Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/7lNfF-ZKvHjR3mhhZ5spZGFXfcw.roa
File:                     7lNfF-ZKvHjR3mhhZ5spZGFXfcw.roa (raw, json)
Hash identifier:          aFecZ87bWLH+ZLW0E5hbLUPBZPPw1b/Jk7mTqlkwTAU=
Subject key identifier:   EE:53:5F:17:E6:4A:BC:78:D1:DE:68:61:67:9B:29:64:61:57:7D:CC
Certificate issuer:       /CN=9d210f2259093aaf45285922a588e9a661aba9fa
Certificate serial:       01856D81A1DD7C161304BAC5559009C39810
Authority key identifier: 9D:21:0F:22:59:09:3A:AF:45:28:59:22:A5:88:E9:A6:61:AB:A9:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/7lNfF-ZKvHjR3mhhZ5spZGFXfcw.roa
Signing time:             Sun 01 Jan 2023 13:24:50 +0000
ROA not before:           Sun 01 Jan 2023 13:24:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41798
IP address blocks:        217.196.16.0/20 maxlen: 20
                          77.245.96.0/20 maxlen: 20
                          93.185.64.0/20 maxlen: 20
                          95.141.128.0/20 maxlen: 20

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:a1:dd:7c:16:13:04:ba:c5:55:90:09:c3:98:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d210f2259093aaf45285922a588e9a661aba9fa
        Validity
            Not Before: Jan  1 13:24:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee535f17e64abc78d1de6861679b296461577dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a3:e1:0b:f2:a8:29:8d:d1:75:67:92:a0:28:
                    16:16:e7:80:6c:3e:b2:c6:7f:3c:cc:ca:e7:5f:bc:
                    39:ef:c5:4f:df:73:a6:c6:13:0a:e4:84:d0:38:75:
                    60:fc:ab:5e:a0:69:eb:de:61:04:05:77:44:c7:a7:
                    01:ca:02:29:7c:99:a6:e8:ad:24:f1:34:22:53:1e:
                    ed:2c:19:3a:10:a8:35:64:68:46:10:45:c4:58:52:
                    c6:cf:ce:c7:cb:8e:96:50:ca:85:19:de:11:21:26:
                    ee:d4:81:1d:23:b3:84:44:42:1c:07:b1:5f:35:f9:
                    41:11:54:e7:01:12:46:39:50:3e:74:0f:fa:77:6e:
                    b2:4f:7b:6f:ca:e6:b2:07:1a:38:cf:62:5e:2f:38:
                    fb:97:1a:43:5f:88:95:06:ab:31:3d:37:c6:57:e8:
                    b7:b3:70:ab:74:47:e7:28:6c:5f:fc:85:28:f8:0c:
                    49:9e:70:54:20:fb:9e:cb:83:dc:cd:ee:14:2f:c3:
                    9d:88:89:b5:44:57:6b:31:89:1f:ec:5f:ab:70:08:
                    b5:32:d0:1a:f9:72:96:57:ef:19:11:19:e0:cb:6d:
                    53:bf:a4:79:a1:a7:7f:39:ee:0a:87:7b:d1:61:0a:
                    b3:75:6a:63:9c:34:3a:d2:63:ef:e8:36:f8:e8:73:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:53:5F:17:E6:4A:BC:78:D1:DE:68:61:67:9B:29:64:61:57:7D:CC
            X509v3 Authority Key Identifier:
                keyid:9D:21:0F:22:59:09:3A:AF:45:28:59:22:A5:88:E9:A6:61:AB:A9:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSEPIlkJOq9FKFkipYjppmGrqfo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/7lNfF-ZKvHjR3mhhZ5spZGFXfcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/93686d-11f5-4e3e-b5c4-43843c2e943b/1/nSEPIlkJOq9FKFkipYjppmGrqfo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.245.96.0/20
