Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/xCund0Qzjr6VZzc9y5vMCWmNqQ0.roa
File:                     xCund0Qzjr6VZzc9y5vMCWmNqQ0.roa (raw, json)
Hash identifier:          OvQ1UpVGpkW4vjo4v/5Gog36bI1AMp2nGGXiVq39Mzc=
Subject key identifier:   C4:2B:A7:77:44:33:8E:BE:95:67:37:3D:CB:9B:CC:09:69:8D:A9:0D
Certificate issuer:       /CN=2cd41bcc3cd73e0dc7f7e95b5d0dca6d6857bedc
Certificate serial:       018CC8DCEB070DE7BF2A500C1DC18E676965
Authority key identifier: 2C:D4:1B:CC:3C:D7:3E:0D:C7:F7:E9:5B:5D:0D:CA:6D:68:57:BE:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/xCund0Qzjr6VZzc9y5vMCWmNqQ0.roa
Signing time:             Tue 02 Jan 2024 06:29:30 +0000
ROA not before:           Tue 02 Jan 2024 06:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197886
IP address blocks:        185.97.208.0/22 maxlen: 22
                          185.166.228.0/22 maxlen: 22
                          91.228.212.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Fri 09 Feb 2024 14:33:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:eb:07:0d:e7:bf:2a:50:0c:1d:c1:8e:67:69:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cd41bcc3cd73e0dc7f7e95b5d0dca6d6857bedc
        Validity
            Not Before: Jan  2 06:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c42ba77744338ebe9567373dcb9bcc09698da90d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:32:f1:91:a5:6d:30:1e:45:d1:e1:63:6d:63:
                    f8:42:59:6c:12:0d:29:f9:81:05:e2:f2:a2:e2:49:
                    16:87:77:a0:1b:66:73:4c:ef:29:4a:a4:f6:f8:a7:
                    ad:8a:d3:18:78:e5:0c:9b:0c:01:dd:23:36:4e:3c:
                    3b:2d:50:34:f2:20:f4:48:1a:b9:05:a5:31:28:fe:
                    ea:44:95:de:e4:2d:af:3d:6f:15:c3:ed:50:2c:0d:
                    a0:17:dc:55:48:03:ff:2c:5c:b4:3c:84:2a:4a:e3:
                    8d:a5:06:c6:24:1b:80:3b:8b:4a:ee:98:5e:74:46:
                    68:50:e8:fb:62:61:db:4a:de:f7:42:f8:7d:54:e6:
                    47:24:8f:8e:ee:b6:02:a5:38:ea:ac:75:31:17:66:
                    40:36:69:dc:71:43:8c:f7:2e:0d:00:04:f9:b4:b7:
                    19:be:58:e2:5f:80:a3:7c:38:3b:e8:fc:d9:fe:3a:
                    0b:d2:a2:da:96:e1:54:d3:71:14:a9:ac:f4:f4:25:
                    37:7c:14:56:cf:4c:a7:8a:da:d0:89:ca:36:40:1b:
                    7c:af:63:21:de:96:69:07:95:01:90:3c:d7:10:0c:
                    33:3b:69:37:09:45:10:72:b4:80:2d:e6:c3:34:67:
                    83:92:73:af:b1:1b:90:f6:ca:2b:46:0c:13:63:08:
                    bf:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:2B:A7:77:44:33:8E:BE:95:67:37:3D:CB:9B:CC:09:69:8D:A9:0D
            X509v3 Authority Key Identifier:
                keyid:2C:D4:1B:CC:3C:D7:3E:0D:C7:F7:E9:5B:5D:0D:CA:6D:68:57:BE:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/xCund0Qzjr6VZzc9y5vMCWmNqQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/1ad9bf-0322-4534-b009-e6e91bf052fe/1/LNQbzDzXPg3H9-lbXQ3KbWhXvtw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.212.0/23
