Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rZrsuNqLsVnduKqoPwmQND-J3hM.roa
File:                     rZrsuNqLsVnduKqoPwmQND-J3hM.roa (raw, json)
Hash identifier:          3nvCgOdDr60FObu9zhcBYUf8NXUGPszvCF4pQfCZsyU=
Subject key identifier:   AD:9A:EC:B8:DA:8B:B1:59:DD:B8:AA:A8:3F:09:90:34:3F:89:DE:13
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       0187B2F39A37D871ADF3FBFE6A351924AF33
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rZrsuNqLsVnduKqoPwmQND-J3hM.roa
Signing time:             Mon 24 Apr 2023 11:08:41 +0000
ROA not before:           Mon 24 Apr 2023 11:08:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200010
IP address blocks:        88.209.199.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:b2:f3:9a:37:d8:71:ad:f3:fb:fe:6a:35:19:24:af:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Apr 24 11:08:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ad9aecb8da8bb159ddb8aaa83f0990343f89de13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:cf:cc:1f:5b:60:eb:03:70:07:b1:39:f1:f4:
                    b8:16:85:2a:19:70:08:8a:42:ea:59:8b:31:be:06:
                    53:9b:fd:c2:48:0a:39:47:9a:1c:6c:d1:11:e4:40:
                    4c:e2:d6:e4:09:1c:9a:d9:cb:b8:fd:44:ca:b0:ac:
                    a9:ca:70:b8:2d:61:79:72:8e:23:46:6e:51:39:c5:
                    70:2a:fe:93:2d:a0:00:46:75:47:2f:0e:12:e0:a3:
                    7f:29:2f:36:08:77:b5:dc:12:ae:37:1a:f6:68:c2:
                    83:4e:1b:fd:b9:3c:69:54:82:08:6a:41:e9:09:2d:
                    c8:3b:8a:bb:7c:de:de:d2:c0:81:c8:13:dc:d3:cf:
                    b0:a4:02:d1:bb:92:aa:da:94:46:35:1b:51:08:f8:
                    e4:89:7e:17:34:4d:a4:a8:b1:24:66:63:3e:c0:72:
                    f8:b3:09:ce:b6:06:1d:61:90:05:1b:3a:8b:18:ae:
                    25:23:bd:b1:77:21:35:1c:9c:38:9e:2e:ad:7e:f5:
                    f7:a8:b1:07:b7:f1:5b:68:6c:06:a4:3e:8b:e6:98:
                    de:a1:6c:64:4c:7a:7e:12:1f:21:0e:10:40:cd:48:
                    c0:b3:38:fa:9c:6c:90:db:2e:6a:c5:0f:ac:39:77:
                    91:0f:84:47:91:73:94:46:93:84:c9:8d:b1:de:13:
                    b1:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9A:EC:B8:DA:8B:B1:59:DD:B8:AA:A8:3F:09:90:34:3F:89:DE:13
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/rZrsuNqLsVnduKqoPwmQND-J3hM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a1:a8:9e:7d:09:8d:31:14:51:93:47:cf:b4:e2:5e:b6:3b:
         5b:ce:53:9d:13:cb:40:fc:44:3b:1d:35:8c:fc:e8:fc:53:65:
         bc:cf:22:10:be:16:5d:8d:39:f3:a3:f5:4f:69:07:a3:1a:76:
         34:74:28:3d:f6:fe:8c:57:d2:03:29:7f:d0:9e:e8:13:5b:0a:
         84:0c:0e:22:44:4d:be:12:ce:cb:a9:b5:5a:80:27:96:1e:2a:
         bb:60:01:ab:df:35:4d:c2:94:9e:18:dc:20:14:4f:d7:e7:63:
         08:e6:66:98:33:94:19:5b:5d:2b:8b:a8:dc:b1:e8:bb:c4:e5:
         64:9c:79:b3:38:5c:df:e9:2a:a3:39:d0:85:37:36:a3:8c:a6:
         d8:d6:bf:7b:b4:2d:ef:8a:bf:84:95:86:d1:bc:5b:66:12:4b:
         65:30:b2:e8:56:83:e9:8d:07:ac:1e:66:f1:e6:ca:31:44:7c:
         fd:95:50:33:b1:5c:d8:d1:16:46:d2:d9:4b:a8:86:ed:27:e6:
         31:ba:eb:b5:2a:83:a8:7f:a5:bc:6e:3b:bb:9a:ca:e3:7e:e5:
         f9:c9:26:e6:0c:d7:40:45:04:eb:fe:85:53:6b:a6:63:dc:3a:
         5e:ef:cf:36:0f:8e:ca:70:80:16:ce:61:9f:68:bc:56:f6:cf:
         f7:a3:4b:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYey85o32HGt8/v+ajUZJK8zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjMwNDI0MTEwODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDlhZWNiOGRhOGJiMTU5ZGRiOGFhYTgzZjA5OTAzNDNmODlkZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78/MH1tg6wNwB7E58fS4FoUqGXAI
ikLqWYsxvgZTm/3CSAo5R5ocbNER5EBM4tbkCRya2cu4/UTKsKypynC4LWF5co4j
Rm5ROcVwKv6TLaAARnVHLw4S4KN/KS82CHe13BKuNxr2aMKDThv9uTxpVIIIakHp
CS3IO4q7fN7e0sCByBPc08+wpALRu5Kq2pRGNRtRCPjkiX4XNE2kqLEkZmM+wHL4
swnOtgYdYZAFGzqLGK4lI72xdyE1HJw4ni6tfvX3qLEHt/FbaGwGpD6L5pjeoWxk
THp+Eh8hDhBAzUjAszj6nGyQ2y5qxQ+sOXeRD4RHkXOURpOEyY2x3hOxuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK2a7Ljai7FZ3biqqD8JkDQ/id4TMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvclpyc3VOcUxzVm5kdUtxb1B3bVFORC1KM2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHHMA0G
CSqGSIb3DQEBCwUAA4IBAQCYoaiefQmNMRRRk0fPtOJetjtbzlOdE8tA/EQ7HTWM
/Oj8U2W8zyIQvhZdjTnzo/VPaQejGnY0dCg99v6MV9IDKX/QnugTWwqEDA4iRE2+
Es7LqbVagCeWHiq7YAGr3zVNwpSeGNwgFE/X52MI5maYM5QZW10ri6jcsei7xOVk
nHmzOFzf6SqjOdCFNzajjKbY1r97tC3vir+ElYbRvFtmEktlMLLoVoPpjQesHmbx
5soxRHz9lVAzsVzY0RZG0tlLqIbtJ+Yxuuu1KoOof6W8bju7msrjfuX5ySbmDNdA
RQTr/oVTa6Zj3Dpe7882D47KcIAWzmGfaLxW9s/3o0u/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:57 2024 by rpki-client on console-ams.rpki-client.org