Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/XCvTNI4vdmyJNTitGbrDOUCM94A.roa
File:                     XCvTNI4vdmyJNTitGbrDOUCM94A.roa (raw, json)
Hash identifier:          1bJQjD4YIwhSb7Ik6Z5XoBfleeonHQaSPkWUzOTSKp4=
Subject key identifier:   5C:2B:D3:34:8E:2F:76:6C:89:35:38:AD:19:BA:C3:39:40:8C:F7:80
Certificate issuer:       /CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
Certificate serial:       0185DF73F80002D29B32472D0151E70CC6EC
Authority key identifier: B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/XCvTNI4vdmyJNTitGbrDOUCM94A.roa
Signing time:             Mon 23 Jan 2023 16:26:37 +0000
ROA not before:           Mon 23 Jan 2023 16:26:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     996
IP address blocks:        95.140.152.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Sat 28 Jan 2023 18:47:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:df:73:f8:00:02:d2:9b:32:47:2d:01:51:e7:0c:c6:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9ea8936f8e53063b4b3bdf0f3b15b2ae667ef13
        Validity
            Not Before: Jan 23 16:26:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c2bd3348e2f766c893538ad19bac339408cf780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:59:35:b7:c7:22:82:36:b8:52:e8:9d:3d:c3:
                    cd:e4:b6:4b:c7:9f:9d:84:da:75:8a:78:70:16:49:
                    07:2e:a9:68:92:34:b8:a0:db:f3:3a:60:83:b8:17:
                    43:7e:71:23:11:ad:44:55:19:09:0f:48:4d:53:98:
                    7b:9b:00:73:aa:a5:b9:04:f1:10:d8:47:3e:88:20:
                    9d:6c:f3:95:14:75:9b:81:b7:0f:6c:4b:2c:9a:f7:
                    67:31:ca:38:0b:12:30:32:2c:b1:51:8a:84:1a:a5:
                    54:74:64:0c:a0:2a:cc:81:fb:ed:67:a7:dd:1a:21:
                    77:ad:0a:38:6c:7a:10:81:19:70:4e:f5:56:5c:90:
                    53:f1:a1:9e:d4:9f:4d:2a:08:41:76:c3:b8:6b:6b:
                    75:ef:10:03:32:be:c7:d2:55:fc:62:a7:c5:6c:95:
                    ff:a7:43:91:78:81:63:8c:d7:1d:26:3d:7b:26:8d:
                    0d:e2:f2:91:38:3b:1c:3f:8d:c0:d4:fc:80:29:33:
                    b3:a3:2e:d1:23:5d:34:a8:61:a1:15:70:9a:3f:fa:
                    4c:f2:e6:38:c2:d6:bd:1e:f0:61:2f:6a:97:5a:3d:
                    88:ca:d9:63:25:4d:81:78:40:68:8c:56:7d:c4:a6:
                    0b:a0:d7:eb:ee:f1:37:8b:38:e3:89:6a:55:e6:a6:
                    42:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2B:D3:34:8E:2F:76:6C:89:35:38:AD:19:BA:C3:39:40:8C:F7:80
            X509v3 Authority Key Identifier:
                keyid:B9:EA:89:36:F8:E5:30:63:B4:B3:BD:F0:F3:B1:5B:2A:E6:67:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ueqJNvjlMGO0s73w87FbKuZn7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/XCvTNI4vdmyJNTitGbrDOUCM94A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/ec29e2-3440-409a-986a-b250997fc75d/1/ueqJNvjlMGO0s73w87FbKuZn7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.140.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9b:2e:3b:19:bd:c3:0e:a4:64:e1:49:b9:6c:10:48:0f:60:4b:
         3d:6c:0e:f8:7e:7a:79:e1:8a:be:53:9f:9e:ff:e1:e1:4d:e2:
         fa:3b:fb:28:f0:83:14:34:20:51:fa:ad:78:bc:0f:2f:86:bc:
         29:9d:be:df:46:15:04:a3:1f:e0:32:3d:30:28:fd:94:1e:9d:
         8c:17:34:3a:f9:f4:b2:a3:60:73:db:f5:05:eb:e5:35:8a:9c:
         1b:d4:9c:9c:2f:b0:92:25:cf:26:c7:26:d4:50:49:56:8d:02:
         2f:fb:e5:af:62:a2:13:0e:3e:46:9c:b8:e6:29:bc:d3:7d:47:
         e7:d9:23:68:0b:4f:8d:98:3e:72:ac:57:31:ac:be:c0:31:65:
         74:f7:c8:48:a4:8b:82:cd:aa:d1:9d:c3:87:28:7a:11:2e:6a:
         d2:7f:da:ca:76:48:f6:fa:d9:53:15:c0:b6:af:2a:78:ac:76:
         7d:06:af:96:da:fc:5e:e4:43:5e:a7:8b:32:6f:3a:2e:99:73:
         92:af:d9:fa:86:bf:90:cd:03:00:c8:94:8b:0f:63:5b:b7:49:
         5b:cb:9c:a7:90:bb:bf:d3:8a:ff:2c:ac:be:5d:69:33:ff:c9:
         75:1a:76:73:51:20:cb:05:7c:94:80:ad:9a:ec:a7:52:d6:4e:
         f8:f5:e0:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYXfc/gAAtKbMkctAVHnDMbsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZWE4OTM2ZjhlNTMwNjNiNGIzYmRmMGYzYjE1YjJhZTY2
N2VmMTMwHhcNMjMwMTIzMTYyNjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJiZDMzNDhlMmY3NjZjODkzNTM4YWQxOWJhYzMzOTQwOGNmNzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFk1t8cigja4UuidPcPN5LZLx5+d
hNp1inhwFkkHLqlokjS4oNvzOmCDuBdDfnEjEa1EVRkJD0hNU5h7mwBzqqW5BPEQ
2Ec+iCCdbPOVFHWbgbcPbEssmvdnMco4CxIwMiyxUYqEGqVUdGQMoCrMgfvtZ6fd
GiF3rQo4bHoQgRlwTvVWXJBT8aGe1J9NKghBdsO4a2t17xADMr7H0lX8YqfFbJX/
p0OReIFjjNcdJj17Jo0N4vKRODscP43A1PyAKTOzoy7RI100qGGhFXCaP/pM8uY4
wta9HvBhL2qXWj2IytljJU2BeEBojFZ9xKYLoNfr7vE3izjjiWpV5qZCfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwr0zSOL3ZsiTU4rRm6wzlAjPeAMB8GA1UdIwQY
MBaAFLnqiTb45TBjtLO98POxWyrmZ+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEt
YjI1MDk5N2ZjNzVkLzEvWEN2VE5JNHZkbXlKTlRpdEdickRPVUNNOTRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lYzI5ZTItMzQ0MC00MDlhLTk4NmEtYjI1MDk5N2ZjNzVk
LzEvdWVxSk52amxNR08wczczdzg3RmJLdVpuN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX4yYMA0G
CSqGSIb3DQEBCwUAA4IBAQCbLjsZvcMOpGThSblsEEgPYEs9bA74fnp54Yq+U5+e
/+HhTeL6O/so8IMUNCBR+q14vA8vhrwpnb7fRhUEox/gMj0wKP2UHp2MFzQ6+fSy
o2Bz2/UF6+U1ipwb1JycL7CSJc8mxybUUElWjQIv++WvYqITDj5GnLjmKbzTfUfn
2SNoC0+NmD5yrFcxrL7AMWV098hIpIuCzarRncOHKHoRLmrSf9rKdkj2+tlTFcC2
ryp4rHZ9Bq+W2vxe5ENep4sybzoumXOSr9n6hr+QzQMAyJSLD2Nbt0lby5ynkLu/
04r/LKy+XWkz/8l1GnZzUSDLBXyUgK2a7KdS1k749eD+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:23 2024 by rpki-client on console-ams.rpki-client.org