Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/D-2w7d3Szw-pThTskp2vzYevF-w.roa
File:                     D-2w7d3Szw-pThTskp2vzYevF-w.roa (raw, json)
Hash identifier:          oCl3wLV80MRcly9Jz55hDffyubovaPxs4Cde3HP7CNA=
Subject key identifier:   0F:ED:B0:ED:DD:D2:CF:0F:A9:4E:14:EC:92:9D:AF:CD:87:AF:17:EC
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       01864A0E7AAC5C09F77E53955F70CBEE6029
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/D-2w7d3Szw-pThTskp2vzYevF-w.roa
Signing time:             Mon 13 Feb 2023 09:15:08 +0000
ROA not before:           Mon 13 Feb 2023 09:15:08 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12357
IP address blocks:        37.222.0.0/15 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:35:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:4a:0e:7a:ac:5c:09:f7:7e:53:95:5f:70:cb:ee:60:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Feb 13 09:15:08 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0fedb0edddd2cf0fa94e14ec929dafcd87af17ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e2:c8:76:43:9b:db:77:cc:d1:e8:c8:e2:61:
                    e6:55:ba:05:a4:0e:41:d3:a5:d3:b7:c2:53:4a:fe:
                    e2:6c:e9:b4:93:93:bc:d2:c7:0c:a2:1c:16:bf:93:
                    ce:2f:aa:f8:37:3a:75:f8:bf:e5:21:72:86:95:53:
                    8c:dd:b2:1c:79:f5:1c:e7:23:e2:0e:46:c1:38:33:
                    f0:f2:89:1c:9c:98:aa:3b:d1:4d:92:14:4b:3a:7e:
                    3e:f5:bf:93:ae:30:3d:b9:12:09:d7:56:8f:a6:30:
                    b0:4b:a9:ea:3c:a5:57:d2:18:a8:d1:d6:84:4f:a3:
                    cf:f6:06:0f:a2:00:60:84:24:9b:4c:b9:f2:11:8b:
                    80:b9:0f:71:15:33:54:81:18:ec:42:1f:82:6d:ed:
                    a6:b1:f5:e4:01:52:97:eb:84:5c:9a:53:6d:0a:e2:
                    cd:0f:6a:e3:4a:8a:50:2c:44:5c:71:27:53:d6:d4:
                    36:cb:83:b5:56:6b:5c:04:32:cb:3b:be:ed:84:58:
                    7d:0c:22:6d:00:9a:7c:b9:ef:4b:08:86:7e:76:63:
                    6e:cb:62:6e:85:63:46:4a:4d:97:fc:58:e1:19:9b:
                    9e:88:73:f9:7d:6a:db:7c:e5:bd:5f:90:f6:e7:ea:
                    df:32:30:12:a1:c7:e4:2c:c2:23:82:bc:b2:35:be:
                    dc:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:ED:B0:ED:DD:D2:CF:0F:A9:4E:14:EC:92:9D:AF:CD:87:AF:17:EC
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/D-2w7d3Szw-pThTskp2vzYevF-w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.222.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         ba:98:c2:62:a7:f6:aa:95:ad:eb:01:62:ed:fb:8c:e3:83:e4:
         dc:d0:5d:aa:6c:ca:3f:15:94:e5:c2:9d:2f:c9:fa:6f:e9:c4:
         f2:07:03:74:20:d2:70:3e:bf:d0:ed:47:27:43:6e:b1:0b:c9:
         c0:c7:64:81:d2:7a:ee:48:4b:a8:36:30:24:3a:54:6c:54:9b:
         0f:f7:0f:68:66:f5:01:b7:8a:c0:72:7c:8e:2e:f7:2b:d8:fe:
         1a:10:1c:a0:f4:fc:5b:9e:d4:ee:3a:b7:ee:cc:5a:7d:24:90:
         27:c5:6c:17:04:8f:ba:29:c0:66:17:85:f0:e9:63:cc:31:c4:
         48:1d:11:10:c1:94:81:1d:01:1b:49:4e:63:f1:df:eb:ed:cd:
         e2:39:82:c1:01:14:5a:18:1c:a7:61:4a:18:27:fa:2d:7f:1b:
         ab:87:19:75:0d:bd:c3:53:fb:04:ed:0d:b0:58:cd:a3:22:11:
         e7:62:7a:99:84:00:66:5a:ef:52:ee:37:3e:10:1d:5a:c0:c2:
         0f:f0:a1:5a:81:d9:1a:aa:63:2e:d6:19:3c:34:fc:a7:ff:72:
         86:2b:83:c8:e3:77:86:48:25:3f:a1:01:41:47:32:53:89:84:
         18:80:1f:3e:9d:22:2b:65:17:85:8a:5f:49:89:20:3b:45:eb:
         40:54:b9:58
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYZKDnqsXAn3flOVX3DL7mApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjMwMjEzMDkxNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmVkYjBlZGRkZDJjZjBmYTk0ZTE0ZWM5MjlkYWZjZDg3YWYxN2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuLIdkOb23fM0ejI4mHmVboFpA5B
06XTt8JTSv7ibOm0k5O80scMohwWv5POL6r4Nzp1+L/lIXKGlVOM3bIcefUc5yPi
DkbBODPw8okcnJiqO9FNkhRLOn4+9b+TrjA9uRIJ11aPpjCwS6nqPKVX0hio0daE
T6PP9gYPogBghCSbTLnyEYuAuQ9xFTNUgRjsQh+Cbe2msfXkAVKX64RcmlNtCuLN
D2rjSopQLERccSdT1tQ2y4O1VmtcBDLLO77thFh9DCJtAJp8ue9LCIZ+dmNuy2Ju
hWNGSk2X/FjhGZueiHP5fWrbfOW9X5D25+rfMjASocfkLMIjgryyNb7cqQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFA/tsO3d0s8PqU4U7JKdr82HrxfsMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvRC0ydzdkM1N6dy1wVGhUc2twMnZ6WWV2Ri13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBJd4wDQYJ
KoZIhvcNAQELBQADggEBALqYwmKn9qqVresBYu37jOOD5NzQXapsyj8VlOXCnS/J
+m/pxPIHA3Qg0nA+v9DtRydDbrELycDHZIHSeu5IS6g2MCQ6VGxUmw/3D2hm9QG3
isByfI4u9yvY/hoQHKD0/Fue1O46t+7MWn0kkCfFbBcEj7opwGYXhfDpY8wxxEgd
ERDBlIEdARtJTmPx3+vtzeI5gsEBFFoYHKdhShgn+i1/G6uHGXUNvcNT+wTtDbBY
zaMiEediepmEAGZa71LuNz4QHVrAwg/woVqB2RqqYy7WGTw0/Kf/coYrg8jjd4ZI
JT+hAUFHMlOJhBiAHz6dIitlF4WKX0mJIDtF60BUuVg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:12 2024 by rpki-client on console-ams.rpki-client.org