Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1eOndn22lwyX1b2WkkOM-NEnKJM.roa
File:                     1eOndn22lwyX1b2WkkOM-NEnKJM.roa (raw, json)
Hash identifier:          pgxDn+EpuuqNYxMhcDJOfbZGKhEWKaDhjmYTZbH7SR0=
Subject key identifier:   D5:E3:A7:76:7D:B6:97:0C:97:D5:BD:96:92:43:8C:F8:D1:27:28:93
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       018A8A4C97FC1CC248A06C9A4A5A8838F4F6
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1eOndn22lwyX1b2WkkOM-NEnKJM.roa
Signing time:             Tue 12 Sep 2023 16:49:50 +0000
ROA not before:           Tue 12 Sep 2023 16:49:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     399073
IP address blocks:        109.238.168.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Oct 2023 01:34:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:8a:4c:97:fc:1c:c2:48:a0:6c:9a:4a:5a:88:38:f4:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Sep 12 16:49:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d5e3a7767db6970c97d5bd9692438cf8d1272893
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:bc:58:4d:9c:9d:52:1a:8f:73:fc:52:dc:ae:
                    ad:0c:4f:13:49:44:90:d9:d5:54:eb:de:3e:05:f0:
                    6a:5b:45:e2:9b:ef:b2:f7:99:7d:c5:c4:04:f6:11:
                    c6:4c:18:be:e4:07:32:9a:52:24:f6:07:bd:68:46:
                    cc:74:72:85:82:75:32:2e:0c:85:c2:29:47:ca:92:
                    f2:c3:60:f7:8b:9b:77:a8:38:dc:81:3c:e9:00:07:
                    72:3f:ff:15:23:76:c2:b4:a0:2e:ab:65:cf:ab:f1:
                    20:52:98:3a:e5:c7:48:9d:53:36:a3:18:14:0a:98:
                    5a:17:aa:28:29:37:7b:43:5e:87:d1:dc:a0:00:2e:
                    fc:a2:f9:3c:21:1c:bd:da:49:2c:90:ca:16:3d:4e:
                    5e:c6:79:aa:47:c9:60:af:1a:37:fa:ae:cb:f1:5a:
                    38:ae:59:55:36:09:90:af:0d:67:83:fc:20:ba:2a:
                    e2:e8:be:2d:7e:81:ec:a4:14:a6:92:4e:e3:b3:1f:
                    a4:37:bc:68:a7:f0:e0:c8:28:f3:28:3a:b3:45:77:
                    31:af:f7:2d:1a:89:50:e5:dc:8c:56:9a:4f:27:1e:
                    30:0c:a9:a4:75:89:bf:02:91:dd:79:98:be:30:f0:
                    1e:3f:b6:db:b8:1d:6b:06:9f:99:c8:a4:b9:d1:11:
                    06:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E3:A7:76:7D:B6:97:0C:97:D5:BD:96:92:43:8C:F8:D1:27:28:93
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/1eOndn22lwyX1b2WkkOM-NEnKJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.238.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         67:dd:8e:9f:6f:c8:36:f6:fc:8c:13:c9:ab:ae:cf:15:3c:d6:
         23:3c:9e:59:71:c1:ec:68:2c:cd:58:cf:46:70:3c:36:f6:ef:
         86:3f:20:02:d9:6a:c5:cf:75:c8:27:fd:ef:b9:01:0d:48:26:
         67:92:6d:0b:f7:e9:b2:a5:45:f0:c1:c3:a7:16:8c:68:7b:99:
         3c:a1:bf:8e:76:9e:4c:f7:6c:e4:28:e3:f7:8c:db:81:71:86:
         02:6a:0f:00:98:6f:41:b1:be:20:bf:5f:55:18:e2:65:de:ec:
         39:24:cf:56:ed:76:8a:bd:a4:7f:fb:3b:bd:1f:78:c0:ff:d1:
         6d:0a:f5:de:b2:54:2f:23:82:4f:a0:7c:14:56:f8:2a:fd:81:
         5b:eb:a5:8b:79:13:21:d0:8b:f3:41:78:70:bc:92:52:d4:67:
         04:2c:28:a1:7b:c5:49:44:02:10:8c:af:ed:cd:d4:03:88:92:
         27:dd:25:30:d5:76:85:7b:ce:d1:17:52:32:71:6c:bc:6e:c5:
         6c:08:8b:32:a5:30:ce:1c:55:38:5f:2e:fe:d5:dc:47:c7:5e:
         0f:1d:93:b9:68:3e:f1:43:ea:45:8c:a4:1b:e2:e8:7f:6b:48:
         e2:e2:a2:95:62:15:fd:fe:c6:35:5f:17:16:2f:ee:d2:68:84:
         88:b4:f6:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYqKTJf8HMJIoGyaSlqIOPT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjMwOTEyMTY0OTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWUzYTc3NjdkYjY5NzBjOTdkNWJkOTY5MjQzOGNmOGQxMjcyODkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrxYTZydUhqPc/xS3K6tDE8TSUSQ
2dVU694+BfBqW0Xim++y95l9xcQE9hHGTBi+5AcymlIk9ge9aEbMdHKFgnUyLgyF
wilHypLyw2D3i5t3qDjcgTzpAAdyP/8VI3bCtKAuq2XPq/EgUpg65cdInVM2oxgU
CphaF6ooKTd7Q16H0dygAC78ovk8IRy92kkskMoWPU5exnmqR8lgrxo3+q7L8Vo4
rllVNgmQrw1ng/wguiri6L4tfoHspBSmkk7jsx+kN7xop/DgyCjzKDqzRXcxr/ct
GolQ5dyMVppPJx4wDKmkdYm/ApHdeZi+MPAeP7bbuB1rBp+ZyKS50REGCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXjp3Z9tpcMl9W9lpJDjPjRJyiTMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvMWVPbmRuMjJsd3lYMWIyV2trT00tTkVuS0pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbe6oMA0G
CSqGSIb3DQEBCwUAA4IBAQBn3Y6fb8g29vyME8mrrs8VPNYjPJ5ZccHsaCzNWM9G
cDw29u+GPyAC2WrFz3XIJ/3vuQENSCZnkm0L9+mypUXwwcOnFoxoe5k8ob+Odp5M
92zkKOP3jNuBcYYCag8AmG9Bsb4gv19VGOJl3uw5JM9W7XaKvaR/+zu9H3jA/9Ft
CvXeslQvI4JPoHwUVvgq/YFb66WLeRMh0IvzQXhwvJJS1GcELCihe8VJRAIQjK/t
zdQDiJIn3SUw1XaFe87RF1IycWy8bsVsCIsypTDOHFU4Xy7+1dxHx14PHZO5aD7x
Q+pFjKQb4uh/a0ji4qKVYhX9/sY1XxcWL+7SaISItPbu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:32 2024 by rpki-client on console-ams.rpki-client.org