Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/LSKhbJQCTESGtWpysN0i--v8sUk.roa
File:                     LSKhbJQCTESGtWpysN0i--v8sUk.roa (raw, json)
Hash identifier:          hr3XVLdSfj2VLQg+SxR9IxGfToUXuEcOQyeZTXB0gpo=
Subject key identifier:   2D:22:A1:6C:94:02:4C:44:86:B5:6A:72:B0:DD:22:FB:EB:FC:B1:49
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       018573CCEC474854CD657511C524B2686FA8
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/LSKhbJQCTESGtWpysN0i--v8sUk.roa
Signing time:             Mon 02 Jan 2023 18:44:47 +0000
ROA not before:           Mon 02 Jan 2023 18:44:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209565
IP address blocks:        131.117.225.0/24 maxlen: 24
                          131.117.224.0/24 maxlen: 24
                          131.117.228.0/24 maxlen: 24
                          131.117.233.0/24 maxlen: 24
                          185.21.138.0/24 maxlen: 24
                          185.21.137.0/24 maxlen: 24
                          185.21.136.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:cc:ec:47:48:54:cd:65:75:11:c5:24:b2:68:6f:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  2 18:44:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2d22a16c94024c4486b56a72b0dd22fbebfcb149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b6:39:ef:98:68:01:4b:92:0a:7e:ee:87:4a:
                    f3:56:44:76:1c:27:33:36:7f:37:a1:82:4c:03:f0:
                    55:8e:fd:72:1f:ac:d8:a5:57:5e:3e:58:0b:bf:1f:
                    54:e1:83:6c:49:14:4f:7d:e8:90:60:e3:59:f1:40:
                    3a:2d:95:e1:8b:07:26:f6:10:a6:b5:9a:bf:40:6e:
                    69:7b:9c:38:3f:54:8d:da:ae:31:cf:1d:84:b6:6f:
                    a4:15:ee:5d:57:b9:0b:d0:36:18:e6:5b:75:59:52:
                    9c:f6:34:d9:6a:ae:c2:78:9e:6f:78:08:a7:ba:fc:
                    72:18:06:70:27:cb:1f:be:f1:2e:2d:7f:a8:22:49:
                    57:16:78:cd:32:1c:d0:98:02:06:42:a6:03:b6:2d:
                    02:c5:3a:49:de:73:f3:4b:20:76:3f:d9:e3:ab:ae:
                    5a:5d:cd:dd:38:b6:1c:05:35:d5:bf:f2:a0:e5:fd:
                    e5:76:63:97:f5:9c:c1:4d:c2:3e:2e:9d:ae:34:1d:
                    54:df:b2:79:02:e9:b2:99:5e:6f:0c:5a:88:ab:20:
                    a8:f2:68:e7:69:a3:37:09:fd:6c:51:2c:5f:f3:c3:
                    74:34:f1:74:86:27:a8:4e:d7:9f:75:e9:32:2f:1a:
                    d9:dc:68:61:e1:c7:98:d2:d9:0a:59:ce:55:eb:03:
                    d9:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:22:A1:6C:94:02:4C:44:86:B5:6A:72:B0:DD:22:FB:EB:FC:B1:49
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/LSKhbJQCTESGtWpysN0i--v8sUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.117.224.0/23
                  131.117.228.0/24
                  131.117.233.0/24
                  185.21.136.0-185.21.138.255

    Signature Algorithm: sha256WithRSAEncryption
         75:41:1f:f0:42:87:eb:70:4d:e0:55:af:45:68:4a:37:b7:a0:
         10:0a:b0:7f:39:23:88:21:5c:eb:7e:11:18:bf:be:2c:8d:95:
         78:03:c9:de:d7:86:13:78:e5:60:8e:da:ba:6e:6a:b0:b7:c7:
         13:93:32:1c:75:cf:a9:43:95:57:7e:dc:15:95:2b:36:f1:92:
         b8:49:c3:56:3f:8f:f8:b3:05:1d:87:08:51:de:1b:2c:3f:13:
         64:0b:f8:8d:f2:be:4d:13:a5:31:41:ef:44:22:8c:9c:31:34:
         f7:e4:f7:6d:77:e1:8e:bd:40:87:67:69:c2:31:7f:24:60:9c:
         77:59:c4:91:fa:4c:26:10:a7:16:99:09:b1:d6:13:29:63:fa:
         36:2a:88:aa:21:c2:45:e5:9b:5d:cd:aa:6d:2b:f9:de:cd:ce:
         ed:61:23:49:e5:1d:67:59:ae:62:ab:dd:76:9a:21:c7:b2:9e:
         75:18:52:43:31:41:ce:96:97:4a:85:6f:6d:36:ed:80:13:f5:
         4e:bb:21:86:47:0d:e9:74:c8:d1:7c:91:ca:6d:00:32:f9:55:
         14:41:93:71:82:95:8b:ef:ec:1b:80:ff:a7:62:05:30:e3:5e:
         68:e6:b3:7d:65:b0:ff:be:03:07:37:71:7f:77:bb:29:42:00:
         cd:ed:b2:08
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYVzzOxHSFTNZXURxSSyaG+oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjMwMTAyMTg0NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDIyYTE2Yzk0MDI0YzQ0ODZiNTZhNzJiMGRkMjJmYmViZmNiMTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybY575hoAUuSCn7uh0rzVkR2HCcz
Nn83oYJMA/BVjv1yH6zYpVdePlgLvx9U4YNsSRRPfeiQYONZ8UA6LZXhiwcm9hCm
tZq/QG5pe5w4P1SN2q4xzx2Etm+kFe5dV7kL0DYY5lt1WVKc9jTZaq7CeJ5veAin
uvxyGAZwJ8sfvvEuLX+oIklXFnjNMhzQmAIGQqYDti0CxTpJ3nPzSyB2P9njq65a
Xc3dOLYcBTXVv/Kg5f3ldmOX9ZzBTcI+Lp2uNB1U37J5AumymV5vDFqIqyCo8mjn
aaM3Cf1sUSxf88N0NPF0hieoTtefdekyLxrZ3Ghh4ceY0tkKWc5V6wPZawIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFC0ioWyUAkxEhrVqcrDdIvvr/LFJMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL0xTS2hiSlFDVEVTR3RXcHlzTjBpLS12OHNVay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwOQYIKwYBBQUHAQcBAf8EKjAoMCYEAgABMCADBAGDdeAD
BACDdeQDBACDdekwDAMEA7kViAMEALkVijANBgkqhkiG9w0BAQsFAAOCAQEAdUEf
8EKH63BN4FWvRWhKN7egEAqwfzkjiCFc634RGL++LI2VeAPJ3teGE3jlYI7aum5q
sLfHE5MyHHXPqUOVV37cFZUrNvGSuEnDVj+P+LMFHYcIUd4bLD8TZAv4jfK+TROl
MUHvRCKMnDE09+T3bXfhjr1Ah2dpwjF/JGCcd1nEkfpMJhCnFpkJsdYTKWP6NiqI
qiHCReWbXc2qbSv53s3O7WEjSeUdZ1muYqvddpohx7KedRhSQzFBzpaXSoVvbTbt
gBP1TrshhkcN6XTI0XyRym0AMvlVFEGTcYKVi+/sG4D/p2IFMONeaOazfWWw/74D
Bzdxf3e7KUIAze2yCA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:32 2024 by rpki-client on console-ams.rpki-client.org