Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/I-foEZqIOaQ7j7HPw2bG_3guMB8.roa
File:                     I-foEZqIOaQ7j7HPw2bG_3guMB8.roa (raw, json)
Hash identifier:          1CHv9kDMGCazipvGZNOYmsjh62pZYLMGF1bQiYWUWJk=
Subject key identifier:   23:E7:E8:11:9A:88:39:A4:3B:8F:B1:CF:C3:66:C6:FF:78:2E:30:1F
Certificate issuer:       /CN=9bea3a3a4a3606c7396f15f501ac5c641785750c
Certificate serial:       018ECC7078FF689EBC6176166236C8C80252
Authority key identifier: 9B:EA:3A:3A:4A:36:06:C7:39:6F:15:F5:01:AC:5C:64:17:85:75:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m-o6Oko2Bsc5bxX1AaxcZBeFdQw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/I-foEZqIOaQ7j7HPw2bG_3guMB8.roa
Signing time:             Thu 11 Apr 2024 09:15:06 +0000
ROA not before:           Thu 11 Apr 2024 09:15:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197524
IP address blocks:        5.22.240.0/21 maxlen: 21
                          88.133.0.0/17 maxlen: 17
                          88.133.0.0/19 maxlen: 19
                          88.133.64.0/19 maxlen: 19
                          88.133.128.0/20 maxlen: 20
                          88.133.156.0/22 maxlen: 24
                          109.199.160.0/19 maxlen: 19
                          185.9.64.0/22 maxlen: 22
                          2a01:a980::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 29 Apr 2024 20:58:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cc:70:78:ff:68:9e:bc:61:76:16:62:36:c8:c8:02:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bea3a3a4a3606c7396f15f501ac5c641785750c
        Validity
            Not Before: Apr 11 09:15:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23e7e8119a8839a43b8fb1cfc366c6ff782e301f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:01:b1:cb:05:93:51:79:77:24:88:e5:4d:b3:
                    b6:76:b6:a2:ad:8a:91:31:53:32:12:93:9d:a9:ec:
                    bb:e8:08:85:3a:48:d1:15:d0:2a:b6:22:60:49:e8:
                    94:0b:1d:18:97:b5:23:85:f3:1b:2c:85:60:4a:37:
                    c7:70:7d:e2:ef:31:8c:9b:61:cf:25:f4:d3:35:6c:
                    b8:42:ac:8a:a2:fc:6f:9b:17:ea:58:6e:88:bf:c8:
                    25:fa:34:be:db:8c:81:db:7b:82:b2:3c:7a:3d:98:
                    bb:14:7d:cc:db:15:70:32:b0:db:15:7f:fd:10:c5:
                    a7:45:fa:2c:df:aa:50:c5:dc:4f:da:5c:93:04:13:
                    25:6b:7c:c9:3d:96:e6:3f:6f:f3:01:6e:5d:ad:f9:
                    6b:ca:a8:51:22:88:a3:0d:68:02:c7:76:1b:eb:f7:
                    73:13:e0:74:be:eb:19:33:1d:7a:f8:51:8a:91:1f:
                    26:03:97:3a:80:c6:a0:43:68:5b:86:43:c9:71:5e:
                    ad:be:33:7c:29:a7:22:44:d5:48:95:5e:72:9b:1c:
                    2e:5f:79:eb:c5:43:c0:1a:78:50:b5:8c:8a:db:a9:
                    01:fa:2d:cb:28:e7:1c:c3:ee:df:16:f9:ae:24:76:
                    54:b6:d4:e5:d8:3b:56:17:6b:97:b5:eb:b1:42:6b:
                    bd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:E7:E8:11:9A:88:39:A4:3B:8F:B1:CF:C3:66:C6:FF:78:2E:30:1F
            X509v3 Authority Key Identifier:
