Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/IPn5PnsEmDTDmSiLsPiWHgLuwjc.roa
File:                     IPn5PnsEmDTDmSiLsPiWHgLuwjc.roa (raw, json)
Hash identifier:          pii20UmG8VlE8YD8XwZmb5RclhTw9t2SFXXE9JJ6WM0=
Subject key identifier:   20:F9:F9:3E:7B:04:98:34:C3:99:28:8B:B0:F8:96:1E:02:EE:C2:37
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       01856E542C4EE25ABDBED3C138F40FAB578B
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/IPn5PnsEmDTDmSiLsPiWHgLuwjc.roa
Signing time:             Sun 01 Jan 2023 17:14:47 +0000
ROA not before:           Sun 01 Jan 2023 17:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     63859
IP address blocks:        151.249.95.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:54:2c:4e:e2:5a:bd:be:d3:c1:38:f4:0f:ab:57:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Jan  1 17:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20f9f93e7b049834c399288bb0f8961e02eec237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:16:68:4e:0b:0e:93:72:52:6b:c7:c2:41:50:
                    12:d6:b9:f2:aa:df:58:3d:34:a3:bc:91:63:3b:fc:
                    a1:c0:3f:02:6c:8e:09:bd:65:3c:6d:b5:d1:71:69:
                    f4:a3:3d:28:67:3d:b6:5d:0f:1c:66:11:f0:58:39:
                    94:4a:74:6e:02:a8:01:96:bd:01:98:74:4e:92:16:
                    d9:b4:b0:2b:c9:2c:5f:72:18:96:45:e3:46:7f:99:
                    e7:bd:f3:8e:3d:fe:19:2d:17:e6:7c:72:82:cf:e7:
                    1a:46:95:12:34:58:5e:9e:f4:4c:44:9c:50:38:5d:
                    0c:68:d2:16:07:59:c4:41:be:0c:41:84:d5:8d:e6:
                    0c:e1:50:11:82:fc:64:db:86:d7:1c:ab:43:c6:0a:
                    0a:c2:d9:bb:ab:03:94:46:d5:b1:34:d6:b7:54:3e:
                    54:6c:7f:6a:d2:a2:00:fc:53:2c:b6:c4:3d:c3:5a:
                    e4:1a:c5:cb:9a:95:c6:35:49:86:4d:fa:72:12:ea:
                    be:e2:0f:fa:0b:66:55:1f:fa:dc:d7:3c:6f:ec:44:
                    06:77:2e:01:86:e8:e3:f4:4a:d6:87:83:20:46:7d:
                    19:ba:d7:ba:54:f2:d3:db:94:da:f4:39:79:0c:a6:
                    d6:3f:d9:e6:77:a4:ca:4f:02:10:be:df:f3:c2:1c:
                    08:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F9:F9:3E:7B:04:98:34:C3:99:28:8B:B0:F8:96:1E:02:EE:C2:37
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/IPn5PnsEmDTDmSiLsPiWHgLuwjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.249.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:89:49:c5:a5:9a:da:7d:29:49:c1:4f:d9:f6:6f:81:a9:44:
         0b:7e:86:d3:80:44:b6:9e:66:e9:37:57:ec:40:ff:aa:61:52:
         c4:58:f9:b5:db:f0:63:f9:48:e7:37:95:00:9b:0d:d8:a9:2b:
         18:4f:c6:f3:85:30:4f:37:78:40:4d:3f:07:b5:85:e3:63:c2:
         85:f4:1a:fe:3c:09:84:33:02:6c:8d:ad:78:a3:9d:4f:1f:f5:
         7d:31:bf:51:14:60:74:84:05:ff:3a:80:00:5c:08:9d:e0:ef:
         de:8d:ef:b0:d3:46:3e:dc:11:ee:b8:b7:a6:d5:6e:47:49:06:
         72:4b:d8:ab:72:15:33:10:40:c3:45:f7:d4:28:c2:89:20:0d:
         2e:2b:ca:26:2c:2e:4a:0d:98:64:d1:b2:0a:a7:fd:dd:35:0d:
         87:4e:0e:c5:cf:a0:7e:0a:89:cc:ee:fb:dd:bf:c4:95:d5:eb:
         2d:30:ce:dc:14:5b:84:ea:5d:b8:5b:f4:90:31:97:61:92:52:
         74:e9:d9:c7:d8:4e:c1:f1:80:ef:0f:28:4d:a0:5e:d2:c8:22:
         28:bd:36:fc:79:d5:a7:68:b6:dc:03:4b:b1:43:dc:99:09:fc:
         6f:30:f1:4b:b1:0c:39:63:3e:88:20:26:21:93:ae:50:83:77:
         a1:41:06:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuVCxO4lq9vtPBOPQPq1eLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjMwMTAxMTcxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY5ZjkzZTdiMDQ5ODM0YzM5OTI4OGJiMGY4OTYxZTAyZWVjMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshZoTgsOk3JSa8fCQVAS1rnyqt9Y
PTSjvJFjO/yhwD8CbI4JvWU8bbXRcWn0oz0oZz22XQ8cZhHwWDmUSnRuAqgBlr0B
mHROkhbZtLArySxfchiWReNGf5nnvfOOPf4ZLRfmfHKCz+caRpUSNFhenvRMRJxQ
OF0MaNIWB1nEQb4MQYTVjeYM4VARgvxk24bXHKtDxgoKwtm7qwOURtWxNNa3VD5U
bH9q0qIA/FMstsQ9w1rkGsXLmpXGNUmGTfpyEuq+4g/6C2ZVH/rc1zxv7EQGdy4B
hujj9ErWh4MgRn0Zute6VPLT25Ta9Dl5DKbWP9nmd6TKTwIQvt/zwhwI+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD5+T57BJg0w5koi7D4lh4C7sI3MB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvSVBuNVBuc0VtRFREbVNpTHNQaVdIZ0x1d2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/lfMA0G
CSqGSIb3DQEBCwUAA4IBAQDOiUnFpZrafSlJwU/Z9m+BqUQLfobTgES2nmbpN1fs
QP+qYVLEWPm12/Bj+UjnN5UAmw3YqSsYT8bzhTBPN3hATT8HtYXjY8KF9Br+PAmE
MwJsja14o51PH/V9Mb9RFGB0hAX/OoAAXAid4O/eje+w00Y+3BHuuLem1W5HSQZy
S9irchUzEEDDRffUKMKJIA0uK8omLC5KDZhk0bIKp/3dNQ2HTg7Fz6B+ConM7vvd
v8SV1estMM7cFFuE6l24W/SQMZdhklJ06dnH2E7B8YDvDyhNoF7SyCIovTb8edWn
aLbcA0uxQ9yZCfxvMPFLsQw5Yz6IICYhk65Qg3ehQQbU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:48 2024 by rpki-client on console-fra.rpki-client.org