Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/6f36c2-d05c-4425-a9e4-5e37e7f3f15d/1/1-rGTRwIvAQpoA9EQkMIh2uxusgE.roa
File:                     1-rGTRwIvAQpoA9EQkMIh2uxusgE.roa (raw, json)
Hash identifier:          H2NEvzr1vxRu5WPfulgaSU7RTfFxPTN2wHOeedNBDms=
Subject key identifier:   FA:B1:93:47:02:2F:01:0A:68:03:D1:10:90:C2:21:DA:EC:6E:B2:01
Certificate issuer:       /CN=3c568c59d7a83199c3a79ea0e8375b946ed884e2
Certificate serial:       018570E7579554B37AB16C2C2DF4C54D50CF
Authority key identifier: 3C:56:8C:59:D7:A8:31:99:C3:A7:9E:A0:E8:37:5B:94:6E:D8:84:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PFaMWdeoMZnDp56g6DdblG7YhOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/6f36c2-d05c-4425-a9e4-5e37e7f3f15d/1/1-rGTRwIvAQpoA9EQkMIh2uxusgE.roa
Signing time:             Mon 02 Jan 2023 05:14:47 +0000
ROA not before:           Mon 02 Jan 2023 05:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58324
IP address blocks:        5.100.144.0/21 maxlen: 21
                          185.150.172.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:57:95:54:b3:7a:b1:6c:2c:2d:f4:c5:4d:50:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c568c59d7a83199c3a79ea0e8375b946ed884e2
        Validity
            Not Before: Jan  2 05:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fab19347022f010a6803d11090c221daec6eb201
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:8d:b1:01:3e:d2:23:50:9c:25:1b:07:dc:c7:
                    c9:d5:da:ab:92:fa:28:53:b0:15:7f:86:1e:b3:c1:
                    e8:e4:79:8d:4d:33:d5:ae:76:4c:6b:35:7f:98:54:
                    ad:95:2b:ec:65:70:e8:80:24:ac:66:9a:28:09:15:
                    52:e8:6e:b9:60:ea:ed:4a:c8:77:54:27:d9:a9:7c:
                    4e:1b:1f:9a:46:ec:c0:7f:e8:2a:ed:3f:21:c1:32:
                    d3:2f:32:38:fc:71:a8:96:08:be:aa:0c:cd:e0:76:
                    9b:29:6f:19:45:5b:b1:53:23:b6:47:85:e4:ef:4a:
                    b1:8b:09:8e:d5:a1:15:0e:86:de:7b:45:15:61:ce:
                    43:55:14:b8:c0:7e:16:df:5a:75:1e:ed:73:d3:d5:
                    c1:02:05:a6:85:85:bf:6b:e2:9d:27:1c:ed:89:cd:
                    e3:62:3c:2d:ea:bc:11:b4:7e:ca:89:7a:fc:6b:d5:
                    4b:74:92:b4:1b:73:d2:5e:6d:6c:0a:0a:8f:35:71:
                    71:b9:7a:80:eb:97:8d:ea:af:8a:94:d9:6b:7c:0e:
                    fd:20:c7:df:03:f9:5d:c3:22:38:e3:b9:ea:5d:01:
                    b2:1f:63:b7:df:8d:dc:62:f7:b2:6d:61:54:30:1a:
                    35:98:d3:3f:04:a8:8a:b5:5d:78:ad:a2:9a:ed:ac:
                    66:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B1:93:47:02:2F:01:0A:68:03:D1:10:90:C2:21:DA:EC:6E:B2:01
            X509v3 Authority Key Identifier:
                keyid:3C:56:8C:59:D7:A8:31:99:C3:A7:9E:A0:E8:37:5B:94:6E:D8:84:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PFaMWdeoMZnDp56g6DdblG7YhOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/6f36c2-d05c-4425-a9e4-5e37e7f3f15d/1/1-rGTRwIvAQpoA9EQkMIh2uxusgE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/6f36c2-d05c-4425-a9e4-5e37e7f3f15d/1/PFaMWdeoMZnDp56g6DdblG7YhOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.100.144.0/21
