Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/31-2iXH6dfah-RZC4li3aVOV-nw.roa
File:                     31-2iXH6dfah-RZC4li3aVOV-nw.roa (raw, json)
Hash identifier:          oxq9sm4cOJyLj+9ms1B48/DBkXJ1QZsFnZsxE/q7xpg=
Subject key identifier:   DF:5F:B6:89:71:FA:75:F6:A1:F9:16:42:E2:58:B7:69:53:95:FA:7C
Certificate issuer:       /CN=8810fc3198a0ab99647877dbe5725e05cee013f0
Certificate serial:       01857079978825F9F91E24AD789BA04B65FF
Authority key identifier: 88:10:FC:31:98:A0:AB:99:64:78:77:DB:E5:72:5E:05:CE:E0:13:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBD8MZigq5lkeHfb5XJeBc7gE_A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/31-2iXH6dfah-RZC4li3aVOV-nw.roa
Signing time:             Mon 02 Jan 2023 03:14:54 +0000
ROA not before:           Mon 02 Jan 2023 03:14:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210118
IP address blocks:        217.198.184.0/24 maxlen: 24
                          2a11:f940::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:79:97:88:25:f9:f9:1e:24:ad:78:9b:a0:4b:65:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8810fc3198a0ab99647877dbe5725e05cee013f0
        Validity
            Not Before: Jan  2 03:14:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df5fb68971fa75f6a1f91642e258b7695395fa7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a2:62:61:da:9d:b9:c1:10:92:74:c0:a6:11:
                    66:9f:55:8d:66:c5:0c:20:48:ee:ec:97:e2:03:f7:
                    89:42:7c:4b:c6:37:31:4d:30:cf:0d:45:bd:1c:50:
                    d9:4b:c9:2a:50:86:3a:88:b9:5b:d5:d8:3a:ce:91:
                    34:30:96:93:0d:20:3e:d4:b6:d8:1f:0e:2b:d0:73:
                    36:2a:8b:fe:22:46:ae:80:43:4f:3a:81:1d:ce:61:
                    e5:c5:4e:55:dd:eb:37:fe:47:de:29:cd:8f:84:ea:
                    e3:e8:4d:9a:a3:68:ba:f1:5a:50:4c:d2:7b:d9:36:
                    ed:d5:07:a2:06:44:2c:ac:ba:ec:5b:42:4a:2a:e3:
                    af:41:f8:d9:30:9e:ee:a8:48:2a:bb:8b:69:f9:5e:
                    b7:42:4b:55:e3:41:30:bb:9c:54:45:da:55:af:f3:
                    bc:5b:a8:be:f1:6d:de:d3:1d:3b:d5:cd:6d:69:d3:
                    c6:fa:7f:31:48:d4:8c:db:73:dc:85:e3:e0:8f:f7:
                    bb:80:cc:9f:eb:32:f1:c9:b1:d6:9a:1f:7a:c8:12:
                    15:26:ce:10:65:af:60:7a:7e:b8:63:20:29:f3:f7:
                    96:c9:89:37:7a:40:37:64:1b:e8:26:32:19:d6:a7:
                    b0:df:d9:7d:6b:ae:a4:21:0e:1b:fb:03:f4:60:6c:
                    57:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:5F:B6:89:71:FA:75:F6:A1:F9:16:42:E2:58:B7:69:53:95:FA:7C
            X509v3 Authority Key Identifier:
                keyid:88:10:FC:31:98:A0:AB:99:64:78:77:DB:E5:72:5E:05:CE:E0:13:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBD8MZigq5lkeHfb5XJeBc7gE_A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/31-2iXH6dfah-RZC4li3aVOV-nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/cf1ffd-134d-4382-8e59-4a08d5a1c71f/1/iBD8MZigq5lkeHfb5XJeBc7gE_A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.198.184.0/24
