Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/NcmNuSm--xtEubeInUB4JZLHQo8.roa
File:                     NcmNuSm--xtEubeInUB4JZLHQo8.roa (raw, json)
Hash identifier:          tdf+besoul+2apWzqhsQb4eNIUMwLE0cr9aqbflflzA=
Subject key identifier:   35:C9:8D:B9:29:BE:FB:1B:44:B9:B7:88:9D:40:78:25:92:C7:42:8F
Certificate issuer:       /CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
Certificate serial:       018573CCEB8AFAF60740565C52720DF7BC3B
Authority key identifier: F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/NcmNuSm--xtEubeInUB4JZLHQo8.roa
Signing time:             Mon 02 Jan 2023 18:44:47 +0000
ROA not before:           Mon 02 Jan 2023 18:44:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39216
IP address blocks:        185.21.139.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:cc:eb:8a:fa:f6:07:40:56:5c:52:72:0d:f7:bc:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f98a02d20c6b7de357125f38b1735ca1b91f87b3
        Validity
            Not Before: Jan  2 18:44:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35c98db929befb1b44b9b7889d40782592c7428f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:58:3f:35:44:e5:f4:d0:20:6c:e2:7f:49:d0:
                    23:53:5e:0e:6b:8e:64:80:3e:29:e3:6c:b4:82:87:
                    2b:03:2b:bc:8c:ea:48:f7:92:b7:fe:d1:3b:61:14:
                    80:58:14:8a:21:b6:72:fc:09:a0:19:bf:df:f7:f5:
                    e9:4d:32:c4:4b:22:da:f3:54:8d:9a:58:36:df:0d:
                    a6:43:6d:64:1a:1e:f6:ab:2d:8e:7a:a1:36:6c:ad:
                    34:ac:db:58:6d:48:56:90:97:7e:09:c1:36:b6:92:
                    18:4b:13:dc:18:99:e7:9e:fe:c9:3d:c1:32:df:a1:
                    91:fb:8c:28:a7:25:37:96:83:20:1d:3c:2d:51:6c:
                    62:5e:f6:b2:ce:0f:84:ad:d7:76:f2:af:f5:63:97:
                    a4:8f:dd:52:d0:0f:8e:8b:75:5e:e6:6d:59:88:3f:
                    e7:b6:b8:fe:34:eb:c4:27:78:46:d2:31:49:14:0c:
                    87:20:ee:19:3d:8f:0c:3b:4c:bc:04:e7:9f:82:33:
                    ea:28:d1:48:72:45:a3:a3:99:b6:fa:52:20:3e:79:
                    de:41:8e:b7:b5:fb:7f:5c:cb:36:7b:85:57:c1:d0:
                    f4:d7:b1:3f:f5:e8:04:77:96:e8:68:86:a1:43:24:
                    43:9f:f5:9f:6e:fe:d7:a9:7e:69:c6:6c:7b:6e:4b:
                    70:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C9:8D:B9:29:BE:FB:1B:44:B9:B7:88:9D:40:78:25:92:C7:42:8F
            X509v3 Authority Key Identifier:
                keyid:F9:8A:02:D2:0C:6B:7D:E3:57:12:5F:38:B1:73:5C:A1:B9:1F:87:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YoC0gxrfeNXEl84sXNcobkfh7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/NcmNuSm--xtEubeInUB4JZLHQo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/a9206e-c1e1-4c15-9533-ace3d675d3cd/1/1-YoC0gxrfeNXEl84sXNcobkfh7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:ed:cf:e8:a1:82:a8:4b:7b:86:5f:c7:17:5a:d2:63:94:b2:
         16:85:15:89:df:2b:d4:80:14:65:a0:a4:ec:68:e8:70:2b:c4:
         e4:06:19:4b:41:ba:42:43:c5:86:66:57:8b:0d:62:56:a8:89:
         58:c1:f3:35:01:17:df:7d:cc:22:96:05:8c:b4:ed:32:9b:6e:
         50:83:f0:ef:24:f8:d6:e4:ed:1a:2b:43:a0:d7:b4:80:16:f9:
         a7:30:10:14:11:a4:83:54:96:f7:2f:c4:ac:d8:4d:fe:1c:5e:
         69:7a:22:cd:20:a9:43:3e:e9:8d:35:36:68:03:4f:d6:17:6a:
         65:6c:af:49:50:84:ba:e7:55:87:02:58:7c:8e:45:51:d1:2c:
         30:2f:3a:96:7b:32:8d:19:43:9f:94:91:12:9a:94:8c:ce:07:
         2f:47:fd:3f:a2:27:89:9d:66:03:30:9c:0b:9e:df:9a:b2:74:
         41:e1:74:2a:2f:91:3e:3f:bd:59:e8:4e:c3:cb:58:12:f6:81:
         d6:be:d9:1f:33:b9:a8:74:c0:13:96:aa:86:61:57:53:65:17:
         6f:6b:16:41:6a:64:af:53:b2:c0:e5:fa:37:69:3c:09:5e:04:
         88:8b:b1:02:48:c6:bf:b2:9c:2a:83:fa:91:64:e8:a2:0b:27:
         44:8b:5c:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVzzOuK+vYHQFZcUnIN97w7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5OGEwMmQyMGM2YjdkZTM1NzEyNWYzOGIxNzM1Y2ExYjkx
Zjg3YjMwHhcNMjMwMTAyMTg0NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWM5OGRiOTI5YmVmYjFiNDRiOWI3ODg5ZDQwNzgyNTkyYzc0MjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlg/NUTl9NAgbOJ/SdAjU14Oa45k
gD4p42y0gocrAyu8jOpI95K3/tE7YRSAWBSKIbZy/AmgGb/f9/XpTTLESyLa81SN
mlg23w2mQ21kGh72qy2OeqE2bK00rNtYbUhWkJd+CcE2tpIYSxPcGJnnnv7JPcEy
36GR+4wopyU3loMgHTwtUWxiXvayzg+Erdd28q/1Y5ekj91S0A+Oi3Ve5m1ZiD/n
trj+NOvEJ3hG0jFJFAyHIO4ZPY8MO0y8BOefgjPqKNFIckWjo5m2+lIgPnneQY63
tft/XMs2e4VXwdD017E/9egEd5boaIahQyRDn/Wfbv7XqX5pxmx7bktwwwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDXJjbkpvvsbRLm3iJ1AeCWSx0KPMB8GA1UdIwQY
MBaAFPmKAtIMa33jVxJfOLFzXKG5H4ezMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Zb0MwZ3hyZmVOWEVsODRzWE5jb2JrZmg3TS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMz
LWFjZTNkNjc1ZDNjZC8xL05jbU51U20tLXh0RXViZUluVUI0SlpMSFFvOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2IvYTkyMDZlLWMxZTEtNGMxNS05NTMzLWFjZTNkNjc1ZDNj
ZC8xLzEtWW9DMGd4cmZlTlhFbDg0c1hOY29ia2ZoN00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5FYsw
DQYJKoZIhvcNAQELBQADggEBAHLtz+ihgqhLe4Zfxxda0mOUshaFFYnfK9SAFGWg
pOxo6HArxOQGGUtBukJDxYZmV4sNYlaoiVjB8zUBF999zCKWBYy07TKbblCD8O8k
+Nbk7RorQ6DXtIAW+acwEBQRpINUlvcvxKzYTf4cXml6Is0gqUM+6Y01NmgDT9YX
amVsr0lQhLrnVYcCWHyORVHRLDAvOpZ7Mo0ZQ5+UkRKalIzOBy9H/T+iJ4mdZgMw
nAue35qydEHhdCovkT4/vVnoTsPLWBL2gda+2R8zuah0wBOWqoZhV1NlF29rFkFq
ZK9TssDl+jdpPAleBIiLsQJIxr+ynCqD+pFk6KILJ0SLXBc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:09 2024 by rpki-client on console-fra.rpki-client.org