Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/lKgDYcJpTwCKi-Ub1RvlbtCQ5ug.roa
File:                     lKgDYcJpTwCKi-Ub1RvlbtCQ5ug.roa (raw, json)
Hash identifier:          KU9p+u5MhhyhZX0KgcxCy7wHxrCbw6Tr7vTwkxjhqo4=
Subject key identifier:   94:A8:03:61:C2:69:4F:00:8A:8B:E5:1B:D5:1B:E5:6E:D0:90:E6:E8
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018E383906D21028F7B0A0B477CBAE609AD8
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/lKgDYcJpTwCKi-Ub1RvlbtCQ5ug.roa
Signing time:             Wed 13 Mar 2024 14:30:45 +0000
ROA not before:           Wed 13 Mar 2024 14:30:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209854
IP address blocks:        171.22.60.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 14:25:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:38:39:06:d2:10:28:f7:b0:a0:b4:77:cb:ae:60:9a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Mar 13 14:30:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94a80361c2694f008a8be51bd51be56ed090e6e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e6:96:1a:7d:af:b4:f3:40:d1:eb:77:86:81:
                    42:61:ea:ac:b1:40:4a:a4:0c:cb:0a:9a:f9:f9:6c:
                    2b:65:63:87:47:b0:7c:76:c0:d9:c4:2e:c0:74:fd:
                    23:4d:8b:ba:2e:56:1f:08:6c:69:66:17:7c:1f:c8:
                    e4:7f:d9:af:62:46:9e:42:ee:86:67:f8:cb:d0:ef:
                    56:75:75:3a:da:2d:48:ed:46:f2:46:7c:79:42:8b:
                    1a:32:0a:cd:5c:ee:82:a0:da:ee:c0:9c:f2:bc:6d:
                    b4:39:2a:5f:93:58:62:21:86:af:2a:e5:56:72:50:
                    c9:ef:e0:78:5d:c6:dc:fe:f0:8e:31:b4:78:b0:b7:
                    6a:92:ee:37:4e:71:bc:3c:77:fb:06:e2:c4:11:82:
                    a0:2f:20:d3:19:b7:d2:0f:12:68:f6:bd:2d:56:71:
                    84:51:d3:2c:1b:17:ff:c8:7b:f9:6b:94:39:19:72:
                    8a:70:99:6a:43:61:86:dc:00:8f:1d:03:4a:d4:37:
                    c8:6d:5d:66:c0:df:33:89:87:43:a7:74:d4:ac:27:
                    9b:cd:1b:94:ab:22:8d:a5:0f:05:c4:7a:58:7d:68:
                    e4:b5:39:7b:e2:eb:95:e3:83:94:87:b5:9f:79:bb:
                    95:e1:04:45:9f:6d:6f:b2:18:cc:98:8d:87:e8:d6:
                    d2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A8:03:61:C2:69:4F:00:8A:8B:E5:1B:D5:1B:E5:6E:D0:90:E6:E8
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/lKgDYcJpTwCKi-Ub1RvlbtCQ5ug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:f8:24:73:23:e5:31:fb:27:2d:2e:cb:20:ce:e6:91:0e:70:
         12:3d:35:6a:f9:b5:7e:42:8e:c4:c6:ae:be:f1:70:cc:dc:c7:
         23:4f:95:e9:85:9c:f9:08:d2:f5:f5:35:70:63:73:72:c0:6f:
         47:8f:49:b2:c1:93:09:0c:89:0e:33:cd:95:15:18:15:09:f7:
         24:73:c4:0d:bf:9b:f7:99:6a:1f:ca:c4:c9:d7:86:bc:ef:00:
         80:3d:5b:16:b3:d6:8a:84:8d:c8:08:8a:46:8c:a2:cc:73:1f:
         bd:3e:60:3f:d2:87:0a:cc:3e:86:ad:04:ad:a9:28:2c:89:fb:
         42:6a:60:a5:41:8c:d8:87:ac:fa:ca:00:6e:c1:d2:12:98:80:
         48:ba:b8:28:5f:c7:22:74:a7:4d:32:63:61:5f:86:d8:e7:ff:
         de:cb:b4:c1:91:a1:2e:7b:71:1e:a0:02:a6:08:3c:cb:68:04:
         99:b2:eb:fa:8a:a2:95:a5:38:f8:09:7e:b4:91:11:f3:7a:9c:
         8b:bb:c5:08:a1:23:94:c5:fe:5c:ca:ae:ff:98:0f:dd:ea:46:
         10:6d:5a:a4:c0:11:87:e1:71:b4:97:f4:55:fd:24:8f:05:01:
         bb:b0:0c:e8:92:34:2a:f0:5e:4f:e6:f4:66:1d:43:5d:a1:b3:
         c3:e3:01:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY44OQbSECj3sKC0d8uuYJrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMzEzMTQzMDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE4MDM2MWMyNjk0ZjAwOGE4YmU1MWJkNTFiZTU2ZWQwOTBlNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeaWGn2vtPNA0et3hoFCYeqssUBK
pAzLCpr5+WwrZWOHR7B8dsDZxC7AdP0jTYu6LlYfCGxpZhd8H8jkf9mvYkaeQu6G
Z/jL0O9WdXU62i1I7UbyRnx5QosaMgrNXO6CoNruwJzyvG20OSpfk1hiIYavKuVW
clDJ7+B4Xcbc/vCOMbR4sLdqku43TnG8PHf7BuLEEYKgLyDTGbfSDxJo9r0tVnGE
UdMsGxf/yHv5a5Q5GXKKcJlqQ2GG3ACPHQNK1DfIbV1mwN8ziYdDp3TUrCebzRuU
qyKNpQ8FxHpYfWjktTl74uuV44OUh7WfebuV4QRFn21vshjMmI2H6NbSXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJSoA2HCaU8AiovlG9Ub5W7QkOboMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvbEtnRFljSnBUd0NLaS1VYjFSdmxidENRNXVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxY8MA0G
CSqGSIb3DQEBCwUAA4IBAQBZ+CRzI+Ux+yctLssgzuaRDnASPTVq+bV+Qo7Exq6+
8XDM3McjT5XphZz5CNL19TVwY3NywG9Hj0mywZMJDIkOM82VFRgVCfckc8QNv5v3
mWofysTJ14a87wCAPVsWs9aKhI3ICIpGjKLMcx+9PmA/0ocKzD6GrQStqSgsiftC
amClQYzYh6z6ygBuwdISmIBIurgoX8cidKdNMmNhX4bY5//ey7TBkaEue3EeoAKm
CDzLaASZsuv6iqKVpTj4CX60kRHzepyLu8UIoSOUxf5cyq7/mA/d6kYQbVqkwBGH
4XG0l/RV/SSPBQG7sAzokjQq8F5P5vRmHUNdobPD4wEe
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:50 2024 by rpki-client on console-ams.rpki-client.org