Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/MxBNdameXPxpwVhZXNYnT31xGRo.roa
File:                     MxBNdameXPxpwVhZXNYnT31xGRo.roa (raw, json)
Hash identifier:          5M5LXKD+xru7U4AvwnKXJ6NvnYaD3F8UJgWyZ9Vh5D4=
Subject key identifier:   33:10:4D:75:A9:9E:5C:FC:69:C1:58:59:5C:D6:27:4F:7D:71:19:1A
Certificate issuer:       /CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
Certificate serial:       01856CEF33F93DA3C3544225AC4971356BC9
Authority key identifier: 01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/MxBNdameXPxpwVhZXNYnT31xGRo.roa
Signing time:             Sun 01 Jan 2023 10:44:53 +0000
ROA not before:           Sun 01 Jan 2023 10:44:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206805
IP address blocks:        212.8.237.0/24 maxlen: 24
                          212.8.237.4/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:31:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ef:33:f9:3d:a3:c3:54:42:25:ac:49:71:35:6b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=016e5e31fa8716aaa54e18fcdcfed3fc94db90b5
        Validity
            Not Before: Jan  1 10:44:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33104d75a99e5cfc69c158595cd6274f7d71191a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:37:3c:6a:30:22:2f:9f:63:fa:02:97:14:24:
                    08:a4:b0:6b:ad:10:c7:1e:46:b1:2c:5f:cd:27:e0:
                    e6:c7:3e:a4:d4:1a:13:7f:ed:f1:22:af:2e:3b:ae:
                    fb:24:76:d0:65:83:7a:d7:ec:ca:e9:4f:37:75:39:
                    8c:d5:17:e7:9b:a1:67:e5:10:9d:a1:33:6a:55:12:
                    11:ed:8f:60:4f:79:af:20:9c:d7:b9:c8:82:cb:c8:
                    6e:cf:e7:23:73:a4:dd:95:bb:9f:cd:5b:73:b2:44:
                    c1:c7:12:8c:59:0d:7c:9e:95:b9:93:f5:2d:89:97:
                    17:40:09:d9:5e:ac:92:89:4e:72:1c:9d:b1:09:36:
                    85:a1:d5:c5:64:38:b1:cf:5e:65:06:21:65:4b:c8:
                    fb:30:f6:95:19:4d:99:f4:52:a5:a5:f0:de:80:b2:
                    61:42:28:54:59:c6:17:f2:1f:cd:86:5c:4a:c8:f9:
                    71:40:e0:b5:e3:2e:f3:fb:01:ac:6a:8c:26:d1:4b:
                    cd:6e:f6:36:28:5a:0b:f2:2d:6b:fc:17:25:05:5f:
                    64:32:77:dc:2f:bc:87:f8:af:fc:4e:63:73:5e:f6:
                    75:7a:dd:f0:1b:8b:0d:71:11:e6:66:7e:f8:a0:c8:
                    29:42:3f:e5:a3:87:e1:54:ee:0c:3b:54:df:5f:bf:
                    79:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:10:4D:75:A9:9E:5C:FC:69:C1:58:59:5C:D6:27:4F:7D:71:19:1A
            X509v3 Authority Key Identifier:
