Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/lVQh6tfSOAbd-jC3gasBjxzVGUA.roa
File:                     lVQh6tfSOAbd-jC3gasBjxzVGUA.roa (raw, json)
Hash identifier:          zPRRMuVM+8pKZvM29wOcpmFgahQNQse+21oPI4NNe7g=
Subject key identifier:   95:54:21:EA:D7:D2:38:06:DD:FA:30:B7:81:AB:01:8F:1C:D5:19:40
Certificate issuer:       /CN=5a141c5090824d0a17c29ec4050e21007113fbda
Certificate serial:       018572D5BB3EAD51EFA508D7B75E06DF889B
Authority key identifier: 5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/lVQh6tfSOAbd-jC3gasBjxzVGUA.roa
Signing time:             Mon 02 Jan 2023 14:14:47 +0000
ROA not before:           Mon 02 Jan 2023 14:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3257
IP address blocks:        185.85.76.0/22 maxlen: 22
                          91.190.168.0/21 maxlen: 21
                          5.63.24.0/21 maxlen: 21
                          2a02:798::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:d5:bb:3e:ad:51:ef:a5:08:d7:b7:5e:06:df:88:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a141c5090824d0a17c29ec4050e21007113fbda
        Validity
            Not Before: Jan  2 14:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=955421ead7d23806ddfa30b781ab018f1cd51940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fd:b0:19:d7:4f:60:ee:ca:8e:63:b4:af:37:
                    a9:3c:0b:01:30:8b:f3:3b:5b:c0:e4:e0:9c:6e:3a:
                    05:1a:c1:c0:32:27:95:0c:10:5b:04:d8:85:36:1a:
                    bd:e6:15:d4:4a:7d:c8:a5:28:44:24:7b:ee:5a:26:
                    97:80:93:44:3b:5f:d2:a9:19:05:36:18:7f:81:45:
                    67:03:fe:93:d6:ba:04:f5:ab:dd:15:8a:a7:13:6c:
                    ec:e0:90:d3:02:80:0f:f0:09:9e:5a:09:ca:fb:34:
                    d5:8b:98:35:ea:3b:fb:34:03:c7:3d:28:61:16:ca:
                    16:21:fb:b0:7f:3b:9d:cc:95:0f:47:a3:1e:8b:81:
                    94:72:44:11:29:f1:20:05:ff:93:d7:83:89:6a:f3:
                    6b:e6:a9:8f:e2:ad:93:d7:79:11:17:e0:3f:5f:57:
                    70:5a:c6:b9:56:51:28:fc:89:f9:a9:b1:85:36:60:
                    2d:ae:59:c6:cd:56:4d:49:2f:f1:4f:fc:9c:f7:2c:
                    29:01:c2:5d:0b:3a:7c:55:0b:27:ac:52:89:f7:63:
                    a5:ed:ec:58:2f:ea:3a:dc:62:49:4f:13:3f:b9:45:
                    31:63:a8:b4:87:9e:03:07:14:aa:22:b4:28:1f:7a:
                    39:5c:f9:0f:33:2a:7f:11:2b:c6:a0:a5:46:09:20:
                    52:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:54:21:EA:D7:D2:38:06:DD:FA:30:B7:81:AB:01:8F:1C:D5:19:40
            X509v3 Authority Key Identifier:
                keyid:5A:14:1C:50:90:82:4D:0A:17:C2:9E:C4:05:0E:21:00:71:13:FB:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WhQcUJCCTQoXwp7EBQ4hAHET-9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/lVQh6tfSOAbd-jC3gasBjxzVGUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b20e90-bf6e-4e25-87d5-eceeff8e84e0/1/WhQcUJCCTQoXwp7EBQ4hAHET-9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.24.0/21
