Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/ef829a-acfc-4402-95ce-383fb2b954d9/1/hkitn5No_jg9x45QFYFnJWakEsQ.roa
File:                     hkitn5No_jg9x45QFYFnJWakEsQ.roa (raw, json)
Hash identifier:          Oo6GsoeOQJGwVxXgNRy0Qvz5EwncSp9NIbjTt2Ua+BE=
Subject key identifier:   86:48:AD:9F:93:68:FE:38:3D:C7:8E:50:15:81:67:25:66:A4:12:C4
Certificate issuer:       /CN=dee72c8faecb7052c841201b25f6a018e477b1c2
Certificate serial:       018CC801CEE2E6DF512F592E8FB6742C6AA2
Authority key identifier: DE:E7:2C:8F:AE:CB:70:52:C8:41:20:1B:25:F6:A0:18:E4:77:B1:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ucsj67LcFLIQSAbJfagGOR3scI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/ef829a-acfc-4402-95ce-383fb2b954d9/1/hkitn5No_jg9x45QFYFnJWakEsQ.roa
Signing time:             Tue 02 Jan 2024 02:30:10 +0000
ROA not before:           Tue 02 Jan 2024 02:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47216
IP address blocks:        193.111.236.0/24 maxlen: 24
                          2a11:7bc0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 24 Jun 2024 08:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ce:e2:e6:df:51:2f:59:2e:8f:b6:74:2c:6a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dee72c8faecb7052c841201b25f6a018e477b1c2
        Validity
            Not Before: Jan  2 02:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8648ad9f9368fe383dc78e501581672566a412c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:c8:39:d7:1c:29:2c:a7:75:d8:a4:0e:68:d4:
                    69:dd:b5:18:b3:ba:32:80:4a:df:31:ab:7f:a2:fd:
                    bd:cf:0e:f1:f0:c5:72:79:bc:25:20:35:5a:27:14:
                    e5:23:08:d9:1b:57:4c:2d:15:5b:6e:37:c0:78:58:
                    94:b6:ec:6f:f7:d3:e1:92:17:18:96:c6:ef:36:ff:
                    8d:20:b0:88:97:da:cb:e7:6c:84:a2:a7:12:52:8a:
                    b7:4e:73:e8:ba:0a:e3:93:2a:fb:b4:06:b1:ad:53:
                    3e:39:ee:02:9d:d6:b8:f5:af:2e:98:68:6f:80:ba:
                    52:ec:08:60:97:b0:d9:a3:10:12:f2:a8:2b:fc:7e:
                    40:f0:bf:8e:c4:9d:a4:eb:99:5f:ce:06:43:62:50:
                    14:eb:d6:f9:4b:43:03:0e:bc:be:ef:a9:e1:d4:3b:
                    08:dc:52:fc:c0:03:0d:67:02:9b:74:eb:5f:f4:88:
                    6f:21:70:55:37:75:0b:63:42:89:a3:1e:b2:e0:a5:
                    60:cb:d2:88:5b:bb:63:b7:17:97:2f:97:ac:45:bb:
                    c7:e7:37:71:f0:cf:ea:f3:06:fd:34:57:aa:1b:8e:
                    16:69:02:e8:62:f6:70:35:ce:92:c5:a1:d1:18:c1:
                    09:cf:26:fc:e5:3d:fb:d7:89:92:68:71:c0:e2:b7:
                    00:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:48:AD:9F:93:68:FE:38:3D:C7:8E:50:15:81:67:25:66:A4:12:C4
            X509v3 Authority Key Identifier:
                keyid:DE:E7:2C:8F:AE:CB:70:52:C8:41:20:1B:25:F6:A0:18:E4:77:B1:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ucsj67LcFLIQSAbJfagGOR3scI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/ef829a-acfc-4402-95ce-383fb2b954d9/1/hkitn5No_jg9x45QFYFnJWakEsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/ef829a-acfc-4402-95ce-383fb2b954d9/1/3ucsj67LcFLIQSAbJfagGOR3scI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.236.0/24
                IPv6:
                  2a11:7bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:64:b4:c7:d8:1e:bc:c0:ed:21:16:a8:4d:f0:ad:b5:84:34:
         6e:1e:52:d0:b5:c2:5d:3e:d9:e7:e9:11:a4:f4:6b:2e:2f:5d:
         94:83:6e:e5:03:18:4c:e1:bf:a3:4e:1d:c9:ef:69:bc:31:58:
         8e:50:4d:48:97:4b:17:82:5b:6c:5b:4e:ae:c6:3a:b5:f3:1c:
         1d:b5:c8:60:42:5f:2e:3a:36:b0:9c:33:41:3e:44:94:dd:31:
         8b:00:6a:77:03:17:b9:3b:87:6e:c3:64:fe:dd:9b:b6:65:71:
         6f:fa:3e:c2:08:a2:e0:85:c7:88:47:c5:83:f5:4a:1d:24:0c:
         d8:3e:41:bf:42:41:79:58:0f:cb:b1:13:56:c6:93:81:9a:d4:
         4c:44:49:a4:14:4e:7d:1c:fb:29:54:96:1b:3f:7d:2a:81:6c:
         4a:91:65:2d:d9:fc:b1:43:24:59:26:7e:a2:ca:49:f7:db:a2:
         90:f6:1f:e3:fc:89:16:b7:af:41:49:b2:93:cc:c6:ce:7e:4e:
         94:9e:6d:41:7d:4a:30:af:fe:03:79:e9:27:a7:e4:7b:e4:9d:
         d1:bc:a4:21:e9:81:9e:fc:cd:92:98:65:4d:4c:9e:9c:b2:79:
         da:27:91:0a:00:97:e6:9b:2f:1b:35:80:0b:65:18:56:bc:e6:
         ed:59:81:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAc7i5t9RL1kuj7Z0LGqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZTcyYzhmYWVjYjcwNTJjODQxMjAxYjI1ZjZhMDE4ZTQ3
N2IxYzIwHhcNMjQwMTAyMDIzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ4YWQ5ZjkzNjhmZTM4M2RjNzhlNTAxNTgxNjcyNTY2YTQxMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8g51xwpLKd12KQOaNRp3bUYs7oy
gErfMat/ov29zw7x8MVyebwlIDVaJxTlIwjZG1dMLRVbbjfAeFiUtuxv99PhkhcY
lsbvNv+NILCIl9rL52yEoqcSUoq3TnPougrjkyr7tAaxrVM+Oe4Cnda49a8umGhv
gLpS7Ahgl7DZoxAS8qgr/H5A8L+OxJ2k65lfzgZDYlAU69b5S0MDDry+76nh1DsI
3FL8wAMNZwKbdOtf9IhvIXBVN3ULY0KJox6y4KVgy9KIW7tjtxeXL5esRbvH5zdx
8M/q8wb9NFeqG44WaQLoYvZwNc6SxaHRGMEJzyb85T3714mSaHHA4rcAlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIZIrZ+TaP44PceOUBWBZyVmpBLEMB8GA1UdIwQY
MBaAFN7nLI+uy3BSyEEgGyX2oBjkd7HCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Vjc2o2N0xjRkxJUVNBYkpmYWdHT1Izc2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lZjgyOWEtYWNmYy00NDAyLTk1Y2Ut
MzgzZmIyYjk1NGQ5LzEvaGtpdG41Tm9famc5eDQ1UUZZRm5KV2FrRXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lZjgyOWEtYWNmYy00NDAyLTk1Y2UtMzgzZmIyYjk1NGQ5
LzEvM3Vjc2o2N0xjRkxJUVNBYkpmYWdHT1Izc2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwW/sMA0E
AgACMAcDBQMqEXvAMA0GCSqGSIb3DQEBCwUAA4IBAQAQZLTH2B68wO0hFqhN8K21
hDRuHlLQtcJdPtnn6RGk9GsuL12Ug27lAxhM4b+jTh3J72m8MViOUE1Il0sXglts
W06uxjq18xwdtchgQl8uOjawnDNBPkSU3TGLAGp3Axe5O4duw2T+3Zu2ZXFv+j7C
CKLghceIR8WD9UodJAzYPkG/QkF5WA/LsRNWxpOBmtRMREmkFE59HPspVJYbP30q
gWxKkWUt2fyxQyRZJn6iykn326KQ9h/j/IkWt69BSbKTzMbOfk6Unm1BfUowr/4D
eeknp+R75J3RvKQh6YGe/M2SmGVNTJ6csnnaJ5EKAJfmmy8bNYALZRhWvObtWYFz
-----END CERTIFICATE-----
Generated at Mon Jun 24 10:44:43 2024 by rpki-client on console-fra.rpki-client.org