Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/kYD_rNgEwykzK_N1zqffKXPUkU4.roa
File:                     kYD_rNgEwykzK_N1zqffKXPUkU4.roa (raw, json)
Hash identifier:          9NAtpQh6eh5LAFnktzcwIpxPoanSnkTTuquDXIhKBp8=
Subject key identifier:   91:80:FF:AC:D8:04:C3:29:33:2B:F3:75:CE:A7:DF:29:73:D4:91:4E
Certificate issuer:       /CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
Certificate serial:       018E9F7BF613EF9837B1C54838B5D2CE0C06
Authority key identifier: 35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/kYD_rNgEwykzK_N1zqffKXPUkU4.roa
Signing time:             Tue 02 Apr 2024 15:44:45 +0000
ROA not before:           Tue 02 Apr 2024 15:44:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        157.5.48.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 22 Apr 2024 16:22:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:7b:f6:13:ef:98:37:b1:c5:48:38:b5:d2:ce:0c:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35ef79c51e3fa084332064aa0b83608d6e41c12b
        Validity
            Not Before: Apr  2 15:44:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9180ffacd804c329332bf375cea7df2973d4914e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:01:a9:d5:a3:21:c3:e8:ed:26:27:d4:90:d0:
                    17:c9:4d:21:00:06:e6:6a:af:3b:52:d4:05:b7:55:
                    6b:35:36:9e:8f:57:c8:b6:61:6a:72:32:3b:8f:e0:
                    a4:04:99:c3:fc:e4:aa:69:35:60:b4:e0:59:bc:41:
                    c2:c2:dd:f0:ff:0f:10:6e:29:d6:86:58:d6:8d:e0:
                    16:ff:d9:f6:bf:86:e7:27:aa:e0:12:17:6a:9d:a6:
                    53:2d:67:3d:bb:c5:e2:75:60:31:96:9a:cf:58:3c:
                    3e:fa:dd:01:b2:37:8d:b6:1e:0c:06:72:32:24:47:
                    ad:ce:81:3d:c8:e7:98:1f:a7:d9:cd:5c:1f:ca:3d:
                    26:ba:8a:6a:a5:0c:18:05:be:c9:fd:06:d7:28:03:
                    20:5b:9d:07:12:19:a3:94:94:5c:c6:99:a4:db:6f:
                    b1:40:41:8d:a1:18:c8:aa:b0:c2:16:fc:94:31:e1:
                    2d:96:29:c5:d7:d5:f5:b2:5e:04:37:5c:50:04:6e:
                    17:ba:13:d3:0b:9d:f4:6e:31:99:29:d0:08:8d:d7:
                    c2:4f:e7:ab:fd:52:98:69:8e:8e:06:69:f1:d8:65:
                    ba:73:e9:03:b9:c1:9a:14:42:a0:ca:f1:43:7c:55:
                    34:c1:3e:c9:b0:0f:37:99:65:0b:dc:ff:96:9a:39:
                    5c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:80:FF:AC:D8:04:C3:29:33:2B:F3:75:CE:A7:DF:29:73:D4:91:4E
            X509v3 Authority Key Identifier:
