Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/xKlh7VD-h92zNVMZIcU_erdk2nI.roa
File:                     xKlh7VD-h92zNVMZIcU_erdk2nI.roa (raw, json)
Hash identifier:          H9DEEbQfsHpddamSeHrpzj2c0bhsUaisaX7ae2omyPY=
Subject key identifier:   C4:A9:61:ED:50:FE:87:DD:B3:35:53:19:21:C5:3F:7A:B7:64:DA:72
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       018A6FEBBAEE318B07CE7EE543032D729175
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/xKlh7VD-h92zNVMZIcU_erdk2nI.roa
Signing time:             Thu 07 Sep 2023 13:53:54 +0000
ROA not before:           Thu 07 Sep 2023 13:53:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207875
IP address blocks:        195.211.160.0/22 maxlen: 22
                          195.211.161.0/24 maxlen: 24
                          192.109.248.0/24 maxlen: 24
                          192.109.253.0/24 maxlen: 24
                          192.109.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:6f:eb:ba:ee:31:8b:07:ce:7e:e5:43:03:2d:72:91:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Sep  7 13:53:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4a961ed50fe87ddb335531921c53f7ab764da72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2e:83:68:09:93:8c:64:cb:90:11:88:94:c6:
                    93:55:29:cf:6f:b6:7c:f4:ec:7d:de:ad:6f:0b:22:
                    72:d7:c8:66:6d:32:4e:ae:c2:42:6f:b0:81:c7:d0:
                    42:d5:27:f2:1e:44:9e:e8:da:9a:c0:75:71:2f:70:
                    43:fa:f9:c8:bd:b5:4a:37:29:ef:9c:2f:64:7d:58:
                    2a:27:17:38:0f:83:d9:3d:70:16:f1:9b:21:b5:ec:
                    e5:d1:d4:d4:14:b4:2a:dc:7d:86:5e:c7:cb:5b:ea:
                    19:c2:d2:f4:9e:55:7e:78:9d:e9:0c:2e:15:bd:f2:
                    c3:bf:fe:2e:5a:15:8d:04:dd:0d:12:08:66:4a:65:
                    97:c5:0a:1a:dd:5c:48:c4:c3:b8:99:6b:99:27:e6:
                    51:a1:73:28:1c:5c:14:be:6f:b0:d2:2a:1f:53:94:
                    fc:a0:5e:2f:9d:84:95:fe:a5:b9:2c:30:ca:9e:47:
                    4b:a5:52:a1:d9:ce:bc:e9:85:42:a1:26:39:77:fa:
                    13:21:2f:ff:06:24:1f:0e:ce:eb:4a:95:68:90:99:
                    8b:ea:d6:47:3b:70:dc:b7:5c:ce:7b:56:fc:64:a3:
                    ab:1b:95:68:1d:d6:d7:d3:14:29:e2:64:c4:dd:0e:
                    79:e9:5b:f5:34:a8:a1:5a:ea:5b:1f:0f:cb:da:e8:
                    7c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:A9:61:ED:50:FE:87:DD:B3:35:53:19:21:C5:3F:7A:B7:64:DA:72
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/xKlh7VD-h92zNVMZIcU_erdk2nI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.248.0/24
                  192.109.250.0/24
                  192.109.253.0/24
                  195.211.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:48:d2:b5:dd:7f:7f:86:d2:f4:75:c3:c0:04:0d:fa:b0:09:
         dc:a5:e9:d4:a8:07:d9:44:e0:83:c3:61:4f:b5:2e:89:1a:c5:
         72:10:9e:37:b5:32:57:57:5a:4f:e0:35:a6:cd:70:60:0a:5d:
         ae:75:7e:9b:64:7f:94:52:a7:14:bf:57:12:3c:f2:eb:66:fe:
         07:4d:63:e0:4a:4a:d3:a8:3c:35:d0:3c:5e:6b:78:2a:55:f2:
         24:99:e8:ef:18:38:26:7c:8c:14:2a:94:a0:2a:04:fb:81:3f:
         85:cd:17:c1:cf:d4:76:1d:f3:1b:83:e0:6c:98:da:0b:d9:f6:
         69:b8:aa:95:74:ce:0c:fc:81:41:5b:66:4a:d0:00:00:0a:ad:
         61:29:8c:c2:f6:76:a5:d9:9f:e0:5c:15:25:73:f8:86:b6:76:
         79:12:ae:20:dc:ea:83:8e:23:8f:e7:d4:20:cb:45:45:d8:2b:
         49:8f:a2:4c:c0:c9:6b:9a:13:5b:b9:7d:02:fe:37:63:c6:06:
         6b:0f:0a:54:96:a4:6f:44:5e:4a:63:83:ba:c7:f2:87:46:b5:
         ca:6e:d6:0f:46:bc:bf:99:84:fa:87:99:2d:2d:9f:fc:ed:cd:
         1b:28:0c:f6:20:05:b3:c1:82:23:09:1e:ca:9a:6c:fe:56:8c:
         a2:f7:51:7a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYpv67ruMYsHzn7lQwMtcpF1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjMwOTA3MTM1MzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGE5NjFlZDUwZmU4N2RkYjMzNTUzMTkyMWM1M2Y3YWI3NjRkYTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy6DaAmTjGTLkBGIlMaTVSnPb7Z8
9Ox93q1vCyJy18hmbTJOrsJCb7CBx9BC1SfyHkSe6NqawHVxL3BD+vnIvbVKNynv
nC9kfVgqJxc4D4PZPXAW8Zshtezl0dTUFLQq3H2GXsfLW+oZwtL0nlV+eJ3pDC4V
vfLDv/4uWhWNBN0NEghmSmWXxQoa3VxIxMO4mWuZJ+ZRoXMoHFwUvm+w0iofU5T8
oF4vnYSV/qW5LDDKnkdLpVKh2c686YVCoSY5d/oTIS//BiQfDs7rSpVokJmL6tZH
O3Dct1zOe1b8ZKOrG5VoHdbX0xQp4mTE3Q556Vv1NKihWupbHw/L2uh8fwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMSpYe1Q/ofdszVTGSHFP3q3ZNpyMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEveEtsaDdWRC1oOTJ6TlZNWkljVV9lcmRrMm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwG34AwQA
wG36AwQAwG39AwQCw9OgMA0GCSqGSIb3DQEBCwUAA4IBAQB4SNK13X9/htL0dcPA
BA36sAncpenUqAfZROCDw2FPtS6JGsVyEJ43tTJXV1pP4DWmzXBgCl2udX6bZH+U
UqcUv1cSPPLrZv4HTWPgSkrTqDw10Dxea3gqVfIkmejvGDgmfIwUKpSgKgT7gT+F
zRfBz9R2HfMbg+BsmNoL2fZpuKqVdM4M/IFBW2ZK0AAACq1hKYzC9nal2Z/gXBUl
c/iGtnZ5Eq4g3OqDjiOP59Qgy0VF2CtJj6JMwMlrmhNbuX0C/jdjxgZrDwpUlqRv
RF5KY4O6x/KHRrXKbtYPRry/mYT6h5ktLZ/87c0bKAz2IAWzwYIjCR7Kmmz+Voyi
91F6
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:17 2024 by rpki-client on console-fra.rpki-client.org