Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/DZu2Na9ayeV94JycyIx_1oLYh8E.roa
File:                     DZu2Na9ayeV94JycyIx_1oLYh8E.roa (raw, json)
Hash identifier:          vRASMQ7QAJpHlXZIyTFJQ+DzpSIfj1QrW6EYvTbGx5A=
Subject key identifier:   0D:9B:B6:35:AF:5A:C9:E5:7D:E0:9C:9C:C8:8C:7F:D6:82:D8:87:C1
Certificate issuer:       /CN=129462d45b8ab95d4c35c40265b31b52bf1e8dbd
Certificate serial:       018C0FAEC6C1332E690A12E0068CAE74B5CC
Authority key identifier: 12:94:62:D4:5B:8A:B9:5D:4C:35:C4:02:65:B3:1B:52:BF:1E:8D:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/DZu2Na9ayeV94JycyIx_1oLYh8E.roa
Signing time:             Mon 27 Nov 2023 07:29:21 +0000
ROA not before:           Mon 27 Nov 2023 07:29:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43647
IP address blocks:        213.148.18.0/23 maxlen: 24
                          213.148.20.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:0f:ae:c6:c1:33:2e:69:0a:12:e0:06:8c:ae:74:b5:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=129462d45b8ab95d4c35c40265b31b52bf1e8dbd
        Validity
            Not Before: Nov 27 07:29:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0d9bb635af5ac9e57de09c9cc88c7fd682d887c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b1:bc:b1:02:f8:f5:2b:b2:16:f1:c5:05:77:
                    34:4c:95:08:7a:73:42:b1:03:bd:d7:a5:8b:fe:d0:
                    36:03:a1:82:2c:0c:17:1a:1b:ef:b2:3d:40:46:fc:
                    b1:00:06:ae:c1:79:80:8e:53:36:87:5c:50:ad:b8:
                    59:20:ac:9b:74:2d:bb:2c:f5:41:5a:5c:9f:a4:8c:
                    03:7c:b2:54:e5:e9:fd:e3:a4:d8:20:7b:e5:3f:fb:
                    59:0f:21:99:b1:5b:c8:44:61:63:56:19:92:0d:52:
                    78:55:5e:6f:18:e7:7d:8f:74:80:0c:b9:6e:da:f0:
                    49:77:18:27:05:4e:d4:c9:ba:d7:e8:59:4f:59:5e:
                    59:1c:48:19:e8:b2:8d:49:4a:f4:6f:33:5c:8c:16:
                    27:88:a8:45:08:ed:84:e6:63:61:1a:f2:0f:a6:6e:
                    3d:c1:8e:10:c5:3d:46:86:c1:84:0b:88:41:7a:28:
                    ba:91:60:99:f8:35:cc:60:4c:b5:8b:c6:f4:22:d8:
                    25:6d:dc:d1:53:6d:58:86:db:91:ec:ae:16:94:d8:
                    da:05:55:3d:cc:d7:cf:1b:ba:1f:40:53:15:47:eb:
                    83:35:50:00:30:ea:18:8c:25:54:79:97:09:75:a3:
                    b8:e0:11:0c:df:b7:b9:2a:9e:ad:36:b6:40:f4:75:
                    6d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:9B:B6:35:AF:5A:C9:E5:7D:E0:9C:9C:C8:8C:7F:D6:82:D8:87:C1
            X509v3 Authority Key Identifier:
                keyid:12:94:62:D4:5B:8A:B9:5D:4C:35:C4:02:65:B3:1B:52:BF:1E:8D:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EpRi1FuKuV1MNcQCZbMbUr8ejb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/DZu2Na9ayeV94JycyIx_1oLYh8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/999509-bdc0-4e07-8774-3a389332f79f/1/EpRi1FuKuV1MNcQCZbMbUr8ejb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.148.18.0-213.148.23.255

