Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/lTqrni1zPpqZW3j1ZaU9J7Cw2vY.roa
File:                     lTqrni1zPpqZW3j1ZaU9J7Cw2vY.roa (raw, json)
Hash identifier:          ZZofr5BPL4AQRtw6ydoOcc1EU4SPdHH1f5LGz1zgCgM=
Subject key identifier:   95:3A:AB:9E:2D:73:3E:9A:99:5B:78:F5:65:A5:3D:27:B0:B0:DA:F6
Certificate issuer:       /CN=d275d7a8bac0477f5509dff11b9195ca60df87da
Certificate serial:       01856CC153F35E7F4FC6CE131090C86BB146
Authority key identifier: D2:75:D7:A8:BA:C0:47:7F:55:09:DF:F1:1B:91:95:CA:60:DF:87:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/lTqrni1zPpqZW3j1ZaU9J7Cw2vY.roa
Signing time:             Sun 01 Jan 2023 09:54:47 +0000
ROA not before:           Sun 01 Jan 2023 09:54:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209483
IP address blocks:        171.22.156.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:c1:53:f3:5e:7f:4f:c6:ce:13:10:90:c8:6b:b1:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d275d7a8bac0477f5509dff11b9195ca60df87da
        Validity
            Not Before: Jan  1 09:54:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=953aab9e2d733e9a995b78f565a53d27b0b0daf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c7:18:b7:7f:a2:d5:6f:29:6e:ec:a4:5f:0e:
                    06:87:3b:07:60:ae:ae:f1:01:8f:1e:87:85:91:b1:
                    77:b7:66:be:c0:a9:a5:da:3e:0d:e1:73:3f:b2:f3:
                    e1:4b:14:2d:a7:4d:ec:78:bc:57:10:82:f0:b2:f6:
                    d2:cb:9e:1c:45:86:d4:b2:58:c5:d4:b3:72:c3:f9:
                    04:74:06:b2:f1:67:21:db:74:16:9b:3f:22:38:23:
                    06:e1:85:b9:f8:24:22:15:a6:7f:f6:62:2e:2d:85:
                    f5:3f:10:e9:e0:39:ca:a0:8f:bc:b3:05:72:8d:b2:
                    cd:92:bb:3e:4f:91:9c:6f:f6:4d:d9:16:5f:26:4f:
                    d9:e9:87:c7:20:02:0b:4f:d7:da:92:91:58:1f:3e:
                    a4:f5:54:c9:1a:ae:db:5f:ce:64:51:4d:7c:e6:f3:
                    63:4a:03:a0:50:74:94:94:97:e6:87:f9:85:83:a4:
                    95:3c:88:b2:c7:a2:eb:b3:85:56:09:f5:20:ae:0c:
                    c4:48:21:f3:f7:f6:6b:23:8b:b8:85:27:10:6f:91:
                    b2:4c:6c:88:b2:13:fc:7c:cd:20:09:b7:06:01:6b:
                    07:e1:94:85:ce:b1:db:44:9d:e9:73:47:7a:d5:0a:
                    74:82:0c:4d:53:85:15:7d:7a:d7:b5:ef:5b:02:cf:
                    d8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:3A:AB:9E:2D:73:3E:9A:99:5B:78:F5:65:A5:3D:27:B0:B0:DA:F6
            X509v3 Authority Key Identifier:
                keyid:D2:75:D7:A8:BA:C0:47:7F:55:09:DF:F1:1B:91:95:CA:60:DF:87:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/lTqrni1zPpqZW3j1ZaU9J7Cw2vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         89:e9:fe:9a:e5:5b:81:4f:44:71:3c:6f:59:7e:b7:65:c8:37:
         53:f3:b1:82:8f:db:73:7c:ea:70:b3:4f:b3:e0:f7:fd:89:59:
         fd:25:c6:af:99:64:53:d8:7a:44:a2:8d:7b:df:05:15:51:5b:
         c8:56:1e:b0:44:2b:ed:ff:60:45:a2:8b:93:3b:00:0a:35:03:
         3e:b7:cc:59:87:16:43:88:19:bb:7b:07:4c:c6:f2:60:eb:71:
         51:f8:ab:7f:cd:a4:fe:83:f1:a7:0a:56:2c:7e:6c:34:90:ee:
         c4:e4:18:84:78:58:8f:69:0b:f5:12:f1:6e:f0:54:bf:52:5a:
         cc:ec:f5:d1:f2:7c:32:bb:c0:26:dc:83:1e:db:27:4a:49:26:
         00:c2:f9:31:81:44:72:72:3f:67:9d:0a:26:f2:25:ff:db:82:
         a8:44:91:89:8e:8a:f9:6e:b6:9a:85:05:90:b9:89:36:25:0d:
         a0:d9:62:7e:3f:b2:e6:fc:03:d4:59:0b:8f:8f:da:58:34:e2:
         52:ce:ea:5b:92:67:67:2a:4f:a9:20:98:7a:bd:b0:b7:28:d4:
         a8:21:24:fd:d3:54:c2:ee:0c:e1:0a:71:5b:92:ac:28:81:27:
         e1:c0:1c:7b:4b:14:3f:84:25:bc:6a:7b:44:24:7c:cb:49:01:
         8a:20:fd:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVswVPzXn9Pxs4TEJDIa7FGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzVkN2E4YmFjMDQ3N2Y1NTA5ZGZmMTFiOTE5NWNhNjBk
Zjg3ZGEwHhcNMjMwMTAxMDk1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTNhYWI5ZTJkNzMzZTlhOTk1Yjc4ZjU2NWE1M2QyN2IwYjBkYWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8cYt3+i1W8pbuykXw4GhzsHYK6u
8QGPHoeFkbF3t2a+wKml2j4N4XM/svPhSxQtp03seLxXEILwsvbSy54cRYbUsljF
1LNyw/kEdAay8Wch23QWmz8iOCMG4YW5+CQiFaZ/9mIuLYX1PxDp4DnKoI+8swVy
jbLNkrs+T5Gcb/ZN2RZfJk/Z6YfHIAILT9fakpFYHz6k9VTJGq7bX85kUU185vNj
SgOgUHSUlJfmh/mFg6SVPIiyx6Lrs4VWCfUgrgzESCHz9/ZrI4u4hScQb5GyTGyI
shP8fM0gCbcGAWsH4ZSFzrHbRJ3pc0d61Qp0ggxNU4UVfXrXte9bAs/YaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJU6q54tcz6amVt49WWlPSewsNr2MB8GA1UdIwQY
MBaAFNJ116i6wEd/VQnf8RuRlcpg34faMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5YWHFMckFSMzlWQ2RfeEc1R1Z5bURmaDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83YmViMDQtMzE3Yi00NDhhLTgyZWQt
NTY1YjE0NDcwMzdiLzEvbFRxcm5pMXpQcHFaVzNqMVphVTlKN0N3MnZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83YmViMDQtMzE3Yi00NDhhLTgyZWQtNTY1YjE0NDcwMzdi
LzEvMG5YWHFMckFSMzlWQ2RfeEc1R1Z5bURmaDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCqxacMA0G
CSqGSIb3DQEBCwUAA4IBAQCJ6f6a5VuBT0RxPG9ZfrdlyDdT87GCj9tzfOpws0+z
4Pf9iVn9JcavmWRT2HpEoo173wUVUVvIVh6wRCvt/2BFoouTOwAKNQM+t8xZhxZD
iBm7ewdMxvJg63FR+Kt/zaT+g/GnClYsfmw0kO7E5BiEeFiPaQv1EvFu8FS/UlrM
7PXR8nwyu8Am3IMe2ydKSSYAwvkxgURycj9nnQom8iX/24KoRJGJjor5braahQWQ
uYk2JQ2g2WJ+P7Lm/APUWQuPj9pYNOJSzupbkmdnKk+pIJh6vbC3KNSoIST901TC
7gzhCnFbkqwogSfhwBx7SxQ/hCW8antEJHzLSQGKIP3X
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:35 2024 by rpki-client on console-fra.rpki-client.org