Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/KRxXnS_xvL-shbhCYod_z2rp6uU.roa
File:                     KRxXnS_xvL-shbhCYod_z2rp6uU.roa (raw, json)
Hash identifier:          DcdzTMofxr6YOR+1IiezYmboQvXgr3DKfCZIAOpk2FE=
Subject key identifier:   29:1C:57:9D:2F:F1:BC:BF:AC:85:B8:42:62:87:7F:CF:6A:E9:EA:E5
Certificate issuer:       /CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
Certificate serial:       01856F2FF045FAE14773D2967DC34F6E51B6
Authority key identifier: 0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/KRxXnS_xvL-shbhCYod_z2rp6uU.roa
Signing time:             Sun 01 Jan 2023 21:14:50 +0000
ROA not before:           Sun 01 Jan 2023 21:14:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61225
IP address blocks:        86.106.159.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:2f:f0:45:fa:e1:47:73:d2:96:7d:c3:4f:6e:51:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0af61798dd18965c027afa7f93ae030ff5e1d76e
        Validity
            Not Before: Jan  1 21:14:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=291c579d2ff1bcbfac85b84262877fcf6ae9eae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:37:3e:ab:a0:b3:d0:73:55:52:05:e7:ac:3f:
                    df:5c:d9:d5:e1:f1:c5:70:40:ef:2b:9e:5d:ca:28:
                    04:b8:a8:d3:c5:4f:11:e4:19:96:b5:b2:41:3b:fc:
                    d2:ec:67:26:be:d6:b1:ea:95:68:3b:29:38:0a:04:
                    3e:1e:3f:a4:c0:aa:6e:a8:6b:28:3e:9b:4c:3b:ed:
                    59:e0:e9:bf:99:eb:68:5d:2f:b8:7f:28:65:50:ca:
                    9a:16:be:90:dc:7e:93:79:fc:4c:a5:c3:01:88:a1:
                    dc:5f:f3:5e:22:83:60:61:09:1a:2d:83:56:a5:42:
                    5a:64:fc:74:71:9c:9e:f9:4a:78:04:05:e8:56:b8:
                    d3:4e:69:4c:7d:82:05:aa:25:9b:47:1a:bd:04:32:
                    b3:5d:ef:7f:02:99:3a:cf:aa:c2:f8:9d:6c:00:90:
                    be:ce:84:67:5a:df:9f:41:e8:7d:cb:bb:d5:99:0d:
                    ff:9f:f8:b7:25:bd:70:ae:3f:f3:ed:19:9e:8f:2d:
                    a3:2f:79:3b:e1:69:25:ca:f8:6b:c8:99:af:08:9b:
                    44:64:c7:19:65:2f:5e:a9:32:98:6b:f9:9d:13:2e:
                    dc:0e:9d:c5:fa:e1:d1:9b:e7:0a:8f:11:46:28:d3:
                    a1:95:11:d2:0b:35:7c:b4:99:50:22:c9:57:0e:fe:
                    8d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1C:57:9D:2F:F1:BC:BF:AC:85:B8:42:62:87:7F:CF:6A:E9:EA:E5
            X509v3 Authority Key Identifier:
                keyid:0A:F6:17:98:DD:18:96:5C:02:7A:FA:7F:93:AE:03:0F:F5:E1:D7:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CvYXmN0YllwCevp_k64DD_Xh124.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/KRxXnS_xvL-shbhCYod_z2rp6uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/615164-6d96-488a-96ba-d6e1e347f9c7/1/CvYXmN0YllwCevp_k64DD_Xh124.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:fb:f1:92:a4:2b:e1:f0:7a:2d:cf:1a:16:62:5a:db:7c:cd:
         e1:ef:01:a2:ee:fc:5c:79:70:a4:5e:53:06:a7:9a:99:7a:f2:
         66:a7:6a:4c:c0:e7:a1:a7:73:15:41:ee:59:75:f5:df:51:83:
         fb:86:0a:ce:fd:0d:84:33:f0:0c:3e:35:dd:5d:5f:16:fd:6e:
         9b:a3:95:52:56:1e:5d:1b:9c:a0:41:55:29:9c:62:65:56:b9:
         00:cc:94:67:23:c4:bf:16:8e:d1:40:b4:9e:77:c1:3b:96:21:
         38:98:c6:35:ca:ac:ad:c6:10:a0:59:db:94:ae:df:9d:d4:04:
         be:02:a6:28:38:02:e1:5e:cb:39:1b:47:ec:3d:e5:48:35:63:
         46:6b:c0:6a:63:f2:5b:96:60:0d:36:5b:71:ef:7a:b1:7a:70:
         8a:45:9b:a2:68:03:9d:81:6b:15:c3:3e:87:24:47:a0:c9:aa:
         2c:8c:88:89:6d:ed:93:dc:16:e2:32:b6:37:3e:d9:56:ea:2e:
         1e:55:87:c5:be:66:df:43:ac:49:8d:93:74:20:79:ea:36:9a:
         28:79:3f:72:7e:1e:bb:c1:74:e0:7b:a3:f4:9c:f8:8a:54:f9:
         f4:5a:d3:50:e2:d0:03:17:71:14:21:76:a4:fe:01:52:81:56:
         68:57:62:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvL/BF+uFHc9KWfcNPblG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhZjYxNzk4ZGQxODk2NWMwMjdhZmE3ZjkzYWUwMzBmZjVl
MWQ3NmUwHhcNMjMwMTAxMjExNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTFjNTc5ZDJmZjFiY2JmYWM4NWI4NDI2Mjg3N2ZjZjZhZTllYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDc+q6Cz0HNVUgXnrD/fXNnV4fHF
cEDvK55dyigEuKjTxU8R5BmWtbJBO/zS7Gcmvtax6pVoOyk4CgQ+Hj+kwKpuqGso
PptMO+1Z4Om/metoXS+4fyhlUMqaFr6Q3H6TefxMpcMBiKHcX/NeIoNgYQkaLYNW
pUJaZPx0cZye+Up4BAXoVrjTTmlMfYIFqiWbRxq9BDKzXe9/Apk6z6rC+J1sAJC+
zoRnWt+fQeh9y7vVmQ3/n/i3Jb1wrj/z7Rmejy2jL3k74WklyvhryJmvCJtEZMcZ
ZS9eqTKYa/mdEy7cDp3F+uHRm+cKjxFGKNOhlRHSCzV8tJlQIslXDv6NnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCkcV50v8by/rIW4QmKHf89q6erlMB8GA1UdIwQY
MBaAFAr2F5jdGJZcAnr6f5OuAw/14dduMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEt
ZDZlMWUzNDdmOWM3LzEvS1J4WG5TX3h2TC1zaGJoQ1lvZF96MnJwNnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC82MTUxNjQtNmQ5Ni00ODhhLTk2YmEtZDZlMWUzNDdmOWM3
LzEvQ3ZZWG1OMFlsbHdDZXZwX2s2NEREX1hoMTI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmqfMA0G
CSqGSIb3DQEBCwUAA4IBAQBs+/GSpCvh8HotzxoWYlrbfM3h7wGi7vxceXCkXlMG
p5qZevJmp2pMwOehp3MVQe5ZdfXfUYP7hgrO/Q2EM/AMPjXdXV8W/W6bo5VSVh5d
G5ygQVUpnGJlVrkAzJRnI8S/Fo7RQLSed8E7liE4mMY1yqytxhCgWduUrt+d1AS+
AqYoOALhXss5G0fsPeVINWNGa8BqY/JblmANNltx73qxenCKRZuiaAOdgWsVwz6H
JEegyaosjIiJbe2T3BbiMrY3PtlW6i4eVYfFvmbfQ6xJjZN0IHnqNpooeT9yfh67
wXTge6P0nPiKVPn0WtNQ4tADF3EUIXak/gFSgVZoV2IE
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:40 2024 by rpki-client on console-ams.rpki-client.org