Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/IQoQAJr2frXWUxOfP3y17657PtY.roa
File:                     IQoQAJr2frXWUxOfP3y17657PtY.roa (raw, json)
Hash identifier:          LXnbwsVnYowq1ocGuGGDng2YB3V6FJMfqXITUIzw9k8=
Subject key identifier:   21:0A:10:00:9A:F6:7E:B5:D6:53:13:9F:3F:7C:B5:EF:AE:7B:3E:D6
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018C813F438ED9FB60BA1FB473833202D7F4
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/IQoQAJr2frXWUxOfP3y17657PtY.roa
Signing time:             Tue 19 Dec 2023 08:44:16 +0000
ROA not before:           Tue 19 Dec 2023 08:44:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.38.0/24 maxlen: 24
                          46.233.42.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:81:3f:43:8e:d9:fb:60:ba:1f:b4:73:83:32:02:d7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Dec 19 08:44:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=210a10009af67eb5d653139f3f7cb5efae7b3ed6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:a1:1b:30:e8:17:85:93:7c:ec:eb:9a:8a:ae:
                    28:ef:27:7c:90:ab:1c:14:41:f2:0e:52:75:25:79:
                    6b:c4:8f:59:5b:de:06:89:96:c1:18:da:2c:3a:d3:
                    b0:21:29:e0:76:25:d1:40:0b:1b:da:14:4d:0e:06:
                    8a:51:59:ce:df:d4:1d:01:fb:68:78:76:f7:41:6f:
                    d9:16:1f:be:2e:89:7f:1f:13:18:fa:c2:e7:fe:5f:
                    25:e7:fc:38:41:02:59:b8:5e:ba:36:2d:1a:79:eb:
                    f8:78:d0:b0:a9:5f:22:7b:55:b8:b7:16:61:93:04:
                    17:86:1a:5a:93:7c:99:12:63:63:76:0c:d2:6f:78:
                    4b:a6:b8:29:08:7e:8b:47:0e:6c:a1:c7:9a:0e:40:
                    ba:15:58:01:e5:4f:d9:91:f2:5f:f6:23:67:59:a5:
                    4c:b1:12:35:a2:a0:c2:a6:26:41:67:b1:fb:b2:d2:
                    92:8e:bb:c6:a6:e8:d5:95:63:58:d1:cb:53:d2:4c:
                    14:97:bb:f2:33:ea:80:2f:be:b9:3f:52:8b:d6:5c:
                    64:55:71:2b:a1:12:f6:c2:d0:66:53:02:15:ad:cc:
                    0f:24:74:c0:c1:05:ae:48:57:2e:0b:01:27:b9:16:
                    67:33:8d:08:f0:71:45:37:8c:61:02:05:c5:85:8a:
                    32:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:0A:10:00:9A:F6:7E:B5:D6:53:13:9F:3F:7C:B5:EF:AE:7B:3E:D6
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/IQoQAJr2frXWUxOfP3y17657PtY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.38.0/24
                  46.233.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b3:fb:6f:37:1b:1f:ee:4d:e1:d5:81:1f:95:1f:bb:c1:c8:a0:
         30:5b:c4:2a:07:0b:82:e9:bf:f7:ed:7f:0c:e3:5b:35:b8:fc:
         70:06:c8:6d:1b:54:a8:3a:9f:8b:d9:21:31:f5:ca:7e:53:5d:
         46:40:c3:4c:e0:16:a7:b8:61:79:df:d8:ff:6f:cc:b2:3a:ba:
         42:22:9f:71:cc:00:61:55:f0:3a:15:43:8f:65:87:a6:a7:bd:
         84:37:1b:ef:14:a9:96:d5:3d:3d:8d:20:3b:dc:a7:cf:46:7f:
         55:76:3f:72:cb:cf:b6:98:8f:0c:d4:4f:ab:69:c1:07:71:1f:
         c0:f1:59:89:6f:de:0d:4e:39:f1:42:84:b3:0f:a6:00:01:18:
         29:03:b2:76:a6:6d:a0:44:a8:f1:19:9f:89:99:23:b9:73:07:
         0f:5a:ec:c5:91:21:42:f1:0c:55:fb:a3:f7:23:52:fc:4b:aa:
         a8:88:ad:6b:20:6e:a1:08:be:26:31:38:47:bf:9e:8a:9f:e6:
         bb:0c:61:46:2f:92:0a:92:e5:72:f1:d1:46:5f:ce:91:9a:f9:
         6d:58:2d:4e:04:92:f3:59:7e:aa:59:20:3e:23:93:b7:5a:a1:
         33:f4:56:1d:da:af:56:83:49:da:af:eb:37:a8:6a:cf:a9:52:
         b1:6d:77:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyBP0OO2ftguh+0c4MyAtf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjMxMjE5MDg0NDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTBhMTAwMDlhZjY3ZWI1ZDY1MzEzOWYzZjdjYjVlZmFlN2IzZWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjaEbMOgXhZN87Ouaiq4o7yd8kKsc
FEHyDlJ1JXlrxI9ZW94GiZbBGNosOtOwISngdiXRQAsb2hRNDgaKUVnO39QdAfto
eHb3QW/ZFh++Lol/HxMY+sLn/l8l5/w4QQJZuF66Ni0aeev4eNCwqV8ie1W4txZh
kwQXhhpak3yZEmNjdgzSb3hLprgpCH6LRw5soceaDkC6FVgB5U/ZkfJf9iNnWaVM
sRI1oqDCpiZBZ7H7stKSjrvGpujVlWNY0ctT0kwUl7vyM+qAL765P1KL1lxkVXEr
oRL2wtBmUwIVrcwPJHTAwQWuSFcuCwEnuRZnM40I8HFFN4xhAgXFhYoyAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCEKEACa9n611lMTnz98te+uez7WMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvSVFvUUFKcjJmclhXVXhPZlAzeTE3NjU3UHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALukmAwQB
LukqMA0GCSqGSIb3DQEBCwUAA4IBAQCz+283Gx/uTeHVgR+VH7vByKAwW8QqBwuC
6b/37X8M41s1uPxwBshtG1SoOp+L2SEx9cp+U11GQMNM4BanuGF539j/b8yyOrpC
Ip9xzABhVfA6FUOPZYemp72ENxvvFKmW1T09jSA73KfPRn9Vdj9yy8+2mI8M1E+r
acEHcR/A8VmJb94NTjnxQoSzD6YAARgpA7J2pm2gRKjxGZ+JmSO5cwcPWuzFkSFC
8QxV+6P3I1L8S6qoiK1rIG6hCL4mMThHv56Kn+a7DGFGL5IKkuVy8dFGX86Rmvlt
WC1OBJLzWX6qWSA+I5O3WqEz9FYd2q9Wg0nar+s3qGrPqVKxbXe2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:09 2024 by rpki-client on console-ams.rpki-client.org