Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/h4sIWXpd3B05L2D0izlQnsqjvBk.roa
File:                     h4sIWXpd3B05L2D0izlQnsqjvBk.roa (raw, json)
Hash identifier:          7K2gyvZirprF4HUgUMjRu6Isu5I9SSjreX6+3gTLTxk=
Subject key identifier:   87:8B:08:59:7A:5D:DC:1D:39:2F:60:F4:8B:39:50:9E:CA:A3:BC:19
Certificate issuer:       /CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
Certificate serial:       01906B32EF4ECECD4A0352DAA045E5929DD0
Authority key identifier: 52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/h4sIWXpd3B05L2D0izlQnsqjvBk.roa
Signing time:             Sun 30 Jun 2024 22:10:18 +0000
ROA not before:           Sun 30 Jun 2024 22:10:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2121
IP address blocks:        193.0.24.0/21 maxlen: 21
                          2001:67c:64::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sun 30 Jun 2024 23:04:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6b:32:ef:4e:ce:cd:4a:03:52:da:a0:45:e5:92:9d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52620415d2490a5ec3f6925b9f79040e8e22ddbf
        Validity
            Not Before: Jun 30 22:10:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=878b08597a5ddc1d392f60f48b39509ecaa3bc19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:00:1e:7f:0e:e0:cc:78:c9:d7:70:33:03:cb:
                    d7:61:55:fc:6b:b2:80:91:6b:b0:01:c0:38:d2:d5:
                    67:12:8c:dc:ab:06:ad:25:a0:eb:d1:88:94:cb:e1:
                    e9:df:06:82:ad:c5:9c:4f:6c:c2:2b:65:72:23:4c:
                    c6:1a:0d:e7:80:6e:b2:b1:f6:0b:6e:40:c7:b0:49:
                    10:36:03:81:cb:f7:8a:6e:68:23:62:be:e2:c9:38:
                    b9:f1:20:44:94:f1:ed:40:9a:28:24:e9:35:12:7c:
                    a7:73:5f:14:bc:5f:e2:1d:f1:de:b1:a1:02:76:8b:
                    4a:a4:f3:8b:97:87:41:c5:20:76:65:7c:f8:81:05:
                    19:89:f2:37:ee:bf:2c:f1:1e:e3:ed:90:f4:a7:f0:
                    83:d5:0d:cf:5b:b0:38:a1:ed:38:0a:a4:26:1e:42:
                    88:1e:f7:c6:54:68:66:2a:d3:1d:6b:25:1e:34:ad:
                    c7:d9:54:92:29:78:48:cf:4b:53:57:0f:5b:12:a0:
                    27:5f:79:ee:e2:68:3b:90:4b:7c:23:4f:40:fb:ab:
                    4a:6c:be:e9:f4:ce:b7:a4:b0:a6:4a:8e:a5:f3:23:
                    cf:36:ec:ef:d2:3d:19:c2:48:29:39:9a:d8:a5:04:
                    7e:ce:1c:88:d1:df:33:fa:9d:c3:df:56:d3:fc:5f:
                    8d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8B:08:59:7A:5D:DC:1D:39:2F:60:F4:8B:39:50:9E:CA:A3:BC:19
            X509v3 Authority Key Identifier:
                keyid:52:62:04:15:D2:49:0A:5E:C3:F6:92:5B:9F:79:04:0E:8E:22:DD:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UmIEFdJJCl7D9pJbn3kEDo4i3b8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/h4sIWXpd3B05L2D0izlQnsqjvBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/09837c-98f3-4c9f-aebf-881488ffdbb0/1/UmIEFdJJCl7D9pJbn3kEDo4i3b8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.24.0/21
