Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/bn9LyiamIweLxnnnj8Le8xGslKE.roa
File:                     bn9LyiamIweLxnnnj8Le8xGslKE.roa (raw, json)
Hash identifier:          rgwpkR/sXYvTFob+22wWrVAUPnOgwKHJcNZy8wHX7w4=
Subject key identifier:   6E:7F:4B:CA:26:A6:23:07:8B:C6:79:E7:8F:C2:DE:F3:11:AC:94:A1
Certificate issuer:       /CN=722a8c1d311895016108ffbd14575c77cc28773a
Certificate serial:       018CC56EF14FC7C228A454BF2EC5A0E98447
Authority key identifier: 72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/bn9LyiamIweLxnnnj8Le8xGslKE.roa
Signing time:             Mon 01 Jan 2024 14:30:31 +0000
ROA not before:           Mon 01 Jan 2024 14:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25369
IP address blocks:        87.246.28.0/22 maxlen: 22
                          87.246.8.0/22 maxlen: 22
                          87.246.12.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Fri 02 Aug 2024 17:25:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f1:4f:c7:c2:28:a4:54:bf:2e:c5:a0:e9:84:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=722a8c1d311895016108ffbd14575c77cc28773a
        Validity
            Not Before: Jan  1 14:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e7f4bca26a623078bc679e78fc2def311ac94a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9b:54:53:a5:69:02:1b:47:60:f8:dc:20:94:
                    8f:b6:65:7d:ad:0d:25:5a:9e:40:11:2d:86:56:b3:
                    2f:19:f7:fe:90:ca:7f:83:a7:99:a1:81:4d:40:a7:
                    d0:fe:6b:61:e3:b6:06:b6:08:1b:2d:7c:36:ae:2d:
                    1b:73:c0:8b:4d:5a:78:c2:de:18:8b:8b:23:44:d9:
                    09:9a:44:a3:4c:3b:c0:6f:ee:41:c3:04:9b:38:40:
                    f3:47:39:df:80:4a:e2:b2:f8:7f:ac:4a:a6:1e:5d:
                    79:d6:f5:41:80:a8:70:4b:78:0d:09:90:27:ac:a5:
                    de:e6:af:12:cc:5f:ef:e5:dd:9c:a9:48:79:75:6b:
                    5f:77:bc:b6:82:02:e8:53:67:62:d4:8f:1a:0f:71:
                    ba:4a:4b:41:03:28:00:c3:59:70:3b:1c:d0:e8:f7:
                    1e:5b:82:c4:b1:e2:c5:be:d9:aa:9d:00:5a:78:f6:
                    24:ff:3d:47:d3:82:f0:99:ae:52:88:c4:2b:7b:62:
                    2e:26:64:90:31:2d:f5:4e:3d:12:a1:57:f7:6b:f8:
                    9e:f1:06:06:ca:92:8d:9a:e6:98:00:16:8a:30:a1:
                    80:a7:6f:a5:a6:96:20:7d:1a:b1:13:7f:b6:b2:57:
                    23:e1:87:37:03:bb:77:7e:3f:b7:a0:32:50:74:11:
                    72:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:7F:4B:CA:26:A6:23:07:8B:C6:79:E7:8F:C2:DE:F3:11:AC:94:A1
            X509v3 Authority Key Identifier:
