Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/K32OQPq1DYp-oIcBncldLPLZovk.roa
File:                     K32OQPq1DYp-oIcBncldLPLZovk.roa (raw, json)
Hash identifier:          4qXe0rjuuTBMYsHugqiZMr9e0oB0JWxeUe0mEGIxyUE=
Subject key identifier:   2B:7D:8E:40:FA:B5:0D:8A:7E:A0:87:01:9D:C9:5D:2C:F2:D9:A2:F9
Certificate issuer:       /CN=153d072ccef00bf464d660dbd05dada1da33d2c8
Certificate serial:       0188B967BCF7C1099B94C20CE48197E0E5C2
Authority key identifier: 15:3D:07:2C:CE:F0:0B:F4:64:D6:60:DB:D0:5D:AD:A1:DA:33:D2:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FT0HLM7wC_Rk1mDb0F2todoz0sg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/K32OQPq1DYp-oIcBncldLPLZovk.roa
Signing time:             Wed 14 Jun 2023 10:16:03 +0000
ROA not before:           Wed 14 Jun 2023 10:16:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34984
IP address blocks:        77.73.217.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:b9:67:bc:f7:c1:09:9b:94:c2:0c:e4:81:97:e0:e5:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=153d072ccef00bf464d660dbd05dada1da33d2c8
        Validity
            Not Before: Jun 14 10:16:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b7d8e40fab50d8a7ea087019dc95d2cf2d9a2f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:7a:27:b9:93:44:72:06:ae:89:cb:a1:90:e4:
                    63:53:16:58:d1:28:6f:cb:c8:f5:53:83:c1:4f:1b:
                    3e:fb:f4:a3:c8:53:bd:4b:8a:c1:98:b9:08:3e:32:
                    3d:ad:d1:94:09:b7:a3:86:e9:f8:27:32:a4:9a:82:
                    fb:7d:df:96:ff:3c:c6:b4:3a:99:3d:78:5e:73:fc:
                    b9:0a:b6:e9:00:f5:ef:8a:39:56:9c:d1:ef:4e:3b:
                    f9:9c:19:9d:14:c0:a0:dc:7c:78:6e:3a:ae:f5:64:
                    92:de:e6:5e:0f:31:33:81:f7:5c:f3:00:1a:97:98:
                    bc:71:52:47:f4:03:56:74:a9:16:ee:61:8f:4a:1f:
                    dc:23:33:9c:5a:38:71:b0:03:e0:28:03:f5:2e:b1:
                    ac:e2:92:dd:0b:73:ff:b4:8a:96:26:b9:4b:c2:80:
                    ff:e5:ee:4c:ba:29:6f:d1:6e:bc:73:b7:30:aa:61:
                    68:e9:b9:c6:a2:8a:89:40:93:f1:ae:f0:d4:6b:ff:
                    55:c7:16:49:4a:20:eb:c9:0b:15:e1:2a:79:0b:22:
                    92:ae:8e:78:a2:51:c5:1b:7e:7f:44:e6:73:7f:e0:
                    40:bc:db:57:08:a9:42:31:63:d6:90:c9:f1:b7:5d:
                    8f:69:02:11:1c:be:a6:96:a3:0c:2d:31:c1:f0:22:
                    55:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:7D:8E:40:FA:B5:0D:8A:7E:A0:87:01:9D:C9:5D:2C:F2:D9:A2:F9
            X509v3 Authority Key Identifier:
                keyid:15:3D:07:2C:CE:F0:0B:F4:64:D6:60:DB:D0:5D:AD:A1:DA:33:D2:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FT0HLM7wC_Rk1mDb0F2todoz0sg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/K32OQPq1DYp-oIcBncldLPLZovk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/64b1e6-0a1f-40ec-9437-04a4c2c41c34/1/FT0HLM7wC_Rk1mDb0F2todoz0sg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:67:df:e5:e6:57:13:26:93:09:d4:02:f8:58:02:99:2e:ed:
