Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/MynokVLAjkeTEbMeT_ZpDHRDSfo.roa
File:                     MynokVLAjkeTEbMeT_ZpDHRDSfo.roa (raw, json)
Hash identifier:          aYEuDJ281MhOQKn9AKtSn+XpiVDKGQHFfavoRS2dmnI=
Subject key identifier:   33:29:E8:91:52:C0:8E:47:93:11:B3:1E:4F:F6:69:0C:74:43:49:FA
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       01856F5DC4286DB50B25A50A5EFD563342A4
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/MynokVLAjkeTEbMeT_ZpDHRDSfo.roa
Signing time:             Sun 01 Jan 2023 22:04:53 +0000
ROA not before:           Sun 01 Jan 2023 22:04:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8562
IP address blocks:        217.76.160.0/20 maxlen: 20
                          193.154.144.0/20 maxlen: 20
                          90.152.128.0/17 maxlen: 17
                          84.20.184.0/22 maxlen: 22
                          176.66.64.0/18 maxlen: 18
                          2001:890:c000::/34 maxlen: 34

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:5d:c4:28:6d:b5:0b:25:a5:0a:5e:fd:56:33:42:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Jan  1 22:04:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3329e89152c08e479311b31e4ff6690c744349fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:76:cb:3f:86:30:43:21:d7:7c:c1:3d:d2:42:
                    69:52:c5:5c:d1:6d:af:7a:b9:19:01:59:fc:6c:db:
                    ea:bb:45:db:e4:44:34:f7:80:40:c3:cd:80:4f:68:
                    e6:bf:1c:5b:cf:a0:51:3a:ee:35:2c:5f:d1:73:1f:
                    3a:f9:b2:40:c2:51:f9:7b:b3:c3:87:44:cc:e6:8b:
                    f6:1a:1f:22:43:1e:07:80:fb:c5:3c:f8:6f:bd:f5:
                    b7:35:d3:f6:71:8d:a8:0f:17:12:bf:51:2f:2c:f7:
                    0e:d4:6f:4a:0c:b4:5f:03:4a:62:44:b7:27:17:04:
                    aa:b0:74:49:1b:51:e5:b4:7b:e4:63:fd:2d:23:db:
                    bf:18:3c:67:5c:f7:61:1b:2b:f2:05:27:57:c9:74:
                    ae:45:0b:29:b0:8b:1b:67:52:5c:83:77:b8:00:6a:
                    bf:bc:88:c0:6c:22:44:f9:7d:32:75:e6:52:21:bb:
                    57:cf:3c:22:4b:a4:88:74:6e:99:06:50:66:5e:78:
                    59:ad:1f:24:3b:9c:19:c4:9e:52:d4:f5:bd:91:9b:
                    65:e0:53:b4:30:d3:04:cf:f3:0b:ee:7e:94:74:23:
                    82:51:3b:4b:29:e7:2b:df:68:49:61:52:96:41:ea:
                    be:2b:a4:51:c9:83:38:55:9b:2d:ca:37:61:67:5c:
                    3c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:29:E8:91:52:C0:8E:47:93:11:B3:1E:4F:F6:69:0C:74:43:49:FA
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/MynokVLAjkeTEbMeT_ZpDHRDSfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.20.184.0/22
                  90.152.128.0/17
                  176.66.64.0/18
                  193.154.144.0/20
                  217.76.160.0/20
                IPv6:
                  2001:890:c000::/34

    Signature Algorithm: sha256WithRSAEncryption
         10:2b:69:b3:2c:74:7b:bc:ae:b2:f5:be:7c:18:3c:ba:02:4b:
         58:b3:a8:5a:30:19:b6:c4:46:33:cb:c6:19:91:f2:8d:d4:06:
         4e:50:6d:a8:bd:68:03:80:05:5c:5a:b4:97:7c:4b:51:d6:4e:
         af:29:72:5b:07:73:b0:2f:9d:9d:0c:5d:70:43:5e:8e:38:ac:
         14:c1:54:11:64:5f:e7:6e:7c:7b:79:8c:82:46:5a:b5:9c:c6:
         aa:5e:35:27:e2:a2:9b:aa:c4:bd:43:78:cb:a7:b0:67:ab:01:
         7e:2b:78:f5:b2:3e:e9:aa:1b:45:32:e2:3b:1a:e1:d5:59:ed:
         42:0c:4a:fa:99:bf:08:3c:23:f7:c2:75:be:7c:eb:d6:35:61:
         de:ba:ba:8c:d8:d2:88:7e:fc:e2:57:04:cd:2c:b5:a7:5c:4a:
         f7:28:e6:5d:eb:e1:e2:94:b4:10:f2:f2:0c:81:be:ef:47:bc:
         c3:86:2f:ec:54:2d:36:4a:8f:01:51:f9:56:6d:6d:ef:d7:90:
         28:c0:80:72:b9:ad:26:6b:cc:e1:da:10:ed:36:91:34:a6:22:
         88:ea:7f:c8:05:50:30:71:8a:6c:39:7f:e7:0c:53:2f:07:f5:
         9e:d3:5d:76:5d:40:88:76:f7:fb:33:3e:b6:4a:45:73:67:6e:
         c7:f0:b3:90
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVvXcQobbULJaUKXv1WM0KkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjMwMTAxMjIwNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzI5ZTg5MTUyYzA4ZTQ3OTMxMWIzMWU0ZmY2NjkwYzc0NDM0OWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXbLP4YwQyHXfME90kJpUsVc0W2v
erkZAVn8bNvqu0Xb5EQ094BAw82AT2jmvxxbz6BROu41LF/Rcx86+bJAwlH5e7PD
h0TM5ov2Gh8iQx4HgPvFPPhvvfW3NdP2cY2oDxcSv1EvLPcO1G9KDLRfA0piRLcn
FwSqsHRJG1HltHvkY/0tI9u/GDxnXPdhGyvyBSdXyXSuRQspsIsbZ1Jcg3e4AGq/
vIjAbCJE+X0ydeZSIbtXzzwiS6SIdG6ZBlBmXnhZrR8kO5wZxJ5S1PW9kZtl4FO0
MNMEz/ML7n6UdCOCUTtLKecr32hJYVKWQeq+K6RRyYM4VZstyjdhZ1w8VQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFDMp6JFSwI5HkxGzHk/2aQx0Q0n6MB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvTXlub2tWTEFqa2VURWJNZVRfWnBESFJEU2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAkBAIAATAeAwQCVBS4AwQH
WpiAAwQGsEJAAwQEwZqQAwQE2UygMA4EAgACMAgDBgYgAQiQwDANBgkqhkiG9w0B
AQsFAAOCAQEAECtpsyx0e7yusvW+fBg8ugJLWLOoWjAZtsRGM8vGGZHyjdQGTlBt
qL1oA4AFXFq0l3xLUdZOrylyWwdzsC+dnQxdcENejjisFMFUEWRf5258e3mMgkZa
tZzGql41J+Kim6rEvUN4y6ewZ6sBfit49bI+6aobRTLiOxrh1VntQgxK+pm/CDwj
98J1vnzr1jVh3rq6jNjSiH784lcEzSy1p1xK9yjmXevh4pS0EPLyDIG+70e8w4Yv
7FQtNkqPAVH5Vm1t79eQKMCAcrmtJmvM4doQ7TaRNKYiiOp/yAVQMHGKbDl/5wxT
Lwf1ntNddl1AiHb3+zM+tkpFc2dux/CzkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:16 2024 by rpki-client on console-ams.rpki-client.org