    Signature Algorithm: sha256WithRSAEncryption
         9e:90:07:94:34:5e:d2:0d:a3:22:54:31:8a:06:54:78:a8:4e:
         05:da:b9:0c:94:68:b0:dd:c0:72:82:27:18:71:7e:be:c8:a8:
         6b:c5:10:fb:da:cc:4b:cb:ba:c7:01:b5:3c:89:6f:ab:11:2c:
         b7:a3:cb:b9:c5:2c:d1:e2:2a:43:2b:48:a9:97:22:a1:45:9b:
         1a:96:89:80:47:dc:bd:f1:96:32:d9:6b:83:b1:ba:bc:b4:a3:
         84:e8:4b:08:9a:b9:6f:c7:d9:12:15:42:b9:e2:32:43:58:e2:
         fa:86:40:68:f8:ef:7d:09:3a:9c:ac:9d:06:3b:c7:92:10:4e:
         c7:5d:94:f0:39:0d:6c:39:16:93:de:b7:3c:63:48:bb:47:c6:
         d3:8e:dd:47:30:4f:bf:5c:20:91:fe:e4:48:7d:9e:55:bc:33:
         ff:09:b8:23:86:b5:12:e3:62:68:a1:47:8c:bf:44:60:ec:50:
         db:45:c2:63:5d:0f:4e:2e:51:1a:f8:c9:0d:ac:ec:01:5b:24:
         99:2a:33:ef:4b:bf:44:17:70:40:5d:15:21:7b:2a:31:2b:06:
         1b:b9:3a:a8:3a:9f:07:f5:4c:d6:49:97:49:b9:9d:a2:bf:a5:
         3b:6b:b7:9d:a4:94:e6:c6:aa:67:4a:3c:93:17:22:16:52:25:
         56:23:46:c2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYwPrsbBMy5pChLgBoyudLXMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyOTQ2MmQ0NWI4YWI5NWQ0YzM1YzQwMjY1YjMxYjUyYmYx
ZThkYmQwHhcNMjMxMTI3MDcyOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDliYjYzNWFmNWFjOWU1N2RlMDljOWNjODhjN2ZkNjgyZDg4N2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLG8sQL49SuyFvHFBXc0TJUIenNC
sQO916WL/tA2A6GCLAwXGhvvsj1ARvyxAAauwXmAjlM2h1xQrbhZIKybdC27LPVB
WlyfpIwDfLJU5en946TYIHvlP/tZDyGZsVvIRGFjVhmSDVJ4VV5vGOd9j3SADLlu
2vBJdxgnBU7UybrX6FlPWV5ZHEgZ6LKNSUr0bzNcjBYniKhFCO2E5mNhGvIPpm49
wY4QxT1GhsGEC4hBeii6kWCZ+DXMYEy1i8b0ItglbdzRU21YhtuR7K4WlNjaBVU9
zNfPG7ofQFMVR+uDNVAAMOoYjCVUeZcJdaO44BEM37e5Kp6tNrZA9HVtoQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA2btjWvWsnlfeCcnMiMf9aC2IfBMB8GA1UdIwQY
MBaAFBKUYtRbirldTDXEAmWzG1K/Ho29MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXBSaTFGdUt1VjFNTmNRQ1piTWJVcjhlamIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC85OTk1MDktYmRjMC00ZTA3LTg3NzQt
M2EzODkzMzJmNzlmLzEvRFp1Mk5hOWF5ZVY5NEp5Y3lJeF8xb0xZaDhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC85OTk1MDktYmRjMC00ZTA3LTg3NzQtM2EzODkzMzJmNzlm
LzEvRXBSaTFGdUt1VjFNTmNRQ1piTWJVcjhlamIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAHVlBID
BAPVlBAwDQYJKoZIhvcNAQELBQADggEBAJ6QB5Q0XtINoyJUMYoGVHioTgXauQyU
aLDdwHKCJxhxfr7IqGvFEPvazEvLuscBtTyJb6sRLLejy7nFLNHiKkMrSKmXIqFF
mxqWiYBH3L3xljLZa4Oxury0o4ToSwiauW/H2RIVQrniMkNY4vqGQGj4730JOpys
nQY7x5IQTsddlPA5DWw5FpPetzxjSLtHxtOO3UcwT79cIJH+5Eh9nlW8M/8JuCOG
tRLjYmihR4y/RGDsUNtFwmNdD04uURr4yQ2s7AFbJJkqM+9Lv0QXcEBdFSF7KjEr
Bhu5Oqg6nwf1TNZJl0m5naK/pTtrt52klObGqmdKPJMXIhZSJVYjRsI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:36 2024 by rpki-client on console-ams.rpki-client.org