Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/iAQ5VjiSo5r79Iq9CfI18TB3KDQ.roa
File:                     iAQ5VjiSo5r79Iq9CfI18TB3KDQ.roa (raw, json)
Hash identifier:          F5RYG1ZwFZgmoBkk/Sfsh1ZTk6CQ77Q6yVrNVr56TYA=
Subject key identifier:   88:04:39:56:38:92:A3:9A:FB:F4:8A:BD:09:F2:35:F1:30:77:28:34
Certificate issuer:       /CN=ff56d837fe254fa92e1f3c2f861aa1e485521746
Certificate serial:       018573CCE8A71C64B67938BAB0072C0F839B
Authority key identifier: FF:56:D8:37:FE:25:4F:A9:2E:1F:3C:2F:86:1A:A1:E4:85:52:17:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/iAQ5VjiSo5r79Iq9CfI18TB3KDQ.roa
Signing time:             Mon 02 Jan 2023 18:44:46 +0000
ROA not before:           Mon 02 Jan 2023 18:44:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21101
IP address blocks:        94.143.96.0/21 maxlen: 24
                          193.109.32.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Tue 18 Jul 2023 08:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:cc:e8:a7:1c:64:b6:79:38:ba:b0:07:2c:0f:83:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff56d837fe254fa92e1f3c2f861aa1e485521746
        Validity
            Not Before: Jan  2 18:44:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=880439563892a39afbf48abd09f235f130772834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e5:17:e6:32:5d:cd:73:d9:f8:1c:96:ac:78:
                    84:34:4d:07:32:2c:a2:e6:53:b7:89:8d:1d:ad:03:
                    14:d2:fd:2d:7a:fb:b2:eb:9b:7f:73:6b:dd:48:79:
                    a0:7b:c1:9b:65:5e:46:8f:19:df:c5:00:c0:95:04:
                    4c:90:f9:0c:ec:75:2a:6a:ac:e1:71:ec:c1:d2:c3:
                    40:a6:d0:e3:b8:7b:06:7d:2d:8b:f8:ac:7a:57:12:
                    7e:e8:56:94:6f:0f:7d:13:62:8e:44:e2:d6:fb:24:
                    de:4e:52:f1:05:8e:16:e8:de:6d:8b:98:99:8a:36:
                    7c:f7:17:b0:12:bb:31:0b:da:88:25:7c:c9:cd:a0:
                    d6:56:6a:1f:9e:11:cc:f5:91:78:6f:e8:c5:5f:8a:
                    df:da:e9:8e:74:67:e1:fe:e2:6c:10:c4:62:f7:a8:
                    81:0f:09:91:64:0f:54:9a:52:28:30:fe:64:2c:2f:
                    ff:00:56:b8:5b:f5:92:75:b0:42:72:9e:e8:fa:d4:
                    a9:19:47:f6:37:80:c2:3f:e8:cd:9c:8b:da:c4:4d:
                    e3:4b:fe:90:e0:bd:3b:8e:06:b3:27:1d:56:ab:e5:
                    dd:b8:e8:a4:a2:4b:fb:ed:e4:5b:53:52:17:6a:7a:
                    71:55:66:4f:4c:63:ca:df:43:48:27:95:c0:05:78:
                    15:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:04:39:56:38:92:A3:9A:FB:F4:8A:BD:09:F2:35:F1:30:77:28:34
            X509v3 Authority Key Identifier:
                keyid:FF:56:D8:37:FE:25:4F:A9:2E:1F:3C:2F:86:1A:A1:E4:85:52:17:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/iAQ5VjiSo5r79Iq9CfI18TB3KDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.96.0/21
