Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/tpU0nRvOHCqBMHuMMz6y9CZMiI8.roa
File:                     tpU0nRvOHCqBMHuMMz6y9CZMiI8.roa (raw, json)
Hash identifier:          /wW3OWUCiCncs7THL0HkyFKfZc1VdBImmGfw59rfkrY=
Subject key identifier:   B6:95:34:9D:1B:CE:1C:2A:81:30:7B:8C:33:3E:B2:F4:26:4C:88:8F
Certificate issuer:       /CN=a3d31f1799bf5588ffa988e49286bfc70a4b34be
Certificate serial:       01856F391F1FADE2A649DAFEA6AD9B254878
Authority key identifier: A3:D3:1F:17:99:BF:55:88:FF:A9:88:E4:92:86:BF:C7:0A:4B:34:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o9MfF5m_VYj_qYjkkoa_xwpLNL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/tpU0nRvOHCqBMHuMMz6y9CZMiI8.roa
Signing time:             Sun 01 Jan 2023 21:24:52 +0000
ROA not before:           Sun 01 Jan 2023 21:24:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20768
IP address blocks:        217.151.208.0/20 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:29:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:39:1f:1f:ad:e2:a6:49:da:fe:a6:ad:9b:25:48:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3d31f1799bf5588ffa988e49286bfc70a4b34be
        Validity
            Not Before: Jan  1 21:24:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b695349d1bce1c2a81307b8c333eb2f4264c888f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:04:d5:dd:cb:77:75:ec:4b:c7:c2:9f:41:99:
                    52:7a:28:3b:18:b3:33:6b:b1:a0:4c:f8:d2:86:a5:
                    39:21:cf:a4:a1:9d:33:d3:e7:65:01:87:7d:c5:15:
                    f1:c7:e7:fb:17:28:a1:16:f8:e4:0f:c7:13:a8:b1:
                    d7:66:66:17:30:20:c4:d3:46:c3:a2:e1:85:55:5f:
                    28:1c:29:53:ca:bb:8b:48:62:1b:9f:bc:66:cb:63:
                    17:f6:69:75:62:f8:d5:e7:5b:e3:3e:87:68:d9:8f:
                    ac:fc:96:f4:90:38:8f:c7:08:52:61:a4:1f:a3:f8:
                    f3:8c:4e:2e:98:a1:f0:05:da:d3:bc:f5:7d:af:50:
                    56:19:96:7a:3d:90:cb:c6:8c:22:99:ba:ff:a9:1d:
                    de:cc:e9:ec:2f:19:2f:02:27:41:b9:75:71:93:07:
                    85:46:2c:c0:03:34:63:91:f4:fd:64:a1:72:96:5c:
                    80:dd:74:7e:4f:8f:bd:ca:6b:5e:9b:18:e2:d8:62:
                    0c:cc:e3:57:74:6c:1f:d2:55:45:af:76:e5:4f:c1:
                    8d:12:58:8f:a0:94:49:e8:59:62:0d:b3:8f:e6:ed:
                    e4:3f:19:8f:f0:81:0b:79:ec:cf:9a:61:93:ab:55:
                    9e:b2:2f:8c:24:47:ec:eb:40:fd:7f:d9:f7:93:63:
                    b3:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:95:34:9D:1B:CE:1C:2A:81:30:7B:8C:33:3E:B2:F4:26:4C:88:8F
            X509v3 Authority Key Identifier:
                keyid:A3:D3:1F:17:99:BF:55:88:FF:A9:88:E4:92:86:BF:C7:0A:4B:34:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o9MfF5m_VYj_qYjkkoa_xwpLNL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/tpU0nRvOHCqBMHuMMz6y9CZMiI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/1acd6c-892f-45e1-b145-ade5261c1043/1/o9MfF5m_VYj_qYjkkoa_xwpLNL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.151.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8b:53:25:5f:c0:41:dc:3f:58:d7:b1:31:69:de:63:c9:ce:fe:
         52:90:56:28:1c:41:92:f8:fb:05:c3:54:a3:66:81:7d:5a:a5:
         ff:93:20:ce:c0:8e:f1:53:fb:b6:23:7c:aa:79:cc:52:4c:4d:
         58:df:43:86:07:d0:37:24:7d:23:93:da:70:e6:4a:c6:37:97:
         23:61:13:53:5c:ca:a7:0c:ef:60:46:b1:82:e3:ae:eb:d5:cf:
         18:29:79:36:82:18:d4:33:85:55:c4:1f:57:35:2c:a4:a4:65:
         66:97:94:6b:83:21:b1:44:88:7f:b9:90:e1:73:42:79:1b:3c:
         94:35:4a:8f:b9:71:9f:12:62:b7:9b:17:80:4d:d0:9d:d5:d5:
         8f:4a:13:53:1f:9b:23:ce:fe:1d:57:ca:05:03:69:d9:7f:10:
         f7:4b:03:c6:27:6e:b0:7a:b1:bd:95:5e:6d:60:74:97:be:1e:
         de:f8:3d:04:7c:8f:22:01:34:d6:f6:91:da:c6:cf:92:3a:d1:
         95:0e:d5:30:0a:5d:be:22:b4:bc:4d:8e:b8:a8:b4:73:a5:d5:
         b8:f3:bc:71:ed:92:c2:57:3f:ea:15:f2:c2:96:b9:af:34:37:
         59:ea:a6:07:bf:9f:19:c4:0d:e0:2e:6d:da:fe:c8:3c:e9:91:
         07:a2:a2:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvOR8freKmSdr+pq2bJUh4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZDMxZjE3OTliZjU1ODhmZmE5ODhlNDkyODZiZmM3MGE0
YjM0YmUwHhcNMjMwMTAxMjEyNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjk1MzQ5ZDFiY2UxYzJhODEzMDdiOGMzMzNlYjJmNDI2NGM4ODhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnATV3ct3dexLx8KfQZlSeig7GLMz
a7GgTPjShqU5Ic+koZ0z0+dlAYd9xRXxx+f7FyihFvjkD8cTqLHXZmYXMCDE00bD
ouGFVV8oHClTyruLSGIbn7xmy2MX9ml1YvjV51vjPodo2Y+s/Jb0kDiPxwhSYaQf
o/jzjE4umKHwBdrTvPV9r1BWGZZ6PZDLxowimbr/qR3ezOnsLxkvAidBuXVxkweF
RizAAzRjkfT9ZKFyllyA3XR+T4+9ymtemxji2GIMzONXdGwf0lVFr3blT8GNEliP
oJRJ6FliDbOP5u3kPxmP8IELeezPmmGTq1Wesi+MJEfs60D9f9n3k2OzEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaVNJ0bzhwqgTB7jDM+svQmTIiPMB8GA1UdIwQY
MBaAFKPTHxeZv1WI/6mI5JKGv8cKSzS+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzlNZkY1bV9WWWpfcVlqa2tvYV94d3BMTkw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8xYWNkNmMtODkyZi00NWUxLWIxNDUt
YWRlNTI2MWMxMDQzLzEvdHBVMG5Sdk9IQ3FCTUh1TU16Nnk5Q1pNaUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8xYWNkNmMtODkyZi00NWUxLWIxNDUtYWRlNTI2MWMxMDQz
LzEvbzlNZkY1bV9WWWpfcVlqa2tvYV94d3BMTkw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2ZfQMA0G
CSqGSIb3DQEBCwUAA4IBAQCLUyVfwEHcP1jXsTFp3mPJzv5SkFYoHEGS+PsFw1Sj
ZoF9WqX/kyDOwI7xU/u2I3yqecxSTE1Y30OGB9A3JH0jk9pw5krGN5cjYRNTXMqn
DO9gRrGC467r1c8YKXk2ghjUM4VVxB9XNSykpGVml5RrgyGxRIh/uZDhc0J5GzyU
NUqPuXGfEmK3mxeATdCd1dWPShNTH5sjzv4dV8oFA2nZfxD3SwPGJ26werG9lV5t
YHSXvh7e+D0EfI8iATTW9pHaxs+SOtGVDtUwCl2+IrS8TY64qLRzpdW487xx7ZLC
Vz/qFfLClrmvNDdZ6qYHv58ZxA3gLm3a/sg86ZEHoqJZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:01 2024 by rpki-client on console-ams.rpki-client.org