Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Z0G9h5p7vfuZwpRa1inr9jLeBRQ.roa
File:                     Z0G9h5p7vfuZwpRa1inr9jLeBRQ.roa (raw, json)
Hash identifier:          wch23d8lNZ3C4fLyLOyMgQXYugW/iqOB5QZjFx8p7x4=
Subject key identifier:   67:41:BD:87:9A:7B:BD:FB:99:C2:94:5A:D6:29:EB:F6:32:DE:05:14
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018A4F9A45F9EBD36B40326655817302675B
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Z0G9h5p7vfuZwpRa1inr9jLeBRQ.roa
Signing time:             Fri 01 Sep 2023 07:17:05 +0000
ROA not before:           Fri 01 Sep 2023 07:17:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203511
IP address blocks:        88.209.229.0/24 maxlen: 24
                          88.209.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 31 Oct 2023 08:53:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:4f:9a:45:f9:eb:d3:6b:40:32:66:55:81:73:02:67:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Sep  1 07:17:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6741bd879a7bbdfb99c2945ad629ebf632de0514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:57:79:b6:5b:2a:9f:b8:8c:f5:11:d7:9a:6b:
                    ee:71:46:ca:a6:fa:1e:a6:f9:63:25:72:91:1c:d0:
                    bf:76:ec:d0:74:54:08:96:bc:a5:89:1c:e4:c9:7e:
                    90:8c:93:55:2c:97:40:d1:1a:64:b8:4c:04:fb:23:
                    c8:88:39:14:f7:69:c5:22:60:8e:f1:58:22:4b:6c:
                    39:9a:28:64:c5:71:10:e4:e2:dc:1d:a9:23:fe:37:
                    19:65:12:9a:90:f1:cf:31:64:04:31:fb:ab:df:63:
                    f1:0f:24:50:1c:a5:dd:ae:31:bd:db:e3:c7:d2:f4:
                    dd:05:70:24:cc:7d:8c:c4:91:2b:f0:c9:45:f5:85:
                    9c:5c:a6:47:0d:dd:da:53:7a:5e:d2:a1:d7:50:0d:
                    1e:57:a3:c4:67:ca:62:f6:4a:54:56:2d:46:5b:b9:
                    e7:98:10:7d:d5:d9:2b:a5:8c:24:12:3c:da:55:23:
                    39:0e:52:e4:ce:c9:d6:5a:64:0d:10:87:49:47:42:
                    4d:9d:9b:0c:8e:41:f1:7d:a1:96:62:d5:66:f6:99:
                    b9:80:02:9f:c9:67:a0:60:3b:15:39:7f:79:21:65:
                    d0:43:7e:d6:13:02:39:67:09:d1:f4:91:f1:bb:fa:
                    3f:31:db:18:f7:e2:97:78:3a:b5:da:e9:6c:81:0f:
                    0a:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:41:BD:87:9A:7B:BD:FB:99:C2:94:5A:D6:29:EB:F6:32:DE:05:14
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Z0G9h5p7vfuZwpRa1inr9jLeBRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.229.0/24
                  88.209.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:2f:42:39:a3:8c:c9:91:bc:e9:82:dc:ae:19:27:a9:04:d9:
         30:ff:c9:8b:a3:93:01:29:8e:9e:bd:52:a7:60:5f:24:e3:f3:
         c5:9b:0a:f9:8a:eb:71:a5:fc:70:ad:1a:95:3a:73:24:24:d4:
         90:c8:63:a1:69:f0:cb:b4:bd:20:68:77:0e:37:5e:4e:c7:e3:
         65:bd:ab:28:c7:50:38:07:87:60:6f:4c:f2:00:5e:d1:5b:af:
         bf:2a:8c:91:02:d0:ae:bd:ca:55:56:7f:cb:b2:f9:3d:36:a0:
         1d:b1:9c:49:29:22:d1:0c:46:18:73:f5:58:2f:e8:b1:ad:18:
         ef:87:81:2b:eb:f2:a2:41:01:12:ac:29:a2:d9:9a:34:71:2d:
         b5:bc:d2:ed:6d:82:a0:b2:e4:79:2a:8f:bf:1f:99:4d:0c:fd:
         f2:b7:19:0e:d0:40:96:83:ca:2c:f6:fe:e1:cc:d5:d5:a8:74:
         64:83:c6:9f:18:93:f7:31:69:59:1e:e7:ba:d7:2c:52:3d:9f:
         69:47:1d:4d:6e:9a:cf:a5:e7:46:d9:a1:58:3a:fc:3f:e8:4e:
         f4:00:17:84:1c:b2:7f:e0:0d:9f:ba:fe:a3:b3:f1:99:0a:cd:
         9e:fa:a8:40:7a:50:67:f4:53:3b:61:0c:f8:e2:f9:60:14:9e:
         bb:e6:0d:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYpPmkX569NrQDJmVYFzAmdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwOTAxMDcxNzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQxYmQ4NzlhN2JiZGZiOTljMjk0NWFkNjI5ZWJmNjMyZGUwNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsld5tlsqn7iM9RHXmmvucUbKpvoe
pvljJXKRHNC/duzQdFQIlryliRzkyX6QjJNVLJdA0RpkuEwE+yPIiDkU92nFImCO
8VgiS2w5mihkxXEQ5OLcHakj/jcZZRKakPHPMWQEMfur32PxDyRQHKXdrjG92+PH
0vTdBXAkzH2MxJEr8MlF9YWcXKZHDd3aU3pe0qHXUA0eV6PEZ8pi9kpUVi1GW7nn
mBB91dkrpYwkEjzaVSM5DlLkzsnWWmQNEIdJR0JNnZsMjkHxfaGWYtVm9pm5gAKf
yWegYDsVOX95IWXQQ37WEwI5ZwnR9JHxu/o/MdsY9+KXeDq12ulsgQ8KCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGdBvYeae737mcKUWtYp6/Yy3gUUMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWjBHOWg1cDd2ZnVad3BSYTFpbnI5akxlQlJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWNHlAwQA
WNH4MA0GCSqGSIb3DQEBCwUAA4IBAQCkL0I5o4zJkbzpgtyuGSepBNkw/8mLo5MB
KY6evVKnYF8k4/PFmwr5iutxpfxwrRqVOnMkJNSQyGOhafDLtL0gaHcON15Ox+Nl
vasox1A4B4dgb0zyAF7RW6+/KoyRAtCuvcpVVn/Lsvk9NqAdsZxJKSLRDEYYc/VY
L+ixrRjvh4Er6/KiQQESrCmi2Zo0cS21vNLtbYKgsuR5Ko+/H5lNDP3ytxkO0ECW
g8os9v7hzNXVqHRkg8afGJP3MWlZHue61yxSPZ9pRx1NbprPpedG2aFYOvw/6E70
ABeEHLJ/4A2fuv6js/GZCs2e+qhAelBn9FM7YQz44vlgFJ675g0g
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:56 2024 by rpki-client on console-ams.rpki-client.org