Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/9N3W2xqaCQ-I14YwcrP6hQTWtRs.roa
File:                     9N3W2xqaCQ-I14YwcrP6hQTWtRs.roa (raw, json)
Hash identifier:          j/LEYmqUHeaSXt8ixOXfkSZA5YIME5ZuJA7Jt7pELrI=
Subject key identifier:   F4:DD:D6:DB:1A:9A:09:0F:88:D7:86:30:72:B3:FA:85:04:D6:B5:1B
Certificate issuer:       /CN=416532420a21e42b8ad30da24ebf4347de95ef35
Certificate serial:       018CC802256814E7289E740C9C6E5182383A
Authority key identifier: 41:65:32:42:0A:21:E4:2B:8A:D3:0D:A2:4E:BF:43:47:DE:95:EF:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QWUyQgoh5CuK0w2iTr9DR96V7zU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/9N3W2xqaCQ-I14YwcrP6hQTWtRs.roa
Signing time:             Tue 02 Jan 2024 02:30:33 +0000
ROA not before:           Tue 02 Jan 2024 02:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207645
IP address blocks:        194.120.133.0/24 maxlen: 24
                          2a0d:b100::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 02 May 2024 07:22:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:25:68:14:e7:28:9e:74:0c:9c:6e:51:82:38:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=416532420a21e42b8ad30da24ebf4347de95ef35
        Validity
            Not Before: Jan  2 02:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4ddd6db1a9a090f88d7863072b3fa8504d6b51b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0c:14:16:76:ad:98:14:ba:56:ab:9b:2c:05:
                    cf:ea:88:bb:57:db:eb:27:eb:5e:70:b4:4a:da:f9:
                    0c:ae:f7:2c:a5:c6:c0:bb:f3:04:95:a4:61:75:ac:
                    e1:79:3b:e2:01:42:15:ce:96:2e:ae:13:40:91:65:
                    5e:ff:cc:95:c4:78:77:c6:7b:44:73:57:a6:05:ed:
                    ce:4a:1c:31:7a:eb:35:3f:ec:8b:85:c9:20:c0:49:
                    96:ea:7e:f0:b7:0c:c1:6c:ac:71:7f:68:42:4f:9c:
                    61:71:10:ef:26:06:a5:ea:8f:4f:b0:5c:6e:4c:bc:
                    23:73:7b:86:ce:2d:87:5d:5e:ac:a6:45:a4:6a:54:
                    0d:3d:9d:c6:30:88:5b:77:83:22:ec:24:7c:24:da:
                    60:e2:d5:30:30:9a:6e:5d:85:4b:a6:ec:66:a9:6f:
                    fe:82:fd:0c:1e:a2:ea:ad:f2:50:68:b4:87:b7:19:
                    58:c7:9a:1b:b9:74:84:39:aa:17:e5:0f:59:76:85:
                    1c:3c:82:59:f3:f7:f8:4e:8f:69:67:81:b9:3d:80:
                    68:a2:17:dc:cf:1f:be:de:9d:b5:1b:7d:9d:88:cc:
                    e1:e2:71:70:92:d1:17:7f:d4:28:36:39:23:a5:aa:
                    c1:f3:87:0a:cd:75:e8:c8:66:93:cb:8c:37:44:1b:
                    eb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:DD:D6:DB:1A:9A:09:0F:88:D7:86:30:72:B3:FA:85:04:D6:B5:1B
            X509v3 Authority Key Identifier:
                keyid:41:65:32:42:0A:21:E4:2B:8A:D3:0D:A2:4E:BF:43:47:DE:95:EF:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QWUyQgoh5CuK0w2iTr9DR96V7zU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/9N3W2xqaCQ-I14YwcrP6hQTWtRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/4f4b20-5136-420b-b516-b6d64a003d9e/1/QWUyQgoh5CuK0w2iTr9DR96V7zU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.133.0/24
