Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4SXTfALssGUIoXLqFkO-opGyHjs.roa
File:                     4SXTfALssGUIoXLqFkO-opGyHjs.roa (raw, json)
Hash identifier:          T+96+9DpPISEMkjWWfP6JmExdzNLGrwC3jPppbFV8ec=
Subject key identifier:   E1:25:D3:7C:02:EC:B0:65:08:A1:72:EA:16:43:BE:A2:91:B2:1E:3B
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB2D2ED0A65C876B6BD9044F33BEC5
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4SXTfALssGUIoXLqFkO-opGyHjs.roa
Signing time:             Mon 01 Jan 2024 02:29:52 +0000
ROA not before:           Mon 01 Jan 2024 02:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57916
IP address blocks:        91.242.97.0/24 maxlen: 24
                          91.242.105.0/24 maxlen: 24
                          91.242.64.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Wed 16 Oct 2024 17:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:2d:2e:d0:a6:5c:87:6b:6b:d9:04:4f:33:be:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e125d37c02ecb06508a172ea1643bea291b21e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:26:d1:b0:43:84:f6:2e:ef:8d:54:6d:93:11:
                    11:8a:10:dc:c3:7c:d6:a8:3c:00:cf:cc:61:d5:1a:
                    7f:59:52:50:df:f9:c1:31:b9:53:a5:b6:cb:3d:ee:
                    f7:e7:a1:db:cd:d1:72:7e:88:a2:b1:6e:c3:a1:b5:
                    73:71:59:2f:16:c3:bc:44:15:9b:bf:18:9f:e0:18:
                    da:0d:da:a6:b3:3a:18:77:6e:ac:82:0c:c0:c9:64:
                    aa:e3:4e:87:34:43:9d:91:ab:5e:30:21:a6:6d:44:
                    4b:9d:c1:b1:25:0a:0b:e5:4b:b2:e4:dd:76:4e:96:
                    4e:7a:00:3d:aa:e4:98:5a:6b:26:a9:e1:d2:8c:3e:
                    e3:d0:34:17:09:01:7f:f2:a4:ab:39:b9:b9:6d:d9:
                    1d:2d:83:30:33:7d:4d:c5:cb:5d:68:22:6f:70:87:
                    7e:20:80:88:4d:7c:87:1c:46:a3:e1:d7:2c:c9:46:
                    9a:13:d9:f2:c1:8f:94:b0:5b:2b:b8:7c:e4:8a:11:
                    fd:c6:1d:c4:b9:6b:dc:98:8f:8a:69:c9:4e:18:74:
                    70:ab:47:54:67:84:29:bc:bc:8e:98:31:c7:1a:ac:
                    6a:5e:db:3b:e8:76:e3:2e:95:e7:c4:4f:f2:26:87:
                    cc:02:55:02:78:d1:06:47:f4:fa:5c:1b:9c:9d:11:
                    cc:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:25:D3:7C:02:EC:B0:65:08:A1:72:EA:16:43:BE:A2:91:B2:1E:3B
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/4SXTfALssGUIoXLqFkO-opGyHjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.64.0/22
                  91.242.97.0/24
                  91.242.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:79:b3:20:66:50:49:02:66:12:1c:e3:be:73:ae:15:a0:95:
         00:42:69:1f:b6:f2:07:5e:b2:04:38:72:de:e1:db:a7:cd:55:
         12:cd:67:c8:66:2b:c5:53:5c:75:7f:53:49:0f:1b:2c:90:7b:
         7d:0f:94:e5:d7:1a:f5:9c:e1:d7:cc:76:80:cd:3b:46:4f:5a:
         b4:a1:22:3f:50:85:81:27:32:14:e2:ef:15:2a:a1:80:03:12:
         49:a3:15:f8:43:00:ef:65:19:9a:f3:b3:d0:56:90:9e:95:d2:
         0e:38:48:e3:05:7a:cf:89:9b:c5:22:9a:cb:1c:55:68:df:53:
         38:68:2c:18:1f:d7:2b:67:ae:89:71:58:55:a7:d1:db:0e:8c:
         e0:65:c5:61:c2:60:2e:79:e5:b4:29:9d:dd:09:ea:ea:c9:97:
         46:cd:16:3a:12:5b:09:15:ff:ed:88:48:67:b6:e0:78:f7:ad:
         9a:09:55:9b:2e:71:1f:0b:8d:b2:01:cc:20:8b:33:b9:8a:91:
         ea:66:9f:0a:de:0c:8c:f2:dd:22:cc:c9:a7:e6:c2:64:98:20:
         13:a9:35:69:99:7d:93:25:8f:43:6e:f2:27:7e:a9:73:b0:15:
         46:9f:5d:cc:9c:55:7f:86:3a:e0:3c:e4:62:c5:54:07:67:64:
         e2:6b:5f:12
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzC2y0u0KZch2tr2QRPM77FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTI1ZDM3YzAyZWNiMDY1MDhhMTcyZWExNjQzYmVhMjkxYjIxZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsibRsEOE9i7vjVRtkxERihDcw3zW
qDwAz8xh1Rp/WVJQ3/nBMblTpbbLPe7356HbzdFyfoiisW7DobVzcVkvFsO8RBWb
vxif4BjaDdqmszoYd26sggzAyWSq406HNEOdkateMCGmbURLncGxJQoL5Uuy5N12
TpZOegA9quSYWmsmqeHSjD7j0DQXCQF/8qSrObm5bdkdLYMwM31NxctdaCJvcId+
IICITXyHHEaj4dcsyUaaE9nywY+UsFsruHzkihH9xh3EuWvcmI+KaclOGHRwq0dU
Z4QpvLyOmDHHGqxqXts76HbjLpXnxE/yJofMAlUCeNEGR/T6XBucnRHMVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOEl03wC7LBlCKFy6hZDvqKRsh47MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvNFNYVGZBTHNzR1VJb1hMcUZrTy1vcEd5SGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW/JAAwQA
W/JhAwQAW/JpMA0GCSqGSIb3DQEBCwUAA4IBAQC1ebMgZlBJAmYSHOO+c64VoJUA
QmkftvIHXrIEOHLe4dunzVUSzWfIZivFU1x1f1NJDxsskHt9D5Tl1xr1nOHXzHaA
zTtGT1q0oSI/UIWBJzIU4u8VKqGAAxJJoxX4QwDvZRma87PQVpCeldIOOEjjBXrP
iZvFIprLHFVo31M4aCwYH9crZ66JcVhVp9HbDozgZcVhwmAueeW0KZ3dCerqyZdG
zRY6ElsJFf/tiEhntuB4962aCVWbLnEfC42yAcwgizO5ipHqZp8K3gyM8t0izMmn
5sJkmCATqTVpmX2TJY9DbvInfqlzsBVGn13MnFV/hjrgPORixVQHZ2Tia18S
-----END CERTIFICATE-----
Generated at Wed Oct 16 21:17:35 2024 by rpki-client on console-ams.rpki-client.org