                  193.109.32.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:ca:21:c0:a0:de:80:d7:62:60:41:46:3a:79:50:dd:f0:80:
         19:ec:53:e4:c9:9a:40:88:ec:94:c3:09:e7:84:be:c9:55:03:
         d5:00:cc:a6:5f:9c:11:67:08:84:90:c0:49:d3:de:ce:6c:a6:
         d4:17:dc:42:8c:cf:40:11:c7:8c:c0:d8:62:cc:86:75:92:aa:
         20:6f:3b:84:a6:0f:a0:2f:b7:6c:c9:44:87:c8:b4:05:ad:1d:
         8d:d3:04:db:d4:5b:58:53:2d:85:d5:59:1e:fe:3f:81:15:65:
         59:19:ac:61:d2:41:0e:f2:ac:f2:06:fa:bf:c0:36:09:1d:f0:
         03:ff:03:41:73:0f:ab:bd:cb:04:de:51:2a:f4:15:7a:dd:fa:
         45:64:75:ae:6b:a9:ea:c1:cc:6a:c0:14:88:3c:82:a7:17:e0:
         1e:33:10:e9:c9:26:dd:17:11:57:99:0e:85:4a:da:95:1b:9b:
         2f:18:a0:b1:72:63:86:35:6a:48:f0:97:e8:f4:a4:6b:7b:14:
         9f:25:8f:00:aa:2b:4e:08:ff:2c:39:04:7f:f1:1d:fe:74:02:
         6c:93:35:3f:49:b9:fc:78:7f:95:68:93:78:ef:a1:b4:74:c0:
         e6:22:c2:bd:a1:e7:b9:d7:f6:f0:59:46:05:c7:9a:19:bd:33:
         72:29:30:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVzzOinHGS2eTi6sAcsD4ObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNTZkODM3ZmUyNTRmYTkyZTFmM2MyZjg2MWFhMWU0ODU1
MjE3NDYwHhcNMjMwMTAyMTg0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODA0Mzk1NjM4OTJhMzlhZmJmNDhhYmQwOWYyMzVmMTMwNzcyODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+UX5jJdzXPZ+ByWrHiENE0HMiyi
5lO3iY0drQMU0v0tevuy65t/c2vdSHmge8GbZV5GjxnfxQDAlQRMkPkM7HUqaqzh
cezB0sNAptDjuHsGfS2L+Kx6VxJ+6FaUbw99E2KOROLW+yTeTlLxBY4W6N5ti5iZ
ijZ89xewErsxC9qIJXzJzaDWVmofnhHM9ZF4b+jFX4rf2umOdGfh/uJsEMRi96iB
DwmRZA9UmlIoMP5kLC//AFa4W/WSdbBCcp7o+tSpGUf2N4DCP+jNnIvaxE3jS/6Q
4L07jgazJx1Wq+XduOikokv77eRbU1IXanpxVWZPTGPK30NIJ5XABXgV0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIgEOVY4kqOa+/SKvQnyNfEwdyg0MB8GA1UdIwQY
MBaAFP9W2Df+JU+pLh88L4YaoeSFUhdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzFiWU5fNGxUNmt1SHp3dmhocWg1SVZTRjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYjM3NDktOTY3My00MTJkLWIzNDgt
NTBmYzRkNTU3ZDA4LzEvaUFRNVZqaVNvNXI3OUlxOUNmSTE4VEIzS0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYjM3NDktOTY3My00MTJkLWIzNDgtNTBmYzRkNTU3ZDA4
LzEvXzFiWU5fNGxUNmt1SHp3dmhocWg1SVZTRjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXo9gAwQD
wW0gMA0GCSqGSIb3DQEBCwUAA4IBAQA1yiHAoN6A12JgQUY6eVDd8IAZ7FPkyZpA
iOyUwwnnhL7JVQPVAMymX5wRZwiEkMBJ097ObKbUF9xCjM9AEceMwNhizIZ1kqog
bzuEpg+gL7dsyUSHyLQFrR2N0wTb1FtYUy2F1Vke/j+BFWVZGaxh0kEO8qzyBvq/
wDYJHfAD/wNBcw+rvcsE3lEq9BV63fpFZHWua6nqwcxqwBSIPIKnF+AeMxDpySbd
FxFXmQ6FStqVG5svGKCxcmOGNWpI8Jfo9KRrexSfJY8AqitOCP8sOQR/8R3+dAJs
kzU/Sbn8eH+VaJN476G0dMDmIsK9oee51/bwWUYFx5oZvTNyKTD5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:17 2024 by rpki-client on console-fra.rpki-client.org