Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/z87va17UWy_Kl-0fIzwUlUvAeeo.roa
File:                     z87va17UWy_Kl-0fIzwUlUvAeeo.roa (raw, json)
Hash identifier:          EwJIADBBDNpmYl37lPxIBzzeTqnVp41URGcG/lFuYNU=
Subject key identifier:   CF:CE:EF:6B:5E:D4:5B:2F:CA:97:ED:1F:23:3C:14:95:4B:C0:79:EA
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       01856C813B802E7CE2A0BBC060F85D196B38
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/z87va17UWy_Kl-0fIzwUlUvAeeo.roa
Signing time:             Sun 01 Jan 2023 08:44:46 +0000
ROA not before:           Sun 01 Jan 2023 08:44:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3333
IP address blocks:        193.0.0.0/21 maxlen: 21
                          193.0.10.0/23 maxlen: 23
                          193.0.12.0/23 maxlen: 23
                          193.0.20.0/23 maxlen: 23
                          193.0.18.0/23 maxlen: 23
                          193.0.22.0/23 maxlen: 23
                          2a13:27c0::/29 maxlen: 48
                          2a13:27c0:10::/44 maxlen: 44
                          2001:67c:2e8::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:31:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:81:3b:80:2e:7c:e2:a0:bb:c0:60:f8:5d:19:6b:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  1 08:44:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cfceef6b5ed45b2fca97ed1f233c14954bc079ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c8:e1:43:be:5c:19:27:9f:97:a8:4a:01:7b:
                    0d:cc:e7:53:8f:95:90:75:4c:6b:be:bd:47:6b:f0:
                    0a:33:a7:32:c3:05:b9:92:20:9a:55:e7:12:63:62:
                    ae:42:51:82:b4:c5:40:74:f1:72:bf:74:33:55:b8:
                    d3:69:4f:41:a9:66:8b:77:f2:02:88:ef:2e:9c:ad:
                    71:5d:43:4a:17:3a:27:01:27:8a:55:69:37:05:75:
                    d4:a1:b7:24:ca:6a:6b:88:e6:c9:35:3c:f6:bc:7f:
                    7c:79:3c:05:e2:e2:fd:af:c9:51:ae:37:31:ae:f6:
                    a9:5e:6c:41:28:ae:c9:73:6f:dc:13:bd:33:64:61:
                    02:95:83:90:10:ac:68:18:a0:23:7e:42:5d:ee:c6:
                    69:d4:d4:3d:62:93:5f:19:bf:79:bc:08:a4:34:05:
                    24:2c:2b:a8:f4:05:e3:0e:fa:f7:29:61:e7:67:66:
                    9e:02:47:55:83:fe:08:0d:54:8e:62:07:91:92:ee:
                    70:35:1e:89:1f:47:e0:a4:18:d9:53:30:18:b9:02:
                    9e:1e:ca:cc:6a:5d:a8:13:a3:65:11:d9:1e:70:9a:
                    94:2c:76:1a:19:23:13:f0:16:5f:dd:7f:dd:e7:7a:
                    ee:5a:00:c7:b6:69:66:f3:dd:c9:b7:17:5f:74:da:
                    10:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CE:EF:6B:5E:D4:5B:2F:CA:97:ED:1F:23:3C:14:95:4B:C0:79:EA
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/z87va17UWy_Kl-0fIzwUlUvAeeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.0.0/21
                  193.0.10.0-193.0.13.255
                  193.0.18.0-193.0.23.255
                IPv6:
                  2001:67c:2e8::/48
                  2a13:27c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:f3:7e:35:15:c4:b8:5a:5b:e3:45:ac:d5:2b:17:01:a4:69:
         9e:e7:0e:14:09:65:25:a1:d8:7c:b1:62:e5:76:b0:19:7b:dd:
         05:9a:24:33:62:21:9a:38:f1:8b:b7:76:f3:77:42:a0:4f:fa:
         8c:bf:d4:82:b0:41:4d:f1:bc:89:0e:90:c5:fc:29:b7:28:82:
         68:53:25:e4:2d:27:46:ff:c2:9e:51:5d:69:1d:62:8c:64:27:
         b7:ff:08:e1:5a:bd:1c:be:81:08:ac:09:24:77:d4:7f:ff:1e:
         c3:87:20:75:ed:6f:07:18:ae:a6:c8:74:dc:bc:41:fe:5a:f8:
         87:f8:4d:6a:d0:f0:cf:5d:ef:e2:09:cc:bc:e6:b1:bd:fa:da:
         2a:11:d2:c2:3a:3d:f5:80:f6:f0:3a:97:9d:da:20:90:9d:2d:
         af:6f:be:74:e4:82:75:05:fb:3d:e5:b9:35:77:67:2d:30:04:
         fc:c6:45:6e:bc:ad:12:aa:cd:b8:fc:96:a4:4c:ac:f4:67:cd:
         7a:c8:b1:c5:3a:9c:7f:18:cf:74:db:79:50:b3:99:20:f2:94:
         d1:7c:48:21:cf:9b:51:a9:a8:b7:b3:58:92:a4:e2:6a:3c:06:
         8e:a4:74:81:cf:b3:75:0a:82:3e:f9:d1:8a:a1:17:e1:bb:4f:
         08:73:37:9d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVsgTuALnzioLvAYPhdGWs4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjMwMTAxMDg0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmNlZWY2YjVlZDQ1YjJmY2E5N2VkMWYyMzNjMTQ5NTRiYzA3OWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusjhQ75cGSefl6hKAXsNzOdTj5WQ
dUxrvr1Ha/AKM6cywwW5kiCaVecSY2KuQlGCtMVAdPFyv3QzVbjTaU9BqWaLd/IC
iO8unK1xXUNKFzonASeKVWk3BXXUobckympriObJNTz2vH98eTwF4uL9r8lRrjcx
rvapXmxBKK7Jc2/cE70zZGEClYOQEKxoGKAjfkJd7sZp1NQ9YpNfGb95vAikNAUk
LCuo9AXjDvr3KWHnZ2aeAkdVg/4IDVSOYgeRku5wNR6JH0fgpBjZUzAYuQKeHsrM
al2oE6NlEdkecJqULHYaGSMT8BZf3X/d53ruWgDHtmlm893JtxdfdNoQLwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFM/O72te1FsvypftHyM8FJVLwHnqMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvejg3dmExN1VXeV9LbC0wZkl6d1VsVXZBZWVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAoBAIAATAiAwQDwQAAMAwD
BAHBAAoDBAHBAAwwDAMEAcEAEgMEA8EAEDAWBAIAAjAQAwcAIAEGfALoAwUDKhMn
wDANBgkqhkiG9w0BAQsFAAOCAQEALvN+NRXEuFpb40Ws1SsXAaRpnucOFAllJaHY
fLFi5XawGXvdBZokM2Ihmjjxi7d283dCoE/6jL/UgrBBTfG8iQ6QxfwptyiCaFMl
5C0nRv/CnlFdaR1ijGQnt/8I4Vq9HL6BCKwJJHfUf/8ew4cgde1vBxiupsh03LxB
/lr4h/hNatDwz13v4gnMvOaxvfraKhHSwjo99YD28DqXndogkJ0tr2++dOSCdQX7
PeW5NXdnLTAE/MZFbrytEqrNuPyWpEys9GfNesixxTqcfxjPdNt5ULOZIPKU0XxI
Ic+bUamot7NYkqTiajwGjqR0gc+zdQqCPvnRiqEX4btPCHM3nQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:59 2024 by rpki-client on console-ams.rpki-client.org