Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/fb0280-9d86-4c11-89d1-87881127fcbf/1/hKziZ8FNZczJKtjmuEK-cSzl80U.roa
File:                     hKziZ8FNZczJKtjmuEK-cSzl80U.roa (raw, json)
Hash identifier:          fzDsgYXAuLzjFBySmgsqqfSw1lf5tshzcU6NwxzI62Y=
Subject key identifier:   84:AC:E2:67:C1:4D:65:CC:C9:2A:D8:E6:B8:42:BE:71:2C:E5:F3:45
Certificate issuer:       /CN=78c71e65cf7a3d2e2fc2b8cc3d43d45d2b350df3
Certificate serial:       01856CE603AD2D7B3F2DC7BAD4731D6F3CF0
Authority key identifier: 78:C7:1E:65:CF:7A:3D:2E:2F:C2:B8:CC:3D:43:D4:5D:2B:35:0D:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eMceZc96PS4vwrjMPUPUXSs1DfM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/fb0280-9d86-4c11-89d1-87881127fcbf/1/hKziZ8FNZczJKtjmuEK-cSzl80U.roa
Signing time:             Sun 01 Jan 2023 10:34:51 +0000
ROA not before:           Sun 01 Jan 2023 10:34:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8592
IP address blocks:        212.16.0.0/20 maxlen: 20
                          212.16.0.0/19 maxlen: 19
                          212.16.16.0/21 maxlen: 21
                          212.16.24.0/22 maxlen: 22
                          2a02:24f0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:03:ad:2d:7b:3f:2d:c7:ba:d4:73:1d:6f:3c:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=78c71e65cf7a3d2e2fc2b8cc3d43d45d2b350df3
        Validity
            Not Before: Jan  1 10:34:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=84ace267c14d65ccc92ad8e6b842be712ce5f345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6b:15:37:61:19:05:11:b2:d8:e5:3e:6d:58:
                    a0:6b:1e:2e:62:8e:d4:f6:c1:73:65:c4:37:96:99:
                    9b:00:19:e3:ad:ed:06:22:37:29:13:54:ee:7d:1f:
                    47:c5:ba:dc:a6:92:dd:26:a4:fb:77:84:f1:c9:5c:
                    45:9c:2f:1a:0d:02:75:36:da:62:3b:41:5e:fe:8f:
                    b0:a3:8a:ca:2b:6a:41:2f:54:86:3a:c0:ac:9b:ef:
                    40:5e:f7:dc:58:e3:02:59:89:04:11:b9:4e:60:86:
                    e8:d9:ef:f9:bf:b0:57:f4:bf:be:35:98:77:6b:95:
                    4c:d6:2b:02:a5:ff:8b:bd:d4:3d:4d:dc:fc:a8:d2:
                    b7:2a:90:5d:a4:9d:96:1b:35:d5:7e:1c:e1:1a:74:
                    66:7d:f9:1e:c5:18:1a:26:c2:d6:92:3a:60:5f:70:
                    26:b1:3c:94:19:63:19:09:0c:d2:9a:fd:01:43:c9:
                    19:ee:47:25:f3:19:c4:f0:0d:59:af:59:d2:14:16:
                    02:9e:09:56:b3:00:1a:23:f8:52:0c:58:e1:c4:f5:
                    f2:db:b3:24:e1:77:be:07:3c:43:d4:80:ae:76:42:
                    72:5e:d0:8c:66:16:8b:fe:a7:4b:7c:25:ee:5d:da:
                    9a:02:cd:85:dc:f4:41:4a:a4:1d:b7:da:e4:6b:da:
                    5e:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:AC:E2:67:C1:4D:65:CC:C9:2A:D8:E6:B8:42:BE:71:2C:E5:F3:45
            X509v3 Authority Key Identifier:
