Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/sT3i_Ycudb_IQeMkgjhL3uju2IY.roa
File:                     sT3i_Ycudb_IQeMkgjhL3uju2IY.roa (raw, json)
Hash identifier:          jXi2XWox3MAK6LmWeWllBFGhUyaBwmvCcCWHSIJRKzY=
Subject key identifier:   B1:3D:E2:FD:87:2E:75:BF:C8:41:E3:24:82:38:4B:DE:E8:EE:D8:86
Certificate issuer:       /CN=36fed2d5eb5b3c5266abaa617c960703c55d0785
Certificate serial:       018570FBA1DC343DA7EB59F29265B97718A2
Authority key identifier: 36:FE:D2:D5:EB:5B:3C:52:66:AB:AA:61:7C:96:07:03:C5:5D:07:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/sT3i_Ycudb_IQeMkgjhL3uju2IY.roa
Signing time:             Mon 02 Jan 2023 05:36:57 +0000
ROA not before:           Mon 02 Jan 2023 05:36:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204861
IP address blocks:        2.57.4.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:a1:dc:34:3d:a7:eb:59:f2:92:65:b9:77:18:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36fed2d5eb5b3c5266abaa617c960703c55d0785
        Validity
            Not Before: Jan  2 05:36:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b13de2fd872e75bfc841e32482384bdee8eed886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:cd:4d:d9:7e:2e:94:87:2b:b5:f8:98:09:53:
                    ce:0e:da:aa:91:fa:e3:8b:72:86:57:56:5f:6c:36:
                    0a:95:ef:5e:03:ee:6a:ae:13:77:8e:c5:55:8e:dc:
                    ef:b3:37:2f:df:35:e8:26:56:2a:44:f0:87:18:81:
                    fc:43:99:12:11:c2:80:b7:65:14:57:c2:57:0d:a8:
                    8f:43:d9:1c:8e:17:f4:93:f6:3d:91:6a:6a:e0:fd:
                    51:e9:f2:71:88:2c:1e:6f:d1:12:4b:bb:a4:bc:27:
                    6f:9e:c6:58:cf:e1:54:63:cc:8b:b0:cf:a6:ca:88:
                    f3:f1:fb:bd:57:14:d5:53:0f:c9:4e:83:af:2a:ed:
                    47:3f:63:58:9e:bb:f4:68:cb:71:3e:34:2a:84:83:
                    37:25:26:ff:09:59:fb:58:ec:cd:ef:29:bb:01:5e:
                    72:b7:a6:7c:d9:05:7e:bf:87:db:51:71:41:b3:9c:
                    56:bb:46:90:fa:6e:43:56:b9:58:06:0e:30:31:3f:
                    46:22:b6:2f:a0:fc:54:92:c4:c3:65:23:3d:cd:51:
                    85:2f:43:ab:74:ef:0e:be:93:fd:fe:79:68:9e:a3:
                    19:57:a9:e2:c0:05:2e:2f:88:29:54:0f:cc:56:4c:
                    91:a9:35:38:90:da:b2:87:4f:ad:4b:5f:56:4a:89:
                    b2:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:3D:E2:FD:87:2E:75:BF:C8:41:E3:24:82:38:4B:DE:E8:EE:D8:86
            X509v3 Authority Key Identifier:
                keyid:36:FE:D2:D5:EB:5B:3C:52:66:AB:AA:61:7C:96:07:03:C5:5D:07:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nv7S1etbPFJmq6phfJYHA8VdB4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/sT3i_Ycudb_IQeMkgjhL3uju2IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5324bd-7926-4513-bd1f-68ef3238a72e/1/Nv7S1etbPFJmq6phfJYHA8VdB4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:de:7f:2c:0d:b1:89:35:80:0a:70:2f:9d:e5:29:44:29:24:
         37:48:fd:59:13:b1:86:e2:60:5c:5f:11:31:95:7d:82:06:67:
         e7:24:67:aa:d0:62:bd:25:f4:87:b9:a6:49:27:c0:4a:7c:72:
         19:29:c6:94:87:25:00:a8:c1:b2:c2:b4:ef:69:e7:d8:7b:af:
         2b:81:13:4a:a5:8c:0d:e2:64:d3:51:de:a5:2e:a1:47:33:64:
         83:db:da:b9:a7:ab:fc:a2:92:86:ff:27:5c:a4:38:6f:62:09:
         fc:55:41:29:46:88:f5:c0:c6:92:6d:40:92:cf:4f:cf:9f:2d:
         09:e1:1f:32:b7:ee:94:1b:51:a9:fe:c0:99:31:ef:a5:a1:25:
         8f:e6:67:b2:97:74:1a:ce:b6:a5:2d:6f:43:f0:42:e8:cb:87:
         06:56:80:f2:10:e7:75:9e:ca:c9:c4:72:41:72:ed:a3:36:dc:
         ba:5d:49:5e:e5:10:20:3a:03:e8:ca:53:5d:49:f6:3f:8a:ea:
         bc:bd:f6:c5:3f:12:61:8d:d5:7b:4c:ec:c0:53:b9:22:a0:69:
         22:74:f0:7d:8e:c3:a0:17:88:e8:c5:5f:06:55:43:b5:29:4b:
         2c:91:fd:9c:74:6e:29:2a:53:d5:6b:ee:87:cf:88:31:1d:90:
         3e:a2:c6:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw+6HcND2n61nykmW5dxiiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZmVkMmQ1ZWI1YjNjNTI2NmFiYWE2MTdjOTYwNzAzYzU1
ZDA3ODUwHhcNMjMwMTAyMDUzNjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTNkZTJmZDg3MmU3NWJmYzg0MWUzMjQ4MjM4NGJkZWU4ZWVkODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz81N2X4ulIcrtfiYCVPODtqqkfrj
i3KGV1ZfbDYKle9eA+5qrhN3jsVVjtzvszcv3zXoJlYqRPCHGIH8Q5kSEcKAt2UU
V8JXDaiPQ9kcjhf0k/Y9kWpq4P1R6fJxiCweb9ESS7ukvCdvnsZYz+FUY8yLsM+m
yojz8fu9VxTVUw/JToOvKu1HP2NYnrv0aMtxPjQqhIM3JSb/CVn7WOzN7ym7AV5y
t6Z82QV+v4fbUXFBs5xWu0aQ+m5DVrlYBg4wMT9GIrYvoPxUksTDZSM9zVGFL0Or
dO8OvpP9/nlonqMZV6niwAUuL4gpVA/MVkyRqTU4kNqyh0+tS19WSomy5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLE94v2HLnW/yEHjJII4S97o7tiGMB8GA1UdIwQY
MBaAFDb+0tXrWzxSZquqYXyWBwPFXQeFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnY3UzFldGJQRkptcTZwaGZKWUhBOFZkQjRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81MzI0YmQtNzkyNi00NTEzLWJkMWYt
NjhlZjMyMzhhNzJlLzEvc1QzaV9ZY3VkYl9JUWVNa2dqaEwzdWp1MklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81MzI0YmQtNzkyNi00NTEzLWJkMWYtNjhlZjMyMzhhNzJl
LzEvTnY3UzFldGJQRkptcTZwaGZKWUhBOFZkQjRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAjkEMA0G
CSqGSIb3DQEBCwUAA4IBAQCr3n8sDbGJNYAKcC+d5SlEKSQ3SP1ZE7GG4mBcXxEx
lX2CBmfnJGeq0GK9JfSHuaZJJ8BKfHIZKcaUhyUAqMGywrTvaefYe68rgRNKpYwN
4mTTUd6lLqFHM2SD29q5p6v8opKG/ydcpDhvYgn8VUEpRoj1wMaSbUCSz0/Pny0J
4R8yt+6UG1Gp/sCZMe+loSWP5meyl3QazralLW9D8ELoy4cGVoDyEOd1nsrJxHJB
cu2jNty6XUle5RAgOgPoylNdSfY/iuq8vfbFPxJhjdV7TOzAU7kioGkidPB9jsOg
F4joxV8GVUO1KUsskf2cdG4pKlPVa+6Hz4gxHZA+osYA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:33 2024 by rpki-client on console-fra.rpki-client.org