                IPv6:
                  2a0d:b100::/29

    Signature Algorithm: sha256WithRSAEncryption
         a8:70:63:bb:94:60:12:d2:4a:53:fe:97:a7:f2:0e:50:af:6f:
         12:26:4c:3c:09:36:3f:7e:93:0f:da:9e:e9:14:8a:84:5c:43:
         b8:7b:a8:ca:01:7c:1b:0b:1e:2d:a1:34:f9:6d:f7:e5:f6:71:
         60:17:ab:de:c8:f4:03:8f:6a:ff:b6:7c:33:cb:20:3c:88:5c:
         1e:8b:f8:c2:10:c2:2d:32:5a:3d:b4:58:9e:52:10:ae:b3:82:
         ea:7d:33:1d:f5:95:4a:dd:3c:b8:d0:10:d1:f9:a9:7e:06:de:
         93:12:0e:fd:d6:c0:29:2e:1d:1a:80:ce:57:28:f6:15:ed:16:
         15:3b:33:71:e7:ad:00:b9:8e:23:3c:81:41:f4:8e:3e:43:ff:
         e5:b9:2e:94:82:5e:0f:a7:ed:95:ab:75:0b:c7:2d:49:9c:ce:
         68:ef:0e:48:90:a6:7d:68:5d:1c:c7:fc:76:8e:4d:cb:d5:f2:
         8d:2a:1c:20:62:ca:d5:a8:d0:13:b4:fa:46:23:ee:2f:59:b3:
         b4:4b:ed:aa:01:cb:2a:4b:66:20:42:b6:da:9d:f1:eb:12:e3:
         3a:ab:11:4c:46:3a:5c:48:ad:ee:a6:f0:8e:53:9d:6b:5b:b7:
         5f:32:fb:41:f9:43:8b:50:17:d8:8e:0b:77:a2:ca:98:78:4e:
         72:6e:12:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAiVoFOconnQMnG5Rgjg6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNjUzMjQyMGEyMWU0MmI4YWQzMGRhMjRlYmY0MzQ3ZGU5
NWVmMzUwHhcNMjQwMTAyMDIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGRkZDZkYjFhOWEwOTBmODhkNzg2MzA3MmIzZmE4NTA0ZDZiNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQwUFnatmBS6VqubLAXP6oi7V9vr
J+tecLRK2vkMrvcspcbAu/MElaRhdazheTviAUIVzpYurhNAkWVe/8yVxHh3xntE
c1emBe3OShwxeus1P+yLhckgwEmW6n7wtwzBbKxxf2hCT5xhcRDvJgal6o9PsFxu
TLwjc3uGzi2HXV6spkWkalQNPZ3GMIhbd4Mi7CR8JNpg4tUwMJpuXYVLpuxmqW/+
gv0MHqLqrfJQaLSHtxlYx5obuXSEOaoX5Q9ZdoUcPIJZ8/f4To9pZ4G5PYBoohfc
zx++3p21G32diMzh4nFwktEXf9QoNjkjparB84cKzXXoyGaTy4w3RBvrXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPTd1tsamgkPiNeGMHKz+oUE1rUbMB8GA1UdIwQY
MBaAFEFlMkIKIeQritMNok6/Q0fele81MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVdVeVFnb2g1Q3VLMHcyaVRyOURSOTZWN3pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni80ZjRiMjAtNTEzNi00MjBiLWI1MTYt
YjZkNjRhMDAzZDllLzEvOU4zVzJ4cWFDUS1JMTRZd2NyUDZoUVRXdFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni80ZjRiMjAtNTEzNi00MjBiLWI1MTYtYjZkNjRhMDAzZDll
LzEvUVdVeVFnb2g1Q3VLMHcyaVRyOURSOTZWN3pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwniFMA0E
AgACMAcDBQMqDbEAMA0GCSqGSIb3DQEBCwUAA4IBAQCocGO7lGAS0kpT/pen8g5Q
r28SJkw8CTY/fpMP2p7pFIqEXEO4e6jKAXwbCx4toTT5bffl9nFgF6veyPQDj2r/
tnwzyyA8iFwei/jCEMItMlo9tFieUhCus4LqfTMd9ZVK3Ty40BDR+al+Bt6TEg79
1sApLh0agM5XKPYV7RYVOzNx560AuY4jPIFB9I4+Q//luS6Ugl4Pp+2Vq3ULxy1J
nM5o7w5IkKZ9aF0cx/x2jk3L1fKNKhwgYsrVqNATtPpGI+4vWbO0S+2qAcsqS2Yg
QrbanfHrEuM6qxFMRjpcSK3upvCOU51rW7dfMvtB+UOLUBfYjgt3osqYeE5ybhJA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:37 2024 by rpki-client on console-fra.rpki-client.org