                keyid:35:EF:79:C5:1E:3F:A0:84:33:20:64:AA:0B:83:60:8D:6E:41:C1:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ne95xR4_oIQzIGSqC4NgjW5BwSs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/kYD_rNgEwykzK_N1zqffKXPUkU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/d3f0f3-dded-42dc-82e0-e3d9531dfd2b/1/Ne95xR4_oIQzIGSqC4NgjW5BwSs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.5.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         13:f6:b7:02:51:5f:d3:86:83:e2:00:f0:03:b8:19:3a:19:1d:
         53:03:38:f9:67:cc:c4:24:8f:af:ac:d7:96:b1:10:53:47:25:
         44:80:cf:69:11:e4:e8:8f:a5:64:5a:c5:fa:7f:a1:29:eb:dd:
         a5:e2:a1:10:ca:a5:50:43:be:a7:5e:e0:0c:1c:e0:92:b7:95:
         58:82:7f:1d:d1:b0:39:23:a7:e1:09:cc:79:58:58:73:fb:a7:
         15:c3:8c:53:fd:05:32:22:02:63:d4:a9:f9:31:53:f4:33:85:
         64:86:6a:61:4d:db:2b:51:4c:c5:54:d5:ff:3e:3e:bc:04:83:
         36:2a:7b:03:f4:e5:80:a5:3f:c7:46:08:b9:fa:a6:42:36:ca:
         dd:8c:c6:f0:6d:cb:2f:77:4f:e6:0a:e6:4d:09:f5:8b:70:55:
         e5:b7:d7:a4:6d:b4:e7:44:9c:59:6e:f9:1e:97:c2:69:6d:a1:
         40:08:a2:0e:c3:05:0a:b7:89:5d:b6:bb:7f:04:21:fc:05:b2:
         c8:1b:5d:ce:b9:83:dc:ea:58:59:9a:2d:c5:24:9f:f4:9e:1b:
         78:c7:2a:27:2e:bb:e6:e8:4d:ab:69:b7:6d:a1:90:33:ca:5f:
         5e:62:c8:f0:4d:1d:12:95:d0:2c:05:ec:d4:cd:e5:37:16:8f:
         ad:7b:c8:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6fe/YT75g3scVIOLXSzgwGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1ZWY3OWM1MWUzZmEwODQzMzIwNjRhYTBiODM2MDhkNmU0
MWMxMmIwHhcNMjQwNDAyMTU0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTgwZmZhY2Q4MDRjMzI5MzMyYmYzNzVjZWE3ZGYyOTczZDQ5MTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QGp1aMhw+jtJifUkNAXyU0hAAbm
aq87UtQFt1VrNTaej1fItmFqcjI7j+CkBJnD/OSqaTVgtOBZvEHCwt3w/w8QbinW
hljWjeAW/9n2v4bnJ6rgEhdqnaZTLWc9u8XidWAxlprPWDw++t0BsjeNth4MBnIy
JEetzoE9yOeYH6fZzVwfyj0muopqpQwYBb7J/QbXKAMgW50HEhmjlJRcxpmk22+x
QEGNoRjIqrDCFvyUMeEtlinF19X1sl4EN1xQBG4XuhPTC530bjGZKdAIjdfCT+er
/VKYaY6OBmnx2GW6c+kDucGaFEKgyvFDfFU0wT7JsA83mWUL3P+Wmjlc/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJGA/6zYBMMpMyvzdc6n3ylz1JFOMB8GA1UdIwQY
MBaAFDXvecUeP6CEMyBkqguDYI1uQcErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAt
ZTNkOTUzMWRmZDJiLzEva1lEX3JOZ0V3eWt6S19OMXpxZmZLWFBVa1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kM2YwZjMtZGRlZC00MmRjLTgyZTAtZTNkOTUzMWRmZDJi
LzEvTmU5NXhSNF9vSVF6SUdTcUM0TmdqVzVCd1NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDnQUwMA0G
CSqGSIb3DQEBCwUAA4IBAQAT9rcCUV/ThoPiAPADuBk6GR1TAzj5Z8zEJI+vrNeW
sRBTRyVEgM9pEeToj6VkWsX6f6Ep692l4qEQyqVQQ76nXuAMHOCSt5VYgn8d0bA5
I6fhCcx5WFhz+6cVw4xT/QUyIgJj1Kn5MVP0M4VkhmphTdsrUUzFVNX/Pj68BIM2
KnsD9OWApT/HRgi5+qZCNsrdjMbwbcsvd0/mCuZNCfWLcFXlt9ekbbTnRJxZbvke
l8JpbaFACKIOwwUKt4ldtrt/BCH8BbLIG13OuYPc6lhZmi3FJJ/0nht4xyonLrvm
6E2rabdtoZAzyl9eYsjwTR0SldAsBezUzeU3Fo+te8hn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:02 2024 by rpki-client on console-fra.rpki-client.org