                keyid:72:2A:8C:1D:31:18:95:01:61:08:FF:BD:14:57:5C:77:CC:28:77:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciqMHTEYlQFhCP-9FFdcd8wodzo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/bn9LyiamIweLxnnnj8Le8xGslKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/b1f6ee-c4ef-4355-af36-a558ee65431f/1/ciqMHTEYlQFhCP-9FFdcd8wodzo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.8.0/21
                  87.246.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:21:ef:6c:59:53:f0:5d:64:44:7b:6b:f4:e7:68:1a:5f:d6:
         91:84:b4:9a:13:21:a5:c3:15:6c:d8:3b:f5:cb:74:28:0d:b7:
         b0:58:42:b8:9e:99:9c:fa:33:2d:0d:57:b1:1c:b4:40:14:c3:
         8c:e8:27:75:a2:e1:e9:58:f1:49:3a:82:7e:e1:5f:97:94:2a:
         c8:bd:67:93:ca:f6:5f:49:ff:5c:48:a9:be:ce:6b:8e:19:ff:
         f2:d3:e1:1c:fa:d6:01:1b:f5:f3:66:00:bc:82:24:44:58:36:
         8d:33:89:9c:77:ee:d5:ef:fb:ad:ca:ff:e7:82:26:62:4f:1e:
         bc:4c:f0:23:d4:32:3a:f9:dd:d1:67:9b:fb:74:c0:4e:06:aa:
         0c:5e:f8:42:32:1c:f9:4a:19:04:ee:58:68:73:53:78:e6:4c:
         f1:41:49:6a:25:bc:df:7b:84:96:d9:ce:1d:0d:63:69:7f:f2:
         a3:b7:41:26:1e:33:18:d7:75:af:ab:41:0e:39:12:bb:df:3e:
         8d:6b:0d:76:c3:10:45:7f:28:5e:ea:17:81:b7:c4:38:d5:46:
         17:a2:85:3f:f5:db:41:25:c0:a9:b9:e1:27:5a:bc:37:d0:d2:
         82:9a:97:87:91:47:e5:4d:d7:f7:57:5e:f7:76:cc:e9:7c:1a:
         01:a3:e2:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbvFPx8IopFS/LsWg6YRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMmE4YzFkMzExODk1MDE2MTA4ZmZiZDE0NTc1Yzc3Y2My
ODc3M2EwHhcNMjQwMTAxMTQzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTdmNGJjYTI2YTYyMzA3OGJjNjc5ZTc4ZmMyZGVmMzExYWM5NGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5tUU6VpAhtHYPjcIJSPtmV9rQ0l
Wp5AES2GVrMvGff+kMp/g6eZoYFNQKfQ/mth47YGtggbLXw2ri0bc8CLTVp4wt4Y
i4sjRNkJmkSjTDvAb+5BwwSbOEDzRznfgErisvh/rEqmHl151vVBgKhwS3gNCZAn
rKXe5q8SzF/v5d2cqUh5dWtfd7y2ggLoU2di1I8aD3G6SktBAygAw1lwOxzQ6Pce
W4LEseLFvtmqnQBaePYk/z1H04Lwma5SiMQre2IuJmSQMS31Tj0SoVf3a/ie8QYG
ypKNmuaYABaKMKGAp2+lppYgfRqxE3+2slcj4Yc3A7t3fj+3oDJQdBFy0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG5/S8ompiMHi8Z554/C3vMRrJShMB8GA1UdIwQY
MBaAFHIqjB0xGJUBYQj/vRRXXHfMKHc6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYt
YTU1OGVlNjU0MzFmLzEvYm45THlpYW1Jd2VMeG5ubmo4TGU4eEdzbEtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9iMWY2ZWUtYzRlZi00MzU1LWFmMzYtYTU1OGVlNjU0MzFm
LzEvY2lxTUhURVlsUUZoQ1AtOUZGZGNkOHdvZHpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDV/YIAwQC
V/YcMA0GCSqGSIb3DQEBCwUAA4IBAQBFIe9sWVPwXWREe2v052gaX9aRhLSaEyGl
wxVs2Dv1y3QoDbewWEK4npmc+jMtDVexHLRAFMOM6Cd1ouHpWPFJOoJ+4V+XlCrI
vWeTyvZfSf9cSKm+zmuOGf/y0+Ec+tYBG/XzZgC8giREWDaNM4mcd+7V7/utyv/n
giZiTx68TPAj1DI6+d3RZ5v7dMBOBqoMXvhCMhz5ShkE7lhoc1N45kzxQUlqJbzf
e4SW2c4dDWNpf/Kjt0EmHjMY13Wvq0EOORK73z6Naw12wxBFfyhe6heBt8Q41UYX
ooU/9dtBJcCpueEnWrw30NKCmpeHkUflTdf3V173dszpfBoBo+KD
Generated at Fri Aug 2 19:17:33 2024 by rpki-client on console-fra.rpki-client.org