Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/cWZADgZYHZ1HgBweAMjO8KuItig.roa
File:                     cWZADgZYHZ1HgBweAMjO8KuItig.roa (raw, json)
Hash identifier:          3t0bq4vV6Z/MEVTUzVelmX6w+n17XZ0yCoZ1Cr2VYcY=
Subject key identifier:   71:66:40:0E:06:58:1D:9D:47:80:1C:1E:00:C8:CE:F0:AB:88:B6:28
Certificate issuer:       /CN=aa8093354e565ac4838a51f47d2769769c66944e
Certificate serial:       018CC3B6B44A14B3A097B6FE71766B054618
Authority key identifier: AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/cWZADgZYHZ1HgBweAMjO8KuItig.roa
Signing time:             Mon 01 Jan 2024 06:29:40 +0000
ROA not before:           Mon 01 Jan 2024 06:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211409
IP address blocks:        193.163.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 20 May 2024 10:28:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:b4:4a:14:b3:a0:97:b6:fe:71:76:6b:05:46:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa8093354e565ac4838a51f47d2769769c66944e
        Validity
            Not Before: Jan  1 06:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7166400e06581d9d47801c1e00c8cef0ab88b628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:33:28:99:7a:87:93:7f:97:e5:da:97:9c:b3:
                    c8:fc:60:ef:9d:57:08:ae:b7:0c:31:0d:13:2b:16:
                    b1:68:39:aa:a9:03:8e:db:f6:28:2f:7f:94:9c:e2:
                    84:ee:65:0a:40:f1:96:c5:eb:59:5f:5f:0f:5e:8b:
                    3d:31:5b:cf:da:96:bf:a0:5d:51:bc:d5:c5:5c:eb:
                    c0:e0:21:c9:f2:3d:0c:cf:35:13:1a:d4:7c:57:91:
                    99:0f:06:5a:58:f9:df:df:ea:71:de:f7:f3:64:00:
                    cb:80:7d:98:f7:9b:41:34:88:df:53:e2:c3:45:17:
                    f9:2a:07:1c:56:a9:03:6a:cb:82:40:43:c4:37:0b:
                    f1:2a:7d:43:c1:77:78:b6:7d:97:ca:6f:a6:4e:97:
                    5b:58:95:fa:aa:42:3b:37:e5:c5:1d:c3:5f:30:d2:
                    2a:67:43:72:6f:9e:97:9f:d0:fc:04:cf:c1:92:49:
                    5e:e5:bc:e1:d5:3f:01:ef:9d:33:2e:c1:0f:99:f6:
                    cc:fc:ab:67:60:8b:03:fd:df:15:86:07:cf:71:5a:
                    b4:65:75:a7:55:8f:e2:0c:32:89:ba:92:61:5b:b7:
                    2b:8e:46:55:19:32:54:4b:b6:b3:ee:76:52:10:91:
                    09:d3:91:3e:e2:72:76:20:c1:4b:c9:65:90:93:19:
                    3f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:66:40:0E:06:58:1D:9D:47:80:1C:1E:00:C8:CE:F0:AB:88:B6:28
            X509v3 Authority Key Identifier:
                keyid:AA:80:93:35:4E:56:5A:C4:83:8A:51:F4:7D:27:69:76:9C:66:94:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoCTNU5WWsSDilH0fSdpdpxmlE4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/cWZADgZYHZ1HgBweAMjO8KuItig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ee9ddc-acd0-481d-8c0b-788b46e10497/1/qoCTNU5WWsSDilH0fSdpdpxmlE4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:23:a7:04:33:40:aa:67:2e:75:7a:c5:fc:58:31:5e:a9:72:
         78:9d:2c:a3:2b:85:b2:dc:4c:4d:ec:10:08:82:b3:a7:5e:a5:
         4a:7d:ab:80:8f:6e:fd:9a:0a:d0:94:b7:bd:00:07:64:9e:88:
         28:d8:90:dd:67:27:84:cf:40:39:e5:60:e2:2b:8a:d4:f5:08:
         e2:e3:e5:75:d4:89:8a:1b:d0:fa:59:8e:1a:c7:6a:cc:fc:cb:
         33:b8:b7:b3:90:3a:c4:c9:ed:6a:b8:2c:fb:f0:8c:0c:59:43:
         51:9d:b4:c4:e2:e7:8a:de:3c:35:19:13:33:03:5f:ca:ef:2b:
         7a:67:ad:a2:34:69:65:8d:81:1b:5c:68:36:87:ba:07:5b:99:
         2d:54:2b:76:9e:d1:1e:2d:0f:09:ef:6c:93:ad:e9:bb:60:e3:
         c1:36:1a:aa:87:c4:c1:80:2d:ae:ff:ea:00:3d:25:11:55:21:
         45:84:c7:6e:5e:8f:c5:a1:c2:07:69:40:3d:7b:2e:f3:6a:32:
         b1:f9:ef:52:ee:42:91:e4:f9:f1:93:74:da:5c:9c:ac:71:5a:
         a7:d9:2b:9c:39:db:3b:b9:fb:d2:e5:58:48:46:0c:a4:53:d7:
         88:b9:76:8d:53:66:52:87:56:d8:7a:8b:55:ff:55:e3:47:30:
         e2:9a:d6:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrRKFLOgl7b+cXZrBUYYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODA5MzM1NGU1NjVhYzQ4MzhhNTFmNDdkMjc2OTc2OWM2
Njk0NGUwHhcNMjQwMTAxMDYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTY2NDAwZTA2NTgxZDlkNDc4MDFjMWUwMGM4Y2VmMGFiODhiNjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTMomXqHk3+X5dqXnLPI/GDvnVcI
rrcMMQ0TKxaxaDmqqQOO2/YoL3+UnOKE7mUKQPGWxetZX18PXos9MVvP2pa/oF1R
vNXFXOvA4CHJ8j0MzzUTGtR8V5GZDwZaWPnf3+px3vfzZADLgH2Y95tBNIjfU+LD
RRf5KgccVqkDasuCQEPENwvxKn1DwXd4tn2Xym+mTpdbWJX6qkI7N+XFHcNfMNIq
Z0Nyb56Xn9D8BM/Bkkle5bzh1T8B750zLsEPmfbM/KtnYIsD/d8VhgfPcVq0ZXWn
VY/iDDKJupJhW7crjkZVGTJUS7az7nZSEJEJ05E+4nJ2IMFLyWWQkxk/oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFmQA4GWB2dR4AcHgDIzvCriLYoMB8GA1UdIwQY
MBaAFKqAkzVOVlrEg4pR9H0naXacZpROMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9DVE5VNVdXc1NEaWxIMGZTZHBkcHhtbEU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lZTlkZGMtYWNkMC00ODFkLThjMGIt
Nzg4YjQ2ZTEwNDk3LzEvY1daQURnWllIWjFIZ0J3ZUFNak84S3VJdGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lZTlkZGMtYWNkMC00ODFkLThjMGItNzg4YjQ2ZTEwNDk3
LzEvcW9DVE5VNVdXc1NEaWxIMGZTZHBkcHhtbEU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaOqMA0G
CSqGSIb3DQEBCwUAA4IBAQBiI6cEM0CqZy51esX8WDFeqXJ4nSyjK4Wy3ExN7BAI
grOnXqVKfauAj279mgrQlLe9AAdknogo2JDdZyeEz0A55WDiK4rU9Qji4+V11ImK
G9D6WY4ax2rM/MszuLezkDrEye1quCz78IwMWUNRnbTE4ueK3jw1GRMzA1/K7yt6
Z62iNGlljYEbXGg2h7oHW5ktVCt2ntEeLQ8J72yTrem7YOPBNhqqh8TBgC2u/+oA
PSURVSFFhMduXo/FocIHaUA9ey7zajKx+e9S7kKR5Pnxk3TaXJyscVqn2SucOds7
ufvS5VhIRgykU9eIuXaNU2ZSh1bYeotV/1XjRzDimtZC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:37 2024 by rpki-client on console-fra.rpki-client.org