Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/nFofbBWk4965iyGlh5C0i2dfJIs.roa
File:                     nFofbBWk4965iyGlh5C0i2dfJIs.roa (raw, json)
Hash identifier:          xqJkqlVSFKGNg64GjYVBZXMKtRpwggnGxp3/ML9VDqo=
Subject key identifier:   9C:5A:1F:6C:15:A4:E3:DE:B9:8B:21:A5:87:90:B4:8B:67:5F:24:8B
Certificate issuer:       /CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
Certificate serial:       018577DEB405402DC4C6A61A535748C73EF0
Authority key identifier: 3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/nFofbBWk4965iyGlh5C0i2dfJIs.roa
Signing time:             Tue 03 Jan 2023 13:42:41 +0000
ROA not before:           Tue 03 Jan 2023 13:42:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        212.4.240.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:77:de:b4:05:40:2d:c4:c6:a6:1a:53:57:48:c7:3e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3df8a40c6a2c6993c9fbe81df3ea7dd372f96dec
        Validity
            Not Before: Jan  3 13:42:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9c5a1f6c15a4e3deb98b21a58790b48b675f248b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:66:cc:47:77:d5:cd:68:43:b2:5a:ff:aa:
                    4e:ae:b9:43:5c:0c:52:82:fd:b9:8e:3d:04:be:5a:
                    ed:c3:85:a2:45:18:dc:3e:47:02:e7:e0:f3:0c:46:
                    dd:81:d2:d2:bc:dd:a2:e6:e4:57:ad:c4:c1:7d:97:
                    ed:43:f5:de:77:bb:c6:56:76:8a:05:d9:80:29:c7:
                    6e:4a:e1:61:d8:26:b8:27:10:87:da:e5:49:30:9f:
                    2c:59:3f:64:3c:30:a4:5d:e9:0e:8e:22:70:fb:05:
                    f4:e6:38:80:90:24:50:ff:f1:92:e5:f0:24:f0:d8:
                    47:f3:a9:1e:58:67:69:5f:0b:3e:63:f1:1b:a1:dd:
                    fa:06:f6:2a:0e:df:f7:71:ec:93:5c:cc:b4:25:4e:
                    24:eb:ae:16:21:50:0a:10:bc:55:54:e9:8d:ad:a8:
                    49:d0:92:ec:d0:48:4b:85:20:f4:6f:08:de:e8:76:
                    22:cb:5c:23:23:35:6b:52:40:ff:a3:49:34:15:8f:
                    fe:8e:02:a3:39:47:c8:98:3c:ea:bc:c7:cc:f9:bc:
                    72:e4:ff:71:80:d0:09:f3:42:0c:ec:49:36:ca:bf:
                    dc:eb:d5:b1:29:6e:87:e2:02:1d:79:77:01:29:10:
                    d0:aa:54:19:50:d0:69:af:89:76:e9:dd:94:7f:33:
                    2e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:5A:1F:6C:15:A4:E3:DE:B9:8B:21:A5:87:90:B4:8B:67:5F:24:8B
            X509v3 Authority Key Identifier:
                keyid:3D:F8:A4:0C:6A:2C:69:93:C9:FB:E8:1D:F3:EA:7D:D3:72:F9:6D:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PfikDGosaZPJ--gd8-p903L5bew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/nFofbBWk4965iyGlh5C0i2dfJIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/3e6687-7a44-40d8-993f-895a5a392438/1/PfikDGosaZPJ--gd8-p903L5bew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.4.240.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:c0:16:bf:a4:47:22:e7:2b:95:71:f6:ad:d5:2c:cf:57:d3:
         cc:74:df:d6:73:5f:b7:aa:5b:60:01:ce:52:d6:f5:7f:b4:73:
         80:ba:55:28:01:ea:6e:e9:0d:96:96:aa:ba:1b:83:25:db:09:
         b4:57:3b:b7:0a:cd:93:81:5a:9e:cf:4c:52:5a:7c:9b:4e:93:
         3e:2e:a5:ef:63:44:a7:62:b9:4d:a6:85:36:20:1d:2f:5f:b6:
         80:65:88:d0:6e:4d:52:c2:54:f4:57:88:68:17:31:7d:86:21:
         c2:4a:db:a8:4d:06:49:49:9c:bd:44:ba:50:64:a6:2f:d6:e6:
         67:74:22:7e:e0:d2:ff:16:3d:46:31:82:d9:a8:70:25:fe:62:
         33:6d:49:3f:91:e5:7c:fa:1f:ea:9a:59:25:80:a6:68:d1:0c:
         b5:60:1f:ff:0b:23:c6:e1:75:3c:76:89:22:1f:b2:2c:7b:01:
         d3:2c:59:72:1c:06:bd:54:65:92:3e:0e:08:2d:a2:29:51:1a:
         95:1e:46:49:93:af:c6:58:a8:ff:73:cf:23:9e:fa:f1:0b:ce:
         db:e7:d1:ce:04:20:60:d4:f7:a0:1a:c5:e2:0b:17:af:f7:79:
         78:c2:b9:44:54:bf:2f:00:5b:be:01:ab:6d:21:9a:c5:2e:00:
         d4:f5:74:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYV33rQFQC3ExqYaU1dIxz7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZjhhNDBjNmEyYzY5OTNjOWZiZTgxZGYzZWE3ZGQzNzJm
OTZkZWMwHhcNMjMwMTAzMTM0MjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzVhMWY2YzE1YTRlM2RlYjk4YjIxYTU4NzkwYjQ4YjY3NWYyNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR9mzEd31c1oQ7Ja/6pOrrlDXAxS
gv25jj0Evlrtw4WiRRjcPkcC5+DzDEbdgdLSvN2i5uRXrcTBfZftQ/Xed7vGVnaK
BdmAKcduSuFh2Ca4JxCH2uVJMJ8sWT9kPDCkXekOjiJw+wX05jiAkCRQ//GS5fAk
8NhH86keWGdpXws+Y/Ebod36BvYqDt/3ceyTXMy0JU4k664WIVAKELxVVOmNrahJ
0JLs0EhLhSD0bwje6HYiy1wjIzVrUkD/o0k0FY/+jgKjOUfImDzqvMfM+bxy5P9x
gNAJ80IM7Ek2yr/c69WxKW6H4gIdeXcBKRDQqlQZUNBpr4l26d2UfzMu7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxaH2wVpOPeuYshpYeQtItnXySLMB8GA1UdIwQY
MBaAFD34pAxqLGmTyfvoHfPqfdNy+W3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2Yt
ODk1YTVhMzkyNDM4LzEvbkZvZmJCV2s0OTY1aXlHbGg1QzBpMmRmSklzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zZTY2ODctN2E0NC00MGQ4LTk5M2YtODk1YTVhMzkyNDM4
LzEvUGZpa0RHb3NhWlBKLS1nZDgtcDkwM0w1YmV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ATwMA0G
CSqGSIb3DQEBCwUAA4IBAQAFwBa/pEci5yuVcfat1SzPV9PMdN/Wc1+3qltgAc5S
1vV/tHOAulUoAepu6Q2Wlqq6G4Ml2wm0Vzu3Cs2TgVqez0xSWnybTpM+LqXvY0Sn
YrlNpoU2IB0vX7aAZYjQbk1SwlT0V4hoFzF9hiHCStuoTQZJSZy9RLpQZKYv1uZn
dCJ+4NL/Fj1GMYLZqHAl/mIzbUk/keV8+h/qmlklgKZo0Qy1YB//CyPG4XU8doki
H7IsewHTLFlyHAa9VGWSPg4ILaIpURqVHkZJk6/GWKj/c88jnvrxC87b59HOBCBg
1PegGsXiCxev93l4wrlEVL8vAFu+AattIZrFLgDU9XS2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:28 2024 by rpki-client on console-ams.rpki-client.org