Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/NAS6XuJTxAnHnrkusO3v33bNWjs.roa
File:                     NAS6XuJTxAnHnrkusO3v33bNWjs.roa (raw, json)
Hash identifier:          NR1WsCJmwHOK2ZciXX1rPXSfi6g+961WwCZCR+1mnBo=
Subject key identifier:   34:04:BA:5E:E2:53:C4:09:C7:9E:B9:2E:B0:ED:EF:DF:76:CD:5A:3B
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       018B693A64F8E004199DDC832D3378998AA2
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/NAS6XuJTxAnHnrkusO3v33bNWjs.roa
Signing time:             Wed 25 Oct 2023 23:45:16 +0000
ROA not before:           Wed 25 Oct 2023 23:45:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212756
IP address blocks:        109.107.155.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:69:3a:64:f8:e0:04:19:9d:dc:83:2d:33:78:99:8a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Oct 25 23:45:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3404ba5ee253c409c79eb92eb0edefdf76cd5a3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b0:72:1f:b6:7f:ec:91:7c:4f:4e:89:a8:98:
                    4f:08:b4:e1:8d:0f:d7:b2:50:a4:a4:e9:c0:b0:9c:
                    97:48:3c:e6:e0:ac:a9:dd:79:89:4b:a3:9d:6e:b5:
                    ff:44:f1:84:41:a2:5a:43:fe:13:c6:f4:8c:4e:7b:
                    8c:6b:16:5e:17:8b:3a:81:69:92:19:a8:c5:1b:c4:
                    b0:5b:20:72:42:f6:07:d4:3a:e6:e6:2d:77:f5:8a:
                    bb:f3:fb:76:be:74:97:1c:df:2c:91:74:44:e6:97:
                    c8:25:bc:87:6e:41:7b:6b:a0:55:b5:6b:b8:1b:eb:
                    bb:52:cb:db:1d:c8:65:f3:e9:f0:01:f8:0f:36:aa:
                    10:5a:a2:5d:17:cc:88:ec:6c:5e:cd:dd:86:c6:90:
                    3a:5e:5b:41:9f:ef:62:bc:de:61:c6:6b:64:ea:54:
                    ac:42:f9:9b:6a:89:7b:0d:8f:4e:29:45:57:15:cf:
                    62:64:5a:82:57:41:7d:db:b0:3c:41:ee:09:74:ec:
                    00:2f:d1:e6:fd:d9:90:4d:97:be:3a:ed:83:14:41:
                    84:27:0d:8c:c7:a8:c4:4d:fd:9b:f7:42:43:20:35:
                    44:32:c7:41:a8:4c:a4:15:cc:c6:3b:06:8e:09:8b:
                    9f:0c:65:77:57:7f:35:7d:5a:11:a9:17:9f:80:fb:
                    08:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:04:BA:5E:E2:53:C4:09:C7:9E:B9:2E:B0:ED:EF:DF:76:CD:5A:3B
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/NAS6XuJTxAnHnrkusO3v33bNWjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:a1:a2:d5:27:af:e9:bf:8c:70:65:d9:43:d7:1b:24:23:a5:
         e6:30:85:66:26:cd:a1:c0:38:3b:96:b9:5f:eb:fe:89:3d:05:
         be:cd:3e:bf:96:e8:d1:fa:14:0d:8a:b9:40:0d:ed:c0:df:18:
         46:3e:0e:93:b2:5d:97:c8:f1:af:e8:d4:93:10:b0:b4:d3:c7:
         fa:ca:35:06:36:f9:0e:5d:fd:20:02:3b:31:6c:de:2a:cd:36:
         8d:4f:85:f8:9f:e9:5e:b9:50:5f:51:76:7c:59:71:15:f5:8c:
         19:79:c3:64:7c:84:0d:62:85:ba:15:17:8b:04:99:e7:9d:02:
         12:9a:66:c8:f9:0c:60:a5:da:a3:f0:49:a0:72:69:30:3f:a0:
         e0:03:eb:7e:5b:2d:4b:c1:ef:7c:e6:5a:9c:7a:17:70:76:bc:
         1a:4b:15:cd:70:3d:2d:d3:b4:fb:18:81:39:41:24:f5:d2:f5:
         2e:99:7b:72:37:be:0e:b9:bd:8f:c1:4b:3e:50:92:3f:f3:40:
         c1:ae:18:be:a4:de:2c:34:72:ff:50:21:22:40:9a:cf:fa:cd:
         8d:e2:d6:98:8a:c1:6d:a4:d6:2b:e0:65:ae:eb:92:0b:7a:d3:
         9a:b5:fb:d5:9f:02:eb:66:58:44:8c:be:5d:9f:a8:2e:28:38:
         6a:4a:9f:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtpOmT44AQZndyDLTN4mYqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjMxMDI1MjM0NTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA0YmE1ZWUyNTNjNDA5Yzc5ZWI5MmViMGVkZWZkZjc2Y2Q1YTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbByH7Z/7JF8T06JqJhPCLThjQ/X
slCkpOnAsJyXSDzm4Kyp3XmJS6OdbrX/RPGEQaJaQ/4TxvSMTnuMaxZeF4s6gWmS
GajFG8SwWyByQvYH1Drm5i139Yq78/t2vnSXHN8skXRE5pfIJbyHbkF7a6BVtWu4
G+u7UsvbHchl8+nwAfgPNqoQWqJdF8yI7Gxezd2GxpA6XltBn+9ivN5hxmtk6lSs
Qvmbaol7DY9OKUVXFc9iZFqCV0F927A8Qe4JdOwAL9Hm/dmQTZe+Ou2DFEGEJw2M
x6jETf2b90JDIDVEMsdBqEykFczGOwaOCYufDGV3V381fVoRqRefgPsIfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQEul7iU8QJx565LrDt7992zVo7MB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvTkFTNlh1SlR4QW5IbnJrdXNPM3YzM2JOV2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWubMA0G
CSqGSIb3DQEBCwUAA4IBAQCEoaLVJ6/pv4xwZdlD1xskI6XmMIVmJs2hwDg7lrlf
6/6JPQW+zT6/lujR+hQNirlADe3A3xhGPg6Tsl2XyPGv6NSTELC008f6yjUGNvkO
Xf0gAjsxbN4qzTaNT4X4n+leuVBfUXZ8WXEV9YwZecNkfIQNYoW6FReLBJnnnQIS
mmbI+Qxgpdqj8EmgcmkwP6DgA+t+Wy1Lwe985lqcehdwdrwaSxXNcD0t07T7GIE5
QST10vUumXtyN74Oub2PwUs+UJI/80DBrhi+pN4sNHL/UCEiQJrP+s2N4taYisFt
pNYr4GWu65ILetOatfvVnwLrZlhEjL5dn6guKDhqSp/i
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:31 2024 by rpki-client on console-ams.rpki-client.org