Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/BOCC49cOa_3e918-0Q9HxQrF6ic.roa
File:                     BOCC49cOa_3e918-0Q9HxQrF6ic.roa (raw, json)
Hash identifier:          NMg/Xbxsb6n+oy4SSnmKZT4pPcEt+B4D7v6smLOLLwM=
Subject key identifier:   04:E0:82:E3:D7:0E:6B:FD:DE:F7:5F:3E:D1:0F:47:C5:0A:C5:EA:27
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       01856C53D9A432BA6984C535D946F5FCF7E3
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/BOCC49cOa_3e918-0Q9HxQrF6ic.roa
Signing time:             Sun 01 Jan 2023 07:55:12 +0000
ROA not before:           Sun 01 Jan 2023 07:55:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211237
IP address blocks:        91.238.213.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Jan 2023 09:08:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:53:d9:a4:32:ba:69:84:c5:35:d9:46:f5:fc:f7:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 07:55:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=04e082e3d70e6bfddef75f3ed10f47c50ac5ea27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e8:29:0e:7d:3c:e0:8a:ab:2e:ac:99:cf:b0:
                    b1:c1:cb:ff:17:2f:dc:29:2c:ab:e9:ac:0b:c5:fe:
                    d1:31:a0:21:d5:f6:8f:06:b4:ca:9a:a1:e1:a9:92:
                    07:1e:05:06:82:f7:04:2e:4a:d0:48:ea:9e:e4:ed:
                    31:c9:4b:f5:95:e7:c5:77:92:91:24:14:de:73:6c:
                    6f:41:7d:81:cd:f6:c1:01:0f:c7:8f:04:fb:67:2d:
                    a7:ac:8a:fa:62:51:07:d5:6d:b7:b3:90:76:bd:63:
                    35:83:21:72:ed:a0:3f:eb:0d:b2:d5:11:90:6a:61:
                    9f:4d:87:be:8b:ea:2e:96:b9:99:13:a4:c6:b7:f8:
                    11:66:51:3e:7c:f7:39:c3:5d:fb:cb:34:be:b0:67:
                    3e:80:18:78:81:79:64:b0:1c:f5:11:0e:5b:72:e9:
                    f7:b3:a5:40:20:d2:9e:c1:9e:77:33:a2:47:b3:3d:
                    43:09:68:d7:39:03:ff:8e:2b:10:29:96:cb:af:70:
                    a7:1e:16:8e:1e:61:87:2d:44:4b:30:8d:18:a8:8f:
                    bb:22:67:68:82:6e:f6:4f:09:e1:97:9b:f0:87:9b:
                    9a:84:fe:b1:b5:20:9f:48:3e:61:a1:4d:26:e0:dd:
                    80:6a:e0:e5:d6:28:b2:55:62:61:a0:df:ec:f2:8a:
                    5c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:E0:82:E3:D7:0E:6B:FD:DE:F7:5F:3E:D1:0F:47:C5:0A:C5:EA:27
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/BOCC49cOa_3e918-0Q9HxQrF6ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:b1:ea:44:74:a9:d2:4e:9c:6a:8f:c3:c0:6f:8b:df:25:74:
         96:53:22:49:9d:c8:a9:ef:e1:fd:29:61:4d:f1:29:b2:49:21:
         ed:7d:9d:20:33:71:b8:00:a4:55:90:f2:a8:f3:9f:dd:59:04:
         2a:fc:1b:85:24:74:cc:56:70:e3:6b:b7:29:51:59:14:9d:3e:
         88:3d:fa:7e:7a:fe:a0:92:1c:27:fa:f3:44:fa:ce:02:7e:dd:
         cf:a4:5b:c7:8d:93:24:36:a2:a8:39:12:c5:9e:77:bf:36:c8:
         50:f0:08:0e:3b:a5:9b:9f:45:a8:68:bd:1d:5d:86:e9:93:fe:
         82:1b:11:d8:28:f8:c0:ea:4d:9e:ef:2a:ff:1b:44:f7:05:b2:
         01:d7:e6:a9:6e:54:f0:30:cc:dd:74:60:61:70:ab:59:9f:f2:
         55:c9:e7:87:2d:55:87:9a:d4:75:9c:49:42:3b:48:09:9c:45:
         90:1f:a1:2d:fe:39:10:d0:43:f9:10:fb:8c:ee:1f:f7:63:67:
         0a:0a:f4:1a:c0:cd:9e:bb:02:48:c5:26:de:45:bb:15:b6:93:
         ab:6c:eb:6a:87:d5:f4:b1:c2:4a:a8:e2:f2:bd:89:df:aa:af:
         3a:69:fd:fb:4d:95:f6:ed:10:22:aa:c4:44:8a:83:09:e2:22:
         e0:34:d9:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsU9mkMrpphMU12Ub1/PfjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjMwMTAxMDc1NTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGUwODJlM2Q3MGU2YmZkZGVmNzVmM2VkMTBmNDdjNTBhYzVlYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOgpDn084IqrLqyZz7Cxwcv/Fy/c
KSyr6awLxf7RMaAh1faPBrTKmqHhqZIHHgUGgvcELkrQSOqe5O0xyUv1lefFd5KR
JBTec2xvQX2BzfbBAQ/HjwT7Zy2nrIr6YlEH1W23s5B2vWM1gyFy7aA/6w2y1RGQ
amGfTYe+i+oulrmZE6TGt/gRZlE+fPc5w137yzS+sGc+gBh4gXlksBz1EQ5bcun3
s6VAINKewZ53M6JHsz1DCWjXOQP/jisQKZbLr3CnHhaOHmGHLURLMI0YqI+7Imdo
gm72Twnhl5vwh5uahP6xtSCfSD5hoU0m4N2AauDl1iiyVWJhoN/s8opcNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFATgguPXDmv93vdfPtEPR8UKxeonMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEvQk9DQzQ5Y09hXzNlOTE4LTBROUh4UXJGNmljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7VMA0G
CSqGSIb3DQEBCwUAA4IBAQASsepEdKnSTpxqj8PAb4vfJXSWUyJJncip7+H9KWFN
8SmySSHtfZ0gM3G4AKRVkPKo85/dWQQq/BuFJHTMVnDja7cpUVkUnT6IPfp+ev6g
khwn+vNE+s4Cft3PpFvHjZMkNqKoORLFnne/NshQ8AgOO6Wbn0WoaL0dXYbpk/6C
GxHYKPjA6k2e7yr/G0T3BbIB1+apblTwMMzddGBhcKtZn/JVyeeHLVWHmtR1nElC
O0gJnEWQH6Et/jkQ0EP5EPuM7h/3Y2cKCvQawM2euwJIxSbeRbsVtpOrbOtqh9X0
scJKqOLyvYnfqq86af37TZX27RAiqsREioMJ4iLgNNmZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:11 2024 by rpki-client on console-ams.rpki-client.org