Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/HFKEWRcYV0bzuV0OqWwIxVxm7vw.roa
File:                     HFKEWRcYV0bzuV0OqWwIxVxm7vw.roa (raw, json)
Hash identifier:          hoK923Qq6M8nSvINfZR7FEn+ziolGoIWPQEG0M1InnQ=
Subject key identifier:   1C:52:84:59:17:18:57:46:F3:B9:5D:0E:A9:6C:08:C5:5C:66:EE:FC
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       01856CAF0CAF1508C5C01A43B5CBBF302437
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/HFKEWRcYV0bzuV0OqWwIxVxm7vw.roa
Signing time:             Sun 01 Jan 2023 09:34:49 +0000
ROA not before:           Sun 01 Jan 2023 09:34:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207459
IP address blocks:        212.64.193.0/24 maxlen: 24
                          212.64.214.0/24 maxlen: 32
                          212.64.223.0/24 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:0c:af:15:08:c5:c0:1a:43:b5:cb:bf:30:24:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 09:34:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1c52845917185746f3b95d0ea96c08c55c66eefc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6d:f9:5a:43:04:cf:37:3c:74:1b:6d:11:5b:
                    f6:51:88:1d:c8:cc:60:6c:bc:90:ca:f9:30:ae:54:
                    ed:49:64:2d:4b:09:21:fe:4d:cd:fa:01:b1:de:9b:
                    cd:a5:53:98:db:00:61:85:12:2d:4a:88:f4:f1:de:
                    05:82:35:9d:fd:bf:6b:bf:3a:17:0f:86:e5:d5:0a:
                    26:f4:32:1e:4a:44:d9:ef:77:a9:93:89:76:a7:f4:
                    76:ea:eb:51:7d:e5:6c:50:68:c4:92:13:c3:48:f2:
                    6e:7b:dc:1f:88:83:e6:50:5a:aa:7d:af:03:84:13:
                    88:5b:f9:49:f8:f2:ba:43:76:90:f0:53:25:03:5e:
                    7c:6a:02:f0:ce:80:5b:21:9a:9c:d0:fa:61:73:60:
                    84:1a:0e:7a:e9:15:f7:a8:8e:dd:27:77:29:20:a9:
                    98:44:69:e7:73:33:5c:b0:e0:4d:c7:e6:81:33:ca:
                    b8:b6:0d:39:0b:10:98:4e:32:ec:55:3a:e4:dc:12:
                    aa:3e:45:3e:ea:ef:44:8a:61:a1:57:99:46:cc:0b:
                    6f:70:b4:53:29:a2:63:ef:53:fd:8e:73:4e:41:56:
                    6e:a2:2c:54:0c:56:7d:96:69:0d:be:4a:8b:21:47:
                    3f:2e:2e:3d:0e:69:20:36:1d:a0:30:a7:fe:a3:47:
                    d9:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:52:84:59:17:18:57:46:F3:B9:5D:0E:A9:6C:08:C5:5C:66:EE:FC
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/HFKEWRcYV0bzuV0OqWwIxVxm7vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.193.0/24
                  212.64.214.0/24
                  212.64.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:ae:e2:bc:9b:6e:7b:81:27:2a:d1:37:4f:4d:ba:7c:7c:d5:
         54:f2:58:38:af:49:df:7e:bb:36:56:ea:b1:cc:9d:0f:b3:07:
         58:eb:2d:ec:c0:a9:a6:89:d2:0a:9c:7e:7d:57:c4:a6:0a:d8:
         a8:bc:8a:93:a7:56:e9:35:ce:ae:8b:0b:42:62:25:5a:c2:20:
         1e:25:f1:2c:f1:a7:03:44:71:e0:c2:2e:cf:d4:2a:f9:56:a0:
         d3:fc:ad:5f:95:7d:ba:42:e9:72:5c:31:8f:3c:a3:d4:94:45:
         f3:ae:e5:ea:3c:5b:f5:b4:6c:0d:1b:1c:c3:e6:07:ed:98:43:
         7e:8e:11:3a:e3:ea:93:08:2e:a4:5d:29:55:7e:23:b8:78:84:
         31:a6:8f:02:16:51:24:f6:5e:29:ee:51:71:23:02:30:ad:36:
         60:bb:df:33:5e:c4:31:46:da:10:61:53:ac:be:65:64:0a:df:
         eb:ad:7e:ac:df:f0:f1:71:c3:01:a2:f3:e9:d6:e6:84:6b:b2:
         74:1b:34:7d:66:71:e9:c0:96:6f:24:7d:da:1a:ab:f0:1e:35:
         ae:23:28:ee:59:70:f1:bf:09:27:bc:78:2f:0b:d9:3a:09:a2:
         5f:ae:ca:3d:43:aa:19:33:32:fa:26:25:4b:08:70:e0:6a:37:
         56:4d:f5:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVsrwyvFQjFwBpDtcu/MCQ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjMwMTAxMDkzNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzUyODQ1OTE3MTg1NzQ2ZjNiOTVkMGVhOTZjMDhjNTVjNjZlZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn235WkMEzzc8dBttEVv2UYgdyMxg
bLyQyvkwrlTtSWQtSwkh/k3N+gGx3pvNpVOY2wBhhRItSoj08d4FgjWd/b9rvzoX
D4bl1Qom9DIeSkTZ73epk4l2p/R26utRfeVsUGjEkhPDSPJue9wfiIPmUFqqfa8D
hBOIW/lJ+PK6Q3aQ8FMlA158agLwzoBbIZqc0Pphc2CEGg566RX3qI7dJ3cpIKmY
RGnnczNcsOBNx+aBM8q4tg05CxCYTjLsVTrk3BKqPkU+6u9EimGhV5lGzAtvcLRT
KaJj71P9jnNOQVZuoixUDFZ9lmkNvkqLIUc/Li49DmkgNh2gMKf+o0fZpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBxShFkXGFdG87ldDqlsCMVcZu78MB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvSEZLRVdSY1lWMGJ6dVYwT3FXd0l4VnhtN3Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQA1EDBAwQA
1EDWAwQA1EDfMA0GCSqGSIb3DQEBCwUAA4IBAQBXruK8m257gScq0TdPTbp8fNVU
8lg4r0nffrs2VuqxzJ0PswdY6y3swKmmidIKnH59V8SmCtiovIqTp1bpNc6uiwtC
YiVawiAeJfEs8acDRHHgwi7P1Cr5VqDT/K1flX26QulyXDGPPKPUlEXzruXqPFv1
tGwNGxzD5gftmEN+jhE64+qTCC6kXSlVfiO4eIQxpo8CFlEk9l4p7lFxIwIwrTZg
u98zXsQxRtoQYVOsvmVkCt/rrX6s3/DxccMBovPp1uaEa7J0GzR9ZnHpwJZvJH3a
GqvwHjWuIyjuWXDxvwknvHgvC9k6CaJfrso9Q6oZMzL6JiVLCHDgajdWTfVk
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:14 2024 by rpki-client on console-ams.rpki-client.org