Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/Knh8C6gJ1N0MIjp2vZSzpBLPcGc.roa
File:                     Knh8C6gJ1N0MIjp2vZSzpBLPcGc.roa (raw, json)
Hash identifier:          njl4vylzzzGlyS9ing8h+FPpq79MRJY4Sv+3w0dtL5M=
Subject key identifier:   2A:78:7C:0B:A8:09:D4:DD:0C:22:3A:76:BD:94:B3:A4:12:CF:70:67
Certificate issuer:       /CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
Certificate serial:       01856D41B015F49F50926C67FA9A326259F8
Authority key identifier: 06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/Knh8C6gJ1N0MIjp2vZSzpBLPcGc.roa
Signing time:             Sun 01 Jan 2023 12:14:59 +0000
ROA not before:           Sun 01 Jan 2023 12:14:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198389
IP address blocks:        176.103.168.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:29:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:41:b0:15:f4:9f:50:92:6c:67:fa:9a:32:62:59:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
        Validity
            Not Before: Jan  1 12:14:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2a787c0ba809d4dd0c223a76bd94b3a412cf7067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a9:1e:be:fa:f8:af:59:f3:81:fa:28:9e:f0:
                    e2:f7:fc:d2:48:d8:a2:91:7f:7a:23:d0:92:30:87:
                    62:b8:10:3b:bc:d9:e9:b2:15:08:5a:47:9c:a0:73:
                    bc:54:59:ab:1c:61:c6:01:70:6a:80:c0:5e:d7:03:
                    95:f9:e6:02:e8:a4:12:39:27:30:21:bd:fd:e4:ed:
                    cd:e9:16:1c:58:31:4a:cc:c7:85:3a:19:39:79:8b:
                    c6:95:28:e6:7e:d2:da:54:2a:dc:04:37:48:28:d4:
                    f8:26:f1:f7:10:7c:be:58:96:fa:fc:90:55:a3:7b:
                    9e:28:54:f9:3f:7a:a0:b5:b6:e0:b4:8e:4e:b5:75:
                    ce:8c:2f:62:9a:f7:3f:4d:9e:5f:96:e2:1e:a9:7e:
                    ab:1f:49:d8:d0:db:6a:7c:ab:8f:f0:e1:b5:72:a7:
                    7a:91:11:3b:83:91:55:4a:31:c4:b7:9a:a8:10:9f:
                    0c:12:9f:54:d9:d2:c1:b7:57:b4:90:ec:0d:59:01:
                    1f:91:17:da:c2:cd:ed:c4:ce:d9:e1:cc:39:e7:10:
                    4e:fb:c1:8d:da:a8:32:d9:96:b7:f5:e9:18:e9:85:
                    47:b9:8b:c5:b4:34:23:74:02:64:93:2f:ab:4f:4d:
                    2d:5f:35:b7:30:01:7e:3b:bf:e6:3b:3e:cb:93:9f:
                    85:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:78:7C:0B:A8:09:D4:DD:0C:22:3A:76:BD:94:B3:A4:12:CF:70:67
            X509v3 Authority Key Identifier:
                keyid:06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/Knh8C6gJ1N0MIjp2vZSzpBLPcGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         36:c0:d0:b8:dc:e0:dc:11:a5:b1:7c:b7:98:11:ae:49:fb:84:
         61:15:15:90:ec:8b:f5:13:00:45:20:76:97:d0:87:2f:da:c9:
         de:11:cd:33:98:10:0c:49:99:b8:9b:18:48:64:c1:18:8a:ae:
         3d:cf:5c:9f:c4:fa:a2:ad:ba:18:b6:02:45:4d:10:d8:f6:ed:
         42:a3:11:5d:54:cd:d5:fd:6f:51:b0:85:d8:d9:6a:d1:28:56:
         57:6e:04:09:20:59:05:de:c1:5d:66:fa:df:77:3b:92:d7:55:
         e4:0f:d5:d7:07:c8:cb:24:11:0f:40:12:67:cf:ca:db:5c:d8:
         8f:d8:ee:32:27:a9:a4:34:35:6b:cf:d3:4f:d3:a8:62:9e:7b:
         24:df:70:c8:af:56:a5:6b:63:93:a4:0c:b7:04:c2:0d:f7:02:
         dd:a9:21:ff:93:c3:b3:90:31:a0:3a:fc:19:bc:01:e0:b4:40:
         c5:bb:d8:68:a5:67:b3:f4:6d:dd:5c:a5:9e:3f:09:cd:71:e8:
         9b:2a:60:cf:00:02:a3:dd:5a:02:50:98:c1:cb:45:41:86:40:
         4a:e5:1f:25:2c:39:04:31:77:26:4a:c1:40:53:1a:ec:58:e4:
         8f:8c:73:df:1e:31:76:7e:85:71:a1:58:1c:2e:8e:d7:83:7e:
         52:7b:09:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtQbAV9J9Qkmxn+poyYln4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MzdkMWNlNWRjM2ZhODAwZTFkMWRjZmJkYWE4NDFmZGRk
NDM5MDUwHhcNMjMwMTAxMTIxNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTc4N2MwYmE4MDlkNGRkMGMyMjNhNzZiZDk0YjNhNDEyY2Y3MDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKkevvr4r1nzgfoonvDi9/zSSNii
kX96I9CSMIdiuBA7vNnpshUIWkecoHO8VFmrHGHGAXBqgMBe1wOV+eYC6KQSOScw
Ib395O3N6RYcWDFKzMeFOhk5eYvGlSjmftLaVCrcBDdIKNT4JvH3EHy+WJb6/JBV
o3ueKFT5P3qgtbbgtI5OtXXOjC9imvc/TZ5fluIeqX6rH0nY0NtqfKuP8OG1cqd6
kRE7g5FVSjHEt5qoEJ8MEp9U2dLBt1e0kOwNWQEfkRfaws3txM7Z4cw55xBO+8GN
2qgy2Za39ekY6YVHuYvFtDQjdAJkky+rT00tXzW3MAF+O7/mOz7Lk5+FywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCp4fAuoCdTdDCI6dr2Us6QSz3BnMB8GA1UdIwQY
MBaAFAY30c5dw/qADh0dz72qhB/d1DkFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmpmUnpsM0Qtb0FPSFIzUHZhcUVIOTNVT1FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9lYWE2MDItMmEzZi00ZjMyLWFiY2Ut
M2Q4MGQ2ODZlNzQ3LzEvS25oOEM2Z0oxTjBNSWpwMnZaU3pwQkxQY0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9lYWE2MDItMmEzZi00ZjMyLWFiY2UtM2Q4MGQ2ODZlNzQ3
LzEvQmpmUnpsM0Qtb0FPSFIzUHZhcUVIOTNVT1FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGeoMA0G
CSqGSIb3DQEBCwUAA4IBAQA2wNC43ODcEaWxfLeYEa5J+4RhFRWQ7Iv1EwBFIHaX
0Icv2sneEc0zmBAMSZm4mxhIZMEYiq49z1yfxPqirboYtgJFTRDY9u1CoxFdVM3V
/W9RsIXY2WrRKFZXbgQJIFkF3sFdZvrfdzuS11XkD9XXB8jLJBEPQBJnz8rbXNiP
2O4yJ6mkNDVrz9NP06hinnsk33DIr1ala2OTpAy3BMIN9wLdqSH/k8OzkDGgOvwZ
vAHgtEDFu9hopWez9G3dXKWePwnNceibKmDPAAKj3VoCUJjBy0VBhkBK5R8lLDkE
MXcmSsFAUxrsWOSPjHPfHjF2foVxoVgcLo7Xg35Sewld
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:15 2024 by rpki-client on console-ams.rpki-client.org