Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/h2J-VybRAsXQBiMxphv_Hm0l12s.roa
File:                     h2J-VybRAsXQBiMxphv_Hm0l12s.roa (raw, json)
Hash identifier:          LrJmR0VYX6qCIku71Ki7nd7fdBXIcnX+Bffq/0KreTo=
Subject key identifier:   87:62:7E:57:26:D1:02:C5:D0:06:23:31:A6:1B:FF:1E:6D:25:D7:6B
Certificate issuer:       /CN=4cad0397487799e2118ff4cbcf8f159747f35891
Certificate serial:       01857169B35E1C9EDD8610B3C11297395A1D
Authority key identifier: 4C:AD:03:97:48:77:99:E2:11:8F:F4:CB:CF:8F:15:97:47:F3:58:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/h2J-VybRAsXQBiMxphv_Hm0l12s.roa
Signing time:             Mon 02 Jan 2023 07:37:10 +0000
ROA not before:           Mon 02 Jan 2023 07:37:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200995
IP address blocks:        212.72.236.0/22 maxlen: 24
                          2001:7bb::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:b3:5e:1c:9e:dd:86:10:b3:c1:12:97:39:5a:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cad0397487799e2118ff4cbcf8f159747f35891
        Validity
            Not Before: Jan  2 07:37:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87627e5726d102c5d0062331a61bff1e6d25d76b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:ff:dd:d4:5a:2b:fb:d1:ef:75:8b:ae:91:b3:
                    bd:2f:6c:71:32:1c:ca:33:f9:3e:ec:3a:c4:d2:90:
                    b1:5d:46:f8:c1:81:b4:45:60:c1:ac:ee:1b:bd:b6:
                    b1:17:5c:fc:9f:df:11:54:c8:5e:d8:ca:a4:79:53:
                    80:1a:86:02:00:3a:f8:8e:13:04:80:31:88:e6:67:
                    b4:93:29:4f:f9:7c:ad:7d:e9:bf:09:f9:68:20:cb:
                    50:38:3b:9b:c8:f0:90:33:b8:8a:8e:11:b0:8e:f2:
                    a3:18:2e:69:6c:65:87:cd:4a:ac:85:e3:c5:8f:2d:
                    1f:c9:3e:58:02:26:fc:78:38:85:cd:a2:83:31:84:
                    09:eb:93:39:46:38:7a:f6:e0:38:a5:a8:8e:db:a9:
                    48:76:8c:dd:a6:fb:1c:7e:de:57:9a:ce:8c:b3:8c:
                    8b:5e:4c:46:8e:5c:12:2f:3f:26:d7:db:32:37:8f:
                    3a:c1:50:9b:2c:8b:7d:d3:6b:38:f4:e4:fe:21:00:
                    e7:01:52:3c:ea:85:96:c0:68:1a:34:fe:db:6c:34:
                    cb:50:8d:06:6f:6a:9c:13:c6:36:bb:49:c0:df:57:
                    a8:e9:99:12:3c:be:06:32:a5:33:c3:55:42:5e:9a:
                    68:4c:63:44:24:52:67:4a:e7:4d:32:91:40:4b:cf:
                    ea:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:62:7E:57:26:D1:02:C5:D0:06:23:31:A6:1B:FF:1E:6D:25:D7:6B
            X509v3 Authority Key Identifier:
                keyid:4C:AD:03:97:48:77:99:E2:11:8F:F4:CB:CF:8F:15:97:47:F3:58:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TK0Dl0h3meIRj_TLz48Vl0fzWJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/h2J-VybRAsXQBiMxphv_Hm0l12s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/ea0196-ab79-42cf-ab2b-fc4b03710ae0/1/TK0Dl0h3meIRj_TLz48Vl0fzWJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.72.236.0/22
