Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/n0573z0R-BfDhea4b5HhFUbtqwk.roa
File:                     n0573z0R-BfDhea4b5HhFUbtqwk.roa (raw, json)
Hash identifier:          1KwMnCcPF5itI0+PobaZ7YlkJqjG4DsD21ffolsi9yE=
Subject key identifier:   9F:4E:7B:DF:3D:11:F8:17:C3:85:E6:B8:6F:91:E1:15:46:ED:AB:09
Certificate issuer:       /CN=66ed3ba68c78bff2c4724400ade6348482fb4364
Certificate serial:       018C936E72CAB660CE7808C0DDEA85806EE1
Authority key identifier: 66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/n0573z0R-BfDhea4b5HhFUbtqwk.roa
Signing time:             Fri 22 Dec 2023 21:28:58 +0000
ROA not before:           Fri 22 Dec 2023 21:28:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64289
IP address blocks:        192.189.157.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:93:6e:72:ca:b6:60:ce:78:08:c0:dd:ea:85:80:6e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ed3ba68c78bff2c4724400ade6348482fb4364
        Validity
            Not Before: Dec 22 21:28:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f4e7bdf3d11f817c385e6b86f91e11546edab09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1f:0b:12:0c:7b:f7:65:ba:14:13:b0:c8:4f:
                    21:f0:26:7c:93:9f:7f:39:ab:be:c4:76:da:9d:dd:
                    b0:fd:94:82:86:04:0c:52:3a:bf:80:04:f0:1b:55:
                    30:3f:65:ff:74:dd:95:6a:43:c6:16:64:9d:52:c7:
                    39:78:a3:09:ab:84:d6:9a:b6:a8:29:4c:c6:36:47:
                    c6:93:75:1e:77:d1:81:a3:a5:f0:ff:2c:78:dc:47:
                    43:b6:f5:df:a2:8a:80:fd:5c:83:c6:65:bc:7c:78:
                    cc:ec:3d:e5:19:a4:db:60:a9:78:c7:30:5f:e4:1f:
                    68:7b:9f:df:dc:0b:8f:93:bf:c4:6d:15:c5:d5:4e:
                    d0:ee:cd:ed:52:71:a0:61:d0:d9:1c:11:05:dd:af:
                    e6:22:d0:61:cf:0f:32:5f:fc:c8:e5:00:0a:f9:cd:
                    3a:22:40:34:08:18:23:25:15:18:0f:ad:62:33:c9:
                    53:92:ab:b7:98:69:ca:e7:0b:3a:de:e9:11:43:0e:
                    e5:b9:f5:d2:d2:b8:9b:0e:c9:a1:d0:c1:de:be:51:
                    30:2f:05:9c:b2:e2:d3:c5:38:9a:30:73:f5:6a:1e:
                    db:ff:c2:00:53:bf:51:e5:87:48:60:e0:8b:3c:e0:
                    bb:77:21:e3:44:a5:d2:55:f4:c0:d4:94:98:ec:ea:
                    1b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:4E:7B:DF:3D:11:F8:17:C3:85:E6:B8:6F:91:E1:15:46:ED:AB:09
            X509v3 Authority Key Identifier:
                keyid:66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/n0573z0R-BfDhea4b5HhFUbtqwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.189.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:8c:a7:af:1b:c2:87:3b:ad:2a:d7:57:cd:b5:ec:34:de:bd:
         7e:44:fb:df:8b:63:c0:4f:18:ce:35:7a:8d:4f:e3:6c:89:15:
         d5:32:66:5d:4b:26:77:52:45:74:46:be:c2:2a:a3:21:ff:0a:
         40:7d:e2:3c:e0:2b:94:23:19:58:7e:a7:cc:35:5c:96:43:bf:
         21:3f:de:05:3e:cc:d8:11:cc:af:70:22:41:69:8d:0c:8d:02:
         bb:8b:cf:48:2b:6f:eb:2a:a1:61:3a:a4:17:25:bf:ba:4f:fb:
         ac:f0:74:a9:b8:65:73:de:5f:5e:20:76:68:1e:17:e7:a8:be:
         24:55:f4:a6:a4:00:72:50:36:aa:9c:f6:98:eb:ab:82:7a:cb:
         9d:15:36:da:23:e3:bb:30:31:bb:c8:ee:bc:a0:8c:fb:28:54:
         a3:e8:c8:43:eb:09:e2:42:1f:db:ee:2e:0d:f5:6d:dc:be:19:
         ef:52:e0:db:44:5a:5a:45:77:42:a2:ec:21:c2:df:56:6f:f8:
         2a:19:fe:13:7b:4e:fb:43:5e:03:79:c2:b0:c7:a0:21:a9:1d:
         87:90:db:d5:0c:cd:80:ac:bd:68:99:58:69:42:53:a3:89:9c:
         cc:5a:47:c8:b7:26:64:76:bf:5b:09:03:cd:f9:bb:ca:e0:02:
         de:10:84:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyTbnLKtmDOeAjA3eqFgG7hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWQzYmE2OGM3OGJmZjJjNDcyNDQwMGFkZTYzNDg0ODJm
YjQzNjQwHhcNMjMxMjIyMjEyODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjRlN2JkZjNkMTFmODE3YzM4NWU2Yjg2ZjkxZTExNTQ2ZWRhYjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB8LEgx792W6FBOwyE8h8CZ8k59/
Oau+xHband2w/ZSChgQMUjq/gATwG1UwP2X/dN2VakPGFmSdUsc5eKMJq4TWmrao
KUzGNkfGk3Ued9GBo6Xw/yx43EdDtvXfooqA/VyDxmW8fHjM7D3lGaTbYKl4xzBf
5B9oe5/f3AuPk7/EbRXF1U7Q7s3tUnGgYdDZHBEF3a/mItBhzw8yX/zI5QAK+c06
IkA0CBgjJRUYD61iM8lTkqu3mGnK5ws63ukRQw7lufXS0ribDsmh0MHevlEwLwWc
suLTxTiaMHP1ah7b/8IAU79R5YdIYOCLPOC7dyHjRKXSVfTA1JSY7OobRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9Oe989EfgXw4XmuG+R4RVG7asJMB8GA1UdIwQY
MBaAFGbtO6aMeL/yxHJEAK3mNISC+0NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMt
MGE0M2I3YTNlYjU0LzEvbjA1NzN6MFItQmZEaGVhNGI1SGhGVWJ0cXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMtMGE0M2I3YTNlYjU0
LzEvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwL2dMA0G
CSqGSIb3DQEBCwUAA4IBAQBPjKevG8KHO60q11fNtew03r1+RPvfi2PATxjONXqN
T+NsiRXVMmZdSyZ3UkV0Rr7CKqMh/wpAfeI84CuUIxlYfqfMNVyWQ78hP94FPszY
EcyvcCJBaY0MjQK7i89IK2/rKqFhOqQXJb+6T/us8HSpuGVz3l9eIHZoHhfnqL4k
VfSmpAByUDaqnPaY66uCesudFTbaI+O7MDG7yO68oIz7KFSj6MhD6wniQh/b7i4N
9W3cvhnvUuDbRFpaRXdCouwhwt9Wb/gqGf4Te077Q14DecKwx6AhqR2HkNvVDM2A
rL1omVhpQlOjiZzMWkfItyZkdr9bCQPN+bvK4ALeEISi
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:36 2024 by rpki-client on console-ams.rpki-client.org