Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/cT-KSgmooBrmm5RrNf6HvECjlZI.roa
File:                     cT-KSgmooBrmm5RrNf6HvECjlZI.roa (raw, json)
Hash identifier:          RCJPMPGgyxhQiq9GjuEXHtiFATmRWUHfMJP+NeqbwA8=
Subject key identifier:   71:3F:8A:4A:09:A8:A0:1A:E6:9B:94:6B:35:FE:87:BC:40:A3:95:92
Certificate issuer:       /CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
Certificate serial:       018AAC217CBC336BC3459F86120A4FB379DF
Authority key identifier: 28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/cT-KSgmooBrmm5RrNf6HvECjlZI.roa
Signing time:             Tue 19 Sep 2023 06:29:50 +0000
ROA not before:           Tue 19 Sep 2023 06:29:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61317
IP address blocks:        95.214.173.0/24 maxlen: 24
                          193.239.197.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 24 Sep 2023 18:46:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:ac:21:7c:bc:33:6b:c3:45:9f:86:12:0a:4f:b3:79:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28107ab6921ef8cb2deca3eb766478cff3e5fc6d
        Validity
            Not Before: Sep 19 06:29:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=713f8a4a09a8a01ae69b946b35fe87bc40a39592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d0:d8:6c:b2:de:98:43:64:ac:a9:94:03:2a:
                    ac:e5:c6:66:be:25:b7:b3:47:2f:ca:ba:b8:ff:e4:
                    6d:c5:01:74:59:44:cf:8a:9a:a2:09:4f:43:9f:65:
                    cc:2d:90:e5:98:f8:0b:ba:85:4f:9a:6f:f1:e0:f3:
                    2a:c5:78:58:e3:58:7b:1a:dd:9f:85:a3:39:64:c8:
                    f5:b4:14:19:6f:67:c2:78:d1:94:ac:bf:09:e2:b4:
                    16:f8:14:e3:69:8b:86:44:c5:7b:f7:43:10:43:d6:
                    53:43:8c:9f:f3:85:ba:ab:50:41:2f:c6:91:e3:51:
                    33:fb:66:e7:17:5a:df:97:fa:70:77:2d:9c:75:c9:
                    ad:2e:1e:9a:cb:cb:aa:ab:ce:fc:c4:ab:be:9e:ca:
                    b6:3e:4a:7d:3c:dd:f6:3f:38:7a:76:ba:70:ab:d5:
                    5a:46:35:0c:02:a1:71:f9:9e:21:f2:00:6c:39:8b:
                    ad:72:3e:86:ea:59:54:1c:53:6f:2c:76:90:99:99:
                    55:0b:70:f9:bf:15:30:ca:b5:63:c7:e9:f1:83:ee:
                    18:a4:c9:75:c2:2c:e7:6b:14:fe:b6:99:d1:53:9b:
                    94:53:f8:9b:9d:c3:64:09:08:b5:39:6e:c1:e3:ec:
                    0f:68:76:2d:20:e5:bf:36:c3:55:41:22:86:a0:26:
                    b0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:3F:8A:4A:09:A8:A0:1A:E6:9B:94:6B:35:FE:87:BC:40:A3:95:92
            X509v3 Authority Key Identifier:
                keyid:28:10:7A:B6:92:1E:F8:CB:2D:EC:A3:EB:76:64:78:CF:F3:E5:FC:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/cT-KSgmooBrmm5RrNf6HvECjlZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/08826e-77d0-437b-a1c2-c0fb3ef7640e/1/KBB6tpIe-Mst7KPrdmR4z_Pl_G0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.173.0/24