                keyid:78:C7:1E:65:CF:7A:3D:2E:2F:C2:B8:CC:3D:43:D4:5D:2B:35:0D:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eMceZc96PS4vwrjMPUPUXSs1DfM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fb0280-9d86-4c11-89d1-87881127fcbf/1/hKziZ8FNZczJKtjmuEK-cSzl80U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/fb0280-9d86-4c11-89d1-87881127fcbf/1/eMceZc96PS4vwrjMPUPUXSs1DfM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.16.0.0/19
                IPv6:
                  2a02:24f0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4d:19:77:9d:cd:57:76:6d:64:5c:57:5a:91:c4:0a:60:b1:cd:
         b6:ec:31:6b:e1:bb:74:cb:54:a3:af:80:8e:2b:64:77:b0:5a:
         f4:25:e2:23:f8:69:49:5f:4a:ee:a6:4b:06:68:a5:4e:c1:ab:
         a2:17:5d:06:b8:0c:09:05:d6:45:40:85:66:83:6c:35:25:70:
         06:9b:6c:cf:14:07:e3:3e:9a:0e:72:dd:38:71:bc:dd:54:3c:
         dd:27:de:87:4d:84:cd:30:f9:63:49:a6:c7:c1:c6:bc:61:e6:
         ea:e1:f9:06:d3:60:79:42:b0:23:87:cc:d1:3c:fc:19:99:e0:
         aa:4c:8b:5c:c7:69:8e:c4:ee:8c:5c:5a:35:26:1a:8f:76:da:
         02:ec:43:1c:9b:25:75:a2:41:b1:cb:d6:55:a0:a5:c4:42:5f:
         ad:ce:89:b1:d2:bd:5b:25:58:ce:26:d6:9e:c3:16:fc:f5:ab:
         e8:d7:ff:b7:8c:17:4b:e4:93:77:b0:22:a2:e6:72:67:92:08:
         fb:71:ca:16:e4:6c:6a:75:46:8f:b6:38:51:f6:40:10:e9:8d:
         ae:d1:19:bf:9b:a4:4e:77:55:37:e3:a7:fc:d8:cb:ed:09:4c:
         49:96:26:65:a5:90:02:49:47:3d:96:3a:6f:f4:cc:5b:06:a4:
         77:74:ad:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVs5gOtLXs/Lce61HMdbzzwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4YzcxZTY1Y2Y3YTNkMmUyZmMyYjhjYzNkNDNkNDVkMmIz
NTBkZjMwHhcNMjMwMTAxMTAzNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGFjZTI2N2MxNGQ2NWNjYzkyYWQ4ZTZiODQyYmU3MTJjZTVmMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWsVN2EZBRGy2OU+bVigax4uYo7U
9sFzZcQ3lpmbABnjre0GIjcpE1TufR9HxbrcppLdJqT7d4TxyVxFnC8aDQJ1Ntpi
O0Fe/o+wo4rKK2pBL1SGOsCsm+9AXvfcWOMCWYkEEblOYIbo2e/5v7BX9L++NZh3
a5VM1isCpf+LvdQ9Tdz8qNK3KpBdpJ2WGzXVfhzhGnRmffkexRgaJsLWkjpgX3Am
sTyUGWMZCQzSmv0BQ8kZ7kcl8xnE8A1Zr1nSFBYCnglWswAaI/hSDFjhxPXy27Mk
4Xe+BzxD1ICudkJyXtCMZhaL/qdLfCXuXdqaAs2F3PRBSqQdt9rka9peJwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFISs4mfBTWXMySrY5rhCvnEs5fNFMB8GA1UdIwQY
MBaAFHjHHmXPej0uL8K4zD1D1F0rNQ3zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZU1jZVpjOTZQUzR2d3JqTVBVUFVYU3MxRGZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9mYjAyODAtOWQ4Ni00YzExLTg5ZDEt
ODc4ODExMjdmY2JmLzEvaEt6aVo4Rk5aY3pKS3RqbXVFSy1jU3psODBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9mYjAyODAtOWQ4Ni00YzExLTg5ZDEtODc4ODExMjdmY2Jm
LzEvZU1jZVpjOTZQUzR2d3JqTVBVUFVYU3MxRGZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQF1BAAMA0E
AgACMAcDBQAqAiTwMA0GCSqGSIb3DQEBCwUAA4IBAQBNGXedzVd2bWRcV1qRxApg
sc227DFr4bt0y1Sjr4COK2R3sFr0JeIj+GlJX0rupksGaKVOwauiF10GuAwJBdZF
QIVmg2w1JXAGm2zPFAfjPpoOct04cbzdVDzdJ96HTYTNMPljSabHwca8Yebq4fkG
02B5QrAjh8zRPPwZmeCqTItcx2mOxO6MXFo1JhqPdtoC7EMcmyV1okGxy9ZVoKXE
Ql+tzomx0r1bJVjOJtaewxb89avo1/+3jBdL5JN3sCKi5nJnkgj7ccoW5GxqdUaP
tjhR9kAQ6Y2u0Rm/m6ROd1U346f82MvtCUxJliZlpZACSUc9ljpv9MxbBqR3dK1I
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:11 2024 by rpki-client on console-ams.rpki-client.org