Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/TS3LCHXqChlGor9GRYic7iOG_AA.roa
File:                     TS3LCHXqChlGor9GRYic7iOG_AA.roa (raw, json)
Hash identifier:          95tN81igwK3PI9qmzR8K2pV+1qiw22SPbRC3XqqKJVI=
Subject key identifier:   4D:2D:CB:08:75:EA:0A:19:46:A2:BF:46:45:88:9C:EE:23:86:FC:00
Certificate issuer:       /CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
Certificate serial:       01856DDD578963DA95F986D411433E6587C8
Authority key identifier: DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/TS3LCHXqChlGor9GRYic7iOG_AA.roa
Signing time:             Sun 01 Jan 2023 15:05:00 +0000
ROA not before:           Sun 01 Jan 2023 15:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210001
IP address blocks:        93.187.39.0/24 maxlen: 24
                          185.52.116.0/24 maxlen: 24
                          185.52.119.0/24 maxlen: 24
                          93.187.33.0/24 maxlen: 24
                          93.187.36.0/24 maxlen: 24
                          2a00:dd00:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 22 Feb 2023 12:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:dd:57:89:63:da:95:f9:86:d4:11:43:3e:65:87:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc02b18f588a50b9274fe3469ff8bd4a1649d74d
        Validity
            Not Before: Jan  1 15:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4d2dcb0875ea0a1946a2bf4645889cee2386fc00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:c7:9a:39:59:4a:47:c6:6f:6f:f6:f6:8c:73:
                    55:f3:ee:eb:29:9b:66:53:06:11:2f:e7:cc:58:e2:
                    ae:76:42:37:f0:f9:0b:3e:2b:e7:ee:24:d8:8b:ee:
                    49:5e:24:4a:ec:e5:71:b3:33:3b:9b:3e:67:f8:01:
                    d5:2f:e7:f4:d1:d3:5c:af:1b:8b:5f:1f:01:bf:5b:
                    0e:ca:b2:ec:47:50:28:ce:9d:30:c1:03:27:af:71:
                    e7:7c:20:94:08:5a:f1:38:e4:8e:50:47:07:68:ce:
                    83:55:85:ba:2d:5e:a4:65:a9:e4:06:75:93:72:c1:
                    0b:ae:2d:07:0f:4d:c1:d4:8c:87:f3:26:0c:0e:03:
                    51:7e:b7:8b:14:ea:00:32:40:8e:b4:10:11:4c:84:
                    69:5a:ad:99:25:26:96:79:96:37:6d:d4:63:d9:d7:
                    50:45:1e:74:b8:23:d3:c5:6d:d6:af:db:7b:c5:a2:
                    82:d5:24:8b:61:47:8a:e4:23:7e:7c:18:53:15:3c:
                    40:f3:62:1d:e5:a1:86:5b:fd:7e:b6:b8:5f:d5:6f:
                    70:5a:5a:13:75:9b:72:c9:e2:cf:c7:4a:52:dd:61:
                    3a:7d:2a:75:df:a2:e7:6f:42:18:ad:5e:ec:97:96:
                    41:bc:7d:37:4b:87:e8:86:67:cc:22:92:35:f9:30:
                    90:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:2D:CB:08:75:EA:0A:19:46:A2:BF:46:45:88:9C:EE:23:86:FC:00
            X509v3 Authority Key Identifier:
                keyid:DC:02:B1:8F:58:8A:50:B9:27:4F:E3:46:9F:F8:BD:4A:16:49:D7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AKxj1iKULknT-NGn_i9ShZJ100.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/TS3LCHXqChlGor9GRYic7iOG_AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c861c8-c89a-4043-a02d-664f04d2a68d/1/3AKxj1iKULknT-NGn_i9ShZJ100.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.187.33.0/24
