Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/TjLBnGErxFoDtBmOYzoGwDyXKWo.roa
File:                     TjLBnGErxFoDtBmOYzoGwDyXKWo.roa (raw, json)
Hash identifier:          zcl/4z2qM7qe0pP3v/fzwA/3ylhXZHeztAQ0Xfe1PZs=
Subject key identifier:   4E:32:C1:9C:61:2B:C4:5A:03:B4:19:8E:63:3A:06:C0:3C:97:29:6A
Certificate issuer:       /CN=dcf85c36c696d5db2cbb48fd43e821737ee34227
Certificate serial:       0188FBFCEF394D4634830245B7D818A4752C
Authority key identifier: DC:F8:5C:36:C6:96:D5:DB:2C:BB:48:FD:43:E8:21:73:7E:E3:42:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3PhcNsaW1dssu0j9Q-ghc37jQic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/TjLBnGErxFoDtBmOYzoGwDyXKWo.roa
Signing time:             Tue 27 Jun 2023 08:33:57 +0000
ROA not before:           Tue 27 Jun 2023 08:33:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207174
IP address blocks:        185.211.212.0/22 maxlen: 24
                          5.181.240.0/22 maxlen: 24
                          185.49.192.0/22 maxlen: 24
                          185.249.108.0/22 maxlen: 24
                          2a0c:240::/29 maxlen: 48
                          2a01:a260::/32 maxlen: 48
                          2a0b:6b40::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:fb:fc:ef:39:4d:46:34:83:02:45:b7:d8:18:a4:75:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcf85c36c696d5db2cbb48fd43e821737ee34227
        Validity
            Not Before: Jun 27 08:33:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4e32c19c612bc45a03b4198e633a06c03c97296a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d2:ab:22:c7:69:c5:0c:74:16:a8:9b:26:48:
                    72:03:5d:b3:38:f9:9a:f7:7e:f3:ed:f0:49:4c:96:
                    d7:3e:15:c9:66:c8:d2:28:76:e9:5f:36:1e:6f:2e:
                    ae:41:72:74:5b:86:23:a2:fe:9a:63:a8:a1:e6:f5:
                    a5:51:62:04:ad:02:ae:88:a9:3b:be:1b:bc:ca:96:
                    d8:07:fd:4b:90:4c:b3:a7:da:52:17:1d:7e:24:70:
                    1d:b6:d8:6a:cb:f9:58:3e:96:d3:69:12:6d:0c:94:
                    39:8c:ec:ec:9c:5f:d7:41:0d:8b:cf:51:72:56:3d:
                    bd:10:32:9d:3a:23:6b:ab:ba:d9:77:23:29:26:4a:
                    a8:68:1e:30:c8:1f:1e:d4:eb:95:07:98:46:7d:03:
                    a3:64:77:18:fe:1f:06:93:ce:6b:c5:cf:db:36:e7:
                    84:44:27:29:3b:de:6e:83:ea:ec:c8:d1:76:b1:2d:
                    93:94:f5:33:86:2f:8d:e9:ea:d0:be:81:3b:d1:52:
                    46:76:9e:f0:62:7a:62:4d:35:15:47:88:2c:3b:6c:
                    78:87:dc:9e:d2:c0:2d:9f:86:5a:fb:84:be:30:67:
                    37:82:ec:61:d3:b1:fc:ef:64:1a:08:57:5d:ea:72:
                    a9:b4:5e:0e:2d:a4:07:30:f0:6e:a1:3b:b8:3a:f5:
                    88:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:32:C1:9C:61:2B:C4:5A:03:B4:19:8E:63:3A:06:C0:3C:97:29:6A
            X509v3 Authority Key Identifier:
                keyid:DC:F8:5C:36:C6:96:D5:DB:2C:BB:48:FD:43:E8:21:73:7E:E3:42:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3PhcNsaW1dssu0j9Q-ghc37jQic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/TjLBnGErxFoDtBmOYzoGwDyXKWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/cfbc62-5d54-4327-b072-0f52f867178d/1/3PhcNsaW1dssu0j9Q-ghc37jQic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.240.0/22
