Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/r4YIqLJvDFkI9D8cRWZQrS4c-OQ.roa
File:                     r4YIqLJvDFkI9D8cRWZQrS4c-OQ.roa (raw, json)
Hash identifier:          /aXmAvMS/nfra278FGQJqoeq7yjH4eq7S/fo4le9aGw=
Subject key identifier:   AF:86:08:A8:B2:6F:0C:59:08:F4:3F:1C:45:66:50:AD:2E:1C:F8:E4
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01856F14FE4244556A9F6835410660A759AB
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/r4YIqLJvDFkI9D8cRWZQrS4c-OQ.roa
Signing time:             Sun 01 Jan 2023 20:45:24 +0000
ROA not before:           Sun 01 Jan 2023 20:45:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47458
IP address blocks:        85.120.21.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:14:fe:42:44:55:6a:9f:68:35:41:06:60:a7:59:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:45:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=af8608a8b26f0c5908f43f1c456650ad2e1cf8e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:5d:60:5d:a4:68:72:09:f6:00:47:6f:43:60:
                    bd:8f:27:ea:d3:4b:d7:97:13:d5:f7:a6:c4:ea:56:
                    07:e5:0e:a3:c9:f8:65:0e:3a:c7:fc:3f:00:22:02:
                    c8:0c:1a:64:65:a7:d9:b7:7d:2e:eb:ca:36:8c:12:
                    08:e2:d8:0a:03:38:e7:07:a0:20:ce:ec:be:8b:b0:
                    0c:87:9d:2d:68:3d:e6:c0:d5:19:d8:97:8a:47:6f:
                    6f:64:cf:9a:c6:3e:9a:ed:1b:f2:87:a7:18:92:1c:
                    89:56:12:51:5a:c5:d2:00:fe:7c:2e:5c:31:5a:a0:
                    e2:9b:0c:de:71:d3:dd:ce:e2:dc:7b:5f:ca:b2:32:
                    3d:5f:40:14:a9:de:ef:8f:84:1d:2c:7f:46:3a:cc:
                    0d:d4:f7:7c:8a:2c:bd:51:1e:84:0f:a6:55:3e:74:
                    e9:21:b8:28:f1:19:d2:f8:35:ce:bd:8a:1e:ff:82:
                    b4:f1:f7:58:ff:a3:eb:a1:e9:51:9f:e0:14:9a:52:
                    80:3b:ea:61:01:d4:37:24:2c:fe:88:9d:46:87:d0:
                    c8:28:d9:98:07:15:89:e0:c5:1b:3e:72:ac:bb:ca:
                    44:1c:e4:8f:b7:e6:ce:3e:b8:cf:33:e9:f7:63:74:
                    78:bd:06:ed:c4:84:60:c5:96:c8:96:b1:72:fb:a8:
                    e7:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:86:08:A8:B2:6F:0C:59:08:F4:3F:1C:45:66:50:AD:2E:1C:F8:E4
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/r4YIqLJvDFkI9D8cRWZQrS4c-OQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:57:17:c6:a0:89:55:76:87:c7:1a:14:f6:37:24:d8:eb:3e:
         a4:66:9f:65:8e:7c:d3:16:dc:1d:a7:79:71:d8:08:4b:4c:ae:
         f3:1c:1b:0a:4c:68:49:4d:04:f0:ef:ec:af:3a:14:e4:19:81:
         1f:0e:57:78:e7:1c:da:d9:5d:43:72:6d:2c:90:97:c6:c0:dc:
         90:60:94:0f:59:9b:3a:79:07:82:56:bd:14:ac:c3:88:18:92:
         d3:d0:44:4c:30:49:07:f6:23:03:a6:c8:5c:da:68:29:46:37:
         ef:27:f0:29:a3:d3:c0:b6:55:cb:c8:a0:43:fe:7a:51:27:bf:
         0d:22:a0:6d:91:11:b0:1d:b1:4f:4d:e7:a3:2c:ee:2a:0f:bd:
         40:65:2e:df:92:2e:55:da:41:aa:64:61:e1:73:53:68:62:86:
         dc:52:34:bb:86:bc:ba:43:43:26:87:6f:7f:78:6f:0c:1b:63:
         ac:09:ea:1c:4d:11:87:d7:0b:89:35:8c:10:ad:d8:47:d8:e4:
         b2:74:a7:60:76:b7:9c:a8:26:e1:a6:0a:51:07:3f:51:6b:1c:
         ae:d5:90:1f:0e:8a:29:9f:c4:44:fa:82:23:f1:ef:91:1c:bc:
         b8:77:8c:d4:f3:4a:03:67:0a:4d:67:4d:c0:3e:ff:f0:44:fc:
         df:d0:af:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvFP5CRFVqn2g1QQZgp1mrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjMwMTAxMjA0NTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjg2MDhhOGIyNmYwYzU5MDhmNDNmMWM0NTY2NTBhZDJlMWNmOGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjl1gXaRocgn2AEdvQ2C9jyfq00vX
lxPV96bE6lYH5Q6jyfhlDjrH/D8AIgLIDBpkZafZt30u68o2jBII4tgKAzjnB6Ag
zuy+i7AMh50taD3mwNUZ2JeKR29vZM+axj6a7Rvyh6cYkhyJVhJRWsXSAP58Llwx
WqDimwzecdPdzuLce1/KsjI9X0AUqd7vj4QdLH9GOswN1Pd8iiy9UR6ED6ZVPnTp
Ibgo8RnS+DXOvYoe/4K08fdY/6ProelRn+AUmlKAO+phAdQ3JCz+iJ1Gh9DIKNmY
BxWJ4MUbPnKsu8pEHOSPt+bOPrjPM+n3Y3R4vQbtxIRgxZbIlrFy+6jnQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK+GCKiybwxZCPQ/HEVmUK0uHPjkMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvcjRZSXFMSnZERmtJOUQ4Y1JXWlFyUzRjLU9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVXgVMA0G
CSqGSIb3DQEBCwUAA4IBAQBhVxfGoIlVdofHGhT2NyTY6z6kZp9ljnzTFtwdp3lx
2AhLTK7zHBsKTGhJTQTw7+yvOhTkGYEfDld45xza2V1Dcm0skJfGwNyQYJQPWZs6
eQeCVr0UrMOIGJLT0ERMMEkH9iMDpshc2mgpRjfvJ/Apo9PAtlXLyKBD/npRJ78N
IqBtkRGwHbFPTeejLO4qD71AZS7fki5V2kGqZGHhc1NoYobcUjS7hry6Q0Mmh29/
eG8MG2OsCeocTRGH1wuJNYwQrdhH2OSydKdgdrecqCbhpgpRBz9Raxyu1ZAfDoop
n8RE+oIj8e+RHLy4d4zU80oDZwpNZ03APv/wRPzf0K+i
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:22 2024 by rpki-client on console-fra.rpki-client.org