Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/L8OdT17jJApyEKqWvbgR95D1d8g.roa
File:                     L8OdT17jJApyEKqWvbgR95D1d8g.roa (raw, json)
Hash identifier:          4D+01V42oCIHdZuqog5TSo1Wa9t0OYVPj8pBW3i2Mns=
Subject key identifier:   2F:C3:9D:4F:5E:E3:24:0A:72:10:AA:96:BD:B8:11:F7:90:F5:77:C8
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018CC8DEDC404121AEEBE7FED7DB37C701F9
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/L8OdT17jJApyEKqWvbgR95D1d8g.roa
Signing time:             Tue 02 Jan 2024 06:31:37 +0000
ROA not before:           Tue 02 Jan 2024 06:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44341
IP address blocks:        195.211.160.0/24 maxlen: 24
                          194.140.228.0/24 maxlen: 24
                          195.211.162.0/24 maxlen: 24
                          195.211.161.0/24 maxlen: 24
                          195.211.163.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 15 Aug 2024 12:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:dc:40:41:21:ae:eb:e7:fe:d7:db:37:c7:01:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 06:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2fc39d4f5ee3240a7210aa96bdb811f790f577c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:ea:77:d8:17:44:eb:96:f7:13:2f:4f:78:ca:
                    9f:ea:67:87:f0:d4:38:9a:7d:f5:46:1c:83:24:80:
                    b0:58:d8:30:2e:78:7f:94:af:98:8c:4a:20:f4:c1:
                    10:40:96:96:b2:d4:a9:ac:25:58:36:10:b9:fd:02:
                    27:aa:16:99:5b:cb:29:1e:63:b1:00:c6:e4:47:d5:
                    ae:66:0f:85:eb:90:1a:44:ad:b7:49:29:ab:a6:aa:
                    4e:74:4e:39:32:dd:0e:72:7c:ad:31:11:ab:9f:b9:
                    91:b7:ee:01:b0:7c:f0:e3:6a:6b:5a:97:0e:c9:30:
                    b9:0c:60:00:7a:32:29:84:d7:ee:86:69:48:77:40:
                    9f:19:c3:44:7f:01:d3:5e:1f:c4:94:07:0c:cc:65:
                    60:29:a3:72:3d:5d:9b:a0:04:4b:c3:c6:b3:19:73:
                    3d:14:cb:4f:88:44:fc:d7:08:4a:79:91:da:03:b8:
                    22:63:e3:3d:bd:74:c2:9e:96:52:66:23:d2:ab:6a:
                    6c:b2:02:96:90:69:94:32:da:70:1f:46:0a:c5:f8:
                    58:59:96:9f:e5:1b:f3:0b:a9:53:4e:32:2d:44:68:
                    2e:85:2f:a6:40:71:62:65:6f:45:9a:fd:5a:ee:f1:
                    a6:87:1f:c5:39:dd:8c:ea:e4:2e:0d:94:42:b4:c6:
                    68:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:C3:9D:4F:5E:E3:24:0A:72:10:AA:96:BD:B8:11:F7:90:F5:77:C8
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/L8OdT17jJApyEKqWvbgR95D1d8g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.140.228.0/24
                  195.211.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:f9:22:d0:34:f2:3f:0a:33:93:c9:ef:12:ad:f5:9b:fe:4e:
         de:92:51:1d:96:2c:f5:b4:c2:d8:c7:70:9f:32:39:ee:cc:77:
         d7:a9:05:d5:a1:5b:40:b9:6b:15:eb:f2:91:6c:f3:81:55:89:
         d8:5a:3e:3f:0c:1c:5c:f9:bf:60:bc:70:8a:0c:6a:4a:52:49:
         5d:ca:4c:dd:75:68:9b:cd:be:eb:ff:70:96:08:6c:65:22:63:
         58:f3:d5:f9:64:71:47:9a:88:59:38:02:31:b5:24:30:33:40:
         0c:46:ba:5f:70:49:47:50:72:4b:10:6e:0a:e9:4a:4a:d2:9e:
         84:e4:c9:47:85:d8:93:1a:c2:c5:f7:60:b3:af:64:4e:f5:88:
         ca:d1:7a:7b:d0:b1:d3:d2:17:53:03:95:e9:87:6d:dd:c4:85:
         b1:b6:b6:b8:34:42:0a:ad:58:5a:03:8c:4d:e2:c2:d4:3b:78:
         0f:bd:91:a1:f9:0e:7e:21:dc:fa:46:a4:55:0d:ad:34:63:94:
         d6:7f:65:b9:2b:d1:99:2c:8c:f4:20:35:cf:46:f2:0b:48:f0:
         ee:ea:78:5e:5c:26:d5:86:46:6a:fc:a1:fb:f0:49:3e:44:78:
         1f:f2:4e:61:65:19:b1:b7:3b:ec:72:3a:7e:1c:a7:d8:14:6b:
         e4:90:e2:1e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI3txAQSGu6+f+19s3xwH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwMTAyMDYzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmMzOWQ0ZjVlZTMyNDBhNzIxMGFhOTZiZGI4MTFmNzkwZjU3N2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOp32BdE65b3Ey9PeMqf6meH8NQ4
mn31RhyDJICwWNgwLnh/lK+YjEog9MEQQJaWstSprCVYNhC5/QInqhaZW8spHmOx
AMbkR9WuZg+F65AaRK23SSmrpqpOdE45Mt0OcnytMRGrn7mRt+4BsHzw42prWpcO
yTC5DGAAejIphNfuhmlId0CfGcNEfwHTXh/ElAcMzGVgKaNyPV2boARLw8azGXM9
FMtPiET81whKeZHaA7giY+M9vXTCnpZSZiPSq2pssgKWkGmUMtpwH0YKxfhYWZaf
5RvzC6lTTjItRGguhS+mQHFiZW9Fmv1a7vGmhx/FOd2M6uQuDZRCtMZohwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC/DnU9e4yQKchCqlr24EfeQ9XfIMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvTDhPZFQxN2pKQXB5RUtxV3ZiZ1I5NUQxZDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwozkAwQC
w9OgMA0GCSqGSIb3DQEBCwUAA4IBAQAf+SLQNPI/CjOTye8SrfWb/k7eklEdliz1
tMLYx3CfMjnuzHfXqQXVoVtAuWsV6/KRbPOBVYnYWj4/DBxc+b9gvHCKDGpKUkld
ykzddWibzb7r/3CWCGxlImNY89X5ZHFHmohZOAIxtSQwM0AMRrpfcElHUHJLEG4K
6UpK0p6E5MlHhdiTGsLF92Czr2RO9YjK0Xp70LHT0hdTA5Xph23dxIWxtra4NEIK
rVhaA4xN4sLUO3gPvZGh+Q5+Idz6RqRVDa00Y5TWf2W5K9GZLIz0IDXPRvILSPDu
6nheXCbVhkZq/KH78Ek+RHgf8k5hZRmxtzvscjp+HKfYFGvkkOIe
-----END CERTIFICATE-----
Generated at Thu Aug 15 16:42:33 2024 by rpki-client on console-fra.rpki-client.org