                  185.150.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0c:30:1a:a0:fa:4c:ac:d6:7a:e3:cd:77:0b:35:a0:a3:2c:17:
         a9:d2:90:df:d3:e9:81:d5:e2:fa:31:f2:5f:f4:5e:07:88:24:
         80:75:c2:9a:a2:67:58:2e:22:bd:2f:19:25:5a:5a:cd:e2:c1:
         26:54:58:f5:73:b0:96:9b:ae:77:47:da:82:47:f0:0b:14:62:
         78:ad:18:42:b2:da:e3:68:03:7c:5c:59:7a:39:25:fe:53:7f:
         5e:bc:ab:b3:e5:d2:3a:26:7c:87:68:dd:36:50:22:c1:a5:de:
         8f:53:64:3b:e0:8b:44:0b:f9:9e:d0:43:58:9c:10:93:ee:e0:
         60:14:51:57:e0:5c:44:b2:53:67:51:6f:23:42:bd:a0:20:dc:
         ff:73:21:56:3d:a9:39:8a:05:d7:68:33:f5:98:a1:4a:f5:95:
         48:30:1b:2e:58:48:18:45:71:14:7a:62:df:c2:7f:ce:7a:81:
         95:de:60:93:d4:da:f0:48:8c:66:68:9d:a1:c6:9d:6d:99:ea:
         89:7e:fd:19:2f:26:85:bc:4b:8b:28:3c:ef:61:89:c8:27:ba:
         35:1f:30:49:06:30:12:8b:2d:27:2c:70:4d:8a:93:cd:b1:9b:
         9c:f4:1d:db:6b:09:43:86:93:2b:c4:7c:1e:aa:46:26:8e:b1:
         28:6e:fd:99
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYVw51eVVLN6sWwsLfTFTVDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNTY4YzU5ZDdhODMxOTljM2E3OWVhMGU4Mzc1Yjk0NmVk
ODg0ZTIwHhcNMjMwMTAyMDUxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWIxOTM0NzAyMmYwMTBhNjgwM2QxMTA5MGMyMjFkYWVjNmViMjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx42xAT7SI1CcJRsH3MfJ1dqrkvoo
U7AVf4Yes8Ho5HmNTTPVrnZMazV/mFStlSvsZXDogCSsZpooCRVS6G65YOrtSsh3
VCfZqXxOGx+aRuzAf+gq7T8hwTLTLzI4/HGolgi+qgzN4HabKW8ZRVuxUyO2R4Xk
70qxiwmO1aEVDobee0UVYc5DVRS4wH4W31p1Hu1z09XBAgWmhYW/a+KdJxztic3j
Yjwt6rwRtH7KiXr8a9VLdJK0G3PSXm1sCgqPNXFxuXqA65eN6q+KlNlrfA79IMff
A/ldwyI447nqXQGyH2O3343cYveybWFUMBo1mNM/BKiKtV14raKa7axmuwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPqxk0cCLwEKaAPREJDCIdrsbrIBMB8GA1UdIwQY
MBaAFDxWjFnXqDGZw6eeoOg3W5Ru2ITiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEZhTVdkZW9NWm5EcDU2ZzZEZGJsRzdZaE9JLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi82ZjM2YzItZDA1Yy00NDI1LWE5ZTQt
NWUzN2U3ZjNmMTVkLzEvMS1yR1RSd0l2QVFwb0E5RVFrTUloMnV4dXNnRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjIvNmYzNmMyLWQwNWMtNDQyNS1hOWU0LTVlMzdlN2YzZjE1
ZC8xL1BGYU1XZGVvTVpuRHA1Nmc2RGRibEc3WWhPSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAwVkkAME
ArmWrDANBgkqhkiG9w0BAQsFAAOCAQEADDAaoPpMrNZ64813CzWgoywXqdKQ39Pp
gdXi+jHyX/ReB4gkgHXCmqJnWC4ivS8ZJVpazeLBJlRY9XOwlpuud0fagkfwCxRi
eK0YQrLa42gDfFxZejkl/lN/Xryrs+XSOiZ8h2jdNlAiwaXej1NkO+CLRAv5ntBD
WJwQk+7gYBRRV+BcRLJTZ1FvI0K9oCDc/3MhVj2pOYoF12gz9ZihSvWVSDAbLlhI
GEVxFHpi38J/znqBld5gk9Ta8EiMZmidocadbZnqiX79GS8mhbxLiyg872GJyCe6
NR8wSQYwEostJyxwTYqTzbGbnPQd22sJQ4aTK8R8HqpGJo6xKG79mQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:16 2024 by rpki-client on console-ams.rpki-client.org