Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/t5pfrHy8Wg6-3o9EFKw7pFDdBQM.roa
File:                     t5pfrHy8Wg6-3o9EFKw7pFDdBQM.roa (raw, json)
Hash identifier:          BqmtiiWDi629HkekiTJawH6gly1JWg9/N4AfM68elUs=
Subject key identifier:   B7:9A:5F:AC:7C:BC:5A:0E:BE:DE:8F:44:14:AC:3B:A4:50:DD:05:03
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018DD020D25DBA54E94F6F06DFB0BCD4868D
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/t5pfrHy8Wg6-3o9EFKw7pFDdBQM.roa
Signing time:             Thu 22 Feb 2024 09:23:48 +0000
ROA not before:           Thu 22 Feb 2024 09:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213323
IP address blocks:        185.248.138.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Apr 2024 18:03:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d0:20:d2:5d:ba:54:e9:4f:6f:06:df:b0:bc:d4:86:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Feb 22 09:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b79a5fac7cbc5a0ebede8f4414ac3ba450dd0503
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8c:09:19:6e:f1:9f:db:0c:ad:49:3d:37:db:
                    f1:98:7e:79:6e:1a:5c:b9:84:3e:ca:cb:7d:dc:47:
                    4a:95:f1:83:bb:8f:0b:50:65:2d:a0:14:92:5a:dd:
                    5d:28:44:5e:c0:16:c1:56:dd:0e:f5:a2:45:02:b3:
                    27:66:54:87:a1:64:24:86:ba:e0:93:78:ec:7f:7a:
                    c9:ff:72:63:ef:8b:1c:73:7e:26:0f:46:2c:0e:e2:
                    75:ac:20:88:48:d4:12:34:a9:22:a6:b1:16:e5:41:
                    29:0d:b8:ba:0b:0e:13:0b:79:82:e3:06:52:b9:db:
                    e6:52:ba:0c:0f:13:24:a1:78:32:79:75:46:da:a3:
                    04:65:c4:49:0d:16:fe:5c:f4:5d:44:08:17:58:c0:
                    cd:8c:d4:19:bd:82:9f:95:36:2a:a7:b0:89:a9:a5:
                    71:dc:eb:bf:cd:7f:8e:fc:11:d2:c2:f6:e6:44:20:
                    4e:c8:eb:ef:bb:90:59:ca:18:58:fb:d0:ab:05:dc:
                    97:0b:7d:51:ab:4a:7f:87:9c:1f:c9:92:8d:fe:e9:
                    aa:91:a8:a9:9f:d4:c9:e9:2b:58:bb:e0:cf:d6:28:
                    a0:b2:bf:c2:2e:7e:db:63:f9:36:2c:40:d5:96:75:
                    ed:e2:d9:a0:e9:dd:75:bf:c2:5a:bd:55:dc:8b:f0:
                    c2:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:9A:5F:AC:7C:BC:5A:0E:BE:DE:8F:44:14:AC:3B:A4:50:DD:05:03
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/t5pfrHy8Wg6-3o9EFKw7pFDdBQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c1:13:da:dc:fc:15:c2:f9:53:40:bc:4b:3a:18:74:4c:3b:a3:
         e3:52:bc:54:04:ae:f5:5c:4b:8e:f1:62:99:2b:67:9e:18:d4:
         ca:95:43:1d:bd:6a:7f:54:2a:75:5d:68:6c:51:77:3a:af:6b:
         7d:a3:66:7e:0f:27:19:81:74:50:f2:2e:38:47:24:8f:f7:20:
         ca:a6:8f:8b:3b:26:eb:3c:b5:68:d3:49:6c:75:50:00:e9:17:
         a9:26:6f:08:55:fd:07:a5:af:97:8b:81:84:75:35:6b:f7:9f:
         cf:9d:3f:f8:76:fb:44:a6:eb:50:a7:7f:fc:d6:92:66:d6:34:
         5e:47:f5:d4:61:36:3b:92:7f:aa:60:02:ab:77:1b:5f:a2:b1:
         64:80:be:8d:44:98:a5:ae:46:fb:94:9f:26:01:97:c0:33:fe:
         d6:4a:a8:cc:87:1c:87:b7:7e:b9:4a:a9:67:eb:98:59:f3:30:
         12:23:85:cd:fe:c6:8f:7e:4e:5e:a9:4f:8c:95:7f:bd:22:8d:
         7a:0b:53:41:13:1e:a7:f6:35:f7:34:62:d6:55:55:12:12:43:
         46:51:da:ed:92:b0:17:17:77:b9:4c:35:4c:1f:87:01:c1:f7:
         60:29:de:03:e7:ee:3d:47:92:76:c9:af:57:f8:25:27:2e:bd:
         d1:0f:86:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3QINJdulTpT28G37C81IaNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwMjIyMDkyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzlhNWZhYzdjYmM1YTBlYmVkZThmNDQxNGFjM2JhNDUwZGQwNTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIwJGW7xn9sMrUk9N9vxmH55bhpc
uYQ+yst93EdKlfGDu48LUGUtoBSSWt1dKERewBbBVt0O9aJFArMnZlSHoWQkhrrg
k3jsf3rJ/3Jj74scc34mD0YsDuJ1rCCISNQSNKkiprEW5UEpDbi6Cw4TC3mC4wZS
udvmUroMDxMkoXgyeXVG2qMEZcRJDRb+XPRdRAgXWMDNjNQZvYKflTYqp7CJqaVx
3Ou/zX+O/BHSwvbmRCBOyOvvu5BZyhhY+9CrBdyXC31Rq0p/h5wfyZKN/umqkaip
n9TJ6StYu+DP1iigsr/CLn7bY/k2LEDVlnXt4tmg6d11v8JavVXci/DCsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeaX6x8vFoOvt6PRBSsO6RQ3QUDMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvdDVwZnJIeThXZzYtM285RUZLdzdwRkRkQlFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufiKMA0G
CSqGSIb3DQEBCwUAA4IBAQDBE9rc/BXC+VNAvEs6GHRMO6PjUrxUBK71XEuO8WKZ
K2eeGNTKlUMdvWp/VCp1XWhsUXc6r2t9o2Z+DycZgXRQ8i44RySP9yDKpo+LOybr
PLVo00lsdVAA6RepJm8IVf0Hpa+Xi4GEdTVr95/PnT/4dvtEputQp3/81pJm1jRe
R/XUYTY7kn+qYAKrdxtforFkgL6NRJilrkb7lJ8mAZfAM/7WSqjMhxyHt365Sqln
65hZ8zASI4XN/saPfk5eqU+MlX+9Io16C1NBEx6n9jX3NGLWVVUSEkNGUdrtkrAX
F3e5TDVMH4cBwfdgKd4D5+49R5J2ya9X+CUnLr3RD4aL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:14 2024 by rpki-client on console-fra.rpki-client.org