Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/n4IxIH8o8f0qCAObzVikCos_Vg8.roa
File:                     n4IxIH8o8f0qCAObzVikCos_Vg8.roa (raw, json)
Hash identifier:          JludEs5tuhaqIjDqcUKPGYLuwjU2ZWVyqT/O4T5GRlk=
Subject key identifier:   9F:82:31:20:7F:28:F1:FD:2A:08:03:9B:CD:58:A4:0A:8B:3F:56:0F
Certificate issuer:       /CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
Certificate serial:       0187A2DCA32B583DDEE263F74E0A39C3CD33
Authority key identifier: 3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/n4IxIH8o8f0qCAObzVikCos_Vg8.roa
Signing time:             Fri 21 Apr 2023 08:09:41 +0000
ROA not before:           Fri 21 Apr 2023 08:09:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12665
IP address blocks:        212.4.224.0/19 maxlen: 19
                          195.238.128.0/19 maxlen: 24

Validation:               Failed, certificate revoked on Tue 25 Apr 2023 07:37:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:a2:dc:a3:2b:58:3d:de:e2:63:f7:4e:0a:39:c3:cd:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
        Validity
            Not Before: Apr 21 08:09:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9f8231207f28f1fd2a08039bcd58a40a8b3f560f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:07:d5:6e:e4:49:73:b1:11:63:96:65:be:41:
                    d8:81:6d:bd:b5:15:38:58:2b:e8:47:3a:a4:5a:8f:
                    6c:19:bf:bc:21:19:f6:c8:03:8a:fb:6f:05:4c:7e:
                    1b:de:b7:18:b2:4f:d8:88:aa:85:87:39:7f:97:33:
                    35:58:91:6d:1f:d2:d9:e1:6b:4e:7f:1f:14:50:6c:
                    eb:06:2a:82:a8:7a:be:0a:bd:f5:1b:f4:58:ce:89:
                    c8:66:3e:3a:7b:d6:23:5a:d2:17:28:13:2d:c1:29:
                    89:ba:d1:1f:50:7c:59:03:0b:60:1a:a7:63:29:4c:
                    70:a9:99:fe:20:9b:01:f7:d4:cf:bc:b9:36:f5:8f:
                    38:2e:f5:0c:a5:b5:c9:77:4f:3c:01:a4:92:c4:b4:
                    3a:b2:90:6e:53:4c:27:4c:39:22:bb:98:6e:4a:1e:
                    6b:61:a3:6c:aa:24:76:37:fa:9e:4a:53:27:ef:04:
                    4b:b4:1a:e4:c8:d3:45:d4:92:0f:d0:4c:4c:fa:79:
                    65:99:a0:ac:76:8d:9d:18:4c:4d:06:bd:ef:30:50:
                    99:4c:cf:02:1c:3e:50:db:58:c3:dd:0b:00:68:2a:
                    ec:d1:9f:c1:fe:47:09:57:5f:36:2f:24:50:ed:4a:
                    45:26:f9:9a:88:5c:63:63:99:2d:55:e2:e9:e2:15:
                    ea:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:82:31:20:7F:28:F1:FD:2A:08:03:9B:CD:58:A4:0A:8B:3F:56:0F
            X509v3 Authority Key Identifier:
                keyid:3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/n4IxIH8o8f0qCAObzVikCos_Vg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.128.0/19
                  212.4.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a8:6f:52:5e:f8:9a:8c:e8:dc:24:08:5f:fd:7c:4d:65:26:ef:
         f3:d5:00:b5:8d:f9:e8:29:53:75:8c:73:52:11:7a:31:7b:ab:
         63:e7:87:15:6d:1f:a7:cb:19:37:ff:b5:ae:79:47:bb:7f:7e:
         85:a7:02:1f:b0:cf:32:51:d8:23:11:c7:66:ea:77:a7:df:24:
         34:1e:50:99:a3:7a:c4:d0:ad:bd:cb:4b:65:a5:d4:42:34:f5:
         b6:7d:ad:7d:e4:98:60:c0:d9:b5:b6:26:e9:66:7b:21:fd:57:
         82:45:ae:7c:d6:10:67:60:3e:d4:ff:95:29:aa:5b:ff:e6:a8:
         98:0f:43:b0:1b:e9:0d:cb:67:63:af:a0:42:35:33:32:8c:40:
         13:88:b2:8e:91:b7:af:77:01:cf:f9:05:20:59:e7:52:b2:c5:
         a3:6e:e3:da:d3:bc:d3:7b:aa:d4:fe:69:64:a4:42:52:7a:c4:
         72:d1:a9:13:81:0c:40:4d:08:25:45:9e:29:d0:6e:70:65:bb:
         b3:ba:d5:68:51:34:c3:11:5f:c0:6c:6e:05:b1:0e:29:e8:34:
         35:36:d3:71:b6:41:83:4a:b6:a7:44:3d:0e:62:9f:14:70:af:
         d7:17:23:4e:19:6c:56:de:f6:fb:63:0d:4b:f5:70:ab:29:42:
         d4:48:8e:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYei3KMrWD3e4mP3Tgo5w80zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZjhhNDBjNmEyYzY5OTNjOWZiZTgxZGYzZWE3ZGQzNzJm
OTZkZWMwHhcNMjMwNDIxMDgwOTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjgyMzEyMDdmMjhmMWZkMmEwODAzOWJjZDU4YTQwYThiM2Y1NjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQfVbuRJc7ERY5ZlvkHYgW29tRU4
WCvoRzqkWo9sGb+8IRn2yAOK+28FTH4b3rcYsk/YiKqFhzl/lzM1WJFtH9LZ4WtO
fx8UUGzrBiqCqHq+Cr31G/RYzonIZj46e9YjWtIXKBMtwSmJutEfUHxZAwtgGqdj
KUxwqZn+IJsB99TPvLk29Y84LvUMpbXJd088AaSSxLQ6spBuU0wnTDkiu5huSh5r
YaNsqiR2N/qeSlMn7wRLtBrkyNNF1JIP0ExM+nllmaCsdo2dGExNBr3vMFCZTM8C
HD5Q21jD3QsAaCrs0Z/B/kcJV182LyRQ7UpFJvmaiFxjY5ktVeLp4hXqsQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ+CMSB/KPH9KggDm81YpAqLP1YPMB8GA1UdIwQY
MBaAFD34pAxqLGmTyfvoHfPqfdNy+W3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2Yt
ODk1YTVhMzkyNDM4LzEvbjRJeElIOG84ZjBxQ0FPYnpWaWtDb3NfVmc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2YtODk1YTVhMzkyNDM4
LzEvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFw+6AAwQF
1ATgMA0GCSqGSIb3DQEBCwUAA4IBAQCob1Je+JqM6NwkCF/9fE1lJu/z1QC1jfno
KVN1jHNSEXoxe6tj54cVbR+nyxk3/7WueUe7f36FpwIfsM8yUdgjEcdm6nen3yQ0
HlCZo3rE0K29y0tlpdRCNPW2fa195JhgwNm1tibpZnsh/VeCRa581hBnYD7U/5Up
qlv/5qiYD0OwG+kNy2djr6BCNTMyjEATiLKOkbevdwHP+QUgWedSssWjbuPa07zT
e6rU/mlkpEJSesRy0akTgQxATQglRZ4p0G5wZbuzutVoUTTDEV/AbG4FsQ4p6DQ1
NtNxtkGDSranRD0OYp8UcK/XFyNOGWxW3vb7Yw1L9XCrKULUSI6m
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:31 2024 by rpki-client on console-fra.rpki-client.org