Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/nNW4eBtW3hIn7vxaKSz5LZna764.roa
File:                     nNW4eBtW3hIn7vxaKSz5LZna764.roa (raw, json)
Hash identifier:          Z/NnSzKnByyb2gSGbbcfP4j8jCx2GZ65yhTUjyID1yU=
Subject key identifier:   9C:D5:B8:78:1B:56:DE:12:27:EE:FC:5A:29:2C:F9:2D:99:DA:EF:AE
Certificate issuer:       /CN=7d01a5d90dc3a836ceb6381efc7534e129f43a4c
Certificate serial:       01856B40EE2C234F0F312381C5000DE7E540
Authority key identifier: 7D:01:A5:D9:0D:C3:A8:36:CE:B6:38:1E:FC:75:34:E1:29:F4:3A:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQGl2Q3DqDbOtjge_HU04Sn0Okw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/nNW4eBtW3hIn7vxaKSz5LZna764.roa
Signing time:             Sun 01 Jan 2023 02:54:55 +0000
ROA not before:           Sun 01 Jan 2023 02:54:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5524
IP address blocks:        2001:67c:23b8::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:40:ee:2c:23:4f:0f:31:23:81:c5:00:0d:e7:e5:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d01a5d90dc3a836ceb6381efc7534e129f43a4c
        Validity
            Not Before: Jan  1 02:54:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9cd5b8781b56de1227eefc5a292cf92d99daefae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:29:6d:06:e3:cc:e9:f9:0f:9a:8b:83:09:e5:
                    eb:f9:a8:77:30:43:75:db:26:29:a4:5a:91:60:49:
                    0c:53:e2:b1:84:a7:fe:12:35:90:60:36:dc:25:f9:
                    65:fa:10:3d:72:2f:a4:d6:4d:98:11:a3:61:f7:79:
                    f5:d5:69:c4:b1:2b:58:c5:2f:42:0a:eb:90:ff:ac:
                    13:f4:be:27:d5:64:df:29:c8:fd:64:43:42:ae:60:
                    27:1a:c9:2e:0d:11:1d:0e:3b:4a:93:90:4d:06:66:
                    61:e4:0c:41:bf:5d:5c:a6:fc:54:6c:df:8a:29:b0:
                    47:85:9c:a4:6d:b9:99:e1:8f:02:34:5e:7c:7e:68:
                    9f:56:84:5e:a5:df:7a:84:97:d5:d2:7e:37:8b:f1:
                    71:f7:4b:e5:b9:c0:b9:61:02:f0:b2:4a:50:61:7b:
                    fe:4c:41:ab:93:33:d6:62:ef:5b:b0:8c:d9:b7:f2:
                    a3:d5:c8:4d:cc:6b:01:1a:9c:ef:56:ce:06:0f:00:
                    7b:32:eb:c4:56:cf:cf:42:64:ce:e0:fb:2c:91:05:
                    33:01:ce:ad:63:ce:cf:8a:04:e3:e9:d2:80:81:e4:
                    1a:29:81:ec:b0:e7:08:d5:10:84:26:de:10:ea:e7:
                    ad:54:75:e5:7d:13:06:15:c0:e2:79:be:41:ae:e7:
                    65:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:D5:B8:78:1B:56:DE:12:27:EE:FC:5A:29:2C:F9:2D:99:DA:EF:AE
            X509v3 Authority Key Identifier:
                keyid:7D:01:A5:D9:0D:C3:A8:36:CE:B6:38:1E:FC:75:34:E1:29:F4:3A:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQGl2Q3DqDbOtjge_HU04Sn0Okw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/nNW4eBtW3hIn7vxaKSz5LZna764.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/21b007-a086-4312-9d23-62f666473b21/1/fQGl2Q3DqDbOtjge_HU04Sn0Okw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:23b8::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:4a:ec:2c:da:8d:1c:36:38:28:35:49:89:f0:78:40:a2:79:
         01:cb:c0:af:19:f0:70:0f:a4:ea:c5:85:58:60:81:f5:8b:7d:
         66:8f:0e:21:5c:be:89:ed:db:0e:19:c6:ad:5c:43:5d:b8:fe:
         94:fa:d3:76:03:26:fe:bd:47:42:c0:5d:eb:63:42:4d:15:5e:
         17:d5:f8:b5:70:90:89:5e:34:eb:1c:51:cb:d4:0d:d4:04:c8:
         7e:c2:69:55:bd:09:4f:c4:61:18:59:ed:d6:d7:ab:1c:69:82:
         cf:9d:9f:07:67:c1:7c:f1:16:23:57:d8:d9:1b:f3:6e:37:6b:
         dc:a5:c2:10:af:ed:ed:25:e0:d9:d7:2f:65:6e:07:5d:3f:63:
         5c:59:e6:8a:5a:bf:a2:f0:48:08:4e:d7:03:de:d0:94:5c:e9:
         ec:f6:2f:bb:c3:57:ea:55:be:ff:50:f8:c7:0d:a6:17:13:40:
         de:d5:7f:c3:c8:7c:14:75:af:6a:66:64:0d:67:48:77:ec:80:
         7b:6a:fa:9a:f0:0a:ba:41:5a:58:54:c0:ae:8e:a2:13:86:39:
         4b:e1:8d:0b:ff:29:d5:ae:fe:38:b7:e0:6e:89:2a:78:47:c8:
         09:bf:f1:53:ca:54:28:77:fe:d7:21:81:4a:cf:68:d1:b6:66:
         80:46:16:20
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYVrQO4sI08PMSOBxQAN5+VAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDFhNWQ5MGRjM2E4MzZjZWI2MzgxZWZjNzUzNGUxMjlm
NDNhNGMwHhcNMjMwMTAxMDI1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2Q1Yjg3ODFiNTZkZTEyMjdlZWZjNWEyOTJjZjkyZDk5ZGFlZmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSltBuPM6fkPmouDCeXr+ah3MEN1
2yYppFqRYEkMU+KxhKf+EjWQYDbcJfll+hA9ci+k1k2YEaNh93n11WnEsStYxS9C
CuuQ/6wT9L4n1WTfKcj9ZENCrmAnGskuDREdDjtKk5BNBmZh5AxBv11cpvxUbN+K
KbBHhZykbbmZ4Y8CNF58fmifVoRepd96hJfV0n43i/Fx90vlucC5YQLwskpQYXv+
TEGrkzPWYu9bsIzZt/Kj1chNzGsBGpzvVs4GDwB7MuvEVs/PQmTO4PsskQUzAc6t
Y87PigTj6dKAgeQaKYHssOcI1RCEJt4Q6uetVHXlfRMGFcDieb5Brudl9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJzVuHgbVt4SJ+78Wiks+S2Z2u+uMB8GA1UdIwQY
MBaAFH0BpdkNw6g2zrY4Hvx1NOEp9DpMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFHbDJRM0RxRGJPdGpnZV9IVTA0U24wT2t3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yMWIwMDctYTA4Ni00MzEyLTlkMjMt
NjJmNjY2NDczYjIxLzEvbk5XNGVCdFczaEluN3Z4YUtTejVMWm5hNzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yMWIwMDctYTA4Ni00MzEyLTlkMjMtNjJmNjY2NDczYjIx
LzEvZlFHbDJRM0RxRGJPdGpnZV9IVTA0U24wT2t3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCO4
MA0GCSqGSIb3DQEBCwUAA4IBAQBXSuws2o0cNjgoNUmJ8HhAonkBy8CvGfBwD6Tq
xYVYYIH1i31mjw4hXL6J7dsOGcatXENduP6U+tN2Ayb+vUdCwF3rY0JNFV4X1fi1
cJCJXjTrHFHL1A3UBMh+wmlVvQlPxGEYWe3W16scaYLPnZ8HZ8F88RYjV9jZG/Nu
N2vcpcIQr+3tJeDZ1y9lbgddP2NcWeaKWr+i8EgITtcD3tCUXOns9i+7w1fqVb7/
UPjHDaYXE0De1X/DyHwUda9qZmQNZ0h37IB7avqa8Aq6QVpYVMCujqIThjlL4Y0L
/ynVrv44t+BuiSp4R8gJv/FTylQod/7XIYFKz2jRtmaARhYg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:45 2024 by rpki-client on console-ams.rpki-client.org