Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/2nFryoy9hN-ZEJ56exr1x7lBxe4.roa
File:                     2nFryoy9hN-ZEJ56exr1x7lBxe4.roa (raw, json)
Hash identifier:          YyUpjrYlXAj25QD8zDDCIZPTihn+B3wKOZoQl+L0x1w=
Subject key identifier:   DA:71:6B:CA:8C:BD:84:DF:99:10:9E:7A:7B:1A:F5:C7:B9:41:C5:EE
Certificate issuer:       /CN=b05442c4ffe9c1d761e7c569360ead042438f903
Certificate serial:       01856E2FBA0C2A1D459E00B50D4A4ECEB8D6
Authority key identifier: B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/2nFryoy9hN-ZEJ56exr1x7lBxe4.roa
Signing time:             Sun 01 Jan 2023 16:34:59 +0000
ROA not before:           Sun 01 Jan 2023 16:34:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209545
IP address blocks:        134.101.126.0/24 maxlen: 24
                          134.101.127.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:ba:0c:2a:1d:45:9e:00:b5:0d:4a:4e:ce:b8:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05442c4ffe9c1d761e7c569360ead042438f903
        Validity
            Not Before: Jan  1 16:34:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=da716bca8cbd84df99109e7a7b1af5c7b941c5ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:1c:99:94:28:64:bf:e2:8e:ff:3c:ac:c1:60:
                    4c:f7:7e:ed:47:d6:c4:8f:e5:eb:fa:a2:08:4a:b4:
                    9a:ce:71:12:cc:1f:25:75:23:c1:40:7c:8e:b4:54:
                    88:b4:f1:be:f0:f0:a8:b3:4a:d6:c0:16:52:2e:3e:
                    2a:5f:0f:d0:c3:81:8b:4f:f3:0f:0e:e5:54:b7:f9:
                    ca:7f:38:9e:e6:4f:cb:8a:32:de:bc:1d:fe:08:bb:
                    8d:8e:18:c4:a8:32:9e:fd:0e:12:76:63:40:41:b2:
                    05:92:71:7b:5c:2a:c3:c6:2e:75:ec:9c:b7:11:e1:
                    50:60:62:fd:76:a4:7c:8d:9f:ca:b5:e9:05:e4:e1:
                    89:f9:ed:6b:70:71:d7:4a:67:56:a1:52:55:04:de:
                    87:aa:a5:2e:d1:9e:99:4c:f5:30:76:05:21:e7:2c:
                    5c:3e:1c:a3:5d:62:be:51:b5:dc:f0:06:80:13:6c:
                    33:e2:b0:9e:7f:6e:7b:d8:78:9a:99:85:fd:62:bb:
                    9a:4c:91:78:79:ab:25:5e:54:4d:bf:e2:6d:2f:24:
                    46:c9:3d:a0:cd:79:9e:43:13:36:a3:6d:73:e2:d4:
                    66:fd:a9:0b:16:64:bf:11:60:0e:87:cf:ad:f7:6a:
                    43:ed:66:d8:ad:c9:d8:fa:eb:17:4a:1c:cc:d3:0a:
                    c9:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:71:6B:CA:8C:BD:84:DF:99:10:9E:7A:7B:1A:F5:C7:B9:41:C5:EE
            X509v3 Authority Key Identifier:
                keyid:B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/2nFryoy9hN-ZEJ56exr1x7lBxe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/sFRCxP_pwddh58VpNg6tBCQ4-QM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.101.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:ca:1d:2f:76:0e:53:56:4b:4d:bf:86:de:8e:cf:89:db:a1:
         10:0a:68:90:44:1f:05:dd:d5:7f:79:17:c3:5e:ee:0c:f7:60:
         10:24:81:02:5d:56:8b:18:c1:75:87:36:ed:68:07:1e:4b:0a:
         7e:e3:1c:9d:c6:a7:93:7f:cc:b1:95:35:71:ae:ca:64:0f:9b:
         8b:d7:d1:22:6c:52:bb:25:ad:d9:0a:18:32:44:21:96:ef:f2:
         4b:1b:69:4d:b5:be:63:99:45:15:48:11:5c:69:66:89:bd:7d:
         14:38:e1:88:e5:5c:b7:32:63:b7:68:f5:3a:a4:a5:39:57:ad:
         62:60:7a:c1:bc:ac:d2:45:75:3a:0b:71:3a:eb:24:7c:7a:50:
         96:95:29:c7:7b:ad:be:62:90:98:41:10:26:c5:1c:50:92:1b:
         69:a4:0a:c3:f0:ca:c1:3f:5e:09:c4:7f:2b:54:52:31:22:32:
         50:8f:8c:70:62:64:3d:6e:0e:be:70:a8:c4:4e:bf:24:8a:d8:
         b2:9d:8f:1d:ef:87:22:9c:df:1b:a7:03:f5:e2:41:f4:a0:69:
         63:99:60:aa:fa:a9:86:ad:d7:3a:44:5d:d9:6b:19:ce:08:67:
         9d:81:48:99:5c:67:f1:b6:f5:3f:06:32:4b:4c:b7:ee:95:73:
         a3:0b:6c:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuL7oMKh1FngC1DUpOzrjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTQ0MmM0ZmZlOWMxZDc2MWU3YzU2OTM2MGVhZDA0MjQz
OGY5MDMwHhcNMjMwMTAxMTYzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTcxNmJjYThjYmQ4NGRmOTkxMDllN2E3YjFhZjVjN2I5NDFjNWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxyZlChkv+KO/zyswWBM937tR9bE
j+Xr+qIISrSaznESzB8ldSPBQHyOtFSItPG+8PCos0rWwBZSLj4qXw/Qw4GLT/MP
DuVUt/nKfzie5k/LijLevB3+CLuNjhjEqDKe/Q4SdmNAQbIFknF7XCrDxi517Jy3
EeFQYGL9dqR8jZ/KtekF5OGJ+e1rcHHXSmdWoVJVBN6HqqUu0Z6ZTPUwdgUh5yxc
PhyjXWK+UbXc8AaAE2wz4rCef2572HiamYX9YruaTJF4easlXlRNv+JtLyRGyT2g
zXmeQxM2o21z4tRm/akLFmS/EWAOh8+t92pD7WbYrcnY+usXShzM0wrJOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpxa8qMvYTfmRCeensa9ce5QcXuMB8GA1UdIwQY
MBaAFLBUQsT/6cHXYefFaTYOrQQkOPkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGIt
NmVkMzMxZjMxZTA5LzEvMm5GcnlveTloTi1aRUo1NmV4cjF4N2xCeGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGItNmVkMzMxZjMxZTA5
LzEvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBhmV+MA0G
CSqGSIb3DQEBCwUAA4IBAQBQyh0vdg5TVktNv4bejs+J26EQCmiQRB8F3dV/eRfD
Xu4M92AQJIECXVaLGMF1hzbtaAceSwp+4xydxqeTf8yxlTVxrspkD5uL19EibFK7
Ja3ZChgyRCGW7/JLG2lNtb5jmUUVSBFcaWaJvX0UOOGI5Vy3MmO3aPU6pKU5V61i
YHrBvKzSRXU6C3E66yR8elCWlSnHe62+YpCYQRAmxRxQkhtppArD8MrBP14JxH8r
VFIxIjJQj4xwYmQ9bg6+cKjETr8kitiynY8d74cinN8bpwP14kH0oGljmWCq+qmG
rdc6RF3ZaxnOCGedgUiZXGfxtvU/BjJLTLfulXOjC2zT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:45 2024 by rpki-client on console-ams.rpki-client.org