Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/KQyyQRg6zR0VUr9SB4eAnJan1Fg.roa
File:                     KQyyQRg6zR0VUr9SB4eAnJan1Fg.roa (raw, json)
Hash identifier:          iYuJh0/DXKYAEtzqq81+hzdlqPyMGR5DL/iK/pGkksw=
Subject key identifier:   29:0C:B2:41:18:3A:CD:1D:15:52:BF:52:07:87:80:9C:96:A7:D4:58
Certificate issuer:       /CN=ac4f3157599b66f28cbc5a2eed36fba23f03d2ce
Certificate serial:       01857169BAE1F374D888F673D757CA874306
Authority key identifier: AC:4F:31:57:59:9B:66:F2:8C:BC:5A:2E:ED:36:FB:A2:3F:03:D2:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rE8xV1mbZvKMvFou7Tb7oj8D0s4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/KQyyQRg6zR0VUr9SB4eAnJan1Fg.roa
Signing time:             Mon 02 Jan 2023 07:37:12 +0000
ROA not before:           Mon 02 Jan 2023 07:37:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41848
IP address blocks:        83.137.8.0/21 maxlen: 21
                          2a02:ea8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:69:ba:e1:f3:74:d8:88:f6:73:d7:57:ca:87:43:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac4f3157599b66f28cbc5a2eed36fba23f03d2ce
        Validity
            Not Before: Jan  2 07:37:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=290cb241183acd1d1552bf520787809c96a7d458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:ee:e6:5d:00:dd:23:9f:30:a8:68:e5:cb:73:
                    df:03:55:53:a3:5b:cf:c7:a1:8c:4a:11:5d:46:8f:
                    39:7d:b0:f3:4b:f6:40:06:8a:b9:8e:55:9f:39:a6:
                    70:17:e3:2f:ac:2b:d7:7b:86:32:2e:72:5f:b9:c6:
                    ff:9e:0f:fc:5b:83:9d:51:31:f4:db:7e:fa:45:82:
                    1b:45:73:49:ad:2f:28:66:15:c1:0b:ec:af:46:15:
                    1f:a2:47:17:80:d8:64:1e:0b:3a:aa:4a:8c:6d:88:
                    fc:18:d1:ef:ce:4e:3a:85:6d:d6:21:04:f8:e6:fd:
                    83:f5:93:2e:14:8d:05:ac:e9:4c:06:7a:ab:1f:5a:
                    ab:a5:aa:6f:12:66:78:6b:b6:83:a8:6b:5c:32:d6:
                    ac:3b:8e:62:c3:62:de:aa:b0:d9:79:6a:9e:cc:cd:
                    83:35:d1:6f:e6:f2:70:b5:d0:be:2a:23:a3:7a:ba:
                    ac:4e:b9:40:42:87:88:23:ee:55:67:1e:07:9c:d2:
                    43:6e:16:91:79:5c:34:18:0a:8f:e1:8a:d1:0f:0a:
                    fc:79:11:ee:1e:df:7f:41:9d:2a:05:20:14:de:40:
                    b5:f7:28:c1:be:2c:0f:37:67:7e:54:3e:95:c7:ea:
                    81:53:9c:78:62:db:ee:61:7f:fa:71:a9:82:d0:01:
                    a6:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:0C:B2:41:18:3A:CD:1D:15:52:BF:52:07:87:80:9C:96:A7:D4:58
            X509v3 Authority Key Identifier:
                keyid:AC:4F:31:57:59:9B:66:F2:8C:BC:5A:2E:ED:36:FB:A2:3F:03:D2:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rE8xV1mbZvKMvFou7Tb7oj8D0s4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/KQyyQRg6zR0VUr9SB4eAnJan1Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/11488d-c66a-4006-8f62-250980e75bdf/1/rE8xV1mbZvKMvFou7Tb7oj8D0s4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.137.8.0/21