                  91.190.168.0/21
                  185.85.76.0/22
                IPv6:
                  2a02:798::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:a3:a3:f9:19:67:c1:21:35:a7:d0:c7:5a:a5:41:91:4d:b4:
         c3:52:ce:07:c5:9b:69:6b:10:76:1a:b3:bb:e4:1e:20:46:7b:
         d4:0a:1c:7c:ac:cb:b4:63:62:47:80:4e:13:29:67:37:53:ae:
         c0:74:13:d7:97:54:33:8f:a8:04:95:9a:79:fe:95:e6:56:7d:
         48:d3:d3:10:74:80:5f:c2:f8:64:cb:52:c2:e8:ef:51:a2:ac:
         40:ee:62:cf:70:58:60:dd:08:ae:9b:f3:e0:1c:ab:25:dc:29:
         b9:8c:6c:d0:a6:76:8a:e5:0f:a9:96:6d:a5:0c:09:ff:ce:9c:
         8d:11:09:38:22:32:ce:e3:b1:29:18:5a:dd:4e:c1:46:d9:1f:
         dc:85:66:51:f0:8a:d2:f4:20:af:37:75:73:9f:55:7b:0e:26:
         7e:fc:ca:1f:98:ba:ac:17:21:0b:78:7e:24:2a:bb:a9:68:d4:
         b8:61:96:c3:b1:ef:b2:42:e9:c5:0e:d1:7a:5e:87:92:37:99:
         a8:cb:50:bc:f1:37:e3:6a:79:95:b3:10:1d:00:5a:45:e7:d4:
         47:34:07:6a:ca:9a:1d:1e:ec:54:a6:fc:36:47:88:fd:88:04:
         b9:0c:6d:88:77:a6:b1:b6:17:90:fb:de:d5:69:d7:90:27:03:
         8a:5a:d3:e8
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVy1bs+rVHvpQjXt14G34ibMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhMTQxYzUwOTA4MjRkMGExN2MyOWVjNDA1MGUyMTAwNzEx
M2ZiZGEwHhcNMjMwMTAyMTQxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTU0MjFlYWQ3ZDIzODA2ZGRmYTMwYjc4MWFiMDE4ZjFjZDUxOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjf2wGddPYO7KjmO0rzepPAsBMIvz
O1vA5OCcbjoFGsHAMieVDBBbBNiFNhq95hXUSn3IpShEJHvuWiaXgJNEO1/SqRkF
Nhh/gUVnA/6T1roE9avdFYqnE2zs4JDTAoAP8AmeWgnK+zTVi5g16jv7NAPHPShh
FsoWIfuwfzudzJUPR6Mei4GUckQRKfEgBf+T14OJavNr5qmP4q2T13kRF+A/X1dw
Wsa5VlEo/In5qbGFNmAtrlnGzVZNSS/xT/yc9ywpAcJdCzp8VQsnrFKJ92Ol7exY
L+o63GJJTxM/uUUxY6i0h54DBxSqIrQoH3o5XPkPMyp/ESvGoKVGCSBS+wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJVUIerX0jgG3fowt4GrAY8c1RlAMB8GA1UdIwQY
MBaAFFoUHFCQgk0KF8KexAUOIQBxE/vaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUt
ZWNlZWZmOGU4NGUwLzEvbFZRaDZ0ZlNPQWJkLWpDM2dhc0JqeHpWR1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMjBlOTAtYmY2ZS00ZTI1LTg3ZDUtZWNlZWZmOGU4NGUw
LzEvV2hRY1VKQ0NUUW9Yd3A3RUJRNGhBSEVULTlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDBT8YAwQD
W76oAwQCuVVMMA0EAgACMAcDBQAqAgeYMA0GCSqGSIb3DQEBCwUAA4IBAQAlo6P5
GWfBITWn0MdapUGRTbTDUs4HxZtpaxB2GrO75B4gRnvUChx8rMu0Y2JHgE4TKWc3
U67AdBPXl1Qzj6gElZp5/pXmVn1I09MQdIBfwvhky1LC6O9RoqxA7mLPcFhg3Qiu
m/PgHKsl3Cm5jGzQpnaK5Q+plm2lDAn/zpyNEQk4IjLO47EpGFrdTsFG2R/chWZR
8IrS9CCvN3Vzn1V7DiZ+/MofmLqsFyELeH4kKrupaNS4YZbDse+yQunFDtF6XoeS
N5moy1C88TfjanmVsxAdAFpF59RHNAdqypodHuxUpvw2R4j9iAS5DG2Id6axtheQ
+97VadeQJwOKWtPo
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:53 2024 by rpki-client on console-fra.rpki-client.org