Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/273QOw-eTcuDPaZNYjGegoTTbt0.roa
File:                     273QOw-eTcuDPaZNYjGegoTTbt0.roa (raw, json)
Hash identifier:          /negEwKrpZxyICL2Bke538NslVkNOMmiBxLi7Gos63E=
Subject key identifier:   DB:BD:D0:3B:0F:9E:4D:CB:83:3D:A6:4D:62:31:9E:82:84:D3:6E:DD
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018571E88A6771EA892006B74DF1B6C186DD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/273QOw-eTcuDPaZNYjGegoTTbt0.roa
Signing time:             Mon 02 Jan 2023 09:55:43 +0000
ROA not before:           Mon 02 Jan 2023 09:55:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51559
IP address blocks:        195.211.191.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:e8:8a:67:71:ea:89:20:06:b7:4d:f1:b6:c1:86:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 09:55:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbbdd03b0f9e4dcb833da64d62319e8284d36edd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:77:72:e6:d9:6d:48:99:f4:d4:56:4a:47:3f:
                    e8:17:9a:f6:bf:10:c6:9a:ea:b8:7a:69:6d:27:03:
                    cd:09:03:33:30:01:0e:4e:85:e2:71:bd:e6:c5:4c:
                    2c:ee:9b:2f:68:70:e7:82:83:95:7f:0b:86:64:44:
                    87:69:f6:e9:c5:af:f7:a6:0c:e2:9f:42:2b:fc:6f:
                    18:c2:c0:4c:f0:69:43:1a:93:df:88:11:71:35:b3:
                    9e:7c:3e:52:b7:8c:2a:35:27:6b:d0:05:ac:79:99:
                    21:b7:f4:20:e2:93:f7:80:ce:12:74:b0:48:90:78:
                    2e:c7:5b:45:87:f1:9b:c0:da:39:20:04:bc:df:b8:
                    50:ad:4b:5f:48:9b:64:9a:b1:61:cb:33:26:34:34:
                    93:ad:21:ff:d8:70:1e:67:5e:c2:f3:7e:34:be:67:
                    1c:50:f4:3b:85:b1:9e:cc:41:03:ac:ec:6c:c1:94:
                    e0:e2:b5:3a:92:0a:64:28:63:23:56:6a:bd:77:32:
                    fe:28:ec:91:c3:16:6e:a6:15:9b:5a:97:d7:66:6f:
                    4a:dc:f6:39:f7:ef:04:09:2b:00:70:2a:62:bb:83:
                    6b:40:a3:0e:1e:a9:8a:f8:ff:ca:03:32:dc:80:cc:
                    ca:5b:6d:0e:59:7e:5d:88:49:3f:28:56:ca:a7:5d:
                    b9:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:BD:D0:3B:0F:9E:4D:CB:83:3D:A6:4D:62:31:9E:82:84:D3:6E:DD
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/273QOw-eTcuDPaZNYjGegoTTbt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:d3:de:e2:08:ed:e2:34:b5:75:4e:bd:ac:69:f1:71:dc:a2:
         1d:a0:00:87:48:83:c1:c1:a5:9b:9f:c3:4b:89:fa:c6:0c:86:
         64:2b:1b:1b:a1:24:39:f0:a2:56:59:d6:92:93:8c:e9:b1:82:
         9e:62:12:42:ec:2c:11:32:c9:84:d3:d5:50:fd:35:79:99:2d:
         ef:e2:43:4a:e3:94:6b:cf:6e:cb:5e:6a:73:67:6a:b0:fe:71:
         38:a4:2d:bb:ba:02:68:38:a3:c7:a2:9d:5c:ee:78:f7:4d:bb:
         1c:7c:07:5b:bc:2c:7b:3d:95:ce:59:b0:ee:91:5d:cf:79:de:
         82:eb:5e:79:c1:8a:55:3a:4c:32:7f:05:7d:6e:b9:77:cc:b5:
         e9:58:a1:74:22:3f:72:90:ba:3f:9f:81:28:02:d9:15:6c:cf:
         2a:e2:fd:cc:e3:6e:8b:70:2f:7e:9a:d5:8e:e8:5b:1b:c8:bc:
         26:ad:d6:33:f8:e0:aa:f9:54:ee:c9:9f:3b:b6:16:76:38:5a:
         a1:54:75:d1:56:26:ea:ec:cb:70:fb:c6:3a:cb:9c:a8:ac:44:
         c4:0b:42:cb:cb:be:fd:a7:c5:6a:e3:65:70:a8:2f:9c:f9:7b:
         e3:21:f1:36:12:b0:45:3f:1d:fc:6c:38:cf:70:76:7d:86:1d:
         6a:c9:9e:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVx6IpnceqJIAa3TfG2wYbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMwMTAyMDk1NTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmJkZDAzYjBmOWU0ZGNiODMzZGE2NGQ2MjMxOWU4Mjg0ZDM2ZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHdy5tltSJn01FZKRz/oF5r2vxDG
muq4emltJwPNCQMzMAEOToXicb3mxUws7psvaHDngoOVfwuGZESHafbpxa/3pgzi
n0Ir/G8YwsBM8GlDGpPfiBFxNbOefD5St4wqNSdr0AWseZkht/Qg4pP3gM4SdLBI
kHgux1tFh/GbwNo5IAS837hQrUtfSJtkmrFhyzMmNDSTrSH/2HAeZ17C8340vmcc
UPQ7hbGezEEDrOxswZTg4rU6kgpkKGMjVmq9dzL+KOyRwxZuphWbWpfXZm9K3PY5
9+8ECSsAcCpiu4NrQKMOHqmK+P/KAzLcgMzKW20OWX5diEk/KFbKp1257QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNu90DsPnk3Lgz2mTWIxnoKE027dMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMjczUU93LWVUY3VEUGFaTllqR2Vnb1RUYnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9O/MA0G
CSqGSIb3DQEBCwUAA4IBAQBI097iCO3iNLV1Tr2safFx3KIdoACHSIPBwaWbn8NL
ifrGDIZkKxsboSQ58KJWWdaSk4zpsYKeYhJC7CwRMsmE09VQ/TV5mS3v4kNK45Rr
z27LXmpzZ2qw/nE4pC27ugJoOKPHop1c7nj3TbscfAdbvCx7PZXOWbDukV3Ped6C
6155wYpVOkwyfwV9brl3zLXpWKF0Ij9ykLo/n4EoAtkVbM8q4v3M426LcC9+mtWO
6FsbyLwmrdYz+OCq+VTuyZ87thZ2OFqhVHXRVibq7Mtw+8Y6y5yorETEC0LLy779
p8Vq42VwqC+c+XvjIfE2ErBFPx38bDjPcHZ9hh1qyZ7X
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:17 2024 by rpki-client on console-ams.rpki-client.org