                IPv6:
                  2001:67c:64::/48

    Signature Algorithm: sha256WithRSAEncryption
         96:5d:c0:5d:ed:28:c0:f9:43:42:3c:c6:7e:6d:8a:85:94:10:
         db:11:63:99:8a:c0:43:c3:ea:bc:fe:19:d2:a5:04:08:ff:68:
         54:0b:56:fd:02:b8:32:e5:cd:da:21:26:3a:4c:cb:99:c7:0e:
         db:34:c9:d4:48:a8:12:2a:80:8a:3c:84:65:9c:3f:c1:53:dc:
         c8:0d:be:01:e5:83:17:ad:00:1b:25:64:c1:1c:3f:a7:32:0f:
         4d:ac:f6:8a:22:c6:27:82:c8:87:aa:c7:c8:3f:a2:31:18:70:
         5c:ef:67:8e:04:b4:06:fb:ab:ee:ff:54:84:f8:48:10:b8:76:
         ba:5f:99:34:ec:b9:da:51:cd:d2:ff:b6:5d:ad:fd:a0:77:60:
         03:aa:c0:96:6b:7f:85:e2:49:1f:30:76:b2:76:c2:98:a1:fe:
         44:23:48:5f:5a:0e:1e:16:44:56:5b:9a:5f:46:8c:c1:d6:e4:
         89:a3:af:bf:f0:98:1f:18:9c:b7:da:69:af:fa:eb:bb:5a:83:
         d7:13:2a:2b:1f:ae:8a:12:5f:20:f6:94:3a:83:c5:16:83:6f:
         cd:07:cd:ae:17:42:e6:33:da:ab:da:48:b2:8a:92:a9:2d:ff:
         db:00:9c:d7:b2:93:7e:b9:6d:c6:fe:00:8e:eb:74:7a:6a:0b:
         f0:37:c0:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZBrMu9Ozs1KA1LaoEXlkp3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNjIwNDE1ZDI0OTBhNWVjM2Y2OTI1YjlmNzkwNDBlOGUy
MmRkYmYwHhcNMjQwNjMwMjIxMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzhiMDg1OTdhNWRkYzFkMzkyZjYwZjQ4YjM5NTA5ZWNhYTNiYzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwAefw7gzHjJ13AzA8vXYVX8a7KA
kWuwAcA40tVnEozcqwatJaDr0YiUy+Hp3waCrcWcT2zCK2VyI0zGGg3ngG6ysfYL
bkDHsEkQNgOBy/eKbmgjYr7iyTi58SBElPHtQJooJOk1Enync18UvF/iHfHesaEC
dotKpPOLl4dBxSB2ZXz4gQUZifI37r8s8R7j7ZD0p/CD1Q3PW7A4oe04CqQmHkKI
HvfGVGhmKtMdayUeNK3H2VSSKXhIz0tTVw9bEqAnX3nu4mg7kEt8I09A+6tKbL7p
9M63pLCmSo6l8yPPNuzv0j0ZwkgpOZrYpQR+zhyI0d8z+p3D31bT/F+NbQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIeLCFl6XdwdOS9g9Is5UJ7Ko7wZMB8GA1UdIwQY
MBaAFFJiBBXSSQpew/aSW595BA6OIt2/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYt
ODgxNDg4ZmZkYmIwLzEvaDRzSVdYcGQzQjA1TDJEMGl6bFFuc3FqdkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8wOTgzN2MtOThmMy00YzlmLWFlYmYtODgxNDg4ZmZkYmIw
LzEvVW1JRUZkSkpDbDdEOXBKYm4za0VEbzRpM2I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDwQAYMA8E
AgACMAkDBwAgAQZ8AGQwDQYJKoZIhvcNAQELBQADggEBAJZdwF3tKMD5Q0I8xn5t
ioWUENsRY5mKwEPD6rz+GdKlBAj/aFQLVv0CuDLlzdohJjpMy5nHDts0ydRIqBIq
gIo8hGWcP8FT3MgNvgHlgxetABslZMEcP6cyD02s9ooixieCyIeqx8g/ojEYcFzv
Z44EtAb7q+7/VIT4SBC4drpfmTTsudpRzdL/tl2t/aB3YAOqwJZrf4XiSR8wdrJ2
wpih/kQjSF9aDh4WRFZbml9GjMHW5Imjr7/wmB8YnLfaaa/667tag9cTKisfrooS
XyD2lDqDxRaDb80Hza4XQuYz2qvaSLKKkqkt/9sAnNeyk365bcb+AI7rdHpqC/A3
wHI=
-----END CERTIFICATE-----
Generated at Mon Jul 1 01:28:04 2024 by rpki-client on console-ams.rpki-client.org