Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/3131392e31312e3132382e302f32302d3230203d3e203130323137.roa
File:                     3131392e31312e3132382e302f32302d3230203d3e203130323137.roa (raw, json)
Hash identifier:          ImeHPBLW3n0eq+9BUlKP5jWu5Afm3sftJl3EgSAAiC0=
Subject key identifier:   FA:34:AA:2F:98:AF:23:D8:AF:C3:57:DC:79:2B:3E:94:3E:0D:B5:A9
Certificate issuer:       /CN=229866508D6D624523EDAD2A0DE1E82AE2C3B512
Certificate serial:       04ED26CC7886678048E87890B8305A3EF90133FD
Authority key identifier: 22:98:66:50:8D:6D:62:45:23:ED:AD:2A:0D:E1:E8:2A:E2:C3:B5:12
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229866508D6D624523EDAD2A0DE1E82AE2C3B512.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/3131392e31312e3132382e302f32302d3230203d3e203130323137.roa
Signing time:             Wed 22 Nov 2023 08:25:58 +0000
ROA not before:           Wed 22 Nov 2023 08:20:58 +0000
ROA not after:            Wed 20 Nov 2024 08:25:58 +0000
asID:                     10217
IP address blocks:        119.11.128.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Tue 04 Jun 2024 10:21:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:ed:26:cc:78:86:67:80:48:e8:78:90:b8:30:5a:3e:f9:01:33:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=229866508D6D624523EDAD2A0DE1E82AE2C3B512
        Validity
            Not Before: Nov 22 08:20:58 2023 GMT
            Not After : Nov 20 08:25:58 2024 GMT
        Subject: CN=FA34AA2F98AF23D8AFC357DC792B3E943E0DB5A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:82:a8:09:63:ae:33:76:b9:70:1a:42:99:ed:
                    8d:2e:50:90:ce:ac:96:5d:48:a8:d6:6e:a3:8f:2c:
                    58:a7:74:d6:fe:11:2b:ef:c5:b0:cc:a2:8d:d8:af:
                    70:73:c9:62:03:6a:34:ce:14:08:42:48:83:32:d8:
                    b5:bc:ed:f4:3f:4e:51:ef:f4:3d:c1:a3:c1:94:33:
                    01:6a:71:7c:1b:c0:6a:7a:ca:20:5b:11:f5:7e:c2:
                    e5:96:ee:24:7f:f9:5c:1c:bb:93:4d:a4:60:5e:aa:
                    95:38:79:d6:86:b1:70:6e:90:a7:85:1c:64:b5:88:
                    36:7b:95:90:f9:a2:f5:69:4e:4e:dc:f2:41:fa:06:
                    00:89:a4:80:1e:28:ae:55:e5:2b:ef:5e:25:1b:5c:
                    b4:13:de:b5:71:96:22:36:63:e4:a7:da:5b:13:bc:
                    6f:c8:3d:ae:ec:0d:2e:f8:d3:37:91:29:78:2c:6b:
                    77:7a:99:f9:50:07:3f:8e:99:0c:43:82:8d:63:f6:
                    7e:32:82:95:33:41:fb:d1:4a:14:25:0b:cd:ec:e7:
                    2e:80:b3:41:10:80:68:82:ab:6c:f0:71:d2:00:67:
                    dc:34:19:75:42:a5:c6:6f:81:5c:7c:8a:0e:6c:a0:
                    50:e9:8a:e6:4c:36:4f:7b:4d:7e:e3:5e:ba:fb:12:
                    d0:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:34:AA:2F:98:AF:23:D8:AF:C3:57:DC:79:2B:3E:94:3E:0D:B5:A9
            X509v3 Authority Key Identifier:
                keyid:22:98:66:50:8D:6D:62:45:23:ED:AD:2A:0D:E1:E8:2A:E2:C3:B5:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/229866508D6D624523EDAD2A0DE1E82AE2C3B512.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229866508D6D624523EDAD2A0DE1E82AE2C3B512.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/3131392e31312e3132382e302f32302d3230203d3e203130323137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.11.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         5c:79:e1:00:e5:74:db:d6:0b:29:fc:f9:cd:39:82:89:de:47:
         70:42:6e:c9:31:cc:1e:50:9c:8e:b1:a4:23:c2:c5:0e:dc:18:
         99:fe:ea:71:32:30:ad:c0:42:ed:f7:14:20:c7:4c:77:b3:fb:
         a0:c8:af:21:33:9a:f5:4c:89:dd:1a:d9:65:ce:d6:38:89:52:
         c6:bb:37:c7:9c:c3:18:0d:17:fe:4c:59:f4:f4:85:de:d6:97:
         b3:76:95:38:49:90:7e:3b:e2:97:e8:21:5f:8d:4a:f4:d8:34:
         45:63:5e:f3:d8:ca:74:59:3a:78:3b:d4:f1:a2:b8:fd:79:f7:
         eb:94:40:fe:14:e0:ab:6b:97:73:af:d3:42:ca:d5:98:7c:f2:
         23:fc:18:64:a9:f3:f2:52:a6:c3:07:96:4a:68:bc:39:30:9d:
         5f:e4:8a:47:6a:be:9c:f4:bc:5a:67:2c:83:be:c9:ed:97:cb:
         1a:9c:be:da:7f:87:db:12:b0:ed:0f:cb:84:dc:13:4b:14:b3:
         80:ca:e7:9c:5d:b0:8b:8f:9c:32:aa:ca:e8:31:62:04:d1:9a:
         52:bd:da:57:74:29:5c:a5:18:06:62:fc:16:a2:70:a3:19:0d:
         69:a0:4f:64:b8:25:ea:f6:04:b5:d9:b4:9d:01:41:e3:cf:d7:
         4e:a3:6a:3b
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUBO0mzHiGZ4BI6HiQuDBaPvkBM/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI5ODY2NTA4RDZENjI0NTIzRURBRDJBMERFMUU4MkFF
MkMzQjUxMjAeFw0yMzExMjIwODIwNThaFw0yNDExMjAwODI1NThaMDMxMTAvBgNV
BAMTKEZBMzRBQTJGOThBRjIzRDhBRkMzNTdEQzc5MkIzRTk0M0UwREI1QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjgqgJY64zdrlwGkKZ7Y0uUJDO
rJZdSKjWbqOPLFindNb+ESvvxbDMoo3Yr3BzyWIDajTOFAhCSIMy2LW87fQ/TlHv
9D3Bo8GUMwFqcXwbwGp6yiBbEfV+wuWW7iR/+Vwcu5NNpGBeqpU4edaGsXBukKeF
HGS1iDZ7lZD5ovVpTk7c8kH6BgCJpIAeKK5V5SvvXiUbXLQT3rVxliI2Y+Sn2lsT
vG/IPa7sDS740zeRKXgsa3d6mflQBz+OmQxDgo1j9n4ygpUzQfvRShQlC83s5y6A
s0EQgGiCq2zwcdIAZ9w0GXVCpcZvgVx8ig5soFDpiuZMNk97TX7jXrr7EtCTAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU+jSqL5ivI9ivw1fceSs+lD4NtakwHwYDVR0j
BBgwFoAUIphmUI1tYkUj7a0qDeHoKuLDtRIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
ZmI3MDgxOC0yMzY2LTQyZTAtOWRiZC0yNTQzODEwNjllNTcvMC8yMjk4NjY1MDhE
NkQ2MjQ1MjNFREFEMkEwREUxRTgyQUUyQzNCNTEyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI5ODY2NTA4RDZENjI0NTIzRURBRDJBMERFMUU4MkFFMkMz
QjUxMi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzJmYjcwODE4LTIzNjYtNDJlMC05
ZGJkLTI1NDM4MTA2OWU1Ny8wLzMxMzEzOTJlMzEzMTJlMzEzMjM4MmUzMDJmMzIz
MDJkMzIzMDIwM2QzZTIwMzEzMDMyMzEzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBHcLgDANBgkqhkiG
9w0BAQsFAAOCAQEAXHnhAOV029YLKfz5zTmCid5HcEJuyTHMHlCcjrGkI8LFDtwY
mf7qcTIwrcBC7fcUIMdMd7P7oMivITOa9UyJ3RrZZc7WOIlSxrs3x5zDGA0X/kxZ
9PSF3taXs3aVOEmQfjvil+ghX41K9Ng0RWNe89jKdFk6eDvU8aK4/Xn365RA/hTg
q2uXc6/TQsrVmHzyI/wYZKnz8lKmwweWSmi8OTCdX+SKR2q+nPS8Wmcsg77J7ZfL
Gpy+2n+H2xKw7Q/LhNwTSxSzgMrnnF2wi4+cMqrK6DFiBNGaUr3aV3QpXKUYBmL8
FqJwoxkNaaBPZLgl6vYEtdm0nQFB48/XTqNqOw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:37:02 2024 by rpki-client on console-fra.rpki-client.org