                IPv6:
                  2a11:f940::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:66:a2:1a:4d:08:a8:c7:08:24:b2:cd:ab:ce:82:76:32:0a:
         10:23:7b:58:7e:32:7f:57:30:29:35:67:1b:c6:b2:30:ab:6e:
         33:fe:7a:f1:e3:58:cc:af:78:dc:61:09:db:a8:b8:e2:89:8d:
         9f:25:62:e8:fd:87:b1:3b:5b:de:06:78:9d:6e:46:2c:81:a0:
         d9:1b:d6:9e:80:f7:0a:87:19:00:49:91:92:13:ad:e1:85:86:
         4f:2c:54:f6:6a:2a:06:07:23:08:16:91:6e:40:55:dc:ce:03:
         0f:ba:b1:4e:66:1c:4c:c2:a5:8d:5c:a6:db:7a:91:e7:1b:92:
         7d:34:4b:1d:f0:a0:54:51:93:ad:7c:45:93:8d:9f:27:fb:4b:
         6b:2f:a9:8a:21:7b:c9:88:21:3c:e2:84:06:42:af:ea:a8:4b:
         6f:c0:1b:07:d6:dc:0c:e7:5a:8e:23:55:84:74:51:74:a2:58:
         09:9d:c4:21:54:f8:55:59:0b:ee:22:46:72:94:c0:22:89:2e:
         79:42:09:85:55:8a:60:8d:40:35:23:70:28:7f:f6:fd:e2:9c:
         9d:8f:9b:41:9f:e8:ff:ed:58:13:de:38:77:33:24:03:8b:31:
         4e:3f:39:23:25:53:6b:25:4d:dc:ec:cd:bd:a1:20:a6:da:09:
         ce:78:5c:bd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVweZeIJfn5HiSteJugS2X/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTBmYzMxOThhMGFiOTk2NDc4NzdkYmU1NzI1ZTA1Y2Vl
MDEzZjAwHhcNMjMwMTAyMDMxNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjVmYjY4OTcxZmE3NWY2YTFmOTE2NDJlMjU4Yjc2OTUzOTVmYTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKJiYdqducEQknTAphFmn1WNZsUM
IEju7JfiA/eJQnxLxjcxTTDPDUW9HFDZS8kqUIY6iLlb1dg6zpE0MJaTDSA+1LbY
Hw4r0HM2Kov+IkaugENPOoEdzmHlxU5V3es3/kfeKc2PhOrj6E2ao2i68VpQTNJ7
2Tbt1QeiBkQsrLrsW0JKKuOvQfjZMJ7uqEgqu4tp+V63QktV40Ewu5xURdpVr/O8
W6i+8W3e0x071c1tadPG+n8xSNSM23PchePgj/e7gMyf6zLxybHWmh96yBIVJs4Q
Za9gen64YyAp8/eWyYk3ekA3ZBvoJjIZ1qew39l9a66kIQ4b+wP0YGxXAQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN9ftolx+nX2ofkWQuJYt2lTlfp8MB8GA1UdIwQY
MBaAFIgQ/DGYoKuZZHh32+VyXgXO4BPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJEOE1aaWdxNWxrZUhmYjVYSmVCYzdnRV9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jZjFmZmQtMTM0ZC00MzgyLThlNTkt
NGEwOGQ1YTFjNzFmLzEvMzEtMmlYSDZkZmFoLVJaQzRsaTNhVk9WLW53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jZjFmZmQtMTM0ZC00MzgyLThlNTktNGEwOGQ1YTFjNzFm
LzEvaUJEOE1aaWdxNWxrZUhmYjVYSmVCYzdnRV9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA2ca4MA0E
AgACMAcDBQMqEflAMA0GCSqGSIb3DQEBCwUAA4IBAQB+ZqIaTQioxwgkss2rzoJ2
MgoQI3tYfjJ/VzApNWcbxrIwq24z/nrx41jMr3jcYQnbqLjiiY2fJWLo/YexO1ve
BnidbkYsgaDZG9aegPcKhxkASZGSE63hhYZPLFT2aioGByMIFpFuQFXczgMPurFO
ZhxMwqWNXKbbepHnG5J9NEsd8KBUUZOtfEWTjZ8n+0trL6mKIXvJiCE84oQGQq/q
qEtvwBsH1twM51qOI1WEdFF0olgJncQhVPhVWQvuIkZylMAiiS55QgmFVYpgjUA1
I3Aof/b94pydj5tBn+j/7VgT3jh3MyQDizFOPzkjJVNrJU3c7M29oSCm2gnOeFy9
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:30 2024 by rpki-client on console-fra.rpki-client.org