Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/kd0dezMzZhUQONlp-iDyNt-eJ3g.roa
File:                     kd0dezMzZhUQONlp-iDyNt-eJ3g.roa (raw, json)
Hash identifier:          +XrNQUD2wlNMXJEr7gMZ+50TltuBEDFytGgWl9MCWzU=
Subject key identifier:   91:DD:1D:7B:33:33:66:15:10:38:D9:69:FA:20:F2:36:DF:9E:27:78
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       018DA7A939EEDE70324AF8B1F483F18D2558
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/kd0dezMzZhUQONlp-iDyNt-eJ3g.roa
Signing time:             Wed 14 Feb 2024 12:48:21 +0000
ROA not before:           Wed 14 Feb 2024 12:48:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        193.160.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 17:47:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:a9:39:ee:de:70:32:4a:f8:b1:f4:83:f1:8d:25:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Feb 14 12:48:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=91dd1d7b333366151038d969fa20f236df9e2778
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:2f:42:8a:2a:64:f7:d5:26:3b:cf:95:16:16:
                    4a:4e:5f:4d:a9:de:84:92:83:b2:ce:f0:c1:67:83:
                    a6:5e:15:1b:65:b6:c9:28:d5:37:40:5f:2e:fa:d7:
                    0a:76:7f:30:54:ad:c1:6c:2d:83:18:e8:4e:33:a9:
                    36:bc:3c:3c:fe:6e:fc:0d:e3:58:16:17:00:5c:e3:
                    29:73:68:1b:43:e0:86:ce:2f:b1:29:83:46:6b:4a:
                    9d:1d:66:f5:8a:b7:87:eb:cf:04:5a:0c:8f:4c:53:
                    9f:a2:0e:34:a2:4b:b6:aa:a6:65:5e:20:47:43:92:
                    a6:bd:fa:92:17:bc:14:5c:59:40:d5:16:49:96:9b:
                    e2:cc:17:7d:77:b6:40:d6:1c:28:7b:49:8e:96:a2:
                    ba:7f:5c:42:55:f3:ca:d7:99:24:0e:d0:e8:5e:27:
                    f1:91:f5:10:a3:6d:7c:56:6a:30:5d:ec:ff:3b:68:
                    69:d2:05:ec:fd:ec:7f:a7:ab:49:f3:3c:b7:b4:88:
                    a4:60:21:f4:f4:66:5f:de:41:75:0a:2c:c3:e6:db:
                    d1:f6:6b:aa:c8:bd:82:3b:5b:ba:08:3b:3c:46:6c:
                    ff:24:12:a9:20:11:d9:0d:63:ed:8d:67:17:eb:29:
                    00:4f:ab:7d:e2:ae:a7:0b:e6:d9:06:91:1d:5d:22:
                    c2:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DD:1D:7B:33:33:66:15:10:38:D9:69:FA:20:F2:36:DF:9E:27:78
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/kd0dezMzZhUQONlp-iDyNt-eJ3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:5d:ae:aa:81:47:c5:e4:74:9f:71:e1:c9:b3:6e:83:4d:89:
         89:46:91:57:9e:f2:6d:62:fc:d9:23:bf:eb:43:10:3a:ef:55:
         aa:e5:90:a1:90:44:08:86:e2:ff:6d:91:50:18:a5:62:c2:d6:
         db:1e:a5:56:1d:69:cf:2a:0a:34:e9:40:bd:b6:b0:5f:61:b9:
         81:60:18:6b:f1:13:8f:d3:68:bb:7c:72:89:f8:87:69:ed:e1:
         65:44:fe:39:95:c9:a3:1f:94:55:6f:12:48:87:80:31:a9:91:
         d2:d3:f4:34:db:7a:91:8a:dd:9b:76:32:7a:f0:39:51:77:04:
         a9:75:ab:9b:f9:f9:cd:47:32:d4:43:15:dd:d2:4a:2d:1f:eb:
         46:bc:d9:e6:24:39:31:17:a2:a5:27:d2:6b:42:0a:6f:2e:f8:
         29:16:73:88:4e:df:aa:5c:5e:35:84:c7:b8:11:a2:35:8c:6f:
         e9:3a:3b:6d:e0:01:75:20:f9:3c:93:d1:82:2f:df:d1:33:fa:
         7b:22:4a:27:52:69:72:09:95:c7:37:c8:a9:9e:6f:06:9a:af:
         a6:57:46:8c:56:7f:3e:cc:e1:ea:7e:5a:0d:13:f3:8f:20:49:
         ba:1f:25:cd:8c:2d:cb:0d:09:5b:9f:ee:b8:80:2c:4f:b0:c9:
         13:2f:2c:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2nqTnu3nAySvix9IPxjSVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjQwMjE0MTI0ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRkMWQ3YjMzMzM2NjE1MTAzOGQ5NjlmYTIwZjIzNmRmOWUyNzc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgi9Ciipk99UmO8+VFhZKTl9Nqd6E
koOyzvDBZ4OmXhUbZbbJKNU3QF8u+tcKdn8wVK3BbC2DGOhOM6k2vDw8/m78DeNY
FhcAXOMpc2gbQ+CGzi+xKYNGa0qdHWb1ireH688EWgyPTFOfog40oku2qqZlXiBH
Q5KmvfqSF7wUXFlA1RZJlpvizBd9d7ZA1hwoe0mOlqK6f1xCVfPK15kkDtDoXifx
kfUQo218VmowXez/O2hp0gXs/ex/p6tJ8zy3tIikYCH09GZf3kF1CizD5tvR9muq
yL2CO1u6CDs8Rmz/JBKpIBHZDWPtjWcX6ykAT6t94q6nC+bZBpEdXSLCLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJHdHXszM2YVEDjZafog8jbfnid4MB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEva2QwZGV6TXpaaFVRT05scC1pRHlOdC1lSjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAIMA0G
CSqGSIb3DQEBCwUAA4IBAQBdXa6qgUfF5HSfceHJs26DTYmJRpFXnvJtYvzZI7/r
QxA671Wq5ZChkEQIhuL/bZFQGKViwtbbHqVWHWnPKgo06UC9trBfYbmBYBhr8ROP
02i7fHKJ+Idp7eFlRP45lcmjH5RVbxJIh4AxqZHS0/Q023qRit2bdjJ68DlRdwSp
daub+fnNRzLUQxXd0kotH+tGvNnmJDkxF6KlJ9JrQgpvLvgpFnOITt+qXF41hMe4
EaI1jG/pOjtt4AF1IPk8k9GCL9/RM/p7IkonUmlyCZXHN8ipnm8Gmq+mV0aMVn8+
zOHqfloNE/OPIEm6HyXNjC3LDQlbn+64gCxPsMkTLyx/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:30 2024 by rpki-client on console-fra.rpki-client.org