                  93.187.36.0/24
                  93.187.39.0/24
                  185.52.116.0/24
                  185.52.119.0/24
                IPv6:
                  2a00:dd00:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:f4:6c:1e:af:b6:2d:cb:d7:32:43:5e:e3:da:be:6f:2f:2e:
         a2:dc:ad:e4:b5:61:36:08:63:60:a7:ea:6e:a6:a6:19:eb:6c:
         5f:8e:5e:4e:d2:1b:c0:14:9e:d1:2a:35:08:5f:ab:51:92:50:
         d2:47:bc:6f:29:53:79:f0:0c:73:9a:44:65:dc:ee:12:97:fe:
         1b:bc:b6:5b:40:ce:93:ee:d1:bc:02:a7:7e:a1:76:23:39:71:
         a5:5f:f5:53:fa:e7:51:e1:ba:aa:94:fe:cb:61:23:28:14:58:
         ae:cd:d6:cc:f2:71:39:48:ae:33:2f:c1:9b:1b:ef:5c:0c:13:
         38:2b:e3:13:95:c4:28:c0:d5:af:a7:9e:ab:b3:0b:f8:d2:51:
         d5:b0:60:83:ff:2c:76:37:56:a8:62:ab:7c:5f:e2:9f:a0:dd:
         fd:5d:5e:e3:cd:5d:6f:8a:70:06:a4:40:b0:59:53:58:c3:de:
         f5:73:b7:5c:07:76:a5:5f:6c:4b:5e:8b:6b:0f:8f:33:84:d4:
         c4:44:39:d8:23:23:e3:ec:77:b3:74:9e:5e:2a:d8:01:b4:40:
         0f:16:11:7a:9d:8b:85:3e:ea:f0:29:ee:e4:1b:aa:a5:a0:79:
         e5:f5:1b:21:df:9b:f8:bf:68:f8:b5:8b:ac:b2:e8:f6:15:a4:
         74:c2:ad:b7
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVt3VeJY9qV+YbUEUM+ZYfIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDJiMThmNTg4YTUwYjkyNzRmZTM0NjlmZjhiZDRhMTY0
OWQ3NGQwHhcNMjMwMTAxMTUwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDJkY2IwODc1ZWEwYTE5NDZhMmJmNDY0NTg4OWNlZTIzODZmYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjMeaOVlKR8Zvb/b2jHNV8+7rKZtm
UwYRL+fMWOKudkI38PkLPivn7iTYi+5JXiRK7OVxszM7mz5n+AHVL+f00dNcrxuL
Xx8Bv1sOyrLsR1Aozp0wwQMnr3HnfCCUCFrxOOSOUEcHaM6DVYW6LV6kZankBnWT
csELri0HD03B1IyH8yYMDgNRfreLFOoAMkCOtBARTIRpWq2ZJSaWeZY3bdRj2ddQ
RR50uCPTxW3Wr9t7xaKC1SSLYUeK5CN+fBhTFTxA82Id5aGGW/1+trhf1W9wWloT
dZtyyeLPx0pS3WE6fSp136Lnb0IYrV7sl5ZBvH03S4fohmfMIpI1+TCQ9QIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFE0tywh16goZRqK/RkWInO4jhvwAMB8GA1UdIwQY
MBaAFNwCsY9YilC5J0/jRp/4vUoWSddNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQt
NjY0ZjA0ZDJhNjhkLzEvVFMzTENIWHFDaGxHb3I5R1JZaWM3aU9HX0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jODYxYzgtYzg5YS00MDQzLWEwMmQtNjY0ZjA0ZDJhNjhk
LzEvM0FLeGoxaUtVTGtuVC1OR25faTlTaFpKMTAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQAXbshAwQA
XbskAwQAXbsnAwQAuTR0AwQAuTR3MA8EAgACMAkDBwAqAN0AAAUwDQYJKoZIhvcN
AQELBQADggEBAHD0bB6vti3L1zJDXuPavm8vLqLcreS1YTYIY2Cn6m6mphnrbF+O
Xk7SG8AUntEqNQhfq1GSUNJHvG8pU3nwDHOaRGXc7hKX/hu8tltAzpPu0bwCp36h
diM5caVf9VP651HhuqqU/sthIygUWK7N1szycTlIrjMvwZsb71wMEzgr4xOVxCjA
1a+nnquzC/jSUdWwYIP/LHY3Vqhiq3xf4p+g3f1dXuPNXW+KcAakQLBZU1jD3vVz
t1wHdqVfbEtei2sPjzOE1MREOdgjI+Psd7N0nl4q2AG0QA8WEXqdi4U+6vAp7uQb
qqWgeeX1GyHfm/i/aPi1i6yy6PYVpHTCrbc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:42 2024 by rpki-client on console-ams.rpki-client.org