Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/3OKZgtSXSwRoJ40AUMytA5YFc9A.roa
File:                     3OKZgtSXSwRoJ40AUMytA5YFc9A.roa (raw, json)
Hash identifier:          HRXGl8baR9zriwZnejzLU/tXmJa1V7g6C9zuhdq0QX8=
Subject key identifier:   DC:E2:99:82:D4:97:4B:04:68:27:8D:00:50:CC:AD:03:96:05:73:D0
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       01856F5DCAD93AB02E40F055EE76C0782BD7
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/3OKZgtSXSwRoJ40AUMytA5YFc9A.roa
Signing time:             Sun 01 Jan 2023 22:04:55 +0000
ROA not before:           Sun 01 Jan 2023 22:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41921
IP address blocks:        213.33.116.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:5d:ca:d9:3a:b0:2e:40:f0:55:ee:76:c0:78:2b:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 22:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dce29982d4974b0468278d0050ccad03960573d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:bd:ac:64:e3:f6:cf:e6:b2:94:70:00:b8:4e:
                    60:e8:c3:44:c1:fb:e7:35:b3:e1:1b:c0:db:94:87:
                    ce:8c:da:86:87:f0:9b:b0:94:4d:a2:0c:e5:43:7e:
                    c3:e1:dd:2e:70:cc:70:96:78:b3:34:d0:85:39:a9:
                    2b:1c:1a:cb:d7:aa:29:cb:e8:32:a2:55:1e:6c:b1:
                    f0:7c:a6:49:34:eb:8e:5c:aa:fb:9a:37:9a:4d:8a:
                    b8:51:72:1b:0d:97:98:da:2f:6d:93:08:89:1b:4b:
                    36:3e:90:fa:28:34:83:cd:f0:86:4d:3b:b7:b3:14:
                    1e:28:ba:13:68:e5:58:e7:92:d9:2c:eb:a8:ca:ea:
                    70:c7:05:2a:e2:ec:2d:55:54:8f:20:11:2f:91:b0:
                    c8:67:2a:af:ae:8a:5b:ce:2d:e9:a7:08:2d:0b:47:
                    4f:70:20:35:e5:41:81:d8:1e:76:4f:e7:39:f2:8f:
                    1c:ef:07:e0:94:28:4e:37:6b:7c:07:59:77:d8:e1:
                    cb:11:69:02:25:13:8e:88:18:37:6c:d9:7c:8f:ff:
                    49:05:92:f5:1e:6d:ca:a9:11:3b:06:cb:9e:48:43:
                    0c:b1:54:f8:19:06:19:8c:a6:3d:8e:d0:56:98:c8:
                    31:ee:5b:bf:8d:b3:60:8d:05:4c:64:98:bc:c9:5d:
                    31:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E2:99:82:D4:97:4B:04:68:27:8D:00:50:CC:AD:03:96:05:73:D0
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/3OKZgtSXSwRoJ40AUMytA5YFc9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.33.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b0:ef:d6:dd:3b:58:0c:9e:dd:dd:23:f7:08:d4:9e:94:a4:
         f8:d9:43:c7:79:de:7d:bd:b1:4b:b8:b7:7a:9d:cb:db:48:15:
         b7:19:62:fd:1e:0d:c3:53:ee:c0:62:ff:c1:f7:61:9a:d3:ac:
         32:66:82:5b:e6:17:84:f9:2e:f3:62:c2:ae:72:63:90:d4:0a:
         09:b7:04:7e:6f:6d:0d:04:34:82:75:08:9a:b2:e1:67:1d:24:
         e4:a0:83:1f:02:33:cf:33:cd:95:1e:ed:54:4c:f8:dd:fa:9f:
         82:0e:d7:72:a6:e1:b6:df:04:36:ae:60:d2:84:f9:28:62:02:
         90:c4:c2:49:d5:ee:4c:c0:a3:f2:ce:74:dc:81:1f:8b:08:db:
         49:b2:96:bf:57:a7:79:55:7a:30:7b:e3:ae:04:0b:94:61:e0:
         9e:45:a6:5b:7a:50:27:7b:6f:d7:25:2a:52:ec:ed:a0:2d:7d:
         3c:ac:d0:56:65:75:f6:14:4b:82:e3:9a:86:fc:99:8e:55:35:
         bb:a7:9c:da:1f:69:d6:7f:76:50:e5:09:7b:b6:84:7e:94:b3:
         95:e4:0e:26:72:9d:8e:2a:4f:e7:bb:b0:83:89:36:d8:d7:b4:
         ec:4a:ac:ca:44:07:a8:c6:df:32:dc:c9:ea:04:a7:41:db:65:
         fb:f8:48:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvXcrZOrAuQPBV7nbAeCvXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjMwMTAxMjIwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UyOTk4MmQ0OTc0YjA0NjgyNzhkMDA1MGNjYWQwMzk2MDU3M2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx72sZOP2z+aylHAAuE5g6MNEwfvn
NbPhG8DblIfOjNqGh/CbsJRNogzlQ37D4d0ucMxwlnizNNCFOakrHBrL16opy+gy
olUebLHwfKZJNOuOXKr7mjeaTYq4UXIbDZeY2i9tkwiJG0s2PpD6KDSDzfCGTTu3
sxQeKLoTaOVY55LZLOuoyupwxwUq4uwtVVSPIBEvkbDIZyqvropbzi3ppwgtC0dP
cCA15UGB2B52T+c58o8c7wfglChON2t8B1l32OHLEWkCJROOiBg3bNl8j/9JBZL1
Hm3KqRE7BsueSEMMsVT4GQYZjKY9jtBWmMgx7lu/jbNgjQVMZJi8yV0xiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzimYLUl0sEaCeNAFDMrQOWBXPQMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvM09LWmd0U1hTd1JvSjQwQVVNeXRBNVlGYzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1SF0MA0G
CSqGSIb3DQEBCwUAA4IBAQCDsO/W3TtYDJ7d3SP3CNSelKT42UPHed59vbFLuLd6
ncvbSBW3GWL9Hg3DU+7AYv/B92Ga06wyZoJb5heE+S7zYsKucmOQ1AoJtwR+b20N
BDSCdQiasuFnHSTkoIMfAjPPM82VHu1UTPjd+p+CDtdypuG23wQ2rmDShPkoYgKQ
xMJJ1e5MwKPyznTcgR+LCNtJspa/V6d5VXowe+OuBAuUYeCeRaZbelAne2/XJSpS
7O2gLX08rNBWZXX2FEuC45qG/JmOVTW7p5zaH2nWf3ZQ5Ql7toR+lLOV5A4mcp2O
Kk/nu7CDiTbY17TsSqzKRAeoxt8y3MnqBKdB22X7+Ejw
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:38 2024 by rpki-client on console-fra.rpki-client.org