Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/KdLsjCrkAT57QsjcluRX-ka0av4.roa
File:                     KdLsjCrkAT57QsjcluRX-ka0av4.roa (raw, json)
Hash identifier:          ZxZujo766MF/pl5OPk3o8hz1nsdF0bXQsfhxAATqRh8=
Subject key identifier:   29:D2:EC:8C:2A:E4:01:3E:7B:42:C8:DC:96:E4:57:FA:46:B4:6A:FE
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       018F7B863C9EFF8BD449327E71DBABC9F256
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/KdLsjCrkAT57QsjcluRX-ka0av4.roa
Signing time:             Wed 15 May 2024 09:12:25 +0000
ROA not before:           Wed 15 May 2024 09:12:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198160
IP address blocks:        89.36.32.0/24 maxlen: 24
                          2a14:6780::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 21 May 2024 13:24:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7b:86:3c:9e:ff:8b:d4:49:32:7e:71:db:ab:c9:f2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: May 15 09:12:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29d2ec8c2ae4013e7b42c8dc96e457fa46b46afe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:3e:a9:d7:82:ba:86:3a:da:92:dd:bf:07:d7:
                    82:0c:60:a1:b9:3c:12:c9:a7:d3:c3:2c:cb:c9:65:
                    bc:bc:3c:b7:29:e1:37:f6:4d:bf:6e:f0:e1:fb:41:
                    d4:41:61:5b:bb:86:09:74:2d:49:fa:d5:29:d9:39:
                    37:e3:79:32:c4:0d:57:85:cd:73:24:f4:57:6d:fb:
                    11:d1:a5:2d:fd:98:d2:ea:b0:e2:21:67:bf:00:28:
                    c2:54:e1:5b:d1:f3:74:6b:1b:4d:be:04:d9:32:16:
                    06:73:a4:ea:12:24:cd:24:03:cd:e1:23:02:7b:5f:
                    0c:5d:8d:74:20:31:2e:49:6f:d0:4e:e9:1f:85:11:
                    f9:c7:f4:b3:5f:90:32:77:86:a8:96:17:3e:49:51:
                    76:99:af:40:cb:2d:82:cf:6a:7e:c9:2c:3b:78:c7:
                    a5:63:39:d7:d0:26:d2:cd:50:87:5b:da:a4:16:23:
                    32:29:72:df:1f:47:bc:f3:68:a9:2b:1d:94:83:3d:
                    ae:c8:c6:07:c6:93:d2:03:5e:8a:64:ea:bc:df:5b:
                    ac:c8:8f:aa:97:a3:45:66:26:a1:46:db:01:41:0c:
                    8e:05:1f:cf:5a:d4:e2:35:8a:84:0f:59:03:a4:c3:
                    e2:a5:2e:c2:b3:97:b6:44:f9:d2:e9:d3:56:bd:29:
                    ef:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:D2:EC:8C:2A:E4:01:3E:7B:42:C8:DC:96:E4:57:FA:46:B4:6A:FE
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/KdLsjCrkAT57QsjcluRX-ka0av4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.36.32.0/24
                IPv6:
                  2a14:6780::/29

    Signature Algorithm: sha256WithRSAEncryption
         99:6a:a5:a5:d0:7a:67:56:6f:02:09:51:77:9a:32:9b:96:f2:
         09:af:b7:06:96:ad:35:46:83:39:6a:d6:55:bf:19:e2:8c:a2:
         dd:16:17:91:a0:0c:3a:f3:f8:7a:48:ff:d7:67:7e:c9:73:cc:
         71:ab:11:e9:d2:aa:c7:cf:f1:4f:5a:ac:36:b8:88:b1:e4:ab:
         fb:5f:1f:14:89:17:2d:7a:38:95:dc:4d:f2:be:29:c9:06:25:
         0e:84:dc:6d:58:0e:b8:3b:f8:83:d6:13:77:78:9e:21:76:d8:
         35:46:51:b8:35:5e:88:8f:1b:d1:69:e1:b7:95:bd:c0:91:da:
         2a:11:5b:80:05:24:40:7d:02:2c:ec:c9:fb:e2:a3:6b:35:f0:
         5a:44:1d:00:db:52:b0:ce:4d:c4:04:91:08:33:c3:dc:71:41:
         27:1b:20:2a:8a:3b:da:00:22:c9:d7:15:42:2d:62:5e:dc:8e:
         fc:8a:59:84:7a:d7:64:c5:3b:6c:60:60:d8:09:61:fa:3e:06:
         4b:e5:17:55:a4:b5:b6:4f:5d:3c:e5:d6:56:13:5f:19:2f:74:
         c8:37:58:c4:2c:d5:bd:78:24:ee:99:bb:a6:49:60:4b:f6:ce:
         0f:04:25:e5:dc:67:27:e6:8d:74:c5:46:a6:93:d9:66:b8:48:
         b7:8e:1e:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY97hjye/4vUSTJ+cduryfJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjQwNTE1MDkxMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQyZWM4YzJhZTQwMTNlN2I0MmM4ZGM5NmU0NTdmYTQ2YjQ2YWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvj6p14K6hjrakt2/B9eCDGChuTwS
yafTwyzLyWW8vDy3KeE39k2/bvDh+0HUQWFbu4YJdC1J+tUp2Tk343kyxA1Xhc1z
JPRXbfsR0aUt/ZjS6rDiIWe/ACjCVOFb0fN0axtNvgTZMhYGc6TqEiTNJAPN4SMC
e18MXY10IDEuSW/QTukfhRH5x/SzX5Ayd4aolhc+SVF2ma9Ayy2Cz2p+ySw7eMel
YznX0CbSzVCHW9qkFiMyKXLfH0e882ipKx2Ugz2uyMYHxpPSA16KZOq831usyI+q
l6NFZiahRtsBQQyOBR/PWtTiNYqED1kDpMPipS7Cs5e2RPnS6dNWvSnvpQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCnS7Iwq5AE+e0LI3JbkV/pGtGr+MB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvS2RMc2pDcmtBVDU3UXNqY2x1Ulgta2EwYXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWSQgMA0E
AgACMAcDBQMqFGeAMA0GCSqGSIb3DQEBCwUAA4IBAQCZaqWl0HpnVm8CCVF3mjKb
lvIJr7cGlq01RoM5atZVvxnijKLdFheRoAw68/h6SP/XZ37Jc8xxqxHp0qrHz/FP
Wqw2uIix5Kv7Xx8UiRctejiV3E3yvinJBiUOhNxtWA64O/iD1hN3eJ4hdtg1RlG4
NV6IjxvRaeG3lb3AkdoqEVuABSRAfQIs7Mn74qNrNfBaRB0A21Kwzk3EBJEIM8Pc
cUEnGyAqijvaACLJ1xVCLWJe3I78ilmEetdkxTtsYGDYCWH6PgZL5RdVpLW2T108
5dZWE18ZL3TIN1jELNW9eCTumbumSWBL9s4PBCXl3Gcn5o10xUamk9lmuEi3jh4u
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:44 2024 by rpki-client on console-fra.rpki-client.org