Route Origin Authorization

$ rpki-client -vvf chloe.sobornost.net/rpki/RIPE-nlrssf/o2BXkSobxqgGuRWTIQFoVktXyeA.roa
File:                     o2BXkSobxqgGuRWTIQFoVktXyeA.roa (raw, json)
Hash identifier:          NNbICD+YJkePnrDaxKPqvtyEJ9iTlLqM3t7FfaGRcQU=
Subject key identifier:   A3:60:57:91:2A:1B:C6:A8:06:B9:15:93:21:01:68:56:4B:57:C9:E0
Certificate issuer:       /CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
Certificate serial:       018D
Authority key identifier: 71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer
Subject info access:      rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/o2BXkSobxqgGuRWTIQFoVktXyeA.roa
Signing time:             Sun 24 Mar 2024 07:55:03 +0000
ROA not before:           Sun 24 Mar 2024 07:55:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15562
IP address blocks:        194.104.129.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 24 Mar 2024 11:55:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 397 (0x18d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71d14ebb255dc058d4bfa5a51c93f73f830ab88f
        Validity
            Not Before: Mar 24 07:55:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=A36057912A1BC6A806B91593210168564B57C9E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:78:a5:b3:13:ef:ba:23:72:72:d2:9a:dc:0d:
                    0c:cf:1f:40:ee:7e:c5:29:35:11:2d:2d:cf:57:38:
                    af:be:b4:4c:5d:01:7c:af:c9:43:b1:f0:02:10:9f:
                    f0:f0:7e:48:3e:a2:58:ad:5e:e6:95:df:2b:21:bb:
                    96:18:69:f2:c8:e9:94:e8:52:1f:59:3b:c5:a9:7c:
                    9c:e0:24:7c:a0:20:50:92:71:2e:b1:b8:70:96:39:
                    50:8d:09:20:27:a4:d2:47:f8:32:f0:65:dc:e0:eb:
                    35:9c:6f:55:a0:61:a5:c3:ca:f1:6c:12:34:a1:3e:
                    43:2d:d1:ae:c0:e7:0f:f2:4a:30:24:fe:79:cc:0a:
                    99:56:1e:00:77:9c:5a:5c:4c:bd:d7:64:ac:fa:bd:
                    23:70:f4:07:29:98:d2:09:85:9f:43:28:c9:c5:7a:
                    89:3b:5b:6a:7c:d6:16:ff:02:53:fd:2d:96:1f:ef:
                    67:1c:46:10:c4:59:b6:13:71:db:45:41:f4:80:c2:
                    66:79:3c:df:ed:3e:85:13:b8:37:9b:c6:21:b6:46:
                    47:7a:45:3c:e6:82:9d:1b:04:69:48:05:0f:7d:da:
                    c0:88:ca:12:6d:3e:29:47:bb:66:7e:26:95:dc:31:
                    3c:87:35:cd:06:2f:c1:21:f1:99:86:19:ec:c1:70:
                    8f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:60:57:91:2A:1B:C6:A8:06:B9:15:93:21:01:68:56:4B:57:C9:E0
            X509v3 Authority Key Identifier:
                keyid:71:D1:4E:BB:25:5D:C0:58:D4:BF:A5:A5:1C:93:F7:3F:83:0A:B8:8F

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/cdFOuyVdwFjUv6WlHJP3P4MKuI8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cdFOuyVdwFjUv6WlHJP3P4MKuI8.cer