                  185.49.192.0/22
                  185.211.212.0/22
                  185.249.108.0/22
                IPv6:
                  2a01:a260::/32
                  2a0b:6b40::/29
                  2a0c:240::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:51:48:44:90:aa:0d:82:1d:8e:42:92:39:ad:6e:67:a9:dd:
         40:e2:a5:ad:b4:70:40:fc:2c:98:a6:4b:ba:d0:3d:57:c8:bd:
         57:51:fd:23:19:67:c7:15:2f:b3:60:8f:bb:80:9c:a9:68:12:
         d2:6d:fd:5a:53:13:fc:bf:27:eb:3c:eb:04:9b:35:01:0d:ba:
         27:f6:02:16:e2:4f:d6:3c:99:ee:94:f0:69:11:76:c6:4a:72:
         cd:9e:58:c2:dc:2f:79:40:3c:a4:41:f5:09:b4:06:04:bf:10:
         34:16:62:a5:ff:8e:bb:4c:8b:d5:1a:c6:77:8b:1d:cb:09:37:
         8d:86:b4:f1:fe:23:ee:79:23:9c:cc:54:4c:c8:6a:b6:de:36:
         db:40:93:5f:7a:b3:75:93:c6:c5:31:4c:75:a1:17:36:34:6d:
         a2:e3:ee:9d:19:9e:75:25:81:3f:38:01:8e:ec:a2:b4:ac:c7:
         16:87:26:65:09:f8:cd:1e:57:f5:24:a5:6a:6c:10:d1:65:2b:
         4d:a8:47:33:e5:f0:7d:87:52:80:f1:f1:6c:21:d9:30:92:60:
         6f:18:e5:62:b9:2f:77:d4:6f:f0:93:10:7a:e1:43:bb:73:83:
         c6:f9:77:27:46:88:a1:a4:b6:5b:fb:af:fa:dd:a4:a1:66:3f:
         ee:57:93:45
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYj7/O85TUY0gwJFt9gYpHUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZjg1YzM2YzY5NmQ1ZGIyY2JiNDhmZDQzZTgyMTczN2Vl
MzQyMjcwHhcNMjMwNjI3MDgzMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTMyYzE5YzYxMmJjNDVhMDNiNDE5OGU2MzNhMDZjMDNjOTcyOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNKrIsdpxQx0FqibJkhyA12zOPma
937z7fBJTJbXPhXJZsjSKHbpXzYeby6uQXJ0W4Yjov6aY6ih5vWlUWIErQKuiKk7
vhu8ypbYB/1LkEyzp9pSFx1+JHAdtthqy/lYPpbTaRJtDJQ5jOzsnF/XQQ2Lz1Fy
Vj29EDKdOiNrq7rZdyMpJkqoaB4wyB8e1OuVB5hGfQOjZHcY/h8Gk85rxc/bNueE
RCcpO95ug+rsyNF2sS2TlPUzhi+N6erQvoE70VJGdp7wYnpiTTUVR4gsO2x4h9ye
0sAtn4Za+4S+MGc3guxh07H872QaCFdd6nKptF4OLaQHMPBuoTu4OvWIaQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFE4ywZxhK8RaA7QZjmM6BsA8lylqMB8GA1UdIwQY
MBaAFNz4XDbGltXbLLtI/UPoIXN+40InMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BoY05zYVcxZHNzdTBqOVEtZ2hjMzdqUWljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jZmJjNjItNWQ1NC00MzI3LWIwNzIt
MGY1MmY4NjcxNzhkLzEvVGpMQm5HRXJ4Rm9EdEJtT1l6b0d3RHlYS1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jZmJjNjItNWQ1NC00MzI3LWIwNzItMGY1MmY4NjcxNzhk
LzEvM1BoY05zYVcxZHNzdTBqOVEtZ2hjMzdqUWljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAeBAIAATAYAwQCBbXwAwQC
uTHAAwQCudPUAwQCuflsMBsEAgACMBUDBQAqAaJgAwUDKgtrQAMFAyoMAkAwDQYJ
KoZIhvcNAQELBQADggEBAFpRSESQqg2CHY5Ckjmtbmep3UDipa20cED8LJimS7rQ
PVfIvVdR/SMZZ8cVL7Ngj7uAnKloEtJt/VpTE/y/J+s86wSbNQENuif2AhbiT9Y8
me6U8GkRdsZKcs2eWMLcL3lAPKRB9Qm0BgS/EDQWYqX/jrtMi9UaxneLHcsJN42G
tPH+I+55I5zMVEzIarbeNttAk196s3WTxsUxTHWhFzY0baLj7p0ZnnUlgT84AY7s
orSsxxaHJmUJ+M0eV/UkpWpsENFlK02oRzPl8H2HUoDx8Wwh2TCSYG8Y5WK5L3fU
b/CTEHrhQ7tzg8b5dydGiKGktlv7r/rdpKFmP+5Xk0U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:33 2024 by rpki-client on console-fra.rpki-client.org