Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/I8vMF5J9E0U9e75NbaiGBEo20fQ.roa
File:                     I8vMF5J9E0U9e75NbaiGBEo20fQ.roa (raw, json)
Hash identifier:          OJsiorQ7+J4q85H86exQvWUNSqMHogKIj1Z/B+8AN6k=
Subject key identifier:   23:CB:CC:17:92:7D:13:45:3D:7B:BE:4D:6D:A8:86:04:4A:36:D1:F4
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       01856D0AA73904183EEC6E776F30722006FA
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/I8vMF5J9E0U9e75NbaiGBEo20fQ.roa
Signing time:             Sun 01 Jan 2023 11:14:52 +0000
ROA not before:           Sun 01 Jan 2023 11:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207263
IP address blocks:        193.140.72.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 May 2023 14:24:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:0a:a7:39:04:18:3e:ec:6e:77:6f:30:72:20:06:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  1 11:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=23cbcc17927d13453d7bbe4d6da886044a36d1f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ce:87:68:17:64:01:da:83:c7:2f:65:76:91:
                    f7:18:7b:0f:69:90:5a:89:5a:8e:76:46:31:b7:27:
                    34:4c:1b:26:88:55:bb:28:6f:dd:e5:c6:2e:da:ff:
                    0a:c8:17:22:d9:70:ca:3e:08:81:fb:20:72:80:8b:
                    b9:b9:2b:e7:54:53:98:fe:45:4d:a3:40:35:46:0f:
                    e7:72:ed:2d:b8:0f:8b:6b:59:74:9e:d8:5b:50:86:
                    eb:1c:c3:63:be:d9:98:6a:ea:ec:24:8b:5a:0f:37:
                    9b:ec:07:60:b7:85:67:66:8f:f2:ec:00:e5:ae:d8:
                    2a:92:cb:4b:fe:3b:90:9d:20:fd:53:e8:d2:c9:c2:
                    75:38:0f:73:f6:14:18:b9:3e:4f:2d:4d:c5:ed:a3:
                    92:d7:1f:6b:33:24:5f:42:8d:d0:0b:de:e3:2c:a7:
                    d4:63:7b:23:b2:35:6b:58:5e:ac:05:7f:2a:0e:e2:
                    97:d1:fd:2c:91:d5:fe:9e:91:0e:a6:be:f7:7f:a1:
                    3d:2f:2b:8a:f8:68:10:c5:3a:f8:6d:dd:77:ab:62:
                    6e:a9:27:d0:27:d9:bd:b2:db:ad:e1:cb:6a:83:42:
                    64:78:a0:5e:51:93:c4:d2:3f:bb:bc:20:d9:20:a7:
                    e0:b1:c7:4f:01:58:a5:a1:2a:9e:af:85:7b:e1:ff:
                    ad:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:CB:CC:17:92:7D:13:45:3D:7B:BE:4D:6D:A8:86:04:4A:36:D1:F4
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/I8vMF5J9E0U9e75NbaiGBEo20fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.140.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         08:f3:52:76:b7:27:cd:90:e2:4d:57:50:ce:be:11:5b:ed:11:
         2f:56:e5:25:dc:07:28:6f:7a:12:a3:6c:11:f5:b0:57:fd:91:
         77:2d:1c:12:ea:3e:fb:d0:c5:c5:b9:7f:84:5f:2a:49:7f:b0:
         b6:da:53:7e:28:2c:32:65:f3:4b:20:23:35:14:f3:81:6b:5f:
         4e:05:ba:ed:0a:89:5e:4c:30:01:be:0c:85:60:8c:8e:f2:2f:
         60:d3:98:f5:cb:4c:2a:b9:6d:49:53:b2:72:6b:ad:5f:b0:1d:
         41:cd:28:91:93:19:f6:0b:15:06:45:34:48:57:e8:a8:da:a1:
         33:85:2e:d4:cf:c4:3c:9f:02:70:f9:94:4c:d7:74:c9:b2:97:
         a5:28:e5:20:f8:55:79:94:d5:5e:be:a7:64:bc:32:0f:f6:70:
         cb:2e:8e:d9:ff:e2:35:44:0e:4a:e6:2d:ea:1c:f5:ab:3e:97:
         70:a3:d6:6e:b0:9a:6c:5a:75:1d:ce:20:db:fc:e9:fc:73:15:
         cd:5b:b3:20:8e:53:c5:5d:ef:5d:17:08:22:f6:e6:a9:d3:15:
         c9:5b:7b:f3:7c:a0:e5:ac:10:0f:e1:97:6c:a6:7f:c6:9b:9e:
         53:79:f0:6d:59:9a:b9:06:1a:04:64:58:64:5f:4a:5c:72:c6:
         30:0d:d6:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtCqc5BBg+7G53bzByIAb6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjMwMTAxMTExNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2NiY2MxNzkyN2QxMzQ1M2Q3YmJlNGQ2ZGE4ODYwNDRhMzZkMWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAps6HaBdkAdqDxy9ldpH3GHsPaZBa
iVqOdkYxtyc0TBsmiFW7KG/d5cYu2v8KyBci2XDKPgiB+yBygIu5uSvnVFOY/kVN
o0A1Rg/ncu0tuA+La1l0nthbUIbrHMNjvtmYaursJItaDzeb7Adgt4VnZo/y7ADl
rtgqkstL/juQnSD9U+jSycJ1OA9z9hQYuT5PLU3F7aOS1x9rMyRfQo3QC97jLKfU
Y3sjsjVrWF6sBX8qDuKX0f0skdX+npEOpr73f6E9LyuK+GgQxTr4bd13q2JuqSfQ
J9m9stut4ctqg0JkeKBeUZPE0j+7vCDZIKfgscdPAViloSqer4V74f+t7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPLzBeSfRNFPXu+TW2ohgRKNtH0MB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvSTh2TUY1SjlFMFU5ZTc1TmJhaUdCRW8yMGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwYxIMA0G
CSqGSIb3DQEBCwUAA4IBAQAI81J2tyfNkOJNV1DOvhFb7REvVuUl3Acob3oSo2wR
9bBX/ZF3LRwS6j770MXFuX+EXypJf7C22lN+KCwyZfNLICM1FPOBa19OBbrtCole
TDABvgyFYIyO8i9g05j1y0wquW1JU7Jya61fsB1BzSiRkxn2CxUGRTRIV+io2qEz
hS7Uz8Q8nwJw+ZRM13TJspelKOUg+FV5lNVevqdkvDIP9nDLLo7Z/+I1RA5K5i3q
HPWrPpdwo9ZusJpsWnUdziDb/On8cxXNW7MgjlPFXe9dFwgi9uap0xXJW3vzfKDl
rBAP4Zdspn/Gm55TefBtWZq5BhoEZFhkX0pccsYwDdax
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:01 2024 by rpki-client on console-ams.rpki-client.org