            X509v3 Key Usage: critical
                Digital Signature
            Subject Information Access:
                Signed Object - URI:rsync://chloe.sobornost.net/rpki/RIPE-nlrssf/o2BXkSobxqgGuRWTIQFoVktXyeA.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:96:b9:48:f0:a0:42:dc:1c:d8:7a:02:0c:b8:a5:97:ca:92:
         6c:fd:0f:97:f7:4b:c6:20:38:cb:77:86:f3:47:42:2e:51:c1:
         0e:f8:09:96:39:d4:47:ef:e7:07:d6:19:6f:1f:bd:b4:a0:15:
         1c:da:c3:38:be:45:91:a7:e3:1d:64:8b:e5:05:11:12:9e:ca:
         14:7d:65:07:07:8f:be:f5:1f:01:b7:c2:fb:e1:a3:3b:6e:ac:
         63:a7:65:1d:30:df:67:68:68:d3:a8:a6:b2:9b:56:29:66:0a:
         0b:9c:77:b5:1f:c2:6f:b7:62:78:42:42:aa:47:6a:72:8b:2d:
         21:87:11:48:9c:5d:b4:19:15:d0:68:d8:c1:89:a1:52:e2:af:
         c1:1b:70:4e:fa:84:bc:0f:ea:dd:38:68:cd:bc:4c:84:ce:9b:
         05:38:99:a6:8b:63:5d:2a:47:9b:12:c1:aa:bd:3a:26:a9:24:
         6d:6b:7a:ff:f8:e6:6e:ff:28:1f:b7:b9:2a:79:a4:57:ad:f9:
         a0:3b:d9:ef:5f:da:75:86:f9:e2:e7:2c:d5:6f:56:90:86:fb:
         61:6d:dc:d0:0f:59:07:17:99:67:2c:2f:ea:67:80:6c:4f:5d:
         25:64:94:72:29:89:1b:72:f5:b7:18:b3:1d:17:39:a9:8a:8f:
         e2:0b:b5:1a
-----BEGIN CERTIFICATE-----
MIIEojCCA4qgAwIBAgICAY0wDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMoNzFk
MTRlYmIyNTVkYzA1OGQ0YmZhNWE1MWM5M2Y3M2Y4MzBhYjg4ZjAeFw0yNDAzMjQw
NzU1MDNaFw0yNTA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKEEzNjA1NzkxMkExQkM2
QTgwNkI5MTU5MzIxMDE2ODU2NEI1N0M5RTAwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDIeKWzE++6I3Jy0prcDQzPH0DufsUpNREtLc9XOK++tExdAXyv
yUOx8AIQn/Dwfkg+olitXuaV3yshu5YYafLI6ZToUh9ZO8WpfJzgJHygIFCScS6x
uHCWOVCNCSAnpNJH+DLwZdzg6zWcb1WgYaXDyvFsEjShPkMt0a7A5w/ySjAk/nnM
CplWHgB3nFpcTL3XZKz6vSNw9AcpmNIJhZ9DKMnFeok7W2p81hb/AlP9LZYf72cc
RhDEWbYTcdtFQfSAwmZ5PN/tPoUTuDebxiG2Rkd6RTzmgp0bBGlIBQ992sCIyhJt
PilHu2Z+JpXcMTyHNc0GL8Eh8ZmGGezBcI+FAgMBAAGjggG+MIIBujAdBgNVHQ4E
FgQUo2BXkSobxqgGuRWTIQFoVktXyeAwHwYDVR0jBBgwFoAUcdFOuyVdwFjUv6Wl
HJP3P4MKuI8wGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBdBgNVHR8EVjBUMFKg
UKBOhkxyc3luYzovL2NobG9lLnNvYm9ybm9zdC5uZXQvcnBraS9SSVBFLW5scnNz
Zi9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY3JsMGQGCCsGAQUFBwEBBFgw
VjBUBggrBgEFBQcwAoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9jZEZPdXlWZHdGalV2NldsSEpQM1A0TUt1STguY2VyMA4GA1UdDwEB
/wQEAwIHgDBoBggrBgEFBQcBCwRcMFowWAYIKwYBBQUHMAuGTHJzeW5jOi8vY2hs
b2Uuc29ib3Jub3N0Lm5ldC9ycGtpL1JJUEUtbmxyc3NmL28yQlhrU29ieHFnR3VS
V1RJUUZvVmt0WHllQS5yb2EwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADC
aIEwDQYJKoZIhvcNAQELBQADggEBAA+WuUjwoELcHNh6Agy4pZfKkmz9D5f3S8Yg
OMt3hvNHQi5RwQ74CZY51Efv5wfWGW8fvbSgFRzawzi+RZGn4x1ki+UFERKeyhR9
ZQcHj771HwG3wvvhozturGOnZR0w32doaNOoprKbVilmCgucd7Ufwm+3YnhCQqpH
anKLLSGHEUicXbQZFdBo2MGJoVLir8EbcE76hLwP6t04aM28TITOmwU4maaLY10q
R5sSwaq9OiapJG1rev/45m7/KB+3uSp5pFet+aA72e9f2nWG+eLnLNVvVpCG+2Ft
3NAPWQcXmWcsL+pngGxPXSVklHIpiRty9bcYsx0XOamKj+ILtRo=
-----END CERTIFICATE-----
Generated at Sun Mar 24 12:28:11 2024 by rpki-client on console-ams.rpki-client.org