Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/qkIS2QSbIob3M_CxPOe_k-GqWPI.roa
File:                     qkIS2QSbIob3M_CxPOe_k-GqWPI.roa (raw, json)
Hash identifier:          ep5w4gFee6V/WbORiM9+1RBaygzrdIgC4BfPoKaFO0E=
Subject key identifier:   AA:42:12:D9:04:9B:22:86:F7:33:F0:B1:3C:E7:BF:93:E1:AA:58:F2
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       01866DDDCB95007C95F9291C93345B678918
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/qkIS2QSbIob3M_CxPOe_k-GqWPI.roa
Signing time:             Mon 20 Feb 2023 08:08:17 +0000
ROA not before:           Mon 20 Feb 2023 08:08:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52035
IP address blocks:        158.41.24.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Thu 01 Jun 2023 11:53:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:6d:dd:cb:95:00:7c:95:f9:29:1c:93:34:5b:67:89:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Feb 20 08:08:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aa4212d9049b2286f733f0b13ce7bf93e1aa58f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f8:b0:66:ef:eb:94:88:ef:32:ed:4a:4b:f8:
                    a6:37:2f:a7:06:cd:c7:66:86:56:2d:9e:53:f3:8e:
                    71:7a:1c:aa:3a:ec:b2:14:46:b1:c7:23:02:79:dc:
                    e5:38:6d:0c:db:d5:ed:41:92:cf:45:4b:cc:61:ca:
                    19:9f:5d:f6:04:cc:9d:d5:d4:c5:c5:c5:87:47:b4:
                    39:94:66:6c:ba:ef:56:cc:e2:06:be:d8:26:4e:77:
                    74:df:22:e2:a7:f0:72:6d:85:ea:a0:63:67:34:27:
                    8e:c6:a8:8b:e9:6f:1f:d8:af:a8:7b:7e:c0:b2:71:
                    2a:29:95:62:57:12:e8:1c:04:e8:44:bb:ea:c0:1a:
                    7a:35:26:71:76:1b:78:53:53:df:72:e3:4e:ed:8d:
                    45:75:58:94:8f:59:40:ca:9e:4c:56:0d:91:d0:b9:
                    53:b9:3f:d6:bd:8f:4a:f9:32:03:77:a3:a2:a8:f9:
                    24:87:95:d0:25:da:4a:6b:ac:2d:04:24:9f:1f:39:
                    e6:c0:00:bc:28:92:28:c9:7f:c5:03:a4:2c:d3:f5:
                    60:73:1c:59:3f:a6:e6:0a:b3:2f:52:ad:20:14:b9:
                    3a:f4:8f:4d:df:91:7c:39:53:b2:e0:f2:57:94:df:
                    f5:e6:bb:d5:58:a9:69:d8:74:64:4b:9e:f0:2a:53:
                    8a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:42:12:D9:04:9B:22:86:F7:33:F0:B1:3C:E7:BF:93:E1:AA:58:F2
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/qkIS2QSbIob3M_CxPOe_k-GqWPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.41.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         5b:13:97:ea:10:f9:93:f4:3b:4d:7e:e8:f9:4a:30:78:b7:55:
         49:5a:31:10:95:3c:9e:75:2e:9e:36:c9:16:63:ad:c7:eb:97:
         45:04:8d:25:9e:76:60:dd:af:41:a3:b0:5d:5e:62:c8:30:6f:
         5f:ca:33:bd:22:2f:4d:ae:b7:ba:7f:d6:82:cd:49:15:e5:87:
         60:ca:42:d6:c4:29:f2:af:2d:e5:d2:71:8e:fe:9c:b7:f8:d1:
         01:66:20:20:60:14:28:16:da:c9:61:86:70:04:62:47:16:2a:
         7a:e6:8f:65:e6:ef:cb:ee:00:91:22:44:c0:a7:61:73:47:47:
         1c:0a:0c:b4:7b:49:22:79:f8:18:6a:3e:9c:1c:53:ec:5d:21:
         39:ab:69:4e:ab:1d:43:ac:2e:cd:7a:ff:f2:39:51:3b:e5:7e:
         1f:b4:16:16:7a:6c:e7:0a:ce:27:72:c8:c5:bf:23:1a:96:f5:
         3b:ba:e4:c3:60:ea:c0:7e:c4:56:09:6d:ce:87:e3:a0:92:11:
         64:91:ca:9d:b5:7d:6b:d5:6d:bf:fd:72:54:fd:22:63:92:84:
         af:66:01:f9:2e:cb:9e:58:ae:04:17:39:cf:6a:6d:89:59:33:
         0d:ba:83:a4:5d:67:c2:fa:77:05:da:d2:c9:88:9c:ba:24:2c:
         58:43:f1:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYZt3cuVAHyV+SkckzRbZ4kYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjMwMjIwMDgwODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTQyMTJkOTA0OWIyMjg2ZjczM2YwYjEzY2U3YmY5M2UxYWE1OGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPiwZu/rlIjvMu1KS/imNy+nBs3H
ZoZWLZ5T845xehyqOuyyFEaxxyMCedzlOG0M29XtQZLPRUvMYcoZn132BMyd1dTF
xcWHR7Q5lGZsuu9WzOIGvtgmTnd03yLip/BybYXqoGNnNCeOxqiL6W8f2K+oe37A
snEqKZViVxLoHAToRLvqwBp6NSZxdht4U1PfcuNO7Y1FdViUj1lAyp5MVg2R0LlT
uT/WvY9K+TIDd6OiqPkkh5XQJdpKa6wtBCSfHznmwAC8KJIoyX/FA6Qs0/VgcxxZ
P6bmCrMvUq0gFLk69I9N35F8OVOy4PJXlN/15rvVWKlp2HRkS57wKlOKawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKpCEtkEmyKG9zPwsTznv5PhqljyMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvcWtJUzJRU2JJb2IzTV9DeFBPZV9rLUdxV1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDnikYMA0G
CSqGSIb3DQEBCwUAA4IBAQBbE5fqEPmT9DtNfuj5SjB4t1VJWjEQlTyedS6eNskW
Y63H65dFBI0lnnZg3a9Bo7BdXmLIMG9fyjO9Ii9Nrre6f9aCzUkV5YdgykLWxCny
ry3l0nGO/py3+NEBZiAgYBQoFtrJYYZwBGJHFip65o9l5u/L7gCRIkTAp2FzR0cc
Cgy0e0kiefgYaj6cHFPsXSE5q2lOqx1DrC7Nev/yOVE75X4ftBYWemznCs4ncsjF
vyMalvU7uuTDYOrAfsRWCW3Oh+OgkhFkkcqdtX1r1W2//XJU/SJjkoSvZgH5Lsue
WK4EFznPam2JWTMNuoOkXWfC+ncF2tLJiJy6JCxYQ/Gt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:59 2024 by rpki-client on console-fra.rpki-client.org