Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Aj-awR9f-Wf2s_lzdmcgqGNS6lk.roa
File:                     Aj-awR9f-Wf2s_lzdmcgqGNS6lk.roa (raw, json)
Hash identifier:          kDK9/LcnCLdP3hqIkgiEyzMWP6a2XpZTBrKbJDeQoMU=
Subject key identifier:   02:3F:9A:C1:1F:5F:F9:67:F6:B3:F9:73:76:67:20:A8:63:52:EA:59
Certificate issuer:       /CN=66ec789976d3b584016cac19f34bbede966cd230
Certificate serial:       01856F0B6C04A7BFD897ABF2EC5BA7B229FE
Authority key identifier: 66:EC:78:99:76:D3:B5:84:01:6C:AC:19:F3:4B:BE:DE:96:6C:D2:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zux4mXbTtYQBbKwZ80u-3pZs0jA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Aj-awR9f-Wf2s_lzdmcgqGNS6lk.roa
Signing time:             Sun 01 Jan 2023 20:34:57 +0000
ROA not before:           Sun 01 Jan 2023 20:34:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203201
IP address blocks:        171.22.44.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:0b:6c:04:a7:bf:d8:97:ab:f2:ec:5b:a7:b2:29:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ec789976d3b584016cac19f34bbede966cd230
        Validity
            Not Before: Jan  1 20:34:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=023f9ac11f5ff967f6b3f973766720a86352ea59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ef:48:bc:b0:6a:bd:20:12:f5:6e:ad:2d:9d:
                    c6:c8:dd:87:f0:8c:1a:ed:e1:37:69:9f:1d:f9:51:
                    3c:f0:7f:58:81:62:c9:2a:cb:36:1a:ee:4b:95:0b:
                    c4:94:aa:5e:b8:c8:6a:70:ba:e3:d1:ac:58:8e:d6:
                    5b:43:c1:4c:d0:e3:cb:ed:14:4c:3a:85:5e:89:63:
                    4e:34:2d:71:57:24:ce:24:1f:1d:41:46:08:99:9f:
                    c0:8b:c9:0d:f8:41:63:fa:4f:d7:10:10:84:5c:49:
                    8e:b9:6b:c1:01:14:16:39:4d:66:22:08:65:14:e1:
                    f2:bf:f6:41:d1:33:d0:e8:30:3c:54:3f:c1:ef:56:
                    2a:da:50:72:23:ca:cd:7d:50:41:fe:70:c1:5d:61:
                    f9:4a:a7:b9:e3:ca:33:6f:61:52:02:b2:ac:8d:b4:
                    1f:58:a9:b5:e0:2e:d1:ab:16:f7:0f:fb:88:49:25:
                    70:30:00:42:7f:c5:33:b9:62:4f:dd:ed:b6:b7:52:
                    9b:f7:1f:30:93:7e:1e:a5:ae:61:08:1a:cf:4c:82:
                    40:d5:bf:8c:82:92:82:21:28:15:35:26:c8:fe:7d:
                    fa:e4:9e:77:d4:28:ec:79:44:c0:99:15:8a:e8:f4:
                    05:d3:07:cc:f2:e6:3e:ab:2f:f2:3a:23:e3:6c:a4:
                    8f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:3F:9A:C1:1F:5F:F9:67:F6:B3:F9:73:76:67:20:A8:63:52:EA:59
            X509v3 Authority Key Identifier:
                keyid:66:EC:78:99:76:D3:B5:84:01:6C:AC:19:F3:4B:BE:DE:96:6C:D2:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zux4mXbTtYQBbKwZ80u-3pZs0jA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Aj-awR9f-Wf2s_lzdmcgqGNS6lk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/07bf5b-0340-434e-a444-f0761e29e6c4/1/Zux4mXbTtYQBbKwZ80u-3pZs0jA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:68:22:dd:27:ac:d5:4d:ef:14:3e:c2:3f:a6:e2:89:ff:84:
         dc:7d:98:a0:5f:17:bd:2a:e6:ed:5f:c8:bd:de:29:f6:03:ee:
         fc:5d:06:fc:29:a7:ee:35:95:f1:91:64:66:3e:a8:52:33:ba:
         dd:39:cb:18:fd:48:4c:68:28:93:60:3d:f5:30:1f:a7:c8:fd:
         81:5b:33:18:b4:d9:e6:5e:bc:8c:f9:17:20:03:64:0c:7c:74:
         3a:d6:76:59:66:24:03:d2:c1:b1:ce:e6:6f:9d:a2:f3:54:34:
         2d:e7:e1:ce:ce:77:38:28:ac:1c:47:c2:a5:af:cc:d0:e3:77:
         91:1e:c5:d6:b2:68:3e:55:b2:45:f4:9a:f8:fd:fa:7d:75:51:
         6d:0f:7e:03:35:00:02:0c:26:ad:96:da:65:1e:6b:70:d7:da:
         0c:99:d9:50:e1:e3:9b:c7:2b:43:3e:01:1b:b1:62:ff:04:be:
         ea:2d:f1:46:c7:14:a0:7e:bc:0e:32:c4:a7:fe:02:37:7e:e9:
         b1:af:15:7b:2b:9d:db:48:2a:9a:0f:f5:da:f9:3a:ab:b9:f8:
         79:12:64:d7:78:b3:b6:96:32:e9:84:67:ec:b8:1e:22:17:9e:
         b0:37:1c:37:0c:74:ef:c1:4e:80:3c:46:ab:b8:4a:4c:79:0c:
         30:b3:a0:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvC2wEp7/Yl6vy7Funsin+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWM3ODk5NzZkM2I1ODQwMTZjYWMxOWYzNGJiZWRlOTY2
Y2QyMzAwHhcNMjMwMTAxMjAzNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjNmOWFjMTFmNWZmOTY3ZjZiM2Y5NzM3NjY3MjBhODYzNTJlYTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+9IvLBqvSAS9W6tLZ3GyN2H8Iwa
7eE3aZ8d+VE88H9YgWLJKss2Gu5LlQvElKpeuMhqcLrj0axYjtZbQ8FM0OPL7RRM
OoVeiWNONC1xVyTOJB8dQUYImZ/Ai8kN+EFj+k/XEBCEXEmOuWvBARQWOU1mIghl
FOHyv/ZB0TPQ6DA8VD/B71Yq2lByI8rNfVBB/nDBXWH5Sqe548ozb2FSArKsjbQf
WKm14C7Rqxb3D/uISSVwMABCf8UzuWJP3e22t1Kb9x8wk34epa5hCBrPTIJA1b+M
gpKCISgVNSbI/n365J531CjseUTAmRWK6PQF0wfM8uY+qy/yOiPjbKSPGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAI/msEfX/ln9rP5c3ZnIKhjUupZMB8GA1UdIwQY
MBaAFGbseJl207WEAWysGfNLvt6WbNIwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnV4NG1YYlR0WVFCYkt3WjgwdS0zcFpzMGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8wN2JmNWItMDM0MC00MzRlLWE0NDQt
ZjA3NjFlMjllNmM0LzEvQWotYXdSOWYtV2Yyc19semRtY2dxR05TNmxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8wN2JmNWItMDM0MC00MzRlLWE0NDQtZjA3NjFlMjllNmM0
LzEvWnV4NG1YYlR0WVFCYkt3WjgwdS0zcFpzMGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxYsMA0G
CSqGSIb3DQEBCwUAA4IBAQAoaCLdJ6zVTe8UPsI/puKJ/4TcfZigXxe9KubtX8i9
3in2A+78XQb8KafuNZXxkWRmPqhSM7rdOcsY/UhMaCiTYD31MB+nyP2BWzMYtNnm
XryM+RcgA2QMfHQ61nZZZiQD0sGxzuZvnaLzVDQt5+HOznc4KKwcR8Klr8zQ43eR
HsXWsmg+VbJF9Jr4/fp9dVFtD34DNQACDCatltplHmtw19oMmdlQ4eObxytDPgEb
sWL/BL7qLfFGxxSgfrwOMsSn/gI3fumxrxV7K53bSCqaD/Xa+Tqrufh5EmTXeLO2
ljLphGfsuB4iF56wNxw3DHTvwU6APEaruEpMeQwws6DD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:25 2024 by rpki-client on console-fra.rpki-client.org