Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/rS3EPtKNnhggYNdmd_UREjvow-k.roa
File:                     rS3EPtKNnhggYNdmd_UREjvow-k.roa (raw, json)
Hash identifier:          Qv8hid3raC/LQKTf9TvcX/7dqfUJ1RN+DT/DrEf2rmg=
Subject key identifier:   AD:2D:C4:3E:D2:8D:9E:18:20:60:D7:66:77:F5:11:12:3B:E8:C3:E9
Certificate issuer:       /CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
Certificate serial:       018E689C9171FBB2174F926DA29E359B7708
Authority key identifier: D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/rS3EPtKNnhggYNdmd_UREjvow-k.roa
Signing time:             Sat 23 Mar 2024 00:01:15 +0000
ROA not before:           Sat 23 Mar 2024 00:01:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        188.209.132.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Fri 29 Mar 2024 19:06:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:68:9c:91:71:fb:b2:17:4f:92:6d:a2:9e:35:9b:77:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d93da2019909d9fc37829fd9ec29d948ecff7c92
        Validity
            Not Before: Mar 23 00:01:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad2dc43ed28d9e182060d76677f511123be8c3e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:77:db:20:bc:c9:04:d5:57:c1:7e:b1:5b:88:
                    5f:27:4d:25:d9:98:c7:e4:5f:40:19:c1:1a:e7:b6:
                    f2:be:44:b7:5d:05:56:55:40:b4:c4:e6:90:7f:ef:
                    51:b8:e7:9f:25:da:36:6b:74:87:59:b3:67:64:f9:
                    12:49:5d:df:c7:50:c7:4f:4c:3e:11:4f:ba:b0:99:
                    cd:a3:c4:89:a2:cb:cf:ce:dc:48:01:48:81:25:0b:
                    91:c6:f5:5c:85:5f:14:4d:22:c4:70:e4:79:e4:35:
                    ac:e7:f7:b1:ec:41:12:39:44:2d:51:22:ca:02:57:
                    47:58:dd:d8:a7:12:9e:41:c8:04:21:68:c6:d4:e5:
                    43:db:56:0d:2d:c8:ff:9d:12:05:59:c3:d1:1e:ac:
                    b8:fd:29:61:d5:b7:1e:fc:b4:90:ad:9c:94:a8:e2:
                    0c:97:a4:76:b2:6c:44:a1:ba:0d:a2:25:06:2a:cc:
                    1c:13:5b:01:92:a6:b2:13:25:b6:a3:b8:44:b4:2e:
                    56:e6:e5:10:2f:2c:7d:e2:d7:69:fb:81:7b:f6:b4:
                    41:a5:20:15:51:39:e1:6a:2d:12:fe:76:c5:e9:83:
                    52:15:eb:6e:a6:05:5a:bc:fc:4f:64:b0:61:6b:02:
                    86:ad:b2:20:a9:cd:e0:f4:49:64:b2:eb:fb:3e:ce:
                    9f:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:2D:C4:3E:D2:8D:9E:18:20:60:D7:66:77:F5:11:12:3B:E8:C3:E9
            X509v3 Authority Key Identifier:
                keyid:D9:3D:A2:01:99:09:D9:FC:37:82:9F:D9:EC:29:D9:48:EC:FF:7C:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/rS3EPtKNnhggYNdmd_UREjvow-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/47afa3-ce31-4060-a078-f5addddf1ec5/1/2T2iAZkJ2fw3gp_Z7CnZSOz_fJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:7e:f9:dd:b9:3b:bf:9e:47:4c:64:95:18:64:56:53:3a:fb:
         a6:48:60:f5:89:73:28:45:29:a9:0f:88:f3:7c:a3:12:63:41:
         da:8e:c2:ea:1d:09:fc:f6:53:71:09:bb:9b:9a:2c:66:fe:4f:
         96:00:4e:8e:db:38:7c:d8:dc:37:ed:47:85:69:83:d1:1c:96:
         d5:ee:4d:88:81:a3:48:c8:1c:2c:e5:31:23:f8:5e:bf:3f:8d:
         a5:96:fe:49:5a:de:7e:eb:02:da:ab:ad:39:ff:5c:3e:24:48:
         e1:a4:3b:74:90:88:6b:cc:24:27:b0:04:e9:10:26:65:52:82:
         93:97:69:fb:bd:7a:a4:6d:ea:b0:f3:08:5b:0b:71:ce:d4:8f:
         a4:c9:09:d9:c3:9f:8f:c5:5a:22:95:97:7b:19:d0:fd:50:87:
         38:9d:7a:b8:2a:0b:4c:68:60:c0:6b:3f:b8:ab:1c:61:1c:06:
         71:a7:ee:4c:fd:1a:55:6a:0e:72:d0:62:1a:a9:2b:7a:9d:7a:
         c2:4c:4f:87:8a:c1:02:ab:89:96:84:08:d8:84:79:a8:52:e5:
         37:1f:ef:ea:71:4c:50:62:1e:69:4e:12:a5:82:21:07:ac:0e:
         05:f0:b7:ee:4f:87:8f:73:e2:1d:bd:cd:15:fd:b5:51:96:52:
         94:b1:98:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5onJFx+7IXT5Jtop41m3cIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5M2RhMjAxOTkwOWQ5ZmMzNzgyOWZkOWVjMjlkOTQ4ZWNm
ZjdjOTIwHhcNMjQwMzIzMDAwMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDJkYzQzZWQyOGQ5ZTE4MjA2MGQ3NjY3N2Y1MTExMjNiZThjM2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXfbILzJBNVXwX6xW4hfJ00l2ZjH
5F9AGcEa57byvkS3XQVWVUC0xOaQf+9RuOefJdo2a3SHWbNnZPkSSV3fx1DHT0w+
EU+6sJnNo8SJosvPztxIAUiBJQuRxvVchV8UTSLEcOR55DWs5/ex7EESOUQtUSLK
AldHWN3YpxKeQcgEIWjG1OVD21YNLcj/nRIFWcPRHqy4/Slh1bce/LSQrZyUqOIM
l6R2smxEoboNoiUGKswcE1sBkqayEyW2o7hEtC5W5uUQLyx94tdp+4F79rRBpSAV
UTnhai0S/nbF6YNSFetupgVavPxPZLBhawKGrbIgqc3g9Elksuv7Ps6f/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0txD7SjZ4YIGDXZnf1ERI76MPpMB8GA1UdIwQY
MBaAFNk9ogGZCdn8N4Kf2ewp2Ujs/3ySMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgt
ZjVhZGRkZGYxZWM1LzEvclMzRVB0S05uaGdnWU5kbWRfVVJFanZvdy1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80N2FmYTMtY2UzMS00MDYwLWEwNzgtZjVhZGRkZGYxZWM1
LzEvMlQyaUFaa0oyZnczZ3BfWjdDblpTT3pfZkpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCvNGEMA0G
CSqGSIb3DQEBCwUAA4IBAQCbfvnduTu/nkdMZJUYZFZTOvumSGD1iXMoRSmpD4jz
fKMSY0HajsLqHQn89lNxCbubmixm/k+WAE6O2zh82Nw37UeFaYPRHJbV7k2IgaNI
yBws5TEj+F6/P42llv5JWt5+6wLaq605/1w+JEjhpDt0kIhrzCQnsATpECZlUoKT
l2n7vXqkbeqw8whbC3HO1I+kyQnZw5+PxVoilZd7GdD9UIc4nXq4KgtMaGDAaz+4
qxxhHAZxp+5M/RpVag5y0GIaqSt6nXrCTE+HisECq4mWhAjYhHmoUuU3H+/qcUxQ
Yh5pThKlgiEHrA4F8LfuT4ePc+Idvc0V/bVRllKUsZhA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:41 2024 by rpki-client on console-fra.rpki-client.org