                  93.185.64.0/20
                  95.141.128.0/20
                  217.196.16.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6f:ec:6f:d4:ce:a5:94:5a:89:c8:00:4c:e3:90:1b:3b:fb:f5:
         50:86:98:59:d4:8a:14:10:71:8f:95:ce:50:3b:59:e8:84:8b:
         57:41:4c:4c:a8:2d:42:79:7e:37:c9:67:3f:21:b8:5c:a4:0c:
         e8:a7:aa:00:83:b9:1f:13:45:c6:5a:95:26:ff:1c:01:87:c2:
         a9:c6:a9:65:42:ae:02:ea:cb:56:9c:17:24:1e:5d:f7:e1:78:
         20:ba:e5:9b:11:0a:a8:ac:77:08:91:ac:de:99:78:25:38:05:
         7a:c8:d9:33:bd:2c:2e:fb:7c:33:70:ac:7b:65:c7:56:ca:71:
         03:e1:0d:02:ce:22:f0:08:71:c0:6d:85:84:c9:ca:4e:26:8f:
         f7:98:37:a0:48:34:e6:f9:e1:a8:2f:45:7d:c6:65:85:33:32:
         74:ce:21:24:bc:2a:0b:a3:d3:15:0d:6d:f5:c7:ed:37:7d:22:
         0d:ae:a5:24:c0:b6:15:a2:43:07:c0:bc:1d:c1:2b:17:8e:90:
         b5:80:03:b7:6d:53:9f:da:a0:a1:22:ed:aa:f4:5e:01:be:13:
         4e:a7:0f:60:2b:2d:ec:1a:6e:af:ec:3f:c2:60:69:23:d1:b3:
         c4:2f:51:4e:8f:fa:dd:35:28:08:f8:c2:c8:6c:0e:28:ae:56:
         eb:9d:e4:e2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVtgaHdfBYTBLrFVZAJw5gQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMjEwZjIyNTkwOTNhYWY0NTI4NTkyMmE1ODhlOWE2NjFh
YmE5ZmEwHhcNMjMwMTAxMTMyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTUzNWYxN2U2NGFiYzc4ZDFkZTY4NjE2NzliMjk2NDYxNTc3ZGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6PhC/KoKY3RdWeSoCgWFueAbD6y
xn88zMrnX7w578VP33OmxhMK5ITQOHVg/KteoGnr3mEEBXdEx6cBygIpfJmm6K0k
8TQiUx7tLBk6EKg1ZGhGEEXEWFLGz87Hy46WUMqFGd4RISbu1IEdI7OEREIcB7Ff
NflBEVTnARJGOVA+dA/6d26yT3tvyuayBxo4z2JeLzj7lxpDX4iVBqsxPTfGV+i3
s3CrdEfnKGxf/IUo+AxJnnBUIPuey4Pcze4UL8OdiIm1RFdrMYkf7F+rcAi1MtAa
+XKWV+8ZERngy21Tv6R5oad/Oe4Kh3vRYQqzdWpjnDQ60mPv6Db46HML2wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFO5TXxfmSrx40d5oYWebKWRhV33MMB8GA1UdIwQY
MBaAFJ0hDyJZCTqvRShZIqWI6aZhq6n6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNFUElsa0pPcTlGS0ZraXBZanBwbUdycWZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS85MzY4NmQtMTFmNS00ZTNlLWI1YzQt
NDM4NDNjMmU5NDNiLzEvN2xOZkYtWkt2SGpSM21oaFo1c3BaR0ZYZmN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS85MzY4NmQtMTFmNS00ZTNlLWI1YzQtNDM4NDNjMmU5NDNi
LzEvblNFUElsa0pPcTlGS0ZraXBZanBwbUdycWZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQETfVgAwQE
XblAAwQEX42AAwQE2cQQMA0GCSqGSIb3DQEBCwUAA4IBAQBv7G/UzqWUWonIAEzj
kBs7+/VQhphZ1IoUEHGPlc5QO1nohItXQUxMqC1CeX43yWc/IbhcpAzop6oAg7kf
E0XGWpUm/xwBh8KpxqllQq4C6stWnBckHl334XgguuWbEQqorHcIkazemXglOAV6
yNkzvSwu+3wzcKx7ZcdWynED4Q0CziLwCHHAbYWEycpOJo/3mDegSDTm+eGoL0V9
xmWFMzJ0ziEkvCoLo9MVDW31x+03fSINrqUkwLYVokMHwLwdwSsXjpC1gAO3bVOf
2qChIu2q9F4BvhNOpw9gKy3sGm6v7D/CYGkj0bPEL1FOj/rdNSgI+MLIbA4orlbr
neTi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:17 2024 by rpki-client on console-fra.rpki-client.org