Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/kTVvX5kvi0cz2r9-ceEYB23VK_Q.roa
File:                     kTVvX5kvi0cz2r9-ceEYB23VK_Q.roa (raw, json)
Hash identifier:          1Kxwh+5gNLBp+fE3X0LBbSgOIEUSDd7uWEORbC0+5xc=
Subject key identifier:   91:35:6F:5F:99:2F:8B:47:33:DA:BF:7E:71:E1:18:07:6D:D5:2B:F4
Certificate issuer:       /CN=d152b4c1f5d484eefc2b1597f455003ab654b055
Certificate serial:       01856BEEABE5CB32C7A721D3BF7239A0FF2D
Authority key identifier: D1:52:B4:C1:F5:D4:84:EE:FC:2B:15:97:F4:55:00:3A:B6:54:B0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0VK0wfXUhO78KxWX9FUAOrZUsFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/kTVvX5kvi0cz2r9-ceEYB23VK_Q.roa
Signing time:             Sun 01 Jan 2023 06:04:41 +0000
ROA not before:           Sun 01 Jan 2023 06:04:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209721
IP address blocks:        194.26.120.0/21 maxlen: 21
                          2001:67c:2e0c::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:ee:ab:e5:cb:32:c7:a7:21:d3:bf:72:39:a0:ff:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d152b4c1f5d484eefc2b1597f455003ab654b055
        Validity
            Not Before: Jan  1 06:04:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91356f5f992f8b4733dabf7e71e118076dd52bf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e7:7c:13:28:f7:af:b6:ab:4e:f2:f9:94:03:
                    45:d3:a8:e8:1d:bf:fd:f0:1d:22:76:fc:ff:49:e5:
                    5b:6d:11:68:1c:25:7c:48:1b:7a:d9:0e:90:9f:b4:
                    1e:3d:ac:ac:a1:f3:cf:9b:24:0f:f8:cd:14:4b:57:
                    cf:d7:9b:2a:55:ae:ee:9c:8b:82:af:03:ea:1d:b0:
                    c0:a9:5f:bf:79:db:3a:9a:78:52:8a:e2:ab:67:5a:
                    1d:1f:db:01:a5:96:28:13:d5:77:68:b3:c4:b5:b3:
                    e4:42:d5:cf:c0:03:52:a6:5e:70:a1:49:91:af:f4:
                    c3:78:4f:35:a6:3f:b7:f8:78:00:a7:41:62:2c:24:
                    8b:a7:0f:ae:0e:d6:d0:f5:35:e5:87:d0:46:34:54:
                    f9:b8:de:76:e7:8e:5d:45:0a:82:85:d0:aa:07:76:
                    04:2d:8a:9e:e2:33:f6:60:aa:e7:dd:7c:7f:34:24:
                    9b:96:f5:62:9c:dc:f7:c4:bf:31:a4:ca:55:64:45:
                    e6:31:33:10:9c:f7:f7:56:46:13:97:f9:82:28:82:
                    df:53:63:14:c0:3c:9f:1c:c0:f1:b1:e6:13:ae:6d:
                    b4:f0:70:99:b8:ef:83:c7:6d:2e:26:d3:a1:d6:a3:
                    f8:cc:26:57:c1:72:4f:6f:d3:93:04:2b:03:06:e7:
                    7e:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:35:6F:5F:99:2F:8B:47:33:DA:BF:7E:71:E1:18:07:6D:D5:2B:F4
            X509v3 Authority Key Identifier:
                keyid:D1:52:B4:C1:F5:D4:84:EE:FC:2B:15:97:F4:55:00:3A:B6:54:B0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0VK0wfXUhO78KxWX9FUAOrZUsFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/kTVvX5kvi0cz2r9-ceEYB23VK_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/379e32-02e0-4339-882b-2f75195216b9/1/0VK0wfXUhO78KxWX9FUAOrZUsFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.120.0/21