                IPv6:
                  2001:7bb::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:84:d1:34:d9:ec:c8:bd:94:74:bd:e4:62:92:c6:22:80:cd:
         31:8c:44:0d:50:67:9e:61:95:a7:f1:c6:e7:84:27:db:ce:90:
         a4:d4:4d:ca:5e:2e:5d:ad:f0:e8:a1:69:65:88:82:11:ca:c3:
         f0:e2:80:16:25:be:f6:b1:24:ef:4e:84:79:2c:22:8e:ac:31:
         42:43:7f:96:b7:0b:a4:39:ae:53:83:c6:aa:75:d7:0b:e4:f1:
         06:88:67:13:73:fd:bb:5f:6a:6a:46:f6:03:60:cd:da:91:f0:
         d7:0e:27:bf:bb:40:97:69:b7:8f:50:c0:c2:5d:17:a0:56:70:
         f5:d1:50:a9:0b:61:a7:3d:75:58:f4:6e:ca:5b:bc:b3:73:36:
         73:f1:a3:0c:61:e5:a3:18:1f:15:13:f8:b1:2b:3d:e0:b2:fb:
         1c:70:26:5b:9b:fe:10:17:2b:38:03:61:cd:5e:a7:fb:2d:98:
         54:7f:63:3d:a3:6d:35:9b:a8:71:1a:57:fa:04:84:3e:c6:37:
         88:12:88:a7:f0:cd:3b:2d:9f:dc:f9:3d:a2:c3:55:d3:da:91:
         20:e2:ca:0d:36:88:62:f1:cb:dd:d7:e2:10:7a:f5:4d:db:92:
         ee:5d:0d:21:c7:a2:af:79:ad:c9:0f:4e:5d:5d:65:85:1e:69:
         e9:c3:aa:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxabNeHJ7dhhCzwRKXOVodMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjYWQwMzk3NDg3Nzk5ZTIxMThmZjRjYmNmOGYxNTk3NDdm
MzU4OTEwHhcNMjMwMTAyMDczNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzYyN2U1NzI2ZDEwMmM1ZDAwNjIzMzFhNjFiZmYxZTZkMjVkNzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh//d1For+9HvdYuukbO9L2xxMhzK
M/k+7DrE0pCxXUb4wYG0RWDBrO4bvbaxF1z8n98RVMhe2MqkeVOAGoYCADr4jhME
gDGI5me0kylP+Xytfem/CfloIMtQODubyPCQM7iKjhGwjvKjGC5pbGWHzUqshePF
jy0fyT5YAib8eDiFzaKDMYQJ65M5Rjh69uA4paiO26lIdozdpvscft5Xms6Ms4yL
XkxGjlwSLz8m19syN486wVCbLIt902s49OT+IQDnAVI86oWWwGgaNP7bbDTLUI0G
b2qcE8Y2u0nA31eo6ZkSPL4GMqUzw1VCXppoTGNEJFJnSudNMpFAS8/qQwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIdiflcm0QLF0AYjMaYb/x5tJddrMB8GA1UdIwQY
MBaAFEytA5dId5niEY/0y8+PFZdH81iRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEswRGwwaDNtZUlSal9UTHo0OFZsMGZ6V0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9lYTAxOTYtYWI3OS00MmNmLWFiMmIt
ZmM0YjAzNzEwYWUwLzEvaDJKLVZ5YlJBc1hRQmlNeHBodl9IbTBsMTJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9lYTAxOTYtYWI3OS00MmNmLWFiMmItZmM0YjAzNzEwYWUw
LzEvVEswRGwwaDNtZUlSal9UTHo0OFZsMGZ6V0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1EjsMA0E
AgACMAcDBQAgAQe7MA0GCSqGSIb3DQEBCwUAA4IBAQAhhNE02ezIvZR0veRiksYi
gM0xjEQNUGeeYZWn8cbnhCfbzpCk1E3KXi5drfDooWlliIIRysPw4oAWJb72sSTv
ToR5LCKOrDFCQ3+WtwukOa5Tg8aqddcL5PEGiGcTc/27X2pqRvYDYM3akfDXDie/
u0CXabePUMDCXRegVnD10VCpC2GnPXVY9G7KW7yzczZz8aMMYeWjGB8VE/ixKz3g
svsccCZbm/4QFys4A2HNXqf7LZhUf2M9o201m6hxGlf6BIQ+xjeIEoin8M07LZ/c
+T2iw1XT2pEg4soNNohi8cvd1+IQevVN25LuXQ0hx6Kvea3JD05dXWWFHmnpw6rg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:41:14 2024 by rpki-client on console-fra.rpki-client.org