Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/tnhIBhzDKa8iR5ppLz3n9Dz5L80.roa
File:                     tnhIBhzDKa8iR5ppLz3n9Dz5L80.roa (raw, json)
Hash identifier:          hOYc8IGbszDkI82ncB2H3CgAIKGdEVCUVMFphHXM2yQ=
Subject key identifier:   B6:78:48:06:1C:C3:29:AF:22:47:9A:69:2F:3D:E7:F4:3C:F9:2F:CD
Certificate issuer:       /CN=df9c64e170b7f255d7ca30035d6532c8957eb169
Certificate serial:       01856EEFD2E2CDE6C636F354491DE95711B7
Authority key identifier: DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/tnhIBhzDKa8iR5ppLz3n9Dz5L80.roa
Signing time:             Sun 01 Jan 2023 20:04:48 +0000
ROA not before:           Sun 01 Jan 2023 20:04:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2119
IP address blocks:        217.147.4.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:ef:d2:e2:cd:e6:c6:36:f3:54:49:1d:e9:57:11:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df9c64e170b7f255d7ca30035d6532c8957eb169
        Validity
            Not Before: Jan  1 20:04:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b67848061cc329af22479a692f3de7f43cf92fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:27:01:b6:7a:5e:cb:fb:60:41:2c:0d:a2:18:
                    97:e5:89:ef:ce:bb:2d:12:ad:a8:ad:ad:2f:48:c9:
                    56:73:34:79:4d:18:97:1a:11:92:e2:83:59:58:71:
                    96:6e:4d:d7:73:7e:57:e7:0c:88:94:77:07:bb:a6:
                    b6:bf:48:4c:21:fc:b6:ec:44:7e:07:a5:1a:1e:c2:
                    bf:f4:d0:a4:f1:e3:84:e1:97:5c:44:1e:c6:3d:1e:
                    e1:4b:d7:df:01:a6:cb:d0:ee:31:ec:e3:b4:69:08:
                    91:c3:36:51:77:bb:ee:0a:ec:7e:79:6e:dc:f7:73:
                    f1:9a:d0:ea:98:b5:d4:91:5c:2e:ab:5b:38:5f:af:
                    7e:7b:a7:eb:e7:d3:60:94:80:3f:d0:7e:af:08:f7:
                    b2:79:0a:17:12:49:e9:8b:50:5d:6c:a9:6f:fc:fc:
                    7d:1f:65:d1:1d:91:1a:bf:c2:7f:a3:fa:b5:50:ae:
                    83:5e:04:02:91:6c:b1:2b:ff:cb:30:08:e1:e6:46:
                    6f:17:a2:91:3e:53:78:cc:56:06:2f:bb:52:14:d4:
                    eb:ac:bd:c5:82:74:22:57:fd:a7:0d:ac:50:b3:a3:
                    d1:e2:8e:4a:1c:d8:1c:1d:29:6b:a4:96:26:9f:e5:
                    97:5a:f1:79:74:81:67:51:94:72:96:3d:7f:56:2c:
                    19:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:78:48:06:1C:C3:29:AF:22:47:9A:69:2F:3D:E7:F4:3C:F9:2F:CD
            X509v3 Authority Key Identifier:
                keyid:DF:9C:64:E1:70:B7:F2:55:D7:CA:30:03:5D:65:32:C8:95:7E:B1:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/35xk4XC38lXXyjADXWUyyJV-sWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/tnhIBhzDKa8iR5ppLz3n9Dz5L80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/abd12f-1d66-412f-9be2-28cb3bbf05ae/1/35xk4XC38lXXyjADXWUyyJV-sWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.147.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:32:38:cd:fb:9c:8e:f1:27:89:5a:37:38:9b:dc:bb:36:d3:
         8c:c6:d2:cb:77:13:e9:e8:e3:f0:4f:cd:ae:94:42:4d:02:fc:
         46:23:a5:4c:e0:6f:20:ae:0e:b8:49:3e:45:5a:a9:ca:33:8a:
         6e:d1:f3:54:16:86:3f:b5:d4:92:c1:6b:1f:a9:a0:ff:64:40:
         7a:bc:1e:1a:f6:54:73:ea:b5:b6:4e:6a:92:e4:b7:73:f7:de:
         8a:94:78:0c:7f:79:31:01:33:79:51:51:8c:34:3c:f2:47:8c:
         d7:8a:fa:a6:a2:17:ac:87:96:b8:32:a6:56:56:b8:df:0d:46:
         5a:07:95:dc:c1:c6:d0:b1:54:61:34:cf:8d:2f:d3:75:3f:6b:
         8a:4c:ce:0b:5d:6a:19:be:5f:02:db:11:a0:df:c5:99:5f:00:
         2a:c7:38:6f:7f:54:7d:98:c4:dc:ab:be:76:d8:0c:d9:1c:e8:
         e6:10:31:fb:d1:a1:36:f5:97:2b:e7:ba:8d:58:6b:24:34:83:
         37:3b:93:a5:a0:5a:18:47:dd:75:1b:ce:9b:4c:2c:0d:a4:d5:
         54:7c:22:83:d6:d0:90:62:6d:10:98:30:d2:55:e9:8b:b1:6e:
         e2:14:b1:73:2e:0a:8a:0a:7f:7f:63:3a:39:fc:b3:46:90:db:
         27:75:46:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVu79LizebGNvNUSR3pVxG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOWM2NGUxNzBiN2YyNTVkN2NhMzAwMzVkNjUzMmM4OTU3
ZWIxNjkwHhcNMjMwMTAxMjAwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjc4NDgwNjFjYzMyOWFmMjI0NzlhNjkyZjNkZTdmNDNjZjkyZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlScBtnpey/tgQSwNohiX5Ynvzrst
Eq2ora0vSMlWczR5TRiXGhGS4oNZWHGWbk3Xc35X5wyIlHcHu6a2v0hMIfy27ER+
B6UaHsK/9NCk8eOE4ZdcRB7GPR7hS9ffAabL0O4x7OO0aQiRwzZRd7vuCux+eW7c
93PxmtDqmLXUkVwuq1s4X69+e6fr59NglIA/0H6vCPeyeQoXEknpi1BdbKlv/Px9
H2XRHZEav8J/o/q1UK6DXgQCkWyxK//LMAjh5kZvF6KRPlN4zFYGL7tSFNTrrL3F
gnQiV/2nDaxQs6PR4o5KHNgcHSlrpJYmn+WXWvF5dIFnUZRylj1/ViwZZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZ4SAYcwymvIkeaaS895/Q8+S/NMB8GA1UdIwQY
MBaAFN+cZOFwt/JV18owA11lMsiVfrFpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTIt
MjhjYjNiYmYwNWFlLzEvdG5oSUJoekRLYThpUjVwcEx6M245RHo1TDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9hYmQxMmYtMWQ2Ni00MTJmLTliZTItMjhjYjNiYmYwNWFl
LzEvMzV4azRYQzM4bFhYeWpBRFhXVXl5SlYtc1drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2ZMEMA0G
CSqGSIb3DQEBCwUAA4IBAQBLMjjN+5yO8SeJWjc4m9y7NtOMxtLLdxPp6OPwT82u
lEJNAvxGI6VM4G8grg64ST5FWqnKM4pu0fNUFoY/tdSSwWsfqaD/ZEB6vB4a9lRz
6rW2TmqS5Ldz996KlHgMf3kxATN5UVGMNDzyR4zXivqmohesh5a4MqZWVrjfDUZa
B5XcwcbQsVRhNM+NL9N1P2uKTM4LXWoZvl8C2xGg38WZXwAqxzhvf1R9mMTcq752
2AzZHOjmEDH70aE29Zcr57qNWGskNIM3O5OloFoYR911G86bTCwNpNVUfCKD1tCQ
Ym0QmDDSVemLsW7iFLFzLgqKCn9/Yzo5/LNGkNsndUbh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:30 2024 by rpki-client on console-fra.rpki-client.org