Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/d9cb41-1c3b-46ab-a993-3c3e50dda6cc/1/Vr7kx_lZFzyQEZfdVsw1qrQgEPc.roa
File:                     Vr7kx_lZFzyQEZfdVsw1qrQgEPc.roa (raw, json)
Hash identifier:          5dXtbUF5xCRYJC/VQRycePMz8746jrr15FEI+25eEf0=
Subject key identifier:   56:BE:E4:C7:F9:59:17:3C:90:11:97:DD:56:CC:35:AA:B4:20:10:F7
Certificate issuer:       /CN=d79ea47ae161cbb3daef97789730d70c4cba89d0
Certificate serial:       018A5F904395DACC1BF3229F3825EDBD6800
Authority key identifier: D7:9E:A4:7A:E1:61:CB:B3:DA:EF:97:78:97:30:D7:0C:4C:BA:89:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/156keuFhy7Pa75d4lzDXDEy6idA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/d9cb41-1c3b-46ab-a993-3c3e50dda6cc/1/Vr7kx_lZFzyQEZfdVsw1qrQgEPc.roa
Signing time:             Mon 04 Sep 2023 09:40:04 +0000
ROA not before:           Mon 04 Sep 2023 09:40:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1942
IP address blocks:        192.33.171.0/24 maxlen: 24
                          152.77.0.0/16 maxlen: 16
                          129.88.0.0/16 maxlen: 16
                          147.171.0.0/16 maxlen: 16

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:5f:90:43:95:da:cc:1b:f3:22:9f:38:25:ed:bd:68:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d79ea47ae161cbb3daef97789730d70c4cba89d0
        Validity
            Not Before: Sep  4 09:40:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=56bee4c7f959173c901197dd56cc35aab42010f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:3e:8e:ab:57:c5:b2:88:31:3d:e3:fe:f6:ce:
                    0f:4d:cd:8d:87:1f:43:d0:4b:c8:25:65:83:0a:cf:
                    c3:97:e7:fc:56:79:e0:01:48:2c:11:81:67:aa:85:
                    2d:4d:bc:b1:d7:da:68:fd:df:89:1f:52:39:a8:f4:
                    65:9a:11:fe:13:7a:cc:16:2f:10:ee:40:41:f1:26:
                    e5:11:1e:18:e2:83:fa:31:a7:83:b2:b5:4f:eb:ec:
                    cc:9e:0b:a6:74:91:86:7b:68:e8:29:9e:4a:26:f9:
                    ed:aa:c3:53:f8:19:ba:f6:e3:35:8f:a0:c0:cb:da:
                    df:13:cd:69:b9:82:36:bc:e7:e6:c2:0c:e6:ff:42:
                    7e:3d:01:3b:8a:89:fb:c3:19:91:e9:01:85:00:7c:
                    19:bf:80:47:7e:e9:b1:22:28:e8:32:45:b8:eb:b6:
                    34:5f:69:ad:6f:87:cc:16:aa:3d:7f:cc:e2:a9:a7:
                    ba:61:26:91:12:5d:49:2b:d5:3b:50:19:ca:ed:d7:
                    b9:1a:15:83:89:a1:da:15:15:bb:dc:c8:62:31:52:
                    59:8a:93:cd:1f:f3:47:b1:98:df:33:16:ba:39:3a:
                    f4:aa:d4:13:04:d8:80:01:3c:db:a9:55:14:1f:d8:
                    07:7d:7c:67:7d:98:84:32:1d:16:91:10:10:0a:37:
                    97:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:BE:E4:C7:F9:59:17:3C:90:11:97:DD:56:CC:35:AA:B4:20:10:F7
            X509v3 Authority Key Identifier:
                keyid:D7:9E:A4:7A:E1:61:CB:B3:DA:EF:97:78:97:30:D7:0C:4C:BA:89:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/156keuFhy7Pa75d4lzDXDEy6idA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d9cb41-1c3b-46ab-a993-3c3e50dda6cc/1/Vr7kx_lZFzyQEZfdVsw1qrQgEPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/d9cb41-1c3b-46ab-a993-3c3e50dda6cc/1/156keuFhy7Pa75d4lzDXDEy6idA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.88.0.0/16
                  147.171.0.0/16
                  152.77.0.0/16
                  192.33.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:aa:16:f9:17:11:0d:b5:b9:d2:9a:9b:08:27:80:78:03:ff:
         30:6f:09:46:5a:0d:6c:38:3c:94:ed:2c:29:90:9b:f6:91:d9:
         af:d2:d6:f7:d5:bb:bf:b7:e3:bb:61:8b:d4:86:65:5a:d1:11:
         ee:2b:3c:54:88:3a:84:c4:4d:0c:53:84:1f:fd:08:45:2d:6c:
         f2:e4:9b:24:06:f8:af:b8:fa:a4:66:b7:f8:4c:65:66:9c:8a:
         cb:32:16:d1:9a:98:67:a0:ee:f6:8d:67:ef:c6:04:4d:af:34:
         5c:ea:e4:7f:53:28:d7:26:93:3b:71:00:7f:1b:5a:70:34:ee:
         52:30:a6:68:a1:57:d5:ae:f8:1e:38:7e:7a:55:d2:0f:61:ce:
         f1:41:d8:f5:7c:f6:09:5d:19:ef:19:f3:bc:ae:fd:52:e2:14:
         5d:74:b6:df:16:de:a1:2b:83:a7:25:03:6d:fe:90:0b:f5:56:
         1c:7b:be:5d:86:26:0d:d0:d2:b5:17:6c:21:94:e2:49:c2:4a:
         d6:b8:5c:85:c2:a8:c6:ac:1d:fa:db:48:e9:0a:9b:c9:7d:15:
         bf:7f:89:3d:5b:02:41:9e:ba:21:e1:09:5e:e6:ff:bf:bf:36:
         9b:ed:1d:b5:13:d8:80:fa:bc:54:01:9d:22:f9:10:d8:af:45:
         bd:9a:29:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYpfkEOV2swb8yKfOCXtvWgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OWVhNDdhZTE2MWNiYjNkYWVmOTc3ODk3MzBkNzBjNGNi
YTg5ZDAwHhcNMjMwOTA0MDk0MDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmJlZTRjN2Y5NTkxNzNjOTAxMTk3ZGQ1NmNjMzVhYWI0MjAxMGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkj6Oq1fFsogxPeP+9s4PTc2Nhx9D
0EvIJWWDCs/Dl+f8VnngAUgsEYFnqoUtTbyx19po/d+JH1I5qPRlmhH+E3rMFi8Q
7kBB8SblER4Y4oP6MaeDsrVP6+zMngumdJGGe2joKZ5KJvntqsNT+Bm69uM1j6DA
y9rfE81puYI2vOfmwgzm/0J+PQE7ion7wxmR6QGFAHwZv4BHfumxIijoMkW467Y0
X2mtb4fMFqo9f8ziqae6YSaREl1JK9U7UBnK7de5GhWDiaHaFRW73MhiMVJZipPN
H/NHsZjfMxa6OTr0qtQTBNiAATzbqVUUH9gHfXxnfZiEMh0WkRAQCjeXfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFa+5Mf5WRc8kBGX3VbMNaq0IBD3MB8GA1UdIwQY
MBaAFNeepHrhYcuz2u+XeJcw1wxMuonQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTU2a2V1Rmh5N1BhNzVkNGx6RFhERXk2aWRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9kOWNiNDEtMWMzYi00NmFiLWE5OTMt
M2MzZTUwZGRhNmNjLzEvVnI3a3hfbFpGenlRRVpmZFZzdzFxclFnRVBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9kOWNiNDEtMWMzYi00NmFiLWE5OTMtM2MzZTUwZGRhNmNj
LzEvMTU2a2V1Rmh5N1BhNzVkNGx6RFhERXk2aWRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAATAVAwMAgVgDAwCT
qwMDAJhNAwQAwCGrMA0GCSqGSIb3DQEBCwUAA4IBAQCKqhb5FxENtbnSmpsIJ4B4
A/8wbwlGWg1sODyU7SwpkJv2kdmv0tb31bu/t+O7YYvUhmVa0RHuKzxUiDqExE0M
U4Qf/QhFLWzy5JskBvivuPqkZrf4TGVmnIrLMhbRmphnoO72jWfvxgRNrzRc6uR/
UyjXJpM7cQB/G1pwNO5SMKZooVfVrvgeOH56VdIPYc7xQdj1fPYJXRnvGfO8rv1S
4hRddLbfFt6hK4OnJQNt/pAL9VYce75dhiYN0NK1F2whlOJJwkrWuFyFwqjGrB36
20jpCpvJfRW/f4k9WwJBnroh4Qle5v+/vzab7R21E9iA+rxUAZ0i+RDYr0W9milG
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:53 2024 by rpki-client on console-ams.rpki-client.org