Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/3230322e3137312e32302e302f32322d3232203d3e203130323137.roa
File:                     3230322e3137312e32302e302f32322d3232203d3e203130323137.roa (raw, json)
Hash identifier:          pmxDXVx9wQOR/y36F9W8H/JIBHwfxEiQCmKZsuLr12g=
Subject key identifier:   F4:07:36:BC:E2:57:7E:6D:3C:96:1E:B7:2A:A5:0E:C5:0D:BA:CC:B5
Certificate issuer:       /CN=229866508D6D624523EDAD2A0DE1E82AE2C3B512
Certificate serial:       32B9D66DF1CF3419339CFD3E337EDB81FB1471A2
Authority key identifier: 22:98:66:50:8D:6D:62:45:23:ED:AD:2A:0D:E1:E8:2A:E2:C3:B5:12
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229866508D6D624523EDAD2A0DE1E82AE2C3B512.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/3230322e3137312e32302e302f32322d3232203d3e203130323137.roa
Signing time:             Fri 17 Nov 2023 07:09:27 +0000
ROA not before:           Fri 17 Nov 2023 07:04:27 +0000
ROA not after:            Fri 15 Nov 2024 07:09:27 +0000
asID:                     10217
IP address blocks:        202.171.20.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b9:d6:6d:f1:cf:34:19:33:9c:fd:3e:33:7e:db:81:fb:14:71:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=229866508D6D624523EDAD2A0DE1E82AE2C3B512
        Validity
            Not Before: Nov 17 07:04:27 2023 GMT
            Not After : Nov 15 07:09:27 2024 GMT
        Subject: CN=F40736BCE2577E6D3C961EB72AA50EC50DBACCB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:23:53:f9:05:39:11:77:55:67:da:48:10:da:
                    06:02:0c:81:27:aa:f7:62:3b:ae:42:4e:30:cc:dd:
                    ec:94:ad:ca:17:b6:06:75:31:62:58:4c:01:d5:10:
                    25:df:76:83:87:32:51:cb:74:f3:aa:d1:b8:5b:d5:
                    86:33:9c:77:59:dc:78:91:17:59:2a:bc:b7:4e:23:
                    f0:84:37:b7:77:6e:46:e2:fc:83:ee:4e:3b:ec:12:
                    bf:f3:3b:40:5a:03:43:c5:39:88:9f:dc:db:19:2a:
                    45:e2:c5:fb:3f:02:5c:38:6d:0c:5f:3e:32:d0:d9:
                    32:2a:8b:fa:41:65:8a:51:e2:e7:d2:82:c4:be:16:
                    2c:23:62:b3:d9:05:a3:de:97:e2:f3:b2:e7:bf:0c:
                    ee:f4:a9:3f:c0:2e:51:40:ae:2f:83:5c:53:9a:43:
                    bc:5a:5e:34:9f:4a:cd:a1:22:e1:19:bd:b8:38:08:
                    d1:0b:31:2c:83:70:f6:4d:78:87:2a:8b:2f:1f:86:
                    6d:e0:73:b7:b4:cb:44:2e:2b:60:27:fb:b3:c7:10:
                    fe:f1:62:e7:ee:f3:98:5d:e2:0e:38:79:75:4d:6c:
                    6f:6e:2d:ba:cf:63:60:72:ef:c8:92:cf:3a:43:fd:
                    94:45:ce:9b:58:5d:f1:5b:20:63:b0:ed:ab:64:ca:
                    23:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:07:36:BC:E2:57:7E:6D:3C:96:1E:B7:2A:A5:0E:C5:0D:BA:CC:B5
            X509v3 Authority Key Identifier:
                keyid:22:98:66:50:8D:6D:62:45:23:ED:AD:2A:0D:E1:E8:2A:E2:C3:B5:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/229866508D6D624523EDAD2A0DE1E82AE2C3B512.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/229866508D6D624523EDAD2A0DE1E82AE2C3B512.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/2fb70818-2366-42e0-9dbd-254381069e57/0/3230322e3137312e32302e302f32322d3232203d3e203130323137.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.171.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:1d:da:bc:e2:00:19:c6:61:a2:a5:a1:8c:22:94:ac:19:d1:
         58:bc:0c:bb:e2:32:a2:74:e5:d3:c4:aa:a5:3d:bf:b3:20:66:
         ca:e1:b3:54:b1:d5:af:31:54:f7:0f:92:4a:60:5c:6c:25:e8:
         62:ce:9c:cf:d9:d2:c9:83:2b:45:1f:13:fd:80:4b:3b:a0:81:
         12:ee:04:39:93:f8:94:48:34:43:83:ff:55:c1:f9:4e:38:fe:
         9e:67:c2:e8:64:a3:83:ef:8a:37:09:1c:71:90:01:75:00:fd:
         54:ca:e9:27:b2:ed:55:2e:49:c2:9e:ca:4e:4c:87:44:31:cf:
         da:47:44:f4:5e:3e:88:be:8a:66:c4:97:7f:f6:45:ee:d4:1c:
         49:18:d8:33:36:5f:26:fb:be:fe:28:28:5f:c5:3f:35:4c:e9:
         fe:13:ac:36:b7:37:3f:21:6c:c2:48:e9:54:2a:64:f2:f9:66:
         c0:f7:b8:66:18:f6:d1:3c:be:43:d8:2b:a8:4c:02:70:66:78:
         5f:a6:90:e6:e4:5d:2d:79:f0:90:8e:46:2c:3a:5f:18:d2:07:
         c7:02:6b:98:61:00:7a:57:c7:e9:9c:05:33:34:32:53:37:19:
         0b:ac:e3:44:aa:d1:43:80:e6:ae:96:0a:1b:a9:e8:f0:67:b0:
         e5:49:4a:f4
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIUMrnWbfHPNBkznP0+M37bgfsUcaIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjI5ODY2NTA4RDZENjI0NTIzRURBRDJBMERFMUU4MkFF
MkMzQjUxMjAeFw0yMzExMTcwNzA0MjdaFw0yNDExMTUwNzA5MjdaMDMxMTAvBgNV
BAMTKEY0MDczNkJDRTI1NzdFNkQzQzk2MUVCNzJBQTUwRUM1MERCQUNDQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLI1P5BTkRd1Vn2kgQ2gYCDIEn
qvdiO65CTjDM3eyUrcoXtgZ1MWJYTAHVECXfdoOHMlHLdPOq0bhb1YYznHdZ3HiR
F1kqvLdOI/CEN7d3bkbi/IPuTjvsEr/zO0BaA0PFOYif3NsZKkXixfs/Alw4bQxf
PjLQ2TIqi/pBZYpR4ufSgsS+FiwjYrPZBaPel+Lzsue/DO70qT/ALlFAri+DXFOa
Q7xaXjSfSs2hIuEZvbg4CNELMSyDcPZNeIcqiy8fhm3gc7e0y0QuK2An+7PHEP7x
Yufu85hd4g44eXVNbG9uLbrPY2By78iSzzpD/ZRFzptYXfFbIGOw7atkyiNxAgMB
AAGjggIyMIICLjAdBgNVHQ4EFgQU9Ac2vOJXfm08lh63KqUOxQ26zLUwHwYDVR0j
BBgwFoAUIphmUI1tYkUj7a0qDeHoKuLDtRIwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby8y
ZmI3MDgxOC0yMzY2LTQyZTAtOWRiZC0yNTQzODEwNjllNTcvMC8yMjk4NjY1MDhE
NkQ2MjQ1MjNFREFEMkEwREUxRTgyQUUyQzNCNTEyLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMjI5ODY2NTA4RDZENjI0NTIzRURBRDJBMERFMUU4MkFFMkMz
QjUxMi5jZXIwgaIGCCsGAQUFBwELBIGVMIGSMIGPBggrBgEFBQcwC4aBgnJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvLzJmYjcwODE4LTIzNjYtNDJlMC05
ZGJkLTI1NDM4MTA2OWU1Ny8wLzMyMzAzMjJlMzEzNzMxMmUzMjMwMmUzMDJmMzIz
MjJkMzIzMjIwM2QzZTIwMzEzMDMyMzEzNy5yb2EwGAYDVR0gAQH/BA4wDDAKBggr
BgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAsqrFDANBgkqhkiG
9w0BAQsFAAOCAQEADx3avOIAGcZhoqWhjCKUrBnRWLwMu+IyonTl08SqpT2/syBm
yuGzVLHVrzFU9w+SSmBcbCXoYs6cz9nSyYMrRR8T/YBLO6CBEu4EOZP4lEg0Q4P/
VcH5Tjj+nmfC6GSjg++KNwkccZABdQD9VMrpJ7LtVS5Jwp7KTkyHRDHP2kdE9F4+
iL6KZsSXf/ZF7tQcSRjYMzZfJvu+/igoX8U/NUzp/hOsNrc3PyFswkjpVCpk8vlm
wPe4Zhj20Ty+Q9grqEwCcGZ4X6aQ5uRdLXnwkI5GLDpfGNIHxwJrmGEAelfH6ZwF
MzQyUzcZC6zjRKrRQ4DmrpYKG6no8Gew5UlK9A==
-----END CERTIFICATE-----
Generated at Wed Nov 22 10:32:48 2023 by rpki-client on console-ams.rpki-client.org