                  193.239.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:01:b0:3a:cf:37:48:92:2f:d5:72:53:5d:b7:6f:e0:a5:4b:
         5c:b6:5e:59:00:69:76:9f:f7:9d:51:15:85:16:35:29:59:2c:
         bd:33:6a:55:1d:b5:f9:9b:c1:3a:ff:d2:43:b4:e2:7e:a0:24:
         96:59:d2:13:15:89:b0:6e:fc:6a:33:16:19:51:c9:43:a6:a2:
         ec:c0:9f:1a:58:42:5e:79:21:f4:c9:93:a9:c1:36:84:8f:13:
         be:37:4e:94:39:8c:2c:e0:fb:36:0c:36:0e:83:8b:a4:97:90:
         e4:54:7a:8b:b4:4e:33:20:10:29:f6:de:e4:83:be:c2:49:d4:
         1c:3b:8a:d2:da:50:c7:65:6c:67:02:df:df:79:bd:7e:2e:a7:
         74:97:12:ba:b5:2e:21:3a:bd:26:a4:d1:1b:8a:c3:1e:3d:b5:
         61:29:25:79:4e:9b:e3:1c:89:c2:25:67:4c:36:9a:4f:a8:fb:
         a7:2e:f5:2a:6f:d4:43:25:b6:99:2d:5a:8a:44:78:b4:11:8a:
         25:fa:9b:2c:a5:b1:73:15:25:16:55:05:37:0c:7d:3e:67:fe:
         d1:17:df:09:2d:b8:07:7c:7c:f6:fd:7a:7c:68:6b:05:64:68:
         ef:d9:c4:80:07:13:7d:69:2e:3a:0f:7d:69:62:2e:d7:41:9f:
         be:c2:64:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYqsIXy8M2vDRZ+GEgpPs3nfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTA3YWI2OTIxZWY4Y2IyZGVjYTNlYjc2NjQ3OGNmZjNl
NWZjNmQwHhcNMjMwOTE5MDYyOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTNmOGE0YTA5YThhMDFhZTY5Yjk0NmIzNWZlODdiYzQwYTM5NTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdDYbLLemENkrKmUAyqs5cZmviW3
s0cvyrq4/+RtxQF0WUTPipqiCU9Dn2XMLZDlmPgLuoVPmm/x4PMqxXhY41h7Gt2f
haM5ZMj1tBQZb2fCeNGUrL8J4rQW+BTjaYuGRMV790MQQ9ZTQ4yf84W6q1BBL8aR
41Ez+2bnF1rfl/pwdy2cdcmtLh6ay8uqq878xKu+nsq2Pkp9PN32Pzh6drpwq9Va
RjUMAqFx+Z4h8gBsOYutcj6G6llUHFNvLHaQmZlVC3D5vxUwyrVjx+nxg+4YpMl1
wiznaxT+tpnRU5uUU/ibncNkCQi1OW7B4+wPaHYtIOW/NsNVQSKGoCawyQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHE/ikoJqKAa5puUazX+h7xAo5WSMB8GA1UdIwQY
MBaAFCgQeraSHvjLLeyj63ZkeM/z5fxtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzIt
YzBmYjNlZjc2NDBlLzEvY1QtS1NnbW9vQnJtbTVSck5mNkh2RUNqbFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8wODgyNmUtNzdkMC00MzdiLWExYzItYzBmYjNlZjc2NDBl
LzEvS0JCNnRwSWUtTXN0N0tQcmRtUjR6X1BsX0cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAX9atAwQA
we/FMA0GCSqGSIb3DQEBCwUAA4IBAQCJAbA6zzdIki/VclNdt2/gpUtctl5ZAGl2
n/edURWFFjUpWSy9M2pVHbX5m8E6/9JDtOJ+oCSWWdITFYmwbvxqMxYZUclDpqLs
wJ8aWEJeeSH0yZOpwTaEjxO+N06UOYws4Ps2DDYOg4ukl5DkVHqLtE4zIBAp9t7k
g77CSdQcO4rS2lDHZWxnAt/feb1+Lqd0lxK6tS4hOr0mpNEbisMePbVhKSV5Tpvj
HInCJWdMNppPqPunLvUqb9RDJbaZLVqKRHi0EYol+psspbFzFSUWVQU3DH0+Z/7R
F98JLbgHfHz2/Xp8aGsFZGjv2cSABxN9aS46D31pYi7XQZ++wmRC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:46 2024 by rpki-client on console-fra.rpki-client.org