address blocks:        193.109.238.0/24 maxlen: 24
                          185.232.220.0/22 maxlen: 22
                          2a0c:d100::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:65:ba:d8:c0:a1:c6:6f:67:79:5a:04:18:06:e7:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d9424b3c8e72f746a59eb199455aa3646a3a457
        Validity
            Not Before: Jan  1 08:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cd436fd477ce374955ea6432034d6b3379586f7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:69:7c:8a:db:a1:27:35:e3:48:e1:dc:77:e8:
                    52:c8:6c:22:62:f9:89:0e:70:0d:56:18:4f:1d:0c:
                    6d:86:6c:e2:c5:55:89:cd:c1:0a:7f:ba:24:41:17:
                    d6:23:34:32:23:d0:c0:a2:95:16:a8:2f:28:cd:31:
                    9b:da:a9:ad:b4:f0:d5:7a:1c:9a:4d:af:77:d1:00:
                    2b:20:54:22:e1:67:34:b4:6b:10:9e:a3:90:f6:4d:
                    f7:7f:5f:c3:c9:f8:a9:f7:27:04:65:1f:a7:1d:cb:
                    c5:22:de:43:55:c8:9f:9d:48:ae:1f:f2:18:8f:9f:
                    72:d3:3c:57:19:60:7c:5c:0a:c0:48:51:4d:ac:71:
                    e7:80:2c:c3:84:62:9c:fe:5e:88:12:27:45:61:fb:
                    b4:18:96:20:a1:14:b7:86:98:5b:c8:56:f8:49:cd:
                    a2:16:73:be:96:73:00:e9:8f:a6:0b:ed:e0:66:9c:
                    24:f5:91:6c:07:e5:82:8c:e2:73:4a:cb:0c:16:7f:
                    da:e7:71:c4:2d:4e:e7:04:8a:32:fb:3f:4d:c0:3c:
                    11:b9:1a:df:83:13:a2:d4:47:57:e9:b4:cb:31:cb:
                    33:6c:98:e0:15:57:0f:dc:36:5b:ea:f0:f5:81:9d:
                    7c:d2:6c:50:9e:5c:72:5f:3e:e6:6d:9d:41:1e:cc:
                    f0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:43:6F:D4:77:CE:37:49:55:EA:64:32:03:4D:6B:33:79:58:6F:7E
            X509v3 Authority Key Identifier:
                keyid:3D:94:24:B3:C8:E7:2F:74:6A:59:EB:19:94:55:AA:36:46:A3:A4:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZQks8jnL3RqWesZlFWqNkajpFc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/zUNv1HfON0lV6mQyA01rM3lYb34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/df2947-cd05-4405-949a-6a8033dcbe1c/1/PZQks8jnL3RqWesZlFWqNkajpFc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.220.0/22
                  193.109.238.0/24
                IPv6:
                  2a0c:d100::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:65:b6:ab:cf:53:4e:22:cd:73:db:c7:c8:cc:66:2c:2b:ab:
         22:99:a4:83:9b:06:f7:c5:30:22:54:39:b4:33:e2:85:4f:f6:
         d4:85:69:b7:7f:e6:78:2c:85:72:51:b7:e0:ba:a4:46:bd:4b:
         a3:e0:fb:fc:9e:73:c9:7c:a6:d3:d4:90:da:c4:42:07:fd:35:
         4a:7f:bd:10:c9:69:f2:86:94:14:33:23:48:18:03:fe:e8:bf:
         06:eb:8e:9f:72:f7:df:a9:9d:0d:82:37:9c:cd:76:9f:6b:6d:
         61:43:18:8c:ce:67:85:ab:02:e0:0a:43:6e:47:77:1d:f4:f2:
         73:88:e2:61:40:d0:49:73:5d:55:c5:46:c3:fb:44:50:41:10:
         cf:a3:bb:ad:d3:df:3a:13:ec:8a:14:e7:4f:e4:17:a2:18:dd:
         43:5e:6e:01:7b:c8:86:0a:99:70:db:28:8d:65:c2:5b:99:7e:
         32:75:4f:57:4b:17:a8:0d:11:83:e5:71:a0:05:78:7d:b1:23:
         1a:87:9b:20:ee:ed:2c:8d:db:09:d6:48:ea:58:0e:67:39:57:
         02:b1:3d:c3:d6:cc:c9:cf:77:bf:b8:fd:ed:87:a2:9b:f7:1d:
         c5:42:f4:3f:9b:31:dc:40:dc:00:a9:de:5b:ca:d6:9f:a5:0a:
         80:ca:1f:76
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVsZbrYwKHGb2d5WgQYBuesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOTQyNGIzYzhlNzJmNzQ2YTU5ZWIxOTk0NTVhYTM2NDZh
M2E0NTcwHhcNMjMwMTAxMDgxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDQzNmZkNDc3Y2UzNzQ5NTVlYTY0MzIwMzRkNmIzMzc5NTg2ZjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxWl8ituhJzXjSOHcd+hSyGwiYvmJ
DnANVhhPHQxthmzixVWJzcEKf7okQRfWIzQyI9DAopUWqC8ozTGb2qmttPDVehya
Ta930QArIFQi4Wc0tGsQnqOQ9k33f1/Dyfip9ycEZR+nHcvFIt5DVcifnUiuH/IY
j59y0zxXGWB8XArASFFNrHHngCzDhGKc/l6IEidFYfu0GJYgoRS3hphbyFb4Sc2i
FnO+lnMA6Y+mC+3gZpwk9ZFsB+WCjOJzSssMFn/a53HELU7nBIoy+z9NwDwRuRrf
gxOi1EdX6bTLMcszbJjgFVcP3DZb6vD1gZ180mxQnlxyXz7mbZ1BHszw7wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFM1Db9R3zjdJVepkMgNNazN5WG9+MB8GA1UdIwQY
MBaAFD2UJLPI5y90alnrGZRVqjZGo6RXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFpRa3M4am5MM1JxV2VzWmxGV3FOa2FqcEZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9kZjI5NDctY2QwNS00NDA1LTk0OWEt
NmE4MDMzZGNiZTFjLzEvelVOdjFIZk9OMGxWNm1ReUEwMXJNM2xZYjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9kZjI5NDctY2QwNS00NDA1LTk0OWEtNmE4MDMzZGNiZTFj
LzEvUFpRa3M4am5MM1JxV2VzWmxGV3FOa2FqcEZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuejcAwQA
wW3uMA0EAgACMAcDBQMqDNEAMA0GCSqGSIb3DQEBCwUAA4IBAQCJZbarz1NOIs1z
28fIzGYsK6simaSDmwb3xTAiVDm0M+KFT/bUhWm3f+Z4LIVyUbfguqRGvUuj4Pv8
nnPJfKbT1JDaxEIH/TVKf70QyWnyhpQUMyNIGAP+6L8G646fcvffqZ0NgjeczXaf
a21hQxiMzmeFqwLgCkNuR3cd9PJziOJhQNBJc11VxUbD+0RQQRDPo7ut0986E+yK
FOdP5BeiGN1DXm4Be8iGCplw2yiNZcJbmX4ydU9XSxeoDRGD5XGgBXh9sSMah5sg
7u0sjdsJ1kjqWA5nOVcCsT3D1szJz3e/uP3th6Kb9x3FQvQ/mzHcQNwAqd5bytaf
pQqAyh92
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:54 2024 by rpki-client on console-ams.rpki-client.org