Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/iQHykt62soXMKne_HYX9Mi-XFic.roa
File:                     iQHykt62soXMKne_HYX9Mi-XFic.roa (raw, json)
Hash identifier:          bxgy2a3rNCysSZeubK3IqnW7Rny7mo1ngKT7P9sn8gM=
Subject key identifier:   89:01:F2:92:DE:B6:B2:85:CC:2A:77:BF:1D:85:FD:32:2F:97:16:27
Certificate issuer:       /CN=94d98e8fec680775a157266e0c6b78b141a34f5e
Certificate serial:       01856CCADEB5202B86BF4E480BB720960B69
Authority key identifier: 94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/iQHykt62soXMKne_HYX9Mi-XFic.roa
Signing time:             Sun 01 Jan 2023 10:05:12 +0000
ROA not before:           Sun 01 Jan 2023 10:05:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21100
IP address blocks:        195.123.216.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ca:de:b5:20:2b:86:bf:4e:48:0b:b7:20:96:0b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94d98e8fec680775a157266e0c6b78b141a34f5e
        Validity
            Not Before: Jan  1 10:05:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8901f292deb6b285cc2a77bf1d85fd322f971627
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:03:5d:84:23:eb:08:ee:44:80:12:9c:ca:ce:
                    cd:94:fc:6a:3f:ca:35:68:b4:d9:fa:ff:15:17:3a:
                    cb:b0:7c:8d:fb:48:fc:a5:c5:7d:f8:94:6b:d3:d6:
                    c7:36:d3:48:65:cb:e4:7c:65:c7:2c:d6:ff:ae:66:
                    15:5d:e9:6d:22:88:b2:8d:c2:d1:44:9d:89:df:d2:
                    b0:8a:25:7b:ef:3b:45:3d:8d:50:0c:bd:16:ee:03:
                    49:53:f9:2e:b9:34:0b:39:04:6b:2f:d6:05:4c:94:
                    fa:19:8b:f3:06:e5:50:6a:85:5b:5a:b5:2e:64:31:
                    a3:6e:32:69:a7:ae:20:a0:bb:df:63:76:b6:8a:4a:
                    a4:9b:fa:e5:3d:05:4d:ce:8f:5b:39:a8:ec:2e:eb:
                    09:2f:3c:20:20:30:56:b6:c2:a7:a4:ea:fd:69:ac:
                    6e:03:70:8f:54:6e:a7:5e:49:a6:20:92:6e:78:77:
                    a8:9f:68:be:56:d6:71:70:8d:02:a2:9a:99:2c:b4:
                    97:0a:bd:37:b8:4a:09:d1:98:16:84:a2:d8:5e:f6:
                    7c:84:01:c6:e3:6b:90:f2:65:ce:19:a9:ca:6c:ee:
                    83:3e:d2:da:63:6f:0a:37:cc:f0:82:8d:a5:30:3d:
                    d0:65:1e:a2:66:c1:0c:b6:86:99:27:dc:19:63:03:
                    37:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:01:F2:92:DE:B6:B2:85:CC:2A:77:BF:1D:85:FD:32:2F:97:16:27
            X509v3 Authority Key Identifier:
                keyid:94:D9:8E:8F:EC:68:07:75:A1:57:26:6E:0C:6B:78:B1:41:A3:4F:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNmOj-xoB3WhVyZuDGt4sUGjT14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/iQHykt62soXMKne_HYX9Mi-XFic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7ae3c7-67e4-44de-b139-87d17df74c7e/1/lNmOj-xoB3WhVyZuDGt4sUGjT14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.123.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         48:b6:f5:25:fd:c4:b6:d9:f8:e8:d9:74:3b:3c:44:66:86:2a:
         76:7d:c3:cb:e8:f2:4f:66:be:7e:5c:65:b5:64:1d:0d:1f:c8:
         97:59:d4:20:3b:2e:cb:17:df:b5:b2:81:c3:52:6e:c1:44:16:
         0c:8a:46:19:54:fc:64:44:b4:92:9c:58:cf:4f:b0:e0:33:39:
         fb:61:e8:ea:32:d5:53:75:fb:ab:ec:f1:a3:0c:65:5a:4f:aa:
         c3:46:13:7f:b8:41:9b:cc:08:b6:a4:8c:4f:14:b2:d2:95:65:
         50:4e:f2:15:6b:01:73:08:3c:1e:de:51:86:df:53:9b:f6:95:
         6a:2f:60:b0:57:ec:d9:d6:54:a7:01:0a:99:4e:4f:a5:f7:9b:
         bc:37:6d:bf:0b:8c:16:28:36:9a:3c:3f:dd:fa:c0:79:13:2b:
         47:98:a9:21:b2:5a:38:a9:bd:ca:00:71:48:11:a0:96:c9:cd:
         d1:25:b9:ae:99:a2:77:d2:a2:7e:56:aa:f2:dc:aa:02:4f:02:
         b6:fc:97:05:4c:b4:ec:cd:9a:21:ea:51:6f:9b:19:cf:9b:91:
         fb:66:c4:51:d4:f5:ef:1c:dc:c9:1a:28:da:a6:ed:be:e7:3a:
         44:f0:f4:9f:0a:96:26:3d:97:f9:c3:cb:ad:9f:19:59:ea:87:
         67:47:46:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsyt61ICuGv05IC7cglgtpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZDk4ZThmZWM2ODA3NzVhMTU3MjY2ZTBjNmI3OGIxNDFh
MzRmNWUwHhcNMjMwMTAxMTAwNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTAxZjI5MmRlYjZiMjg1Y2MyYTc3YmYxZDg1ZmQzMjJmOTcxNjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowNdhCPrCO5EgBKcys7NlPxqP8o1
aLTZ+v8VFzrLsHyN+0j8pcV9+JRr09bHNtNIZcvkfGXHLNb/rmYVXeltIoiyjcLR
RJ2J39KwiiV77ztFPY1QDL0W7gNJU/kuuTQLOQRrL9YFTJT6GYvzBuVQaoVbWrUu
ZDGjbjJpp64goLvfY3a2ikqkm/rlPQVNzo9bOajsLusJLzwgIDBWtsKnpOr9aaxu
A3CPVG6nXkmmIJJueHeon2i+VtZxcI0CopqZLLSXCr03uEoJ0ZgWhKLYXvZ8hAHG
42uQ8mXOGanKbO6DPtLaY28KN8zwgo2lMD3QZR6iZsEMtoaZJ9wZYwM3JQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkB8pLetrKFzCp3vx2F/TIvlxYnMB8GA1UdIwQY
MBaAFJTZjo/saAd1oVcmbgxreLFBo09eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzkt
ODdkMTdkZjc0YzdlLzEvaVFIeWt0NjJzb1hNS25lX0hZWDlNaS1YRmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83YWUzYzctNjdlNC00NGRlLWIxMzktODdkMTdkZjc0Yzdl
LzEvbE5tT2oteG9CM1doVnladURHdDRzVUdqVDE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDw3vYMA0G
CSqGSIb3DQEBCwUAA4IBAQBItvUl/cS22fjo2XQ7PERmhip2fcPL6PJPZr5+XGW1
ZB0NH8iXWdQgOy7LF9+1soHDUm7BRBYMikYZVPxkRLSSnFjPT7DgMzn7YejqMtVT
dfur7PGjDGVaT6rDRhN/uEGbzAi2pIxPFLLSlWVQTvIVawFzCDwe3lGG31Ob9pVq
L2CwV+zZ1lSnAQqZTk+l95u8N22/C4wWKDaaPD/d+sB5EytHmKkhslo4qb3KAHFI
EaCWyc3RJbmumaJ30qJ+Vqry3KoCTwK2/JcFTLTszZoh6lFvmxnPm5H7ZsRR1PXv
HNzJGijapu2+5zpE8PSfCpYmPZf5w8utnxlZ6odnR0b4
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:45 2024 by rpki-client on console-ams.rpki-client.org