                IPv6:
                  2a02:ea8::/32

    Signature Algorithm: sha256WithRSAEncryption
         3b:04:58:4f:16:53:18:20:43:7c:e4:11:9c:b4:cc:3b:6e:53:
         6e:dd:28:9e:61:b0:4e:13:b5:a2:1e:8a:5f:c6:fb:d7:2a:e1:
         b8:58:21:51:95:4d:e0:39:ee:22:20:dd:43:43:eb:d3:d8:f4:
         38:87:3c:0c:e1:54:87:3e:0d:75:fa:ce:22:10:ed:2b:05:23:
         a2:5e:c3:2e:45:25:e9:14:8a:0c:59:8d:c0:98:0b:61:1b:82:
         4b:b4:ac:05:ad:b9:ad:29:8c:81:7b:b4:43:84:ee:6b:96:63:
         7a:2f:33:3f:e9:14:22:bd:a8:c3:f2:6b:55:4e:6b:61:b6:94:
         c7:f9:58:27:71:ff:61:e5:60:d2:e8:61:29:2a:8a:2d:48:0e:
         b7:1d:ad:a1:2a:c7:27:de:05:a2:d9:08:7d:3d:8a:d0:ab:42:
         6d:9c:36:7e:97:5d:9f:1b:89:7f:fa:b9:97:ec:27:b9:32:09:
         85:26:f8:c8:6d:33:6b:45:77:cb:6b:47:58:9a:e5:9c:70:c9:
         e8:95:26:fc:5b:9d:8b:f7:4a:52:a3:be:a9:0f:13:cc:e6:fa:
         66:11:be:5e:4a:80:c5:ca:d6:94:f6:24:55:eb:cd:a8:36:5b:
         a6:ea:05:28:45:ae:96:48:6c:28:90:2f:4f:2b:34:61:ab:e0:
         1f:57:ff:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxabrh83TYiPZz11fKh0MGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjNGYzMTU3NTk5YjY2ZjI4Y2JjNWEyZWVkMzZmYmEyM2Yw
M2QyY2UwHhcNMjMwMTAyMDczNzEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBjYjI0MTE4M2FjZDFkMTU1MmJmNTIwNzg3ODA5Yzk2YTdkNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAle7mXQDdI58wqGjly3PfA1VTo1vP
x6GMShFdRo85fbDzS/ZABoq5jlWfOaZwF+MvrCvXe4YyLnJfucb/ng/8W4OdUTH0
2376RYIbRXNJrS8oZhXBC+yvRhUfokcXgNhkHgs6qkqMbYj8GNHvzk46hW3WIQT4
5v2D9ZMuFI0FrOlMBnqrH1qrpapvEmZ4a7aDqGtcMtasO45iw2LeqrDZeWqezM2D
NdFv5vJwtdC+KiOjerqsTrlAQoeII+5VZx4HnNJDbhaReVw0GAqP4YrRDwr8eRHu
Ht9/QZ0qBSAU3kC19yjBviwPN2d+VD6Vx+qBU5x4YtvuYX/6camC0AGm8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCkMskEYOs0dFVK/UgeHgJyWp9RYMB8GA1UdIwQY
MBaAFKxPMVdZm2byjLxaLu02+6I/A9LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckU4eFYxbWJadktNdkZvdTdUYjdvajhEMHM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8xMTQ4OGQtYzY2YS00MDA2LThmNjIt
MjUwOTgwZTc1YmRmLzEvS1F5eVFSZzZ6UjBWVXI5U0I0ZUFuSmFuMUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8xMTQ4OGQtYzY2YS00MDA2LThmNjItMjUwOTgwZTc1YmRm
LzEvckU4eFYxbWJadktNdkZvdTdUYjdvajhEMHM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDU4kIMA0E
AgACMAcDBQAqAg6oMA0GCSqGSIb3DQEBCwUAA4IBAQA7BFhPFlMYIEN85BGctMw7
blNu3SieYbBOE7WiHopfxvvXKuG4WCFRlU3gOe4iIN1DQ+vT2PQ4hzwM4VSHPg11
+s4iEO0rBSOiXsMuRSXpFIoMWY3AmAthG4JLtKwFrbmtKYyBe7RDhO5rlmN6LzM/
6RQivajD8mtVTmthtpTH+Vgncf9h5WDS6GEpKootSA63Ha2hKscn3gWi2Qh9PYrQ
q0JtnDZ+l12fG4l/+rmX7Ce5MgmFJvjIbTNrRXfLa0dYmuWccMnolSb8W52L90pS
o76pDxPM5vpmEb5eSoDFytaU9iRV682oNlum6gUoRa6WSGwokC9PKzRhq+AfV/8Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:54 2024 by rpki-client on console-fra.rpki-client.org