Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/Jba9a4PvlzvTi4RYAoP-NVUzcvk.roa
File:                     Jba9a4PvlzvTi4RYAoP-NVUzcvk.roa (raw, json)
Hash identifier:          CpjtrzrGzh/dgl0CO8bYqE2bOg/WFyPvSYFl/OTaVcQ=
Subject key identifier:   25:B6:BD:6B:83:EF:97:3B:D3:8B:84:58:02:83:FE:35:55:33:72:F9
Certificate issuer:       /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial:       0189B63E86086C9B01E75DC59D9CEBAB81F4
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/Jba9a4PvlzvTi4RYAoP-NVUzcvk.roa
Signing time:             Wed 02 Aug 2023 12:34:58 +0000
ROA not before:           Wed 02 Aug 2023 12:34:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20616
IP address blocks:        195.246.242.0/23 maxlen: 23
                          91.208.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:b6:3e:86:08:6c:9b:01:e7:5d:c5:9d:9c:eb:ab:81:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
        Validity
            Not Before: Aug  2 12:34:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=25b6bd6b83ef973bd38b84580283fe35553372f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4d