Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/NVZkWdeSShELFqcTgxesn2RK9o0.roa
File:                     NVZkWdeSShELFqcTgxesn2RK9o0.roa (raw, json)
Hash identifier:          /2ddVp7WXppVeTCiBqOLkWblD++08RZTTdsel9C6U+M=
Subject key identifier:   35:56:64:59:D7:92:4A:11:0B:16:A7:13:83:17:AC:9F:64:4A:F6:8D
Certificate issuer:       /CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
Certificate serial:       018B6331E660CE370B771C9CEE78531EC004
Authority key identifier: 2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/NVZkWdeSShELFqcTgxesn2RK9o0.roa
Signing time:             Tue 24 Oct 2023 19:38:16 +0000
ROA not before:           Tue 24 Oct 2023 19:38:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.14.238.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Nov 2023 19:20:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:63:31:e6:60:ce:37:0b:77:1c:9c:ee:78:53:1e:c0:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2dc81d24c45ddaa345f9064de29fbca7b129a52c
        Validity
            Not Before: Oct 24 19:38:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35566459d7924a110b16a7138317ac9f644af68d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e2:ab:cb:e2:3d:e6:a7:19:49:bb:a0:c2:8e:
                    38:48:2b:d6:24:d5:8b:2e:1f:1a:89:03:89:d2:3e:
                    4a:ab:85:a9:00:7c:2e:7a:fd:70:13:33:c5:a1:3e:
                    a0:df:e1:02:19:c4:27:00:64:20:bc:d3:3a:2d:e3:
                    3f:80:c1:23:74:20:bf:15:21:a2:cd:de:9a:c5:0e:
                    74:b2:51:65:62:53:47:0a:df:a5:8d:0f:30:93:90:
                    71:01:e2:23:ff:47:67:6f:8e:57:8b:35:04:c2:1d:
                    c9:f6:cb:46:be:05:04:69:eb:f6:51:3e:4c:87:73:
                    c4:37:3d:9a:5e:88:ae:ad:3c:36:f9:a3:e1:d9:52:
                    81:49:48:c7:d9:47:54:48:c0:2c:b3:f5:6e:98:4d:
                    7d:0a:be:c8:cd:b3:1b:39:5b:df:8d:44:e8:2c:6c:
                    3e:9b:55:0b:a1:c5:06:1f:fe:62:7a:47:82:b8:cf:
                    44:6e:e6:56:b5:79:9b:fd:c8:53:cd:5e:c7:d1:f1:
                    62:bb:7f:45:77:4b:b0:87:9e:cd:6a:4c:53:43:8b:
                    6b:cc:c7:42:dd:d1:57:cd:13:02:50:50:ff:94:12:
                    d8:67:d8:fa:e3:e5:31:1f:fd:5d:de:ce:13:8e:8f:
                    31:27:61:ec:6f:fe:97:7d:e2:4f:4c:28:cf:e4:da:
                    bb:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:56:64:59:D7:92:4A:11:0B:16:A7:13:83:17:AC:9F:64:4A:F6:8D
            X509v3 Authority Key Identifier:
                keyid:2D:C8:1D:24:C4:5D:DA:A3:45:F9:06:4D:E2:9F:BC:A7:B1:29:A5:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LcgdJMRd2qNF-QZN4p-8p7EppSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/NVZkWdeSShELFqcTgxesn2RK9o0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/bf3db5-a33f-4311-acd9-2fcc0b749b32/1/LcgdJMRd2qNF-QZN4p-8p7EppSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.14.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:b4:e3:7e:1d:75:7c:12:90:7d:f7:3d:e2:a2:6b:3c:81:ee:
         8b:52:bd:d9:4e:bf:84:9f:50:3e:3c:d3:01:eb:9d:25:6d:64:
         b6:7f:93:e6:01:37:3c:1b:d8:67:47:4f:65:67:5f:63:ec:e3:
         98:08:ab:5d:23:18:61:52:cc:44:44:2e:fe:63:bc:d6:5f:fe:
         e7:32:b3:d5:d8:67:74:b9:23:a8:27:e7:e9:2a:e1:a5:26:62:
         0f:4e:dd:8f:47:90:6f:61:ef:e2:1b:4f:73:b5:ae:f0:c6:76:
         3c:75:31:d3:70:7c:8a:65:1e:7e:b9:63:ca:03:23:fb:93:89:
         10:22:de:ec:dd:c0:1c:1b:69:58:55:4b:f1:e4:4d:72:8c:c2:
         42:20:02:99:61:d7:02:68:50:57:70:7d:c0:1c:1d:45:dd:d5:
         43:7a:e4:c0:db:c9:06:f2:75:09:a3:18:c4:18:f4:64:f6:60:
         e8:14:67:e5:9f:a8:3c:13:19:eb:0b:df:fe:5d:b2:74:bf:c7:
         62:e9:5d:a6:ea:f6:5c:bb:ee:9d:7a:ef:98:e2:51:53:ed:51:
         66:dd:7d:58:46:05:fa:dd:49:da:79:c2:7d:ed:40:71:24:49:
         04:70:14:54:74:11:0b:e3:91:62:21:65:b5:85:69:cf:32:7e:
         76:1b:46:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtjMeZgzjcLdxyc7nhTHsAEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYzgxZDI0YzQ1ZGRhYTM0NWY5MDY0ZGUyOWZiY2E3YjEy
OWE1MmMwHhcNMjMxMDI0MTkzODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTU2NjQ1OWQ3OTI0YTExMGIxNmE3MTM4MzE3YWM5ZjY0NGFmNjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuKry+I95qcZSbugwo44SCvWJNWL
Lh8aiQOJ0j5Kq4WpAHwuev1wEzPFoT6g3+ECGcQnAGQgvNM6LeM/gMEjdCC/FSGi
zd6axQ50slFlYlNHCt+ljQ8wk5BxAeIj/0dnb45XizUEwh3J9stGvgUEaev2UT5M
h3PENz2aXoiurTw2+aPh2VKBSUjH2UdUSMAss/VumE19Cr7IzbMbOVvfjUToLGw+
m1ULocUGH/5iekeCuM9EbuZWtXmb/chTzV7H0fFiu39Fd0uwh57NakxTQ4trzMdC
3dFXzRMCUFD/lBLYZ9j64+UxH/1d3s4Tjo8xJ2Hsb/6XfeJPTCjP5Nq7oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDVWZFnXkkoRCxanE4MXrJ9kSvaNMB8GA1UdIwQY
MBaAFC3IHSTEXdqjRfkGTeKfvKexKaUsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDkt
MmZjYzBiNzQ5YjMyLzEvTlZaa1dkZVNTaEVMRnFjVGd4ZXNuMlJLOW8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9iZjNkYjUtYTMzZi00MzExLWFjZDktMmZjYzBiNzQ5YjMy
LzEvTGNnZEpNUmQycU5GLVFaTjRwLThwN0VwcFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQ7uMA0G
CSqGSIb3DQEBCwUAA4IBAQCHtON+HXV8EpB99z3ioms8ge6LUr3ZTr+En1A+PNMB
650lbWS2f5PmATc8G9hnR09lZ19j7OOYCKtdIxhhUsxERC7+Y7zWX/7nMrPV2Gd0
uSOoJ+fpKuGlJmIPTt2PR5BvYe/iG09zta7wxnY8dTHTcHyKZR5+uWPKAyP7k4kQ
It7s3cAcG2lYVUvx5E1yjMJCIAKZYdcCaFBXcH3AHB1F3dVDeuTA28kG8nUJoxjE
GPRk9mDoFGfln6g8ExnrC9/+XbJ0v8di6V2m6vZcu+6deu+Y4lFT7VFm3X1YRgX6
3UnaecJ97UBxJEkEcBRUdBEL45FiIWW1hWnPMn52G0Zw
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:05 2024 by rpki-client on console-ams.rpki-client.org