Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/ZM8iC004DwXgQ8vLst9T-D1fdxY.roa
File:                     ZM8iC004DwXgQ8vLst9T-D1fdxY.roa (raw, json)
Hash identifier:          lUNhuGdFhximxH4ZepfQEY2LwfdiM9/2yJNC1GjOKto=
Subject key identifier:   64:CF:22:0B:4D:38:0F:05:E0:43:CB:CB:B2:DF:53:F8:3D:5F:77:16
Certificate issuer:       /CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
Certificate serial:       018571BA244598B4A251DC88C6264FA549D0
Authority key identifier: D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/ZM8iC004DwXgQ8vLst9T-D1fdxY.roa
Signing time:             Mon 02 Jan 2023 09:05:02 +0000
ROA not before:           Mon 02 Jan 2023 09:05:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        195.88.246.0/24 maxlen: 24
                          195.88.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:34:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:ba:24:45:98:b4:a2:51:dc:88:c6:26:4f:a5:49:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d538d7726a5f1f33da15d87e5c8b0e48f50281bf
        Validity
            Not Before: Jan  2 09:05:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64cf220b4d380f05e043cbcbb2df53f83d5f7716
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f1:c1:9e:3f:0a:1b:d1:df:3f:44:94:d6:dd:
                    dd:a0:4b:b1:89:1d:ff:ac:7e:79:41:71:50:5c:d7:
                    ee:6a:8d:89:e8:19:f4:de:37:dc:78:61:8b:42:3b:
                    7a:f1:d4:e0:b5:df:c5:ec:24:67:c4:b2:c0:50:96:
                    ff:04:d0:8d:2b:54:8b:8b:45:22:0e:ef:91:e4:93:
                    48:c2:2e:68:86:1e:89:9b:85:97:8b:ae:2a:5b:fd:
                    3d:8e:c8:4c:cb:29:58:9b:42:2b:35:f9:53:08:32:
                    be:f2:ac:56:f3:77:ae:52:01:22:50:00:67:a3:f2:
                    48:9a:69:5d:a0:66:16:81:03:aa:3c:a9:eb:d8:37:
                    db:bb:92:27:af:3a:87:d8:33:5d:17:a3:35:4e:3d:
                    88:6a:af:ee:72:9b:ab:df:5b:86:29:a6:1f:a9:f0:
                    c1:a7:74:ea:e3:8a:70:fc:49:14:f6:bf:16:9f:ee:
                    90:16:78:72:e9:df:71:49:0a:2a:b5:56:3e:27:c5:
                    e7:9a:ae:ef:74:39:12:b8:24:9b:85:64:28:17:e5:
                    17:69:8f:36:e8:79:71:7c:12:6b:86:81:94:05:7b:
                    d1:71:da:45:38:dc:db:6f:c8:59:91:ec:1c:42:12:
                    2c:39:26:a2:d4:c3:69:6c:b4:12:b4:1d:7c:38:2a:
                    62:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:CF:22:0B:4D:38:0F:05:E0:43:CB:CB:B2:DF:53:F8:3D:5F:77:16
            X509v3 Authority Key Identifier:
                keyid:D5:38:D7:72:6A:5F:1F:33:DA:15:D8:7E:5C:8B:0E:48:F5:02:81:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1TjXcmpfHzPaFdh-XIsOSPUCgb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/ZM8iC004DwXgQ8vLst9T-D1fdxY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/43c451-e4e9-4859-b985-2d9df4ef5f50/1/1TjXcmpfHzPaFdh-XIsOSPUCgb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.88.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:b1:c7:d3:ab:19:a0:28:28:b8:32:b4:7f:fa:a4:56:30:41:
         b7:2a:24:0a:0f:a3:a8:e4:28:30:f6:0f:00:8f:5e:4f:d5:53:
         fc:de:61:71:a5:41:87:49:dd:35:a4:6e:46:f2:4e:66:1f:3f:
         bb:7a:ec:a0:9a:43:8d:5a:d8:33:be:fd:fa:9e:ed:24:dd:56:
         1b:bc:6f:84:95:6a:72:b5:c2:84:6f:79:93:f6:87:c4:e1:a0:
         25:82:ff:3c:47:09:8b:2c:55:75:f6:bf:35:7c:83:a9:6f:cd:
         bf:44:96:26:66:c3:72:fd:6a:3d:42:b5:bc:36:98:24:dd:28:
         8e:f4:41:53:31:cb:7a:51:29:91:07:17:6f:4f:06:4f:b2:c8:
         b3:3a:8e:8d:01:e8:7c:f0:48:a5:00:55:e9:b0:f7:f5:39:cb:
         54:a4:1e:b9:ec:01:dc:d8:43:f5:2f:3b:f8:d0:ed:c8:6b:be:
         68:7a:37:2c:22:56:9d:d0:17:de:96:4f:88:25:84:e6:10:f6:
         e9:27:3b:bc:e6:89:c0:ef:c9:40:12:15:7a:b0:ed:ba:22:7b:
         d9:20:4f:4d:0f:08:fc:fd:05:1c:e9:1f:65:c4:69:21:21:44:
         c6:54:17:37:2e:83:ab:19:51:ba:cf:a3:3b:9a:6d:2f:ed:df:
         90:a0:88:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxuiRFmLSiUdyIxiZPpUnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1MzhkNzcyNmE1ZjFmMzNkYTE1ZDg3ZTVjOGIwZTQ4ZjUw
MjgxYmYwHhcNMjMwMTAyMDkwNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGNmMjIwYjRkMzgwZjA1ZTA0M2NiY2JiMmRmNTNmODNkNWY3NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/HBnj8KG9HfP0SU1t3doEuxiR3/
rH55QXFQXNfuao2J6Bn03jfceGGLQjt68dTgtd/F7CRnxLLAUJb/BNCNK1SLi0Ui
Du+R5JNIwi5ohh6Jm4WXi64qW/09jshMyylYm0IrNflTCDK+8qxW83euUgEiUABn
o/JImmldoGYWgQOqPKnr2Dfbu5InrzqH2DNdF6M1Tj2Iaq/ucpur31uGKaYfqfDB
p3Tq44pw/EkU9r8Wn+6QFnhy6d9xSQoqtVY+J8Xnmq7vdDkSuCSbhWQoF+UXaY82
6HlxfBJrhoGUBXvRcdpFONzbb8hZkewcQhIsOSai1MNpbLQStB18OCpihwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTPIgtNOA8F4EPLy7LfU/g9X3cWMB8GA1UdIwQY
MBaAFNU413JqXx8z2hXYflyLDkj1AoG/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUt
MmQ5ZGY0ZWY1ZjUwLzEvWk04aUMwMDREd1hnUTh2THN0OVQtRDFmZHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80M2M0NTEtZTRlOS00ODU5LWI5ODUtMmQ5ZGY0ZWY1ZjUw
LzEvMVRqWGNtcGZIelBhRmRoLVhJc09TUFVDZ2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw1j2MA0G
CSqGSIb3DQEBCwUAA4IBAQBTscfTqxmgKCi4MrR/+qRWMEG3KiQKD6Oo5Cgw9g8A
j15P1VP83mFxpUGHSd01pG5G8k5mHz+7euygmkONWtgzvv36nu0k3VYbvG+ElWpy
tcKEb3mT9ofE4aAlgv88RwmLLFV19r81fIOpb82/RJYmZsNy/Wo9QrW8Npgk3SiO
9EFTMct6USmRBxdvTwZPssizOo6NAeh88EilAFXpsPf1OctUpB657AHc2EP1Lzv4
0O3Ia75oejcsIlad0Bfelk+IJYTmEPbpJzu85onA78lAEhV6sO26InvZIE9NDwj8
/QUc6R9lxGkhIUTGVBc3LoOrGVG6z6M7mm0v7d+QoIhC
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:52 2024 by rpki-client on console-fra.rpki-client.org