                IPv6:
                  2001:67c:2e0c::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:ba:53:ba:03:3c:b7:ca:09:40:49:35:d0:8f:29:35:f5:29:
         d1:7e:43:cb:95:69:d8:23:a4:ad:3e:34:4b:72:4a:98:a2:48:
         e0:d6:75:8e:5f:c1:0e:10:c2:ce:c3:4c:2e:7b:5b:e0:15:ce:
         c8:47:93:ee:04:6c:a1:8e:cb:01:1b:3b:e0:ec:ec:07:58:bc:
         5d:bf:da:f5:c6:e3:65:c7:31:09:77:23:97:eb:58:a6:4d:c9:
         9c:ca:37:d0:67:e1:9f:de:bc:7c:b2:8a:d5:7e:c1:8c:7c:d5:
         ca:06:13:b5:eb:67:6a:fc:55:78:20:70:ae:f5:7f:1f:ac:7c:
         97:f9:88:0e:3e:23:7b:f2:d2:6e:2a:13:43:b8:9d:0d:27:a0:
         3e:8a:03:e8:2b:e6:f2:d6:64:ab:7c:74:47:1b:21:60:06:52:
         58:f1:43:7c:10:ef:6a:54:6b:53:86:37:98:ff:9a:a0:bb:d0:
         25:91:22:3d:c7:2a:60:70:f6:25:87:c5:7d:51:2c:5f:b3:d0:
         ae:1e:a5:1c:a8:4d:67:6c:be:b7:4c:1a:b6:15:b4:7f:d6:7c:
         d5:ac:09:99:fd:4e:6d:1f:62:c1:64:07:f8:83:e3:9a:86:4a:
         42:7d:24:a6:58:25:9d:bd:fd:cb:cb:8b:fb:c0:08:55:37:58:
         7a:28:19:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVr7qvlyzLHpyHTv3I5oP8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxNTJiNGMxZjVkNDg0ZWVmYzJiMTU5N2Y0NTUwMDNhYjY1
NGIwNTUwHhcNMjMwMTAxMDYwNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTM1NmY1Zjk5MmY4YjQ3MzNkYWJmN2U3MWUxMTgwNzZkZDUyYmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOd8Eyj3r7arTvL5lANF06joHb/9
8B0idvz/SeVbbRFoHCV8SBt62Q6Qn7QePaysofPPmyQP+M0US1fP15sqVa7unIuC
rwPqHbDAqV+/eds6mnhSiuKrZ1odH9sBpZYoE9V3aLPEtbPkQtXPwANSpl5woUmR
r/TDeE81pj+3+HgAp0FiLCSLpw+uDtbQ9TXlh9BGNFT5uN52545dRQqChdCqB3YE
LYqe4jP2YKrn3Xx/NCSblvVinNz3xL8xpMpVZEXmMTMQnPf3VkYTl/mCKILfU2MU
wDyfHMDxseYTrm208HCZuO+Dx20uJtOh1qP4zCZXwXJPb9OTBCsDBud+pwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJE1b1+ZL4tHM9q/fnHhGAdt1Sv0MB8GA1UdIwQY
MBaAFNFStMH11ITu/CsVl/RVADq2VLBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFZLMHdmWFVoTzc4S3hXWDlGVUFPclpVc0ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8zNzllMzItMDJlMC00MzM5LTg4MmIt
MmY3NTE5NTIxNmI5LzEva1RWdlg1a3ZpMGN6MnI5LWNlRVlCMjNWS19RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8zNzllMzItMDJlMC00MzM5LTg4MmItMmY3NTE5NTIxNmI5
LzEvMFZLMHdmWFVoTzc4S3hXWDlGVUFPclpVc0ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwhp4MA8E
AgACMAkDBwAgAQZ8LgwwDQYJKoZIhvcNAQELBQADggEBAI26U7oDPLfKCUBJNdCP
KTX1KdF+Q8uVadgjpK0+NEtySpiiSODWdY5fwQ4Qws7DTC57W+AVzshHk+4EbKGO
ywEbO+Ds7AdYvF2/2vXG42XHMQl3I5frWKZNyZzKN9Bn4Z/evHyyitV+wYx81coG
E7XrZ2r8VXggcK71fx+sfJf5iA4+I3vy0m4qE0O4nQ0noD6KA+gr5vLWZKt8dEcb
IWAGUljxQ3wQ72pUa1OGN5j/mqC70CWRIj3HKmBw9iWHxX1RLF+z0K4epRyoTWds
vrdMGrYVtH/WfNWsCZn9Tm0fYsFkB/iD45qGSkJ9JKZYJZ29/cvLi/vACFU3WHoo
GTs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:11 2024 by rpki-client on console-ams.rpki-client.org