Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/f52785-7aff-4e3b-9c24-1d0fbedf4b9c/1/NABMBZyMIIdTpCzS3EqoYCjp6qA.roa
File:                     NABMBZyMIIdTpCzS3EqoYCjp6qA.roa (raw, json)
Hash identifier:          hoMTdS9/9Tyr3ff/1X2qWB4QmStB1D52e6uXy15guH8=
Subject key identifier:   34:00:4C:05:9C:8C:20:87:53:A4:2C:D2:DC:4A:A8:60:28:E9:EA:A0
Certificate issuer:       /CN=390d4b34493382383a2096ea9e0f9b7f94f33280
Certificate serial:       01856FC29532A4DFC206AA527F8978F8CAFF
Authority key identifier: 39:0D:4B:34:49:33:82:38:3A:20:96:EA:9E:0F:9B:7F:94:F3:32:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OQ1LNEkzgjg6IJbqng-bf5TzMoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/f52785-7aff-4e3b-9c24-1d0fbedf4b9c/1/NABMBZyMIIdTpCzS3EqoYCjp6qA.roa
Signing time:             Sun 01 Jan 2023 23:55:01 +0000
ROA not before:           Sun 01 Jan 2023 23:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     64200
IP address blocks:        212.60.18.0/23 maxlen: 23

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:c2:95:32:a4:df:c2:06:aa:52:7f:89:78:f8:ca:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=390d4b34493382383a2096ea9e0f9b7f94f33280
        Validity
            Not Before: Jan  1 23:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=34004c059c8c208753a42cd2dc4aa86028e9eaa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0a:62:6a:45:b1:4d:8b:7e:0f:3e:88:72:ad:
                    57:70:a8:0e:6d:b4:3a:36:16:2d:86:20:0d:9b:49:
                    6d:3c:06:3d:43:9c:f0:03:5e:2b:63:85:ba:62:24:
                    e8:bc:61:de:4e:b5:e4:12:a7:60:ad:45:c7:4a:1d:
                    92:ed:07:b3:2f:79:76:a4:c6:5a:65:cf:ae:13:d5:
                    c9:06:eb:b7:d8:eb:a5:d6:4b:ad:45:fc:df:5e:f6:
                    06:f3:c5:84:4b:cf:b4:30:c8:92:17:6d:82:b4:34:
                    6e:5c:bb:d6:45:36:84:5b:9b:09:fb:58:cb:46:e2:
                    8d:5e:ef:a1:0e:82:1d:4d:4a:58:e7:31:d7:aa:fb:
                    47:08:c3:c0:15:c2:da:80:c9:7e:2a:62:e2:91:b3:
                    92:ad:e2:21:87:97:b4:54:dd:1f:85:49:8d:a2:79:
                    db:7b:dc:07:24:f3:ae:92:e7:ac:59:de:67:63:e6:
                    cc:d5:11:b9:ea:74:24:1d:da:3f:0a:37:eb:eb:ac:
                    61:35:74:65:ce:4b:e8:7a:bf:55:aa:63:0a:20:ac:
                    58:3c:0c:14:93:29:28:20:64:87:cd:57:b5:14:83:
                    56:5c:8b:66:8f:70:91:84:62:0d:a6:a4:53:72:57:
                    dc:f6:99:dc:ae:ad:1f:f2:fb:da:f2:00:b8:f1:fc:
                    33:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:00:4C:05:9C:8C:20:87:53:A4:2C:D2:DC:4A:A8:60:28:E9:EA:A0
            X509v3 Authority Key Identifier:
                keyid:39:0D:4B:34:49:33:82:38:3A:20:96:EA:9E:0F:9B:7F:94:F3:32:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OQ1LNEkzgjg6IJbqng-bf5TzMoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/f52785-7aff-4e3b-9c24-1d0fbedf4b9c/1/NABMBZyMIIdTpCzS3EqoYCjp6qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/f52785-7aff-4e3b-9c24-1d0fbedf4b9c/1/OQ1LNEkzgjg6IJbqng-bf5TzMoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:05:16:0e:db:f6:af:06:1f:e8:77:fb:2c:d5:c6:b9:04:64:
         41:76:fc:26:14:10:7a:67:40:82:e9:f0:d3:cd:1d:72:1c:92:
         43:36:e5:31:7c:59:df:91:dd:17:17:1c:b4:4e:df:03:51:95:
         3e:42:b0:8e:d6:bd:80:23:9e:68:16:9a:ba:2b:3d:3a:2c:88:
         35:ec:6d:1f:ed:42:13:62:f7:f6:a8:48:92:fe:2f:d8:e0:3c:
         e2:cc:60:ed:35:2c:3a:78:44:3a:72:90:8c:6d:d1:9d:07:79:
         5e:c3:f0:8f:4d:2c:92:49:96:84:60:7b:ed:46:7c:63:ff:ae:
         90:e7:4e:49:14:97:f5:d6:a6:32:07:ed:fb:7d:6b:b1:94:44:
         cb:f7:65:6f:3f:96:3e:93:33:66:26:d3:1c:e9:a9:47:58:2c:
         5c:48:19:cf:c5:0b:35:fd:7d:72:d2:40:f9:ec:cd:15:5f:5d:
         13:f7:83:88:6b:3a:60:16:7c:92:2f:82:b7:f9:32:14:2f:04:
         7a:2f:03:ce:71:a8:e3:5b:b0:96:5c:9d:a2:0e:50:4a:27:82:
         24:de:10:a7:e2:20:aa:68:67:4c:47:9d:9a:c7:b4:11:2f:e0:
         a9:db:6b:1a:f3:c2:6b:e5:ae:79:43:2a:4b:2c:a4:9f:68:5e:
         92:94:a3:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvwpUypN/CBqpSf4l4+Mr/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MGQ0YjM0NDkzMzgyMzgzYTIwOTZlYTllMGY5YjdmOTRm
MzMyODAwHhcNMjMwMTAxMjM1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDAwNGMwNTljOGMyMDg3NTNhNDJjZDJkYzRhYTg2MDI4ZTllYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQpiakWxTYt+Dz6Icq1XcKgObbQ6
NhYthiANm0ltPAY9Q5zwA14rY4W6YiTovGHeTrXkEqdgrUXHSh2S7QezL3l2pMZa
Zc+uE9XJBuu32Oul1kutRfzfXvYG88WES8+0MMiSF22CtDRuXLvWRTaEW5sJ+1jL
RuKNXu+hDoIdTUpY5zHXqvtHCMPAFcLagMl+KmLikbOSreIhh5e0VN0fhUmNonnb
e9wHJPOukuesWd5nY+bM1RG56nQkHdo/Cjfr66xhNXRlzkvoer9VqmMKIKxYPAwU
kykoIGSHzVe1FINWXItmj3CRhGINpqRTclfc9pncrq0f8vva8gC48fwzOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQATAWcjCCHU6Qs0txKqGAo6eqgMB8GA1UdIwQY
MBaAFDkNSzRJM4I4OiCW6p4Pm3+U8zKAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1ExTE5Fa3pnamc2SUpicW5nLWJmNVR6TW9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9mNTI3ODUtN2FmZi00ZTNiLTljMjQt
MWQwZmJlZGY0YjljLzEvTkFCTUJaeU1JSWRUcEN6UzNFcW9ZQ2pwNnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9mNTI3ODUtN2FmZi00ZTNiLTljMjQtMWQwZmJlZGY0Yjlj
LzEvT1ExTE5Fa3pnamc2SUpicW5nLWJmNVR6TW9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1DwSMA0G
CSqGSIb3DQEBCwUAA4IBAQAvBRYO2/avBh/od/ss1ca5BGRBdvwmFBB6Z0CC6fDT
zR1yHJJDNuUxfFnfkd0XFxy0Tt8DUZU+QrCO1r2AI55oFpq6Kz06LIg17G0f7UIT
Yvf2qEiS/i/Y4DzizGDtNSw6eEQ6cpCMbdGdB3lew/CPTSySSZaEYHvtRnxj/66Q
505JFJf11qYyB+37fWuxlETL92VvP5Y+kzNmJtMc6alHWCxcSBnPxQs1/X1y0kD5
7M0VX10T94OIazpgFnySL4K3+TIULwR6LwPOcajjW7CWXJ2iDlBKJ4Ik3hCn4iCq
aGdMR52ax7QRL+Cp22sa88Jr5a55QypLLKSfaF6SlKO5
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:36:17 2024 by rpki-client on console-ams.rpki-client.org