Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/LHjRWRCrFCANkZxCqBm4m0L29qA.roa
File:                     LHjRWRCrFCANkZxCqBm4m0L29qA.roa (raw, json)
Hash identifier:          XIXjhod+fqZ8v3SMynzpMawg6N7X6MmBU4lQsmTjUeA=
Subject key identifier:   2C:78:D1:59:10:AB:14:20:0D:91:9C:42:A8:19:B8:9B:42:F6:F6:A0
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       018A68ADB12F66449F08F3C7EE04E82615CF
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/LHjRWRCrFCANkZxCqBm4m0L29qA.roa
Signing time:             Wed 06 Sep 2023 04:08:47 +0000
ROA not before:           Wed 06 Sep 2023 04:08:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.238.168.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Sep 2023 16:49:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:68:ad:b1:2f:66:44:9f:08:f3:c7:ee:04:e8:26:15:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Sep  6 04:08:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2c78d15910ab14200d919c42a819b89b42f6f6a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a6:e6:85:0f:74:8b:54:80:00:2b:02:9d:37:
                    87:c1:9c:27:f3:17:9e:28:ea:5e:b4:e7:51:18:d5:
                    91:60:9b:f6:60:1a:e7:e1:ec:5b:10:6b:17:1d:9c:
                    d9:c7:6f:23:72:e0:49:96:6a:40:46:df:57:6f:36:
                    3c:a2:b7:0a:f1:73:03:a1:c4:c8:ad:5b:f2:7c:ef:
                    5e:74:c5:8a:a6:46:a2:9b:1c:cb:3d:71:91:4e:f8:
                    c3:fb:61:9d:0c:15:d6:a7:5b:73:ad:50:54:3e:85:
                    d8:f5:ff:31:27:b7:27:30:df:64:5d:3b:0a:9b:96:
                    ca:fd:b1:db:ce:8b:1a:da:1d:26:70:05:39:7a:f0:
                    50:97:9f:ec:0d:96:0b:d3:b6:af:ec:b7:21:1f:93:
                    d7:8f:9d:22:71:92:d3:90:90:a6:fc:a4:24:14:10:
                    67:12:a2:ae:b9:45:2b:ae:95:18:c2:1a:13:4b:d2:
                    c1:3c:87:6e:38:e2:e5:f5:f3:ae:29:c9:a4:9e:93:
                    34:6d:24:c7:2f:a2:04:3d:ef:12:88:b7:4e:eb:4e:
                    61:b8:a5:d4:43:36:0b:b4:a4:ac:f0:d2:a0:2f:26:
                    1f:da:12:42:b0:ce:d2:19:85:2d:6d:20:41:23:1c:
                    c7:f2:cc:cc:14:40:48:6c:11:8b:ca:75:46:5a:ed:
                    47:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:78:D1:59:10:AB:14:20:0D:91:9C:42:A8:19:B8:9B:42:F6:F6:A0
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/LHjRWRCrFCANkZxCqBm4m0L29qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.238.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8f:59:33:95:44:62:d4:a3:8a:af:21:cc:22:4d:05:1c:09:93:
         fe:1a:bf:54:32:b3:5e:1c:35:7f:7b:50:b6:1e:66:a2:66:a6:
         4f:31:92:ca:68:3d:fe:0b:a5:c6:f4:b8:9a:fa:e2:a6:bf:a4:
         51:2f:1b:66:4a:c0:1c:8d:a8:ed:d4:5d:e6:e2:11:e8:98:31:
         20:7f:67:48:a5:ec:e1:b0:63:b0:a7:b0:41:34:e3:90:92:99:
         00:5a:4c:98:b1:b7:d4:69:99:c5:48:e9:d1:55:76:7b:2f:2f:
         97:05:3f:de:75:22:a7:04:cc:65:ef:7b:ea:e1:86:8c:6a:6f:
         50:08:4e:ae:b6:37:36:93:10:96:1a:f0:d1:10:0b:7c:e8:2e:
         53:51:b3:5a:f8:a2:00:98:20:f5:c0:b2:37:9c:c8:6b:51:f5:
         2d:46:89:0a:5e:f1:23:66:da:14:c0:9a:22:60:98:df:cd:b9:
         0f:0b:1e:a3:41:f3:67:e3:56:fb:38:5d:ab:75:d9:83:80:fb:
         a7:80:32:00:42:ac:87:89:7e:90:f2:86:70:bd:83:a0:f1:fb:
         12:db:34:14:3f:fd:5e:4d:69:a6:d9:2e:89:99:38:d6:bd:f8:
         c0:c5:cc:91:61:ad:ab:dc:a8:74:6e:6d:88:4c:9f:5d:a4:24:
         fc:48:62:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYporbEvZkSfCPPH7gToJhXPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjMwOTA2MDQwODQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzc4ZDE1OTEwYWIxNDIwMGQ5MTljNDJhODE5Yjg5YjQyZjZmNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6bmhQ90i1SAACsCnTeHwZwn8xee
KOpetOdRGNWRYJv2YBrn4exbEGsXHZzZx28jcuBJlmpARt9XbzY8orcK8XMDocTI
rVvyfO9edMWKpkaimxzLPXGRTvjD+2GdDBXWp1tzrVBUPoXY9f8xJ7cnMN9kXTsK
m5bK/bHbzosa2h0mcAU5evBQl5/sDZYL07av7LchH5PXj50icZLTkJCm/KQkFBBn
EqKuuUUrrpUYwhoTS9LBPIduOOLl9fOuKcmknpM0bSTHL6IEPe8SiLdO605huKXU
QzYLtKSs8NKgLyYf2hJCsM7SGYUtbSBBIxzH8szMFEBIbBGLynVGWu1HzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCx40VkQqxQgDZGcQqgZuJtC9vagMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvTEhqUldSQ3JGQ0FOa1p4Q3FCbTRtMEwyOXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbe6oMA0G
CSqGSIb3DQEBCwUAA4IBAQCPWTOVRGLUo4qvIcwiTQUcCZP+Gr9UMrNeHDV/e1C2
HmaiZqZPMZLKaD3+C6XG9Lia+uKmv6RRLxtmSsAcjajt1F3m4hHomDEgf2dIpezh
sGOwp7BBNOOQkpkAWkyYsbfUaZnFSOnRVXZ7Ly+XBT/edSKnBMxl73vq4YaMam9Q
CE6utjc2kxCWGvDREAt86C5TUbNa+KIAmCD1wLI3nMhrUfUtRokKXvEjZtoUwJoi
YJjfzbkPCx6jQfNn41b7OF2rddmDgPungDIAQqyHiX6Q8oZwvYOg8fsS2zQUP/1e
TWmm2S6JmTjWvfjAxcyRYa2r3Kh0bm2ITJ9dpCT8SGKm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:32 2024 by rpki-client on console-ams.rpki-client.org