Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CkCantiYGOeQj8fnBGvs123OV6Q.roa
File:                     CkCantiYGOeQj8fnBGvs123OV6Q.roa (raw, json)
Hash identifier:          6XhzwzbIuWXjzGi+I97eEhsMK8JK8GCVDLQMnEDhKjQ=
Subject key identifier:   0A:40:9A:9E:D8:98:18:E7:90:8F:C7:E7:04:6B:EC:D7:6D:CE:57:A4
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       01856F26EA192DC5FF3057D44C947FD0BC21
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CkCantiYGOeQj8fnBGvs123OV6Q.roa
Signing time:             Sun 01 Jan 2023 21:04:59 +0000
ROA not before:           Sun 01 Jan 2023 21:04:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56701
IP address blocks:        193.233.120.0/24 maxlen: 24
                          193.233.123.0/24 maxlen: 24
                          193.233.122.0/24 maxlen: 24
                          193.233.121.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:26:ea:19:2d:c5:ff:30:57:d4:4c:94:7f:d0:bc:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  1 21:04:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a409a9ed89818e7908fc7e7046becd76dce57a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:d1:2f:bd:a1:8a:7f:9e:35:89:77:fb:78:02:
                    51:73:e6:41:40:34:44:19:41:50:f8:7f:34:d5:9c:
                    5a:aa:0f:b3:ab:75:1e:9c:69:2f:d5:a4:8b:58:64:
                    23:35:d8:5f:20:17:41:25:24:a7:ee:68:1c:2d:6c:
                    4d:89:39:a0:02:f5:a3:59:0c:c5:72:6d:7f:79:d1:
                    24:a6:ab:8e:60:b3:24:d9:0f:73:68:82:8d:c5:e3:
                    0e:fa:c7:6c:33:76:3f:d4:f8:57:e3:69:d5:ef:ff:
                    d8:23:3b:6d:91:0a:e9:cc:99:94:b7:4f:dd:74:c2:
                    7b:9b:b7:a6:6b:c5:18:a5:00:35:5d:2d:81:99:22:
                    0a:9d:99:07:35:d3:43:a4:e8:09:74:5e:e6:26:ae:
                    6f:7d:6c:2a:48:71:77:cc:6a:4d:c6:b3:93:61:d8:
                    bf:f1:2b:fc:0f:96:ca:60:81:6c:50:14:61:5a:57:
                    8d:da:ab:c0:9d:9e:af:84:c9:30:0c:6f:d3:1d:90:
                    f2:21:ff:b1:06:71:e6:aa:a5:15:0d:1d:6a:89:25:
                    ca:63:37:95:9c:b0:e7:72:9b:64:73:4a:1f:50:bf:
                    16:10:cf:68:2c:4a:11:c2:54:c1:0c:11:90:7d:f9:
                    44:90:ba:68:af:96:37:1e:0f:d1:6c:67:67:f5:09:
                    8e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:40:9A:9E:D8:98:18:E7:90:8F:C7:E7:04:6B:EC:D7:6D:CE:57:A4
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/CkCantiYGOeQj8fnBGvs123OV6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:44:38:31:47:1a:72:2a:d0:1b:21:05:cf:f6:b8:35:68:dd:
         8a:dd:fe:d6:34:85:db:c7:77:28:6d:44:8a:1a:30:75:0b:a5:
         9c:c3:c3:56:69:bb:13:86:45:39:1c:03:de:5d:7b:00:74:21:
         41:c2:7e:ed:61:1c:b8:c1:c2:87:25:ba:90:9a:79:47:27:cf:
         95:1f:98:94:43:cb:40:b1:08:3c:e5:b6:94:cf:76:4d:75:2c:
         fe:ff:1e:30:c8:e3:c4:0e:29:de:64:aa:6b:b0:35:ac:e1:d7:
         8c:e7:fd:87:cd:88:35:7b:d6:aa:9a:6c:f5:c5:3a:84:69:44:
         0f:bc:5e:cb:a4:01:2e:66:5d:74:8a:e7:f3:40:06:c3:20:cb:
         78:68:fd:0a:bd:14:6e:cd:97:73:87:44:a3:bb:a0:ca:ab:32:
         4b:84:e9:b0:95:6a:87:af:bf:58:00:24:e3:9f:35:e0:09:52:
         82:95:f2:23:ed:90:70:0d:8d:84:41:23:c5:90:25:b2:42:1a:
         2b:3d:02:a8:78:5f:a0:ce:a4:c8:02:96:91:01:e5:a9:ca:25:
         91:1b:f9:60:ff:1b:bd:f9:a3:86:74:c5:20:28:ff:d7:fe:8f:
         b4:72:41:c7:c3:a5:a6:66:ee:a0:36:23:60:bf:94:56:e9:fd:
         d5:4e:e8:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvJuoZLcX/MFfUTJR/0LwhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjMwMTAxMjEwNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQwOWE5ZWQ4OTgxOGU3OTA4ZmM3ZTcwNDZiZWNkNzZkY2U1N2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9EvvaGKf541iXf7eAJRc+ZBQDRE
GUFQ+H801Zxaqg+zq3UenGkv1aSLWGQjNdhfIBdBJSSn7mgcLWxNiTmgAvWjWQzF
cm1/edEkpquOYLMk2Q9zaIKNxeMO+sdsM3Y/1PhX42nV7//YIzttkQrpzJmUt0/d
dMJ7m7ema8UYpQA1XS2BmSIKnZkHNdNDpOgJdF7mJq5vfWwqSHF3zGpNxrOTYdi/
8Sv8D5bKYIFsUBRhWleN2qvAnZ6vhMkwDG/THZDyIf+xBnHmqqUVDR1qiSXKYzeV
nLDncptkc0ofUL8WEM9oLEoRwlTBDBGQfflEkLpor5Y3Hg/RbGdn9QmODwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApAmp7YmBjnkI/H5wRr7NdtzlekMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvQ2tDYW50aVlHT2VRajhmbkJHdnMxMjNPVjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwel4MA0G
CSqGSIb3DQEBCwUAA4IBAQBaRDgxRxpyKtAbIQXP9rg1aN2K3f7WNIXbx3cobUSK
GjB1C6Wcw8NWabsThkU5HAPeXXsAdCFBwn7tYRy4wcKHJbqQmnlHJ8+VH5iUQ8tA
sQg85baUz3ZNdSz+/x4wyOPEDineZKprsDWs4deM5/2HzYg1e9aqmmz1xTqEaUQP
vF7LpAEuZl10iufzQAbDIMt4aP0KvRRuzZdzh0Sju6DKqzJLhOmwlWqHr79YACTj
nzXgCVKClfIj7ZBwDY2EQSPFkCWyQhorPQKoeF+gzqTIApaRAeWpyiWRG/lg/xu9
+aOGdMUgKP/X/o+0ckHHw6WmZu6gNiNgv5RW6f3VTuhr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:39 2024 by rpki-client on console-fra.rpki-client.org