                keyid:9B:EA:3A:3A:4A:36:06:C7:39:6F:15:F5:01:AC:5C:64:17:85:75:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-o6Oko2Bsc5bxX1AaxcZBeFdQw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/I-foEZqIOaQ7j7HPw2bG_3guMB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/m-o6Oko2Bsc5bxX1AaxcZBeFdQw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.240.0/21
                  88.133.0.0-88.133.143.255
                  88.133.156.0/22
                  109.199.160.0/19
                  185.9.64.0/22
                IPv6:
                  2a01:a980::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:09:0d:33:e5:ba:d0:e4:61:13:2f:aa:d0:23:46:a6:86:1d:
         31:5e:f0:72:2c:0e:1b:e0:04:a2:33:d0:90:cb:7d:e0:6c:03:
         26:52:e7:f8:0d:d8:bf:2b:d8:80:85:9b:e3:21:44:e5:64:76:
         c2:bb:d3:76:b1:69:cc:d5:c3:bc:cf:25:8d:d7:8e:5d:d3:a1:
         82:e7:db:2a:63:77:9e:ef:d3:2a:61:87:07:37:3e:e2:2a:13:
         1f:23:66:d8:8d:03:7c:2e:9c:b4:32:28:c6:3a:41:58:33:5b:
         0d:69:43:e1:5a:e4:2b:31:9e:84:ae:e5:20:f3:83:2c:a8:50:
         3b:b7:18:42:a4:07:60:9d:d7:1f:24:72:f5:f9:53:cc:a1:a2:
         b8:7f:42:07:c6:65:e4:eb:48:a5:4e:de:07:a0:5d:1d:fb:2b:
         79:93:22:0d:5b:3e:2f:ba:f1:bf:d8:83:ab:1b:0b:ae:e9:bd:
         23:61:25:92:19:b0:6d:64:29:a4:6d:8e:75:3d:5b:25:ef:8c:
         6f:e8:e7:f5:d5:af:c7:e9:b8:2a:bb:40:9f:2e:ff:ee:51:2d:
         cb:de:f8:69:27:8b:fe:c6:37:88:a0:09:56:38:f9:46:a9:bf:
         75:32:24:a9:ec:e9:fe:d1:1f:70:73:33:e9:aa:aa:77:89:69:
         63:5f:19:52
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAY7McHj/aJ68YXYWYjbIyAJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWEzYTNhNGEzNjA2YzczOTZmMTVmNTAxYWM1YzY0MTc4
NTc1MGMwHhcNMjQwNDExMDkxNTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2U3ZTgxMTlhODgzOWE0M2I4ZmIxY2ZjMzY2YzZmZjc4MmUzMDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAGxywWTUXl3JIjlTbO2drairYqR
MVMyEpOdqey76AiFOkjRFdAqtiJgSeiUCx0Yl7UjhfMbLIVgSjfHcH3i7zGMm2HP
JfTTNWy4QqyKovxvmxfqWG6Iv8gl+jS+24yB23uCsjx6PZi7FH3M2xVwMrDbFX/9
EMWnRfos36pQxdxP2lyTBBMla3zJPZbmP2/zAW5drflryqhRIoijDWgCx3Yb6/dz
E+B0vusZMx16+FGKkR8mA5c6gMagQ2hbhkPJcV6tvjN8KaciRNVIlV5ymxwuX3nr
xUPAGnhQtYyK26kB+i3LKOccw+7fFvmuJHZUttTl2DtWF2uXteuxQmu9cQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFCPn6BGaiDmkO4+xz8Nmxv94LjAfMB8GA1UdIwQY
MBaAFJvqOjpKNgbHOW8V9QGsXGQXhXUMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1vNk9rbzJCc2M1YnhYMUFheGNaQmVGZFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84OWFiYjgtNjM2ZC00MDg0LTgxYTAt
YzYzYWRiNmVlNWQ5LzEvSS1mb0VacUlPYVE3ajdIUHcyYkdfM2d1TUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84OWFiYjgtNjM2ZC00MDg0LTgxYTAtYzYzYWRiNmVlNWQ5
LzEvbS1vNk9rbzJCc2M1YnhYMUFheGNaQmVGZFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDArBAIAATAlAwQDBRbwMAsD
AwBYhQMEBFiFgAMEAliFnAMEBW3HoAMEArkJQDANBAIAAjAHAwUDKgGpgDANBgkq
hkiG9w0BAQsFAAOCAQEAkAkNM+W60ORhEy+q0CNGpoYdMV7wciwOG+AEojPQkMt9
4GwDJlLn+A3YvyvYgIWb4yFE5WR2wrvTdrFpzNXDvM8ljdeOXdOhgufbKmN3nu/T
KmGHBzc+4ioTHyNm2I0DfC6ctDIoxjpBWDNbDWlD4VrkKzGehK7lIPODLKhQO7cY
QqQHYJ3XHyRy9flTzKGiuH9CB8Zl5OtIpU7eB6BdHfsreZMiDVs+L7rxv9iDqxsL
rum9I2ElkhmwbWQppG2OdT1bJe+Mb+jn9dWvx+m4KrtAny7/7lEty974aSeL/sY3
iKAJVjj5Rqm/dTIkqezp/tEfcHMz6aqqd4lpY18ZUg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:16 2024 by rpki-client on console-ams.rpki-client.org