Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/2qKLaFt7aGcxtKTVCAICe254wMo.roa
File:                     2qKLaFt7aGcxtKTVCAICe254wMo.roa (raw, json)
Hash identifier:          ihFISMRBFV9vttGBzHaHehMB2bPjzvtxza9ncYxndaY=
Subject key identifier:   DA:A2:8B:68:5B:7B:68:67:31:B4:A4:D5:08:02:02:7B:6E:78:C0:CA
Certificate issuer:       /CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
Certificate serial:       018B62FDB586C307D1D4887E8D88F9D9384C
Authority key identifier: 35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/2qKLaFt7aGcxtKTVCAICe254wMo.roa
Signing time:             Tue 24 Oct 2023 18:41:16 +0000
ROA not before:           Tue 24 Oct 2023 18:41:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        185.155.234.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Wed 25 Oct 2023 13:59:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:62:fd:b5:86:c3:07:d1:d4:88:7e:8d:88:f9:d9:38:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3517c9de927fa75beaef7885f0d88f6f4d2a0ed6
        Validity
            Not Before: Oct 24 18:41:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=daa28b685b7b686731b4a4d50802027b6e78c0ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:98:1c:54:19:47:d2:07:39:b7:b4:ff:43:95:
                    23:0c:76:24:fc:7b:58:d6:4a:f2:21:ad:82:0d:56:
                    12:97:b8:d7:69:7c:96:3f:b4:15:27:ce:ea:a0:09:
                    dc:9a:bd:2a:7a:2a:58:fa:76:70:ec:de:af:33:dd:
                    ed:c7:2b:b1:18:d4:b1:d4:b8:4d:5e:16:75:3b:fd:
                    4d:2e:40:8c:f2:b2:08:7f:6a:00:e5:d9:b7:6b:cc:
                    39:ac:e8:94:70:29:fe:53:16:9c:f1:04:93:51:75:
                    0f:a4:0e:91:3f:fc:61:95:af:5e:de:ed:88:b3:d3:
                    2a:05:b6:20:9f:8e:f6:e3:b9:b6:07:af:67:95:6f:
                    9b:ad:00:f7:4e:ad:87:03:e2:ed:4a:2e:63:ef:bb:
                    7b:36:5e:d8:14:25:69:f1:ca:7e:fd:22:2b:fb:5c:
                    11:e3:d6:e0:9a:c5:43:46:87:14:32:ec:69:19:9d:
                    45:36:39:60:6f:25:fb:fc:07:45:2d:27:ad:60:ae:
                    8d:f2:53:d9:6f:fb:9d:6f:e3:41:a3:20:19:de:30:
                    70:95:63:7e:26:84:d2:71:9a:31:b3:89:8b:c1:b2:
                    d5:ba:58:0b:de:02:07:dd:9e:f9:a4:c2:dd:0f:87:
                    13:20:64:54:6c:1c:04:2a:d9:83:ad:6d:61:97:11:
                    f6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A2:8B:68:5B:7B:68:67:31:B4:A4:D5:08:02:02:7B:6E:78:C0:CA
            X509v3 Authority Key Identifier:
                keyid:35:17:C9:DE:92:7F:A7:5B:EA:EF:78:85:F0:D8:8F:6F:4D:2A:0E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRfJ3pJ_p1vq73iF8NiPb00qDtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/2qKLaFt7aGcxtKTVCAICe254wMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/954ade-84b7-446d-a6e2-fd3b3002c0bb/1/NRfJ3pJ_p1vq73iF8NiPb00qDtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bb:e3:5f:df:2f:4d:c6:e4:60:2a:93:a0:b3:70:ca:30:94:30:
         68:d1:19:e0:59:f8:d7:c6:4e:87:7a:71:21:9f:6c:6a:84:a1:
         bf:e9:0e:28:05:2e:c8:70:7f:73:67:ba:5d:38:ff:f0:de:20:
         73:51:e1:80:d0:7a:73:81:25:7f:65:83:fc:59:95:48:08:69:
         14:d0:29:74:d5:0b:3c:5f:5e:e4:45:c0:50:2c:a4:2c:de:76:
         cd:a5:96:bb:bc:40:fd:18:7c:6f:9b:1f:14:02:9d:a8:d2:de:
         05:3d:cb:21:15:04:d5:f7:6a:ae:6b:ad:dd:f8:62:7d:db:8b:
         7f:6f:ea:02:35:ec:ea:df:57:d9:a4:2a:c2:ed:67:ae:d8:ff:
         61:99:11:e1:56:e4:6d:7e:2b:05:c2:35:7c:06:b3:f8:6e:de:
         4d:69:bd:e9:c5:be:e5:3d:49:a6:c3:1d:50:27:53:ba:49:75:
         3c:cb:88:86:a4:99:0d:d7:d4:e0:4e:58:d4:ad:8a:e7:97:b0:
         15:ac:df:3c:34:c8:2b:9f:cb:6b:fb:3d:41:8b:69:d3:e2:bf:
         3b:41:bd:1a:26:59:65:4e:34:2e:98:8c:0b:00:eb:99:09:01:
         48:cc:4d:19:41:e4:52:bd:48:d6:be:e6:8a:c4:39:85:cb:1e:
         b9:24:a8:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYti/bWGwwfR1Ih+jYj52ThMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MTdjOWRlOTI3ZmE3NWJlYWVmNzg4NWYwZDg4ZjZmNGQy
YTBlZDYwHhcNMjMxMDI0MTg0MTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWEyOGI2ODViN2I2ODY3MzFiNGE0ZDUwODAyMDI3YjZlNzhjMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5gcVBlH0gc5t7T/Q5UjDHYk/HtY
1kryIa2CDVYSl7jXaXyWP7QVJ87qoAncmr0qeipY+nZw7N6vM93txyuxGNSx1LhN
XhZ1O/1NLkCM8rIIf2oA5dm3a8w5rOiUcCn+Uxac8QSTUXUPpA6RP/xhla9e3u2I
s9MqBbYgn47247m2B69nlW+brQD3Tq2HA+LtSi5j77t7Nl7YFCVp8cp+/SIr+1wR
49bgmsVDRocUMuxpGZ1FNjlgbyX7/AdFLSetYK6N8lPZb/udb+NBoyAZ3jBwlWN+
JoTScZoxs4mLwbLVulgL3gIH3Z75pMLdD4cTIGRUbBwEKtmDrW1hlxH2GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqii2hbe2hnMbSk1QgCAntueMDKMB8GA1UdIwQY
MBaAFDUXyd6Sf6db6u94hfDYj29NKg7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTIt
ZmQzYjMwMDJjMGJiLzEvMnFLTGFGdDdhR2N4dEtUVkNBSUNlMjU0d01vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy85NTRhZGUtODRiNy00NDZkLWE2ZTItZmQzYjMwMDJjMGJi
LzEvTlJmSjNwSl9wMXZxNzNpRjhOaVBiMDBxRHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZvqMA0G
CSqGSIb3DQEBCwUAA4IBAQC741/fL03G5GAqk6CzcMowlDBo0RngWfjXxk6HenEh
n2xqhKG/6Q4oBS7IcH9zZ7pdOP/w3iBzUeGA0HpzgSV/ZYP8WZVICGkU0Cl01Qs8
X17kRcBQLKQs3nbNpZa7vED9GHxvmx8UAp2o0t4FPcshFQTV92qua63d+GJ924t/
b+oCNezq31fZpCrC7Weu2P9hmRHhVuRtfisFwjV8BrP4bt5Nab3pxb7lPUmmwx1Q
J1O6SXU8y4iGpJkN19TgTljUrYrnl7AVrN88NMgrn8tr+z1Bi2nT4r87Qb0aJlll
TjQumIwLAOuZCQFIzE0ZQeRSvUjWvuaKxDmFyx65JKhC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:02 2024 by rpki-client on console-ams.rpki-client.org