                keyid:01:6E:5E:31:FA:87:16:AA:A5:4E:18:FC:DC:FE:D3:FC:94:DB:90:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AW5eMfqHFqqlThj83P7T_JTbkLU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/MxBNdameXPxpwVhZXNYnT31xGRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/af4ef8-ed07-4acd-a42f-c96c2ce859e5/1/AW5eMfqHFqqlThj83P7T_JTbkLU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.8.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:88:99:ec:ce:5c:2b:f6:93:e6:2f:a7:85:eb:13:e5:22:88:
         3a:ab:c2:1f:cd:1d:3f:3c:36:92:a5:28:37:43:91:fa:23:19:
         e7:0e:06:e9:59:8d:b8:8a:68:94:9e:31:26:69:b9:f1:c0:56:
         6b:70:a5:c2:ae:98:94:5d:6a:4a:13:a0:a6:d8:6b:a3:76:fb:
         af:ab:86:08:c2:34:d5:1c:ae:3d:59:1c:4f:b7:99:b4:16:dd:
         5d:a1:69:1a:87:20:1d:13:c3:f7:d4:33:e3:f9:50:b0:0b:61:
         e1:e2:96:32:5d:10:3c:00:a0:07:69:7a:50:21:fd:81:65:82:
         b0:72:ee:b1:a0:68:85:f0:6e:7b:6c:7f:91:65:2e:14:bf:d4:
         9e:d4:ea:ca:54:85:e8:c7:15:6d:03:38:b4:4e:d2:f9:ca:d0:
         01:57:d8:f8:40:83:8e:ed:82:7e:8b:e8:a6:57:32:44:33:ce:
         e7:0c:a3:91:68:69:1b:4d:59:e5:7f:41:2c:e4:f4:b6:0d:52:
         32:7b:17:84:71:f6:1c:37:d9:f2:1c:b6:41:4f:ef:a0:a8:51:
         c9:f9:05:68:e4:18:75:53:f4:89:59:2b:82:cc:8e:b5:8c:0f:
         0a:3a:0a:d7:f6:ee:9c:4c:6e:41:a5:81:a8:43:69:da:86:d7:
         af:2c:6c:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs7zP5PaPDVEIlrElxNWvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNmU1ZTMxZmE4NzE2YWFhNTRlMThmY2RjZmVkM2ZjOTRk
YjkwYjUwHhcNMjMwMTAxMTA0NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzEwNGQ3NWE5OWU1Y2ZjNjljMTU4NTk1Y2Q2Mjc0ZjdkNzExOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTc8ajAiL59j+gKXFCQIpLBrrRDH
HkaxLF/NJ+Dmxz6k1BoTf+3xIq8uO677JHbQZYN61+zK6U83dTmM1Rfnm6Fn5RCd
oTNqVRIR7Y9gT3mvIJzXuciCy8huz+cjc6TdlbufzVtzskTBxxKMWQ18npW5k/Ut
iZcXQAnZXqySiU5yHJ2xCTaFodXFZDixz15lBiFlS8j7MPaVGU2Z9FKlpfDegLJh
QihUWcYX8h/NhlxKyPlxQOC14y7z+wGsaowm0UvNbvY2KFoL8i1r/BclBV9kMnfc
L7yH+K/8TmNzXvZ1et3wG4sNcRHmZn74oMgpQj/lo4fhVO4MO1TfX795gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDMQTXWpnlz8acFYWVzWJ099cRkaMB8GA1UdIwQY
MBaAFAFuXjH6hxaqpU4Y/Nz+0/yU25C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYt
Yzk2YzJjZTg1OWU1LzEvTXhCTmRhbWVYUHhwd1ZoWlhOWW5UMzF4R1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy9hZjRlZjgtZWQwNy00YWNkLWE0MmYtYzk2YzJjZTg1OWU1
LzEvQVc1ZU1mcUhGcXFsVGhqODNQN1RfSlRia0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1AjtMA0G
CSqGSIb3DQEBCwUAA4IBAQBjiJnszlwr9pPmL6eF6xPlIog6q8IfzR0/PDaSpSg3
Q5H6IxnnDgbpWY24imiUnjEmabnxwFZrcKXCrpiUXWpKE6Cm2Gujdvuvq4YIwjTV
HK49WRxPt5m0Ft1doWkahyAdE8P31DPj+VCwC2Hh4pYyXRA8AKAHaXpQIf2BZYKw
cu6xoGiF8G57bH+RZS4Uv9Se1OrKVIXoxxVtAzi0TtL5ytABV9j4QIOO7YJ+i+im
VzJEM87nDKORaGkbTVnlf0Es5PS2DVIyexeEcfYcN9nyHLZBT++gqFHJ+QVo5Bh1
U/SJWSuCzI61jA8KOgrX9u6cTG5BpYGoQ2nahtevLGyI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:40 2024 by rpki-client on console-fra.rpki-client.org