Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/IP07zpQsHiHsiJisUvG3e0Kx4pc.roa
File:                     IP07zpQsHiHsiJisUvG3e0Kx4pc.roa (raw, json)
Hash identifier:          4nCbGffERZJ1yBkJ3VaqHaDg3vlhd613cGL6HnxrPlY=
Subject key identifier:   20:FD:3B:CE:94:2C:1E:21:EC:88:98:AC:52:F1:B7:7B:42:B1:E2:97
Certificate issuer:       /CN=64f47c98440f103825c8ea5074298b18cc113e20
Certificate serial:       01856EB92279E30C2B79C51C24CC61F988EE
Authority key identifier: 64:F4:7C:98:44:0F:10:38:25:C8:EA:50:74:29:8B:18:CC:11:3E:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/IP07zpQsHiHsiJisUvG3e0Kx4pc.roa
Signing time:             Sun 01 Jan 2023 19:05:04 +0000
ROA not before:           Sun 01 Jan 2023 19:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204194
IP address blocks:        185.3.191.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b9:22:79:e3:0c:2b:79:c5:1c:24:cc:61:f9:88:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64f47c98440f103825c8ea5074298b18cc113e20
        Validity
            Not Before: Jan  1 19:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20fd3bce942c1e21ec8898ac52f1b77b42b1e297
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:c4:c9:01:2b:8b:9a:24:c4:25:11:0b:d4:
                    e9:1c:58:21:d3:16:0c:40:cb:d3:0c:72:ea:b8:6b:
                    10:27:1d:b3:8d:c1:07:70:0e:85:6c:88:a9:63:5d:
                    f3:2a:57:a2:a4:93:6d:9d:7d:95:79:b2:b5:59:05:
                    c4:8b:89:13:b5:a7:80:d3:a9:70:83:09:9d:dc:bb:
                    1b:b4:9e:fc:1b:72:58:46:f6:45:28:67:a9:93:20:
                    b1:a7:5b:86:c6:ad:16:b6:19:f3:92:3c:0f:55:98:
                    d8:35:44:d5:93:92:95:77:c5:49:2b:82:ac:18:1f:
                    d2:96:42:70:57:78:4b:8b:64:24:e2:25:01:81:bf:
                    f0:7b:c4:7f:fe:15:82:f6:2a:d0:c9:f0:a8:cc:fb:
                    d9:7a:dc:65:bc:71:d6:93:74:f5:8f:83:63:67:39:
                    9c:1d:00:84:a4:f9:5c:6b:d0:42:d4:55:c4:92:54:
                    73:d0:01:29:e3:a3:0a:7f:90:3e:81:dc:0f:0b:d0:
                    e9:14:78:0f:96:a5:03:87:93:77:2e:ab:8d:3d:26:
                    7c:ca:26:6a:3b:76:ff:be:62:5e:57:0c:de:37:f8:
                    cc:73:06:df:57:5b:e9:d1:59:37:c3:8f:6b:91:b0:
                    c7:9d:48:56:ed:77:e9:6a:59:e8:64:e8:e2:33:40:
                    d9:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:FD:3B:CE:94:2C:1E:21:EC:88:98:AC:52:F1:B7:7B:42:B1:E2:97
            X509v3 Authority Key Identifier:
                keyid:64:F4:7C:98:44:0F:10:38:25:C8:EA:50:74:29:8B:18:CC:11:3E:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZPR8mEQPEDglyOpQdCmLGMwRPiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/IP07zpQsHiHsiJisUvG3e0Kx4pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/099aeb-c713-42f8-91d6-38447855d669/1/ZPR8mEQPEDglyOpQdCmLGMwRPiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:97:c3:af:9f:f5:1f:fb:de:2b:1d:1b:80:f5:7a:ec:c2:4d:
         d8:3b:ac:c7:d0:ba:20:e8:fd:00:9a:c0:1b:04:40:0c:d1:43:
         52:1d:fb:ab:a5:d0:37:ea:c9:25:90:30:55:52:1e:16:c7:71:
         a1:da:1f:5f:de:04:a9:33:86:4d:b5:11:bc:12:14:21:0b:3b:
         b6:da:bd:d9:80:0b:f5:03:e3:9d:41:61:3f:6c:b1:7a:d5:05:
         51:67:68:63:45:d9:9c:28:e7:45:f4:f2:54:e7:3e:7d:74:77:
         51:bf:07:12:a0:d2:e5:de:e0:9a:f1:88:f2:08:84:da:34:eb:
         5c:a0:95:a7:7b:3e:4e:61:b7:0d:43:60:55:8b:a8:e6:10:85:
         85:d2:ed:5a:d8:58:65:f7:7c:4d:47:fa:3c:90:42:f4:42:9e:
         cf:87:46:46:d1:6d:eb:3d:a3:a1:5b:6e:a5:33:84:3e:67:b5:
         fc:c4:0c:ef:40:c1:ec:25:6b:a8:71:aa:a6:77:78:cd:43:32:
         4e:5e:08:83:8f:f9:58:ff:d2:82:e0:bd:a8:36:4a:41:41:53:
         5d:f0:2d:32:e9:d1:a3:ea:78:81:6b:dc:84:c3:53:32:b4:79:
         df:dd:1b:a8:e8:c1:58:27:58:72:51:31:b3:07:4d:46:f5:b5:
         9f:af:6e:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuuSJ54wwrecUcJMxh+YjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZjQ3Yzk4NDQwZjEwMzgyNWM4ZWE1MDc0Mjk4YjE4Y2Mx
MTNlMjAwHhcNMjMwMTAxMTkwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGZkM2JjZTk0MmMxZTIxZWM4ODk4YWM1MmYxYjc3YjQyYjFlMjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnbEyQEri5okxCURC9TpHFgh0xYM
QMvTDHLquGsQJx2zjcEHcA6FbIipY13zKleipJNtnX2VebK1WQXEi4kTtaeA06lw
gwmd3LsbtJ78G3JYRvZFKGepkyCxp1uGxq0WthnzkjwPVZjYNUTVk5KVd8VJK4Ks
GB/SlkJwV3hLi2Qk4iUBgb/we8R//hWC9irQyfCozPvZetxlvHHWk3T1j4NjZzmc
HQCEpPlca9BC1FXEklRz0AEp46MKf5A+gdwPC9DpFHgPlqUDh5N3LquNPSZ8yiZq
O3b/vmJeVwzeN/jMcwbfV1vp0Vk3w49rkbDHnUhW7XfpalnoZOjiM0DZPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD9O86ULB4h7IiYrFLxt3tCseKXMB8GA1UdIwQY
MBaAFGT0fJhEDxA4JcjqUHQpixjMET4gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlBSOG1FUVBFRGdseU9wUWRDbUxHTXdSUGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTlhZWItYzcxMy00MmY4LTkxZDYt
Mzg0NDc4NTVkNjY5LzEvSVAwN3pwUXNIaUhzaUppc1V2RzNlMEt4NHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTlhZWItYzcxMy00MmY4LTkxZDYtMzg0NDc4NTVkNjY5
LzEvWlBSOG1FUVBFRGdseU9wUWRDbUxHTXdSUGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQO/MA0G
CSqGSIb3DQEBCwUAA4IBAQAXl8Ovn/Uf+94rHRuA9Xrswk3YO6zH0Log6P0AmsAb
BEAM0UNSHfurpdA36sklkDBVUh4Wx3Gh2h9f3gSpM4ZNtRG8EhQhCzu22r3ZgAv1
A+OdQWE/bLF61QVRZ2hjRdmcKOdF9PJU5z59dHdRvwcSoNLl3uCa8YjyCITaNOtc
oJWnez5OYbcNQ2BVi6jmEIWF0u1a2Fhl93xNR/o8kEL0Qp7Ph0ZG0W3rPaOhW26l
M4Q+Z7X8xAzvQMHsJWuocaqmd3jNQzJOXgiDj/lY/9KC4L2oNkpBQVNd8C0y6dGj
6niBa9yEw1MytHnf3Ruo6MFYJ1hyUTGzB01G9bWfr24+
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:14 2024 by rpki-client on console-ams.rpki-client.org