Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/K4NPq7K6baV24zUJRWLebAiq7FM.roa
File:                     K4NPq7K6baV24zUJRWLebAiq7FM.roa (raw, json)
Hash identifier:          EQB6/PkWbA5rLS8ntS2gOnI/nl0w38sQ8q6dq/qhAtU=
Subject key identifier:   2B:83:4F:AB:B2:BA:6D:A5:76:E3:35:09:45:62:DE:6C:08:AA:EC:53
Certificate issuer:       /CN=2ace21090ee4d78677413423dcb2fe01a6e1c622
Certificate serial:       0185729EDFD507B30B0C6E26F97F3A79DD32
Authority key identifier: 2A:CE:21:09:0E:E4:D7:86:77:41:34:23:DC:B2:FE:01:A6:E1:C6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ks4hCQ7k14Z3QTQj3LL-AabhxiI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/K4NPq7K6baV24zUJRWLebAiq7FM.roa
Signing time:             Mon 02 Jan 2023 13:14:52 +0000
ROA not before:           Mon 02 Jan 2023 13:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15742
IP address blocks:        217.117.68.0/24 maxlen: 24
                          217.117.67.0/24 maxlen: 24
                          217.117.66.0/24 maxlen: 24
                          217.117.71.0/24 maxlen: 24
                          217.117.70.0/24 maxlen: 24
                          217.117.69.0/24 maxlen: 24
                          217.117.65.0/24 maxlen: 24
                          217.117.72.0/24 maxlen: 24
                          217.117.75.0/24 maxlen: 24
                          217.117.74.0/24 maxlen: 24
                          217.117.73.0/24 maxlen: 24
                          217.117.78.0/24 maxlen: 24
                          217.117.77.0/24 maxlen: 24
                          217.117.76.0/24 maxlen: 24
                          87.238.152.0/24 maxlen: 24
                          217.117.79.0/24 maxlen: 24
                          87.238.153.0/24 maxlen: 24
                          87.238.156.0/24 maxlen: 24
                          87.238.155.0/24 maxlen: 24
                          87.238.154.0/24 maxlen: 24
                          87.238.159.0/24 maxlen: 24
                          87.238.158.0/24 maxlen: 24
                          87.238.157.0/24 maxlen: 24
                          217.117.64.0/24 maxlen: 24
                          2a03:9220::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:df:d5:07:b3:0b:0c:6e:26:f9:7f:3a:79:dd:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ace21090ee4d78677413423dcb2fe01a6e1c622
        Validity
            Not Before: Jan  2 13:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b834fabb2ba6da576e335094562de6c08aaec53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e9:a0:2c:71:a7:3a:94:dd:20:11:98:ab:20:
                    d3:0a:79:e2:19:4d:34:de:a8:81:f1:01:02:79:b0:
                    9f:26:2f:d9:d6:57:e4:d9:01:f2:b3:e8:53:a8:0e:
                    4f:89:03:de:5b:88:6f:cb:1c:af:f9:c1:48:70:a8:
                    e6:2a:b5:f0:3e:31:af:dd:82:c3:b4:33:0c:22:a7:
                    7d:25:ba:f3:1f:07:ee:00:c1:4f:4f:59:17:f0:f3:
                    80:cc:f0:0c:f5:8f:da:38:2b:dc:e3:18:0b:99:b5:
                    31:99:8e:7c:b8:9b:46:e9:55:f5:ea:e9:93:1c:79:
                    d4:46:48:1e:c6:00:6d:f2:b4:b4:08:d9:f4:23:1b:
                    8a:f2:08:f8:59:5c:56:f2:2e:0f:d0:56:63:7d:5b:
                    67:31:5b:76:09:06:70:58:52:5f:f6:08:cd:a6:8b:
                    70:b9:ca:82:af:68:58:35:21:73:90:9d:ab:7d:b4:
                    05:bf:ef:53:3d:b3:68:63:64:5f:b9:46:b0:c7:7e:
                    d6:de:5e:af:72:57:a9:f6:d5:d6:8e:f5:17:6f:88:
                    72:67:d4:75:d1:ea:b9:ee:c1:92:5f:3b:10:67:36:
                    55:c1:68:c1:f3:a3:77:6a:86:f0:3f:62:c0:8c:2f:
                    0f:79:c1:35:90:e9:21:d6:57:aa:18:21:d6:2f:1e:
                    0a:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:83:4F:AB:B2:BA:6D:A5:76:E3:35:09:45:62:DE:6C:08:AA:EC:53
            X509v3 Authority Key Identifier:
                keyid:2A:CE:21:09:0E:E4:D7:86:77:41:34:23:DC:B2:FE:01:A6:E1:C6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ks4hCQ7k14Z3QTQj3LL-AabhxiI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/K4NPq7K6baV24zUJRWLebAiq7FM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2915f1-87ba-4c18-aaf9-590a9813dddf/1/Ks4hCQ7k14Z3QTQj3LL-AabhxiI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.238.152.0/21
                  217.117.64.0/20
                IPv6:
                  2a03:9220::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:b9:94:a2:3d:bc:5a:77:56:67:88:d2:4e:06:82:df:a8:3b:
         0e:89:64:5f:60:b2:86:a9:1d:65:5f:3b:79:61:7a:ee:22:e6:
         c2:1e:cb:2c:c1:4c:b0:b1:76:bc:ed:e9:b8:84:6f:e0:50:6d:
         4e:e1:d5:03:9f:52:ae:e5:2d:8c:98:77:6e:70:cc:de:77:47:
         b6:46:93:fe:3e:b8:cd:73:de:0d:bf:f7:3e:d2:68:dd:9c:68:
         70:9d:b1:7f:9b:5e:d9:1f:57:b3:97:d4:eb:c6:ee:e3:80:c3:
         83:f5:27:48:a9:5b:ed:b8:59:c2:90:7f:17:46:9e:14:e5:13:
         b5:ec:a9:91:9d:49:66:a2:26:01:0b:2e:04:23:da:20:ba:19:
         a7:fa:62:9c:10:5c:90:c4:7d:1d:4e:af:f0:82:93:fe:78:43:
         8c:dd:1a:c6:57:9a:55:1a:fc:84:1d:d2:e0:2c:ea:64:56:d3:
         72:76:ea:80:95:a4:45:74:22:09:d4:3e:d4:d8:3c:f3:00:ca:
         25:73:ac:25:9b:4f:91:27:4d:43:c6:c0:10:e3:f2:4b:a3:b2:
         35:8a:34:33:99:22:c6:cd:f4:d5:9a:d5:f2:05:e2:03:80:d9:
         01:dc:0e:15:4c:64:90:ec:88:4c:1a:27:09:3b:97:ad:82:2d:
         47:f7:7a:24
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVynt/VB7MLDG4m+X86ed0yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhY2UyMTA5MGVlNGQ3ODY3NzQxMzQyM2RjYjJmZTAxYTZl
MWM2MjIwHhcNMjMwMTAyMTMxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjgzNGZhYmIyYmE2ZGE1NzZlMzM1MDk0NTYyZGU2YzA4YWFlYzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOmgLHGnOpTdIBGYqyDTCnniGU00
3qiB8QECebCfJi/Z1lfk2QHys+hTqA5PiQPeW4hvyxyv+cFIcKjmKrXwPjGv3YLD
tDMMIqd9JbrzHwfuAMFPT1kX8POAzPAM9Y/aOCvc4xgLmbUxmY58uJtG6VX16umT
HHnURkgexgBt8rS0CNn0IxuK8gj4WVxW8i4P0FZjfVtnMVt2CQZwWFJf9gjNpotw
ucqCr2hYNSFzkJ2rfbQFv+9TPbNoY2RfuUawx37W3l6vclep9tXWjvUXb4hyZ9R1
0eq57sGSXzsQZzZVwWjB86N3aobwP2LAjC8PecE1kOkh1leqGCHWLx4KAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCuDT6uyum2lduM1CUVi3mwIquxTMB8GA1UdIwQY
MBaAFCrOIQkO5NeGd0E0I9yy/gGm4cYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3M0aENRN2sxNFozUVRRajNMTC1BYWJoeGlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yOTE1ZjEtODdiYS00YzE4LWFhZjkt
NTkwYTk4MTNkZGRmLzEvSzROUHE3SzZiYVYyNHpVSlJXTGViQWlxN0ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8yOTE1ZjEtODdiYS00YzE4LWFhZjktNTkwYTk4MTNkZGRm
LzEvS3M0aENRN2sxNFozUVRRajNMTC1BYWJoeGlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDV+6YAwQE
2XVAMA0EAgACMAcDBQAqA5IgMA0GCSqGSIb3DQEBCwUAA4IBAQBbuZSiPbxad1Zn
iNJOBoLfqDsOiWRfYLKGqR1lXzt5YXruIubCHssswUywsXa87em4hG/gUG1O4dUD
n1Ku5S2MmHducMzed0e2RpP+PrjNc94Nv/c+0mjdnGhwnbF/m17ZH1ezl9Trxu7j
gMOD9SdIqVvtuFnCkH8XRp4U5RO17KmRnUlmoiYBCy4EI9oguhmn+mKcEFyQxH0d
Tq/wgpP+eEOM3RrGV5pVGvyEHdLgLOpkVtNyduqAlaRFdCIJ1D7U2DzzAMolc6wl
m0+RJ01DxsAQ4/JLo7I1ijQzmSLGzfTVmtXyBeIDgNkB3A4VTGSQ7IhMGicJO5et
gi1H93ok
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:49 2024 by rpki-client on console-ams.rpki-client.org