Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/33312e3231372e3235302e302f32342d3234203d3e20383334.roa
File:                     33312e3231372e3235302e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          CqJL/XDyWcOXl97t6fernwlfF9cwOlWTvhRUR1km5bo=
Subject key identifier:   FB:F8:B4:FB:05:A3:E7:21:16:73:26:55:AF:7D:A8:A4:E7:13:F1:59
Certificate issuer:       /CN=b0170abdc955aa176be2af26299678f2f7c9aca0
Certificate serial:       7AECBA8B18C3BE07B07792A0B9E450526C835848
Authority key identifier: B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/33312e3231372e3235302e302f32342d3234203d3e20383334.roa
Signing time:             Fri 02 Feb 2024 00:00:03 +0000
ROA not before:           Thu 01 Feb 2024 23:55:03 +0000
ROA not after:            Fri 31 Jan 2025 00:00:03 +0000
asID:                     834
IP address blocks:        31.217.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 06 Feb 2024 11:52:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:ec:ba:8b:18:c3:be:07:b0:77:92:a0:b9:e4:50:52:6c:83:58:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0170abdc955aa176be2af26299678f2f7c9aca0
        Validity
            Not Before: Feb  1 23:55:03 2024 GMT
            Not After : Jan 31 00:00:03 2025 GMT
        Subject: CN=FBF8B4FB05A3E72116732655AF7DA8A4E713F159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:3f:f1:1c:ab:15:9d:93:66:d0:5d:95:53:f1:
                    ec:54:70:d2:34:66:fa:74:90:c0:cd:3d:90:14:0a:
                    b3:fb:e9:78:0f:0c:54:d4:f5:aa:49:14:cc:0b:e4:
                    d1:85:d9:fb:f7:05:b4:f0:d7:7f:5c:67:2c:75:32:
                    f9:26:0d:25:90:03:1f:ec:57:fd:64:97:a5:66:40:
                    17:5f:2d:58:93:a0:b9:02:97:ef:6a:b5:38:85:91:
                    be:76:ba:42:6e:db:49:a9:a4:3b:78:26:37:a2:cc:
                    db:f8:f3:77:17:3a:63:fc:bb:92:a4:ed:31:70:cf:
                    70:df:c5:12:30:ac:60:d4:59:25:ff:9b:fc:97:45:
                    a1:1b:77:69:c0:be:5a:25:8e:54:dd:70:77:85:07:
                    0e:b5:25:0f:62:75:ae:4d:18:6b:97:af:94:72:45:
                    56:cb:7b:01:0e:dd:2d:b3:21:58:72:40:1d:eb:9a:
                    d5:cd:ee:a8:13:f8:eb:de:03:18:4f:1c:a9:46:f0:
                    9d:1d:07:97:1a:7e:a3:46:6d:4c:06:48:2e:04:81:
                    5e:4d:fe:a1:9e:44:7f:ea:29:2a:f7:58:57:7b:b1:
                    2a:65:52:94:be:36:20:95:55:50:ec:e2:14:91:56:
                    bc:8f:33:45:93:2b:94:40:12:ef:d6:f0:64:47:44:
                    31:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:F8:B4:FB:05:A3:E7:21:16:73:26:55:AF:7D:A8:A4:E7:13:F1:59
            X509v3 Authority Key Identifier:
                keyid:B0:17:0A:BD:C9:55:AA:17:6B:E2:AF:26:29:96:78:F2:F7:C9:AC:A0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/B0170ABDC955AA176BE2AF26299678F2F7C9ACA0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sBcKvclVqhdr4q8mKZZ48vfJrKA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7a789e87-f484-423d-a1d7-2c2d5860d2ec/0/33312e3231372e3235302e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.217.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:7c:bf:3c:93:d8:7f:0c:7b:61:8b:97:3b:a6:dd:87:62:ff:
         9f:85:bb:c9:d4:45:e1:12:95:78:f8:69:d4:94:82:4b:02:89:
         d9:52:8a:f5:28:2d:7b:5c:4d:bb:c3:0f:f6:e2:5b:16:dc:f6:
         59:06:08:13:67:d3:1e:b8:dc:55:b6:c3:63:81:2b:d6:00:dc:
         12:b4:ec:4d:a8:d6:eb:4e:2b:74:cb:ff:4f:b6:cb:a4:45:be:
         4c:ef:e0:98:f3:fc:d1:c2:6c:47:f2:6a:e8:5d:cb:78:03:b0:
         33:76:78:cb:2d:79:31:6a:36:fb:f6:f9:23:a0:18:b6:07:d9:
         18:e5:56:31:69:44:f8:69:d1:1b:6e:f9:55:5b:2a:c9:c5:3b:
         e4:5b:61:35:72:8e:c6:33:3a:29:dd:cd:6e:10:ab:32:2f:b4:
         5a:90:ac:2a:c5:3b:f4:db:6f:49:52:7e:f8:e6:df:40:9d:72:
         d0:41:af:59:e5:b3:e9:5f:fc:9a:92:c4:95:a5:88:56:22:46:
         02:68:17:01:55:33:33:fc:25:40:a4:03:7d:4b:0a:85:53:74:
         5a:7e:fb:27:75:89:29:b2:92:1b:45:b8:ae:c8:98:f4:6d:72:
         cc:65:2f:e8:37:24:41:e9:f5:1c:99:db:72:d0:88:36:c2:ac:
         a0:cb:b3:70
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIUeuy6ixjDvgewd5KgueRQUmyDWEgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYjAxNzBhYmRjOTU1YWExNzZiZTJhZjI2Mjk5Njc4ZjJm
N2M5YWNhMDAeFw0yNDAyMDEyMzU1MDNaFw0yNTAxMzEwMDAwMDNaMDMxMTAvBgNV
BAMTKEZCRjhCNEZCMDVBM0U3MjExNjczMjY1NUFGN0RBOEE0RTcxM0YxNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZP/EcqxWdk2bQXZVT8exUcNI0
Zvp0kMDNPZAUCrP76XgPDFTU9apJFMwL5NGF2fv3BbTw139cZyx1MvkmDSWQAx/s
V/1kl6VmQBdfLViToLkCl+9qtTiFkb52ukJu20mppDt4JjeizNv483cXOmP8u5Kk
7TFwz3DfxRIwrGDUWSX/m/yXRaEbd2nAvloljlTdcHeFBw61JQ9ida5NGGuXr5Ry
RVbLewEO3S2zIVhyQB3rmtXN7qgT+OveAxhPHKlG8J0dB5cafqNGbUwGSC4EgV5N
/qGeRH/qKSr3WFd7sSplUpS+NiCVVVDs4hSRVryPM0WTK5RAEu/W8GRHRDHlAgMB
AAGjggI5MIICNTAdBgNVHQ4EFgQU+/i0+wWj5yEWcyZVr32opOcT8VkwHwYDVR0j
BBgwFoAUsBcKvclVqhdr4q8mKZZ48vfJrKAwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2E3ODllODctZjQ4NC00MjNkLWExZDctMmMyZDU4NjBk
MmVjLzAvQjAxNzBBQkRDOTU1QUExNzZCRTJBRjI2Mjk5Njc4RjJGN0M5QUNBMC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3NCY0t2Y2xWcWhkcjRxOG1LWlo0OHZm
SnJLQS5jZXIwgakGCCsGAQUFBwELBIGcMIGZMIGWBggrBgEFBQcwC4aBiXJzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2E3ODllODct
ZjQ4NC00MjNkLWExZDctMmMyZDU4NjBkMmVjLzAvMzMzMTJlMzIzMTM3MmUzMjM1
MzAyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzODMzMzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAf2fow
DQYJKoZIhvcNAQELBQADggEBABx8vzyT2H8Me2GLlzum3Ydi/5+Fu8nUReESlXj4
adSUgksCidlSivUoLXtcTbvDD/biWxbc9lkGCBNn0x643FW2w2OBK9YA3BK07E2o
1utOK3TL/0+2y6RFvkzv4Jjz/NHCbEfyauhdy3gDsDN2eMsteTFqNvv2+SOgGLYH
2RjlVjFpRPhp0Rtu+VVbKsnFO+RbYTVyjsYzOindzW4QqzIvtFqQrCrFO/Tbb0lS
fvjm30CdctBBr1nls+lf/JqSxJWliFYiRgJoFwFVMzP8JUCkA31LCoVTdFp++yd1
iSmykhtFuK7ImPRtcsxlL+g3JEHp9RyZ23LQiDbCrKDLs3A=
-----END CERTIFICATE-----
Generated at Tue Feb 6 15:04:19 2024 by rpki-client on console-ams.rpki-client.org