         36:db:04:05:a1:08:d1:69:a2:f6:82:9f:86:6a:8a:7b:10:54:
         cb:e5:d5:72:28:2a:a5:fc:90:4a:ae:00:d6:41:ea:3f:36:ba:
         a5:51:b7:e3:39:d0:28:25:31:8f:ba:41:95:5a:d2:2c:1d:66:
         b1:ae:f9:fe:ea:fd:54:96:cf:cb:c5:ed:38:91:0b:a2:91:85:
         d1:32:7b:2d:33:d3:f6:9f:e8:8e:d3:f9:1f:01:a1:c6:99:c4:
         f7:35:6b:4a:c4:9c:2b:67:7f:7f:e6:40:79:fd:3a:c5:68:ac:
         a1:b6:cb:14:77:f0:9b:0b:e3:aa:56:26:df:fe:75:b6:2a:53:
         3c:ab:1d:f1:67:b0:98:d2:55:45:32:e7:47:86:61:05:b8:35:
         33:ca:b6:18:38:a0:65:03:d4:6b:bc:e2:96:98:7e:c0:e7:e5:
         ae:74:af:81:dc:75:e7:83:ed:d4:22:89:ac:f1:25:19:76:e6:
         7a:03:63:eb:4e:aa:43:d4:cf:84:a5:e2:23:a1:e7:83:d9:8a:
         aa:93:bd:eb:4b:13:b3:52:7c:ba:32:c3:34:e7:d2:18:ff:b1:
         36:eb:11:05:63:dd:c1:96:b1:e5:9c:d4:10:40:4c:15:3c:02:
         2a:f5:a7:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYi5Z7z3wQmblMIM5IGX4OXCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1M2QwNzJjY2VmMDBiZjQ2NGQ2NjBkYmQwNWRhZGExZGEz
M2QyYzgwHhcNMjMwNjE0MTAxNjAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjdkOGU0MGZhYjUwZDhhN2VhMDg3MDE5ZGM5NWQyY2YyZDlhMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3onuZNEcgauicuhkORjUxZY0Shv
y8j1U4PBTxs++/SjyFO9S4rBmLkIPjI9rdGUCbejhun4JzKkmoL7fd+W/zzGtDqZ
PXhec/y5CrbpAPXvijlWnNHvTjv5nBmdFMCg3Hx4bjqu9WSS3uZeDzEzgfdc8wAa
l5i8cVJH9ANWdKkW7mGPSh/cIzOcWjhxsAPgKAP1LrGs4pLdC3P/tIqWJrlLwoD/
5e5Muilv0W68c7cwqmFo6bnGooqJQJPxrvDUa/9VxxZJSiDryQsV4Sp5CyKSro54
olHFG35/ROZzf+BAvNtXCKlCMWPWkMnxt12PaQIRHL6mlqMMLTHB8CJVuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCt9jkD6tQ2KfqCHAZ3JXSzy2aL5MB8GA1UdIwQY
MBaAFBU9ByzO8Av0ZNZg29BdraHaM9LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlQwSExNN3dDX1JrMW1EYjBGMnRvZG96MHNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC82NGIxZTYtMGExZi00MGVjLTk0Mzct
MDRhNGMyYzQxYzM0LzEvSzMyT1FQcTFEWXAtb0ljQm5jbGRMUExab3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC82NGIxZTYtMGExZi00MGVjLTk0MzctMDRhNGMyYzQxYzM0
LzEvRlQwSExNN3dDX1JrMW1EYjBGMnRvZG96MHNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUnZMA0G
CSqGSIb3DQEBCwUAA4IBAQAEZ9/l5lcTJpMJ1AL4WAKZLu022wQFoQjRaaL2gp+G
aop7EFTL5dVyKCql/JBKrgDWQeo/NrqlUbfjOdAoJTGPukGVWtIsHWaxrvn+6v1U
ls/Lxe04kQuikYXRMnstM9P2n+iO0/kfAaHGmcT3NWtKxJwrZ39/5kB5/TrFaKyh
tssUd/CbC+OqVibf/nW2KlM8qx3xZ7CY0lVFMudHhmEFuDUzyrYYOKBlA9RrvOKW
mH7A5+WudK+B3HXng+3UIoms8SUZduZ6A2PrTqpD1M+EpeIjoeeD2Yqqk73rSxOz
Uny6MsM059IY/7E26xEFY93BlrHlnNQQQEwVPAIq9ae0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:25 2024 by rpki-client on console-fra.rpki-client.org