Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/c4vO53Lq2Zj0dYe5JeEq3z3AnzQ.roa
File:                     c4vO53Lq2Zj0dYe5JeEq3z3AnzQ.roa (raw, json)
Hash identifier:          40NN0mSob8WCU77zIyNDi0iTDqo72JaKoJe7r8LPIm4=
Subject key identifier:   73:8B:CE:E7:72:EA:D9:98:F4:75:87:B9:25:E1:2A:DF:3D:C0:9F:34
Certificate issuer:       /CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
Certificate serial:       018C041DF5E3F0F87D967E1853535603B93A
Authority key identifier: D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/c4vO53Lq2Zj0dYe5JeEq3z3AnzQ.roa
Signing time:             Sat 25 Nov 2023 01:35:21 +0000
ROA not before:           Sat 25 Nov 2023 01:35:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        109.105.199.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 20:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:04:1d:f5:e3:f0:f8:7d:96:7e:18:53:53:56:03:b9:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8c60a0d2d70a9337d0bda56d1ad596ac1f69cda
        Validity
            Not Before: Nov 25 01:35:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=738bcee772ead998f47587b925e12adf3dc09f34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:13:57:ee:9b:0c:a3:9a:7d:62:45:2b:45:a6:
                    ec:9a:c1:d1:93:48:33:c2:fd:d8:90:60:d2:bd:56:
                    e6:c4:0f:34:41:0d:1a:86:41:fe:d5:b1:78:c2:8b:
                    d0:fc:17:5f:e2:94:95:81:e8:42:87:03:23:73:65:
                    4d:a2:49:c8:bf:ef:af:68:85:96:53:89:59:3f:fb:
                    d5:e9:e2:cd:ef:17:2d:96:ec:69:d6:42:93:0f:57:
                    30:6a:a0:fd:8b:83:26:92:2d:7e:b2:bd:7a:ff:cf:
                    b9:07:7e:11:76:bf:7b:9d:61:84:23:52:32:4b:71:
                    6d:f3:26:36:a8:ff:e0:33:0e:dd:66:45:02:46:d7:
                    bf:cb:cc:73:bf:b9:a4:57:49:01:00:0d:b7:50:1e:
                    1b:70:df:95:d3:75:c0:de:1e:63:ae:84:ce:a1:1f:
                    73:bb:92:7c:c5:ab:99:b9:e1:d2:bc:0d:0f:32:de:
                    43:2e:0b:e0:4d:c7:4e:c2:82:73:ff:89:e4:36:91:
                    1e:81:15:03:80:f8:0b:5c:63:c7:d1:ec:1a:82:9a:
                    2d:f6:f3:49:a4:db:8b:90:2a:0f:43:08:af:9f:03:
                    fc:ca:a0:3d:81:e7:ba:eb:ca:ac:7e:13:6c:77:b3:
                    7d:f6:4f:31:40:9c:85:42:c2:c4:7c:d4:ec:6f:c5:
                    1f:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:8B:CE:E7:72:EA:D9:98:F4:75:87:B9:25:E1:2A:DF:3D:C0:9F:34
            X509v3 Authority Key Identifier:
                keyid:D8:C6:0A:0D:2D:70:A9:33:7D:0B:DA:56:D1:AD:59:6A:C1:F6:9C:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2MYKDS1wqTN9C9pW0a1ZasH2nNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/c4vO53Lq2Zj0dYe5JeEq3z3AnzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/b51a85-f99f-423f-9fae-dd294c378f6c/1/2MYKDS1wqTN9C9pW0a1ZasH2nNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:be:d6:25:59:75:3c:0b:6f:c1:d1:11:1e:e8:3e:04:62:1c:
         07:25:81:11:5a:98:34:9a:29:d8:49:80:ad:fe:75:e6:16:93:
         fe:a7:b5:13:bd:4f:30:50:9c:f5:71:0d:ba:fd:35:35:98:e8:
         12:d9:5d:57:8b:da:7b:cc:67:44:87:98:d8:cb:a8:0f:28:b2:
         45:07:80:d6:be:6a:80:68:6e:04:73:2f:bc:1a:3c:ff:f4:03:
         5d:c9:13:20:d7:19:4d:de:2c:55:41:4b:83:f2:79:ee:88:94:
         08:1e:fe:15:2b:5f:75:c5:92:9a:4f:a3:3c:3f:c7:4c:4e:b3:
         5f:82:63:91:2c:f1:c9:05:a4:be:e3:c3:3b:b1:1a:63:8a:24:
         94:ef:22:9a:2a:7e:43:50:a9:83:99:c1:57:e3:eb:eb:df:2a:
         c6:a9:35:bf:ae:6f:78:e9:62:d0:62:1d:d4:08:c2:c1:eb:69:
         37:97:18:3f:e3:42:ed:dd:30:83:d0:95:61:c7:a1:2c:92:24:
         e6:89:b3:f4:45:ff:db:79:b3:9b:67:b2:72:32:b5:ab:38:f5:
         e4:c7:06:01:bc:86:c7:d9:52:d9:15:e3:0f:21:50:c4:34:47:
         a9:98:31:64:92:4c:b3:38:cd:d5:cf:37:5d:a3:67:8c:0a:b0:
         a1:b7:eb:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYwEHfXj8Ph9ln4YU1NWA7k6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4YzYwYTBkMmQ3MGE5MzM3ZDBiZGE1NmQxYWQ1OTZhYzFm
NjljZGEwHhcNMjMxMTI1MDEzNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzhiY2VlNzcyZWFkOTk4ZjQ3NTg3YjkyNWUxMmFkZjNkYzA5ZjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxNX7psMo5p9YkUrRabsmsHRk0gz
wv3YkGDSvVbmxA80QQ0ahkH+1bF4wovQ/Bdf4pSVgehChwMjc2VNoknIv++vaIWW
U4lZP/vV6eLN7xctluxp1kKTD1cwaqD9i4Mmki1+sr16/8+5B34Rdr97nWGEI1Iy
S3Ft8yY2qP/gMw7dZkUCRte/y8xzv7mkV0kBAA23UB4bcN+V03XA3h5jroTOoR9z
u5J8xauZueHSvA0PMt5DLgvgTcdOwoJz/4nkNpEegRUDgPgLXGPH0ewagpot9vNJ
pNuLkCoPQwivnwP8yqA9gee668qsfhNsd7N99k8xQJyFQsLEfNTsb8UfgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHOLzudy6tmY9HWHuSXhKt89wJ80MB8GA1UdIwQY
MBaAFNjGCg0tcKkzfQvaVtGtWWrB9pzaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUt
ZGQyOTRjMzc4ZjZjLzEvYzR2TzUzTHEyWmowZFllNUplRXEzejNBbnpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9iNTFhODUtZjk5Zi00MjNmLTlmYWUtZGQyOTRjMzc4ZjZj
LzEvMk1ZS0RTMXdxVE45QzlwVzBhMVphc0gybk5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWnHMA0G
CSqGSIb3DQEBCwUAA4IBAQBFvtYlWXU8C2/B0REe6D4EYhwHJYERWpg0minYSYCt
/nXmFpP+p7UTvU8wUJz1cQ26/TU1mOgS2V1Xi9p7zGdEh5jYy6gPKLJFB4DWvmqA
aG4Ecy+8Gjz/9ANdyRMg1xlN3ixVQUuD8nnuiJQIHv4VK191xZKaT6M8P8dMTrNf
gmORLPHJBaS+48M7sRpjiiSU7yKaKn5DUKmDmcFX4+vr3yrGqTW/rm946WLQYh3U
CMLB62k3lxg/40Lt3TCD0JVhx6EskiTmibP0Rf/bebObZ7JyMrWrOPXkxwYBvIbH
2VLZFeMPIVDENEepmDFkkkyzOM3Vzzddo2eMCrCht+vi
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:28 2024 by rpki-client on console-ams.rpki-client.org