Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/h4zGAN-j3rIu-5-uvNtxnD2L-FA.roa
File:                     h4zGAN-j3rIu-5-uvNtxnD2L-FA.roa (raw, json)
Hash identifier:          jeMFcH3CE3hzfP8sYfgndLHXw/F6VKnxnbNw0Ec1Wzk=
Subject key identifier:   87:8C:C6:00:DF:A3:DE:B2:2E:FB:9F:AE:BC:DB:71:9C:3D:8B:F8:50
Certificate issuer:       /CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
Certificate serial:       018570B09F2E727D835894E0990AF6FD9EEB
Authority key identifier: 9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/h4zGAN-j3rIu-5-uvNtxnD2L-FA.roa
Signing time:             Mon 02 Jan 2023 04:15:01 +0000
ROA not before:           Mon 02 Jan 2023 04:15:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210924
IP address blocks:        195.96.138.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:b0:9f:2e:72:7d:83:58:94:e0:99:0a:f6:fd:9e:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aeecb353f1cdc5fd3a9d54a8873531efd285c46
        Validity
            Not Before: Jan  2 04:15:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=878cc600dfa3deb22efb9faebcdb719c3d8bf850
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:42:07:90:91:b6:29:ba:f7:cf:b9:c9:c6:26:
                    ba:d5:cf:6e:63:3e:db:8f:a2:ca:3f:56:61:06:5b:
                    27:95:e2:7b:79:81:f9:d4:4c:28:41:69:cb:17:c0:
                    da:fb:f0:3e:bb:7e:a9:e7:cd:90:7d:29:26:68:a1:
                    4a:a0:0c:da:5d:12:7a:29:d2:57:e9:f2:37:c3:e1:
                    a4:ea:91:e3:16:b7:88:7c:d2:a5:69:a2:52:2d:8f:
                    16:91:d7:f9:81:55:a1:03:3f:48:91:7c:84:53:b4:
                    9a:3b:0b:e9:5e:12:3e:ce:aa:e5:d9:e9:7c:80:c3:
                    8e:99:de:44:aa:86:a1:48:27:83:66:c9:0d:61:25:
                    19:40:97:cf:17:95:bf:15:92:d7:9c:f8:4b:c2:77:
                    69:2f:ce:25:76:ea:a0:30:8c:52:2c:85:32:bc:a9:
                    5d:10:35:96:75:09:4a:98:d9:cd:6a:77:3b:a0:35:
                    42:da:1d:c0:6a:7f:2f:e6:7c:99:1a:09:ef:48:60:
                    28:f6:a9:c7:d5:c2:de:fb:bf:67:24:97:7f:23:97:
                    c6:d4:96:35:4c:90:62:37:30:91:40:48:0b:dd:4f:
                    a8:ed:8b:41:bc:16:9d:18:f2:4f:70:e4:4a:5d:e3:
                    4c:49:19:f3:cc:72:36:b0:d8:1c:d5:a6:9a:f3:7e:
                    70:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8C:C6:00:DF:A3:DE:B2:2E:FB:9F:AE:BC:DB:71:9C:3D:8B:F8:50
            X509v3 Authority Key Identifier:
                keyid:9A:EE:CB:35:3F:1C:DC:5F:D3:A9:D5:4A:88:73:53:1E:FD:28:5C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu7LNT8c3F_TqdVKiHNTHv0oXEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/h4zGAN-j3rIu-5-uvNtxnD2L-FA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/15863b-787f-4084-b7f6-5944960e31cf/1/mu7LNT8c3F_TqdVKiHNTHv0oXEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.96.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:6e:2f:a2:0a:87:86:8e:1a:03:ab:8a:03:90:c8:59:4e:a3:
         88:c5:ca:67:15:1f:51:74:e8:ef:28:0e:96:56:0d:30:45:3e:
         f1:f9:f6:81:82:5d:c7:38:e7:13:fd:7b:a5:f5:22:f1:fe:11:
         1c:da:c4:75:8a:8e:80:77:82:f0:eb:86:19:77:d0:2e:1d:c5:
         06:13:f8:d0:df:d5:36:1f:5e:86:de:41:b7:c9:ee:3a:21:cb:
         e8:c0:5d:7a:c2:6e:da:20:ea:c2:2b:2b:bd:0d:fe:dc:ba:5c:
         1e:8d:99:79:84:a2:1b:b8:d8:02:f9:da:15:f1:23:b7:42:d6:
         c8:39:dd:2d:2e:43:9c:3f:89:2b:6c:7b:ab:07:7f:ae:a2:d3:
         68:69:d6:97:45:25:54:9b:56:fa:a9:b9:6b:6a:c7:5a:02:d3:
         d5:54:fb:4c:f7:16:71:c2:0f:ba:b7:56:15:57:8f:6c:40:dd:
         68:88:5d:87:93:ef:79:e8:43:a1:c5:01:49:67:48:4b:ad:bf:
         d1:74:26:e6:15:54:ce:87:90:dd:85:f4:0c:33:18:1b:16:83:
         8a:2f:56:b8:28:6e:2b:5a:d0:4c:22:64:b7:a4:5b:5c:73:1b:
         0f:ff:93:29:23:78:36:41:e1:79:44:ba:fb:10:a6:b2:8a:19:
         82:f1:49:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwsJ8ucn2DWJTgmQr2/Z7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWVjYjM1M2YxY2RjNWZkM2E5ZDU0YTg4NzM1MzFlZmQy
ODVjNDYwHhcNMjMwMTAyMDQxNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzhjYzYwMGRmYTNkZWIyMmVmYjlmYWViY2RiNzE5YzNkOGJmODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEIHkJG2Kbr3z7nJxia61c9uYz7b
j6LKP1ZhBlsnleJ7eYH51EwoQWnLF8Da+/A+u36p582QfSkmaKFKoAzaXRJ6KdJX
6fI3w+Gk6pHjFreIfNKlaaJSLY8Wkdf5gVWhAz9IkXyEU7SaOwvpXhI+zqrl2el8
gMOOmd5EqoahSCeDZskNYSUZQJfPF5W/FZLXnPhLwndpL84lduqgMIxSLIUyvKld
EDWWdQlKmNnNanc7oDVC2h3Aan8v5nyZGgnvSGAo9qnH1cLe+79nJJd/I5fG1JY1
TJBiNzCRQEgL3U+o7YtBvBadGPJPcORKXeNMSRnzzHI2sNgc1aaa835wswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIeMxgDfo96yLvufrrzbcZw9i/hQMB8GA1UdIwQY
MBaAFJruyzU/HNxf06nVSohzUx79KFxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYt
NTk0NDk2MGUzMWNmLzEvaDR6R0FOLWozckl1LTUtdXZOdHhuRDJMLUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8xNTg2M2ItNzg3Zi00MDg0LWI3ZjYtNTk0NDk2MGUzMWNm
LzEvbXU3TE5UOGMzRl9UcWRWS2lITlRIdjBvWEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw2CKMA0G
CSqGSIb3DQEBCwUAA4IBAQBjbi+iCoeGjhoDq4oDkMhZTqOIxcpnFR9RdOjvKA6W
Vg0wRT7x+faBgl3HOOcT/Xul9SLx/hEc2sR1io6Ad4Lw64YZd9AuHcUGE/jQ39U2
H16G3kG3ye46IcvowF16wm7aIOrCKyu9Df7culwejZl5hKIbuNgC+doV8SO3QtbI
Od0tLkOcP4krbHurB3+uotNoadaXRSVUm1b6qblrasdaAtPVVPtM9xZxwg+6t1YV
V49sQN1oiF2Hk+956EOhxQFJZ0hLrb/RdCbmFVTOh5DdhfQMMxgbFoOKL1a4KG4r
WtBMImS3pFtccxsP/5MpI3g2QeF5RLr7EKayihmC8Ul+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:20 2024 by rpki-client on console-fra.rpki-client.org