                  185.97.208.0/22
                  185.166.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cf:fc:54:70:fe:f1:6c:c5:0a:b1:3c:32:a0:fa:32:a4:33:aa:
         3d:32:ca:a8:67:b6:ae:5f:dc:2c:ee:33:07:4d:4e:30:0b:37:
         6d:91:c5:28:ce:f5:87:25:a1:01:e2:e6:37:41:de:78:38:c5:
         ec:91:d4:fc:d7:f0:24:7c:41:a3:8f:78:7c:a5:a9:1c:b3:0a:
         b2:4d:c4:6b:cb:a2:54:08:1a:80:83:0c:f6:65:f7:11:e1:33:
         9f:6b:40:fb:29:58:ab:f8:59:1f:d5:30:55:fc:98:a9:be:38:
         cc:69:4f:be:89:e9:91:fe:12:ef:6a:c3:7d:01:66:e7:11:1b:
         a9:78:ac:a3:2e:f0:de:dd:1b:12:70:9c:99:0f:88:5d:92:a8:
         d3:d4:fe:e8:b8:a7:c8:fb:88:0b:64:bd:51:14:2e:37:4a:ff:
         87:ac:8e:5a:74:10:e0:ed:a2:71:c7:e9:02:15:4b:ea:01:7e:
         97:56:c4:08:87:28:ce:46:f5:fe:3c:5f:a1:08:76:47:e0:1f:
         76:f7:e8:48:b1:1b:94:43:c3:d8:07:7b:65:54:b6:0e:1e:aa:
         0e:24:bd:20:cf:b1:b2:93:8d:eb:93:54:7c:43:ed:48:db:45:
         8b:67:76:2e:fb:38:2f:85:cd:5a:06:88:6b:91:39:85:fe:78:
         e1:b2:3f:fa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzI3OsHDee/KlAMHcGOZ2llMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZDQxYmNjM2NkNzNlMGRjN2Y3ZTk1YjVkMGRjYTZkNjg1
N2JlZGMwHhcNMjQwMTAyMDYyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDJiYTc3NzQ0MzM4ZWJlOTU2NzM3M2RjYjliY2MwOTY5OGRhOTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizLxkaVtMB5F0eFjbWP4QllsEg0p
+YEF4vKi4kkWh3egG2ZzTO8pSqT2+KetitMYeOUMmwwB3SM2Tjw7LVA08iD0SBq5
BaUxKP7qRJXe5C2vPW8Vw+1QLA2gF9xVSAP/LFy0PIQqSuONpQbGJBuAO4tK7phe
dEZoUOj7YmHbSt73Qvh9VOZHJI+O7rYCpTjqrHUxF2ZANmnccUOM9y4NAAT5tLcZ
vljiX4CjfDg76PzZ/joL0qLaluFU03EUqaz09CU3fBRWz0ynitrQico2QBt8r2Mh
3pZpB5UBkDzXEAwzO2k3CUUQcrSALebDNGeDknOvsRuQ9sorRgwTYwi/FQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMQrp3dEM46+lWc3PcubzAlpjakNMB8GA1UdIwQY
MBaAFCzUG8w81z4Nx/fpW10Nym1oV77cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTE5RYnpEelhQZzNIOS1sYlhRM0tiV2hYdnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8xYWQ5YmYtMDMyMi00NTM0LWIwMDkt
ZTZlOTFiZjA1MmZlLzEveEN1bmQwUXpqcjZWWnpjOXk1dk1DV21OcVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8xYWQ5YmYtMDMyMi00NTM0LWIwMDktZTZlOTFiZjA1MmZl
LzEvTE5RYnpEelhQZzNIOS1sYlhRM0tiV2hYdnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW+TUAwQC
uWHQAwQCuabkMA0GCSqGSIb3DQEBCwUAA4IBAQDP/FRw/vFsxQqxPDKg+jKkM6o9
MsqoZ7auX9ws7jMHTU4wCzdtkcUozvWHJaEB4uY3Qd54OMXskdT81/AkfEGjj3h8
pakcswqyTcRry6JUCBqAgwz2ZfcR4TOfa0D7KVir+Fkf1TBV/JipvjjMaU++iemR
/hLvasN9AWbnERupeKyjLvDe3RsScJyZD4hdkqjT1P7ouKfI+4gLZL1RFC43Sv+H
rI5adBDg7aJxx+kCFUvqAX6XVsQIhyjORvX+PF+hCHZH4B929+hIsRuUQ8PYB3tl
VLYOHqoOJL0gz7Gyk43rk1R8Q+1I20WLZ3Yu+zgvhc1aBohrkTmF/njhsj/6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:24 2024 by rpki-client on console-fra.rpki-client.org