Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/h6XleuUMP58HqzTUG-A06J0FuXE.roa
File:                     h6XleuUMP58HqzTUG-A06J0FuXE.roa (raw, json)
Hash identifier:          3v0ssPFu91nzTgt/LuS0x0QwOsIlsyZZ0hpEBlB4JV8=
Subject key identifier:   87:A5:E5:7A:E5:0C:3F:9F:07:AB:34:D4:1B:E0:34:E8:9D:05:B9:71
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       0186358DC80B9336E914CADCE59365A447C0
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/h6XleuUMP58HqzTUG-A06J0FuXE.roa
Signing time:             Thu 09 Feb 2023 09:42:09 +0000
ROA not before:           Thu 09 Feb 2023 09:42:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211975
IP address blocks:        91.221.117.0/24 maxlen: 24
                          91.221.233.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 13 Feb 2023 04:29:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:35:8d:c8:0b:93:36:e9:14:ca:dc:e5:93:65:a4:47:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Feb  9 09:42:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87a5e57ae50c3f9f07ab34d41be034e89d05b971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:39:8c:40:9f:08:72:39:ae:c5:86:26:c0:da:
                    b6:ac:b9:96:cb:22:67:8f:6a:0e:9b:da:56:ae:14:
                    d4:c0:6e:82:c5:5a:5d:f2:d0:2f:10:b1:8d:8f:db:
                    85:a5:04:a9:37:13:cf:68:18:0d:8c:03:9d:66:9c:
                    33:42:2b:d2:c0:42:0d:d4:d7:c1:db:4b:56:9a:03:
                    6f:73:25:9a:3a:72:19:35:87:77:b4:23:1d:cd:da:
                    51:ed:b9:4b:00:53:a3:70:96:76:a9:c7:6b:a2:97:
                    3c:f1:02:47:8d:2e:42:c5:b2:e4:df:81:6a:74:09:
                    57:1c:c8:f7:53:06:8f:1e:67:ad:ea:f3:53:5d:80:
                    e2:8d:a8:16:f5:17:87:ac:21:fd:02:a2:f7:c3:74:
                    e2:cb:97:02:03:cd:32:7e:fa:6a:ea:eb:9f:84:d0:
                    ca:c7:7a:5f:6a:f6:b9:f2:48:0b:4d:f7:c1:60:65:
                    14:11:34:d2:98:10:51:94:f5:b0:43:0c:21:ec:a9:
                    b7:56:65:a1:26:9f:06:6c:ab:10:66:6a:b5:f6:56:
                    4b:4e:79:00:52:7e:50:ba:90:c4:df:44:32:9e:9a:
                    c4:49:a9:5a:2d:68:a2:d9:49:e4:35:a7:e5:c1:01:
                    2b:3a:cd:9c:9f:0c:06:d1:f5:a0:62:05:0b:e3:ef:
                    23:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:A5:E5:7A:E5:0C:3F:9F:07:AB:34:D4:1B:E0:34:E8:9D:05:B9:71
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/h6XleuUMP58HqzTUG-A06J0FuXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.117.0/24
                  91.221.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:8b:2e:c9:4f:a3:cf:4c:8a:9c:be:2c:68:6f:94:f0:cf:63:
         c7:78:59:c0:28:bf:0d:cf:5d:ca:3f:68:07:71:92:89:c6:a6:
         d6:b1:41:d6:47:a0:78:82:d9:8d:af:00:b1:6f:14:f6:f3:20:
         33:18:0f:c5:2f:96:68:a0:e8:34:79:f1:4b:2e:12:a0:3b:91:
         8c:76:25:47:36:3e:89:ab:51:ab:fa:9f:73:37:53:0f:39:a9:
         cb:55:9c:74:ac:58:02:43:7b:0e:1b:46:d5:c4:dd:da:4f:1a:
         d1:07:86:09:fa:2f:72:42:be:f9:b7:50:31:02:e6:6f:ff:cc:
         b3:cf:49:62:02:1f:f7:46:2b:a1:25:eb:8d:6d:82:5f:a2:6d:
         a7:63:7d:75:da:40:14:50:8a:c9:4d:87:57:c3:be:9a:0e:1b:
         9b:88:5d:66:88:7e:f9:61:20:b2:14:2b:76:89:49:a6:f9:c9:
         ff:2f:1d:90:35:3d:85:73:12:2a:a9:73:2a:dc:68:2f:10:d6:
         69:fb:7d:96:37:c8:c3:e8:58:96:b4:c5:c9:1a:43:ce:aa:f3:
         b3:dc:57:e8:f6:1a:ce:b5:66:cd:84:d4:19:c7:f3:f5:27:14:
         e1:d5:b6:46:f2:bc:5c:5a:2e:f0:48:2e:32:24:ee:5a:31:ba:
         e7:6e:55:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYY1jcgLkzbpFMrc5ZNlpEfAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjMwMjA5MDk0MjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2E1ZTU3YWU1MGMzZjlmMDdhYjM0ZDQxYmUwMzRlODlkMDViOTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojmMQJ8IcjmuxYYmwNq2rLmWyyJn
j2oOm9pWrhTUwG6CxVpd8tAvELGNj9uFpQSpNxPPaBgNjAOdZpwzQivSwEIN1NfB
20tWmgNvcyWaOnIZNYd3tCMdzdpR7blLAFOjcJZ2qcdropc88QJHjS5CxbLk34Fq
dAlXHMj3UwaPHmet6vNTXYDijagW9ReHrCH9AqL3w3Tiy5cCA80yfvpq6uufhNDK
x3pfava58kgLTffBYGUUETTSmBBRlPWwQwwh7Km3VmWhJp8GbKsQZmq19lZLTnkA
Un5QupDE30QynprESalaLWii2UnkNaflwQErOs2cnwwG0fWgYgUL4+8j+wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIel5XrlDD+fB6s01BvgNOidBblxMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvaDZYbGV1VU1QNThIcXpUVUctQTA2SjBGdVhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW911AwQA
W93pMA0GCSqGSIb3DQEBCwUAA4IBAQCFiy7JT6PPTIqcvixob5Twz2PHeFnAKL8N
z13KP2gHcZKJxqbWsUHWR6B4gtmNrwCxbxT28yAzGA/FL5ZooOg0efFLLhKgO5GM
diVHNj6Jq1Gr+p9zN1MPOanLVZx0rFgCQ3sOG0bVxN3aTxrRB4YJ+i9yQr75t1Ax
AuZv/8yzz0liAh/3RiuhJeuNbYJfom2nY3112kAUUIrJTYdXw76aDhubiF1miH75
YSCyFCt2iUmm+cn/Lx2QNT2FcxIqqXMq3GgvENZp+32WN8jD6FiWtMXJGkPOqvOz
3Ffo9hrOtWbNhNQZx/P1JxTh1bZG8rxcWi7wSC4yJO5aMbrnblUu
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:38 2024 by rpki-client on console-ams.rpki-client.org