Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/cc1d62-ae53-48b7-ac79-641d456283c4/1/S3Jkd2j4jSS3quUNsLF936uS-YE.roa
File:                     S3Jkd2j4jSS3quUNsLF936uS-YE.roa (raw, json)
Hash identifier:          zOKZFyNo73oDJ0neQXL9WLWV/0K1WF7YYest0GDg+0A=
Subject key identifier:   4B:72:64:77:68:F8:8D:24:B7:AA:E5:0D:B0:B1:7D:DF:AB:92:F9:81
Certificate issuer:       /CN=a60e42d7cbafc9dd3205d247d662d85afdd9a186
Certificate serial:       01856F42D50EB5F09BFAAA42599CF6F54A35
Authority key identifier: A6:0E:42:D7:CB:AF:C9:DD:32:05:D2:47:D6:62:D8:5A:FD:D9:A1:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pg5C18uvyd0yBdJH1mLYWv3ZoYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/cc1d62-ae53-48b7-ac79-641d456283c4/1/S3Jkd2j4jSS3quUNsLF936uS-YE.roa
Signing time:             Sun 01 Jan 2023 21:35:28 +0000
ROA not before:           Sun 01 Jan 2023 21:35:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61172
IP address blocks:        194.146.32.0/24 maxlen: 24
                          194.146.35.0/24 maxlen: 24
                          194.146.33.0/24 maxlen: 24
                          194.146.34.0/24 maxlen: 24
                          2a0f:9545::/32 maxlen: 32
                          2a0f:9547::/32 maxlen: 32
                          2a0f:9541::/32 maxlen: 32
                          2a0f:9546::/32 maxlen: 32
                          2a0f:9544::/32 maxlen: 32
                          2a0f:9542::/32 maxlen: 32
                          2a0f:9540::/32 maxlen: 32
                          2a0f:9543::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:42:d5:0e:b5:f0:9b:fa:aa:42:59:9c:f6:f5:4a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a60e42d7cbafc9dd3205d247d662d85afdd9a186
        Validity
            Not Before: Jan  1 21:35:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b72647768f88d24b7aae50db0b17ddfab92f981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d9:ac:3d:8c:53:fd:a0:71:3b:6d:56:95:e5:
                    91:a1:db:bc:21:fc:ac:e7:34:52:66:c2:8a:0a:5b:
                    1c:e0:e3:47:bc:35:f5:b1:54:34:29:28:bb:9c:f6:
                    51:c8:dd:fa:77:44:b1:6e:ad:b2:fe:b8:83:7b:82:
                    8c:58:fa:4f:bb:92:8c:47:4f:4e:42:cc:9f:17:4f:
                    93:ad:00:3d:c1:75:71:3e:68:ab:60:ca:45:0f:bb:
                    86:70:13:55:96:57:ed:60:dc:85:e3:a9:96:9b:d1:
                    b9:f9:d6:0c:04:ec:d8:d0:cf:ff:e0:a2:37:f7:8e:
                    6b:9e:f2:d6:a0:c9:33:3e:af:cd:4b:79:63:5c:68:
                    a3:b4:6d:b8:3a:08:76:78:99:54:98:1f:bd:0b:9c:
                    11:05:4c:d9:89:93:85:e3:f0:de:a9:36:a0:ad:0f:
                    42:e9:77:a6:51:15:66:98:d3:cc:0c:95:00:58:b6:
                    e7:69:70:9e:c9:46:56:4c:1c:52:7c:33:36:53:72:
                    c4:8b:f0:74:9f:73:49:83:77:92:5c:8d:c3:9a:10:
                    86:5a:c0:b1:fa:45:15:16:5b:95:63:37:53:84:33:
                    28:c2:02:00:2d:60:c3:ec:1b:f8:b9:7e:cc:41:e7:
                    88:98:61:f0:ab:c0:dc:9e:d9:78:8c:8f:89:8e:25:
                    6f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:72:64:77:68:F8:8D:24:B7:AA:E5:0D:B0:B1:7D:DF:AB:92:F9:81
            X509v3 Authority Key Identifier:
                keyid:A6:0E:42:D7:CB:AF:C9:DD:32:05:D2:47:D6:62:D8:5A:FD:D9:A1:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pg5C18uvyd0yBdJH1mLYWv3ZoYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/cc1d62-ae53-48b7-ac79-641d456283c4/1/S3Jkd2j4jSS3quUNsLF936uS-YE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/cc1d62-ae53-48b7-ac79-641d456283c4/1/pg5C18uvyd0yBdJH1mLYWv3ZoYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.32.0/22
                IPv6:
                  2a0f:9540::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:7e:d7:71:d1:99:04:81:6d:3d:42:d2:78:77:6f:49:2d:9a:
         f5:8d:27:71:0e:8b:fc:b4:c6:3d:26:fd:5f:77:ca:d8:e7:37:
         b4:ac:99:b5:01:05:ec:d4:c3:02:eb:9a:cc:6c:53:4d:59:88:
         97:16:75:7c:5c:c2:ae:68:3d:ac:ff:4a:0b:b5:17:c9:e6:f5:
         cd:e1:b4:8b:0d:54:57:9f:6f:01:7e:5e:b1:f7:69:ae:39:92:
         47:1e:7a:bf:00:88:88:53:d6:ae:0b:23:76:c4:be:fd:34:07:
         ff:9b:87:03:87:65:de:71:eb:a8:77:6e:dd:45:63:b9:b1:0a:
         71:e1:d9:b6:0c:bc:a8:3c:6e:ae:e7:5d:5b:9d:8a:b5:6b:96:
         ed:17:88:73:80:03:2c:dc:c2:35:7d:f0:5f:13:ca:0a:82:e4:
         46:82:aa:dc:0b:f9:ce:07:35:40:e5:0e:c4:6d:4b:81:2c:d5:
         b1:15:a4:c8:c6:94:c4:fe:00:d4:9b:34:40:3a:af:d1:b9:50:
         e6:f5:74:9e:c0:ef:7a:4f:61:f0:8f:52:36:8b:21:66:6c:2f:
         44:7e:1e:dd:39:87:f3:13:3b:3d:cd:c0:a5:f5:49:f1:c4:45:
         d8:81:6f:a8:43:99:40:44:b8:5c:3b:0a:8c:86:58:31:f6:cb:
         2b:27:0b:59
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVvQtUOtfCb+qpCWZz29Uo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MGU0MmQ3Y2JhZmM5ZGQzMjA1ZDI0N2Q2NjJkODVhZmRk
OWExODYwHhcNMjMwMTAxMjEzNTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjcyNjQ3NzY4Zjg4ZDI0YjdhYWU1MGRiMGIxN2RkZmFiOTJmOTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNmsPYxT/aBxO21WleWRodu8Ifys
5zRSZsKKClsc4ONHvDX1sVQ0KSi7nPZRyN36d0Sxbq2y/riDe4KMWPpPu5KMR09O
QsyfF0+TrQA9wXVxPmirYMpFD7uGcBNVllftYNyF46mWm9G5+dYMBOzY0M//4KI3
945rnvLWoMkzPq/NS3ljXGijtG24Ogh2eJlUmB+9C5wRBUzZiZOF4/DeqTagrQ9C
6XemURVmmNPMDJUAWLbnaXCeyUZWTBxSfDM2U3LEi/B0n3NJg3eSXI3DmhCGWsCx
+kUVFluVYzdThDMowgIALWDD7Bv4uX7MQeeImGHwq8Dcntl4jI+JjiVv/wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEtyZHdo+I0kt6rlDbCxfd+rkvmBMB8GA1UdIwQY
MBaAFKYOQtfLr8ndMgXSR9Zi2Fr92aGGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGc1QzE4dXZ5ZDB5QmRKSDFtTFlXdjNab1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jYzFkNjItYWU1My00OGI3LWFjNzkt
NjQxZDQ1NjI4M2M0LzEvUzNKa2QyajRqU1MzcXVVTnNMRjkzNnVTLVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jYzFkNjItYWU1My00OGI3LWFjNzktNjQxZDQ1NjI4M2M0
LzEvcGc1QzE4dXZ5ZDB5QmRKSDFtTFlXdjNab1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCwpIgMA0E
AgACMAcDBQMqD5VAMA0GCSqGSIb3DQEBCwUAA4IBAQCYftdx0ZkEgW09QtJ4d29J
LZr1jSdxDov8tMY9Jv1fd8rY5ze0rJm1AQXs1MMC65rMbFNNWYiXFnV8XMKuaD2s
/0oLtRfJ5vXN4bSLDVRXn28Bfl6x92muOZJHHnq/AIiIU9auCyN2xL79NAf/m4cD
h2Xeceuod27dRWO5sQpx4dm2DLyoPG6u511bnYq1a5btF4hzgAMs3MI1ffBfE8oK
guRGgqrcC/nOBzVA5Q7EbUuBLNWxFaTIxpTE/gDUmzRAOq/RuVDm9XSewO96T2Hw
j1I2iyFmbC9Efh7dOYfzEzs9zcCl9UnxxEXYgW+oQ5lARLhcOwqMhlgx9ssrJwtZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:49 2024 by rpki-client on console-fra.rpki-client.org