Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/ZkuLjheXPmIMFj-051HQ-gKqNx4.roa
File:                     ZkuLjheXPmIMFj-051HQ-gKqNx4.roa (raw, json)
Hash identifier:          WT27WtX/9twjcIRfPZaKTXuXi1Q7wBVgOlWbbb5lcrc=
Subject key identifier:   66:4B:8B:8E:17:97:3E:62:0C:16:3F:B4:E7:51:D0:FA:02:AA:37:1E
Certificate issuer:       /CN=a4cafcb4612d1d6571920f4e486056981036a620
Certificate serial:       01856FD4E5C862A1B0DC270648D49C5B429A
Authority key identifier: A4:CA:FC:B4:61:2D:1D:65:71:92:0F:4E:48:60:56:98:10:36:A6:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pMr8tGEtHWVxkg9OSGBWmBA2piA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/ZkuLjheXPmIMFj-051HQ-gKqNx4.roa
Signing time:             Mon 02 Jan 2023 00:15:01 +0000
ROA not before:           Mon 02 Jan 2023 00:15:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39002
IP address blocks:        91.208.179.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d4:e5:c8:62:a1:b0:dc:27:06:48:d4:9c:5b:42:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4cafcb4612d1d6571920f4e486056981036a620
        Validity
            Not Before: Jan  2 00:15:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=664b8b8e17973e620c163fb4e751d0fa02aa371e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:9d:ff:a9:e7:5f:9a:24:62:32:6b:99:3e:6f:
                    be:67:86:f5:41:73:71:b8:b2:f2:d6:5c:22:3e:13:
                    c2:35:d4:55:fa:a4:82:ab:36:69:3c:8d:9e:4c:0c:
                    23:46:0d:25:e2:6b:e2:a6:c7:86:ac:4a:2c:2c:39:
                    8f:09:96:db:6e:ca:40:4c:1a:5e:f3:bd:98:53:e8:
                    7a:df:a2:84:88:4d:2c:e5:1a:31:8f:b2:fe:da:ca:
                    62:35:da:43:ea:08:50:09:cb:1c:84:9f:d1:1c:d1:
                    a6:1c:fd:06:a7:fe:1c:0b:0f:cf:73:5e:cf:93:0c:
                    bb:0b:60:8f:02:94:a9:d5:93:33:27:4f:54:9d:43:
                    b9:b0:e3:c1:d3:6f:4f:c0:82:a9:53:63:dd:e0:73:
                    dd:08:b1:78:7c:bf:3f:e2:14:86:6e:27:cf:b1:3c:
                    32:19:f7:bb:38:bb:bf:77:e7:74:89:9c:2d:d4:4e:
                    90:14:69:e2:4b:8d:d8:30:e3:29:c4:b5:cc:f4:c2:
                    85:1a:3f:28:6c:de:f7:b2:58:c9:e4:5f:46:75:03:
                    15:a7:42:60:06:1e:e2:2a:a6:5c:b0:47:43:fe:e0:
                    dd:9d:4f:de:0d:1c:0f:2e:e5:92:79:4a:c1:33:0e:
                    41:99:fb:14:fe:c1:64:da:b0:fe:ac:d8:47:e3:fd:
                    10:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:4B:8B:8E:17:97:3E:62:0C:16:3F:B4:E7:51:D0:FA:02:AA:37:1E
            X509v3 Authority Key Identifier:
                keyid:A4:CA:FC:B4:61:2D:1D:65:71:92:0F:4E:48:60:56:98:10:36:A6:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pMr8tGEtHWVxkg9OSGBWmBA2piA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/ZkuLjheXPmIMFj-051HQ-gKqNx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/d1f8e9-d166-41bf-b96d-f17b0fddd0e0/1/pMr8tGEtHWVxkg9OSGBWmBA2piA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:d2:92:21:bf:1b:5c:89:7d:fb:69:ff:67:e5:bf:7d:a9:40:
         b7:e5:29:db:ec:55:4f:51:a3:a2:14:cd:05:78:eb:16:02:12:
         88:d5:28:05:d6:87:5c:f1:92:26:b2:b8:03:08:95:32:af:c1:
         6e:a4:08:96:dc:e5:4b:75:05:0b:8d:41:11:3d:8a:7f:24:0d:
         c3:c8:b1:8b:5b:b6:6e:64:cc:f6:1a:4c:17:29:17:87:98:27:
         c0:ff:44:f6:5d:a1:57:69:4b:66:e2:aa:12:c2:e2:b2:9f:eb:
         d0:2d:0c:64:61:30:3d:3b:be:c8:78:e4:7d:5c:9d:23:ad:90:
         da:be:bb:39:30:ba:67:3a:5b:0c:92:e1:ab:4a:4e:b9:e9:48:
         75:bf:0a:dd:8e:42:ca:46:ad:50:38:5d:2f:46:ce:43:3e:ed:
         f9:2d:f5:19:2c:c7:a3:aa:e2:df:93:15:44:ed:55:92:6b:2c:
         46:2f:ec:bc:38:3b:d0:bf:b4:ec:4e:6a:ab:32:c8:44:78:1c:
         91:67:a0:3b:f6:4d:e8:66:c9:85:e8:bd:57:33:60:35:1f:16:
         5c:72:c4:00:0f:7c:4d:af:23:a1:0a:e5:2f:99:16:f1:49:c4:
         91:fc:c0:b1:88:ee:72:bd:3f:c6:51:23:1f:5a:12:b4:8a:ec:
         de:f1:c5:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVv1OXIYqGw3CcGSNScW0KaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0Y2FmY2I0NjEyZDFkNjU3MTkyMGY0ZTQ4NjA1Njk4MTAz
NmE2MjAwHhcNMjMwMTAyMDAxNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjRiOGI4ZTE3OTczZTYyMGMxNjNmYjRlNzUxZDBmYTAyYWEzNzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZ3/qedfmiRiMmuZPm++Z4b1QXNx
uLLy1lwiPhPCNdRV+qSCqzZpPI2eTAwjRg0l4mvipseGrEosLDmPCZbbbspATBpe
872YU+h636KEiE0s5Roxj7L+2spiNdpD6ghQCcschJ/RHNGmHP0Gp/4cCw/Pc17P
kwy7C2CPApSp1ZMzJ09UnUO5sOPB029PwIKpU2Pd4HPdCLF4fL8/4hSGbifPsTwy
Gfe7OLu/d+d0iZwt1E6QFGniS43YMOMpxLXM9MKFGj8obN73sljJ5F9GdQMVp0Jg
Bh7iKqZcsEdD/uDdnU/eDRwPLuWSeUrBMw5BmfsU/sFk2rD+rNhH4/0QQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGZLi44Xlz5iDBY/tOdR0PoCqjceMB8GA1UdIwQY
MBaAFKTK/LRhLR1lcZIPTkhgVpgQNqYgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE1yOHRHRXRIV1Z4a2c5T1NHQldtQkEycGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kMWY4ZTktZDE2Ni00MWJmLWI5NmQt
ZjE3YjBmZGRkMGUwLzEvWmt1TGpoZVhQbUlNRmotMDUxSFEtZ0txTng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kMWY4ZTktZDE2Ni00MWJmLWI5NmQtZjE3YjBmZGRkMGUw
LzEvcE1yOHRHRXRIV1Z4a2c5T1NHQldtQkEycGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9CzMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ0pIhvxtciX37af9n5b99qUC35Snb7FVPUaOiFM0F
eOsWAhKI1SgF1odc8ZImsrgDCJUyr8FupAiW3OVLdQULjUERPYp/JA3DyLGLW7Zu
ZMz2GkwXKReHmCfA/0T2XaFXaUtm4qoSwuKyn+vQLQxkYTA9O77IeOR9XJ0jrZDa
vrs5MLpnOlsMkuGrSk656Uh1vwrdjkLKRq1QOF0vRs5DPu35LfUZLMejquLfkxVE
7VWSayxGL+y8ODvQv7TsTmqrMshEeByRZ6A79k3oZsmF6L1XM2A1HxZccsQAD3xN
ryOhCuUvmRbxScSR/MCxiO5yvT/GUSMfWhK0iuze8cVk
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:25 2024 by rpki-client on console-fra.rpki-client.org