Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/NI9CKsVj_DCuBdD7bEXe0o7IOOU.roa
File:                     NI9CKsVj_DCuBdD7bEXe0o7IOOU.roa (raw, json)
Hash identifier:          LjYP6PY4O8AQfoYqRX1Qsci8PvRVI1HMDbhCzi6pFJc=
Subject key identifier:   34:8F:42:2A:C5:63:FC:30:AE:05:D0:FB:6C:45:DE:D2:8E:C8:38:E5
Certificate issuer:       /CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
Certificate serial:       018FD4C54095530CA3FF042C5238FF2B67EE
Authority key identifier: AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/NI9CKsVj_DCuBdD7bEXe0o7IOOU.roa
Signing time:             Sat 01 Jun 2024 17:07:27 +0000
ROA not before:           Sat 01 Jun 2024 17:07:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        128.65.172.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sat 22 Jun 2024 16:38:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d4:c5:40:95:53:0c:a3:ff:04:2c:52:38:ff:2b:67:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af2f2e86dd7cc9101658ff8d5a5241445fcd1d6a
        Validity
            Not Before: Jun  1 17:07:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=348f422ac563fc30ae05d0fb6c45ded28ec838e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ba:9e:03:fb:1c:a0:b3:b7:dd:ab:b7:ab:da:
                    d5:c5:ff:3e:56:f3:0c:ac:f6:2d:17:7b:27:39:dd:
                    ff:7b:98:a2:aa:7a:82:42:2e:87:70:b8:38:54:82:
                    e4:3a:fa:42:7e:b6:21:aa:3d:1b:32:52:62:e2:88:
                    8d:d9:ca:3e:99:5d:8e:20:b5:87:69:5b:bf:09:ed:
                    c5:1e:de:8b:8f:ac:54:03:f3:5d:fd:f7:b6:85:37:
                    7d:86:50:df:84:22:90:81:46:e8:30:45:bc:19:d9:
                    94:bf:4c:45:b8:4e:ef:44:80:6d:48:e1:fa:0b:90:
                    a6:b4:c5:4e:e3:5c:75:3a:a8:64:d0:82:2e:39:50:
                    63:a2:31:0c:86:37:a0:03:ab:cb:85:72:f3:ba:3a:
                    0b:f2:f8:78:54:d9:b7:a9:e4:54:d5:52:16:cb:52:
                    b4:7a:26:41:97:ec:32:27:54:9c:4d:48:b7:69:c1:
                    3a:94:68:7c:8d:fa:d7:52:b1:06:61:b4:0d:20:2d:
                    e7:41:36:b2:ed:0d:f0:80:cc:fc:dc:aa:62:99:d8:
                    75:6d:c5:eb:e9:eb:24:ea:01:de:bb:fd:bc:fa:fa:
                    d6:d8:45:ab:19:6a:22:43:be:e8:9f:2f:f1:85:93:
                    c1:dd:39:55:b2:e2:90:2d:9a:f1:3e:06:89:72:e1:
                    8a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:8F:42:2A:C5:63:FC:30:AE:05:D0:FB:6C:45:DE:D2:8E:C8:38:E5
            X509v3 Authority Key Identifier:
                keyid:AF:2F:2E:86:DD:7C:C9:10:16:58:FF:8D:5A:52:41:44:5F:CD:1D:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ry8uht18yRAWWP-NWlJBRF_NHWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/NI9CKsVj_DCuBdD7bEXe0o7IOOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/e08b8e-bf22-435c-8b1f-46bb7aec1f30/1/ry8uht18yRAWWP-NWlJBRF_NHWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.65.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:02:82:1c:4d:76:32:9b:99:12:78:d2:11:c0:2b:ff:f9:83:
         e1:70:67:0c:1f:ab:97:a0:b9:f1:35:5f:64:7c:b1:e8:72:1d:
         7c:10:4f:e0:0a:4b:a5:fa:a9:3d:eb:9a:cb:63:ba:45:25:00:
         8a:3f:2b:d6:0c:26:84:98:77:b7:6e:dd:d0:7f:66:ed:24:c8:
         17:95:e8:2e:77:dc:9a:75:c5:3e:6d:67:fe:e9:d2:e8:cf:4b:
         9c:4e:43:a7:4c:2b:33:1d:76:40:00:6e:b5:aa:13:6c:82:87:
         fd:13:10:31:69:de:fd:5b:8c:9a:89:89:50:7b:80:f9:46:72:
         46:ea:cf:f8:a6:f6:51:8f:ac:ee:4d:e8:87:da:9c:00:8f:2c:
         ec:b3:9b:04:63:11:7e:da:6b:77:bd:a4:d2:2a:fd:2f:b6:60:
         bf:68:e6:3c:c0:73:29:0d:ce:ab:2f:30:8e:0a:e5:e0:a4:6d:
         ac:54:6f:5e:12:0f:2a:e6:fa:20:da:63:50:1a:41:7b:8e:6d:
         34:8a:16:c7:c2:94:2a:29:96:2e:27:e9:43:67:aa:a0:be:aa:
         e5:47:27:4d:cc:cd:d9:96:2a:b5:2c:ca:67:85:28:4c:91:84:
         8d:2b:ea:16:13:aa:c9:8d:79:c7:e9:5a:4e:f5:f7:a7:a3:c3:
         e9:fd:51:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/UxUCVUwyj/wQsUjj/K2fuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmMmYyZTg2ZGQ3Y2M5MTAxNjU4ZmY4ZDVhNTI0MTQ0NWZj
ZDFkNmEwHhcNMjQwNjAxMTcwNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhmNDIyYWM1NjNmYzMwYWUwNWQwZmI2YzQ1ZGVkMjhlYzgzOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt7qeA/scoLO33au3q9rVxf8+VvMM
rPYtF3snOd3/e5iiqnqCQi6HcLg4VILkOvpCfrYhqj0bMlJi4oiN2co+mV2OILWH
aVu/Ce3FHt6Lj6xUA/Nd/fe2hTd9hlDfhCKQgUboMEW8GdmUv0xFuE7vRIBtSOH6
C5CmtMVO41x1Oqhk0IIuOVBjojEMhjegA6vLhXLzujoL8vh4VNm3qeRU1VIWy1K0
eiZBl+wyJ1ScTUi3acE6lGh8jfrXUrEGYbQNIC3nQTay7Q3wgMz83Kpimdh1bcXr
6esk6gHeu/28+vrW2EWrGWoiQ77ony/xhZPB3TlVsuKQLZrxPgaJcuGK0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDSPQirFY/wwrgXQ+2xF3tKOyDjlMB8GA1UdIwQY
MBaAFK8vLobdfMkQFlj/jVpSQURfzR1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYt
NDZiYjdhZWMxZjMwLzEvTkk5Q0tzVmpfREN1QmREN2JFWGUwbzdJT09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9lMDhiOGUtYmYyMi00MzVjLThiMWYtNDZiYjdhZWMxZjMw
LzEvcnk4dWh0MTh5UkFXV1AtTldsSkJSRl9OSFdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCgEGsMA0G
CSqGSIb3DQEBCwUAA4IBAQAbAoIcTXYym5kSeNIRwCv/+YPhcGcMH6uXoLnxNV9k
fLHoch18EE/gCkul+qk965rLY7pFJQCKPyvWDCaEmHe3bt3Qf2btJMgXlegud9ya
dcU+bWf+6dLoz0ucTkOnTCszHXZAAG61qhNsgof9ExAxad79W4yaiYlQe4D5RnJG
6s/4pvZRj6zuTeiH2pwAjyzss5sEYxF+2mt3vaTSKv0vtmC/aOY8wHMpDc6rLzCO
CuXgpG2sVG9eEg8q5vog2mNQGkF7jm00ihbHwpQqKZYuJ+lDZ6qgvqrlRydNzM3Z
liq1LMpnhShMkYSNK+oWE6rJjXnH6VpO9feno8Pp/VF/
-----END CERTIFICATE-----
Generated at Sat Jun 22 18:54:43 2024 by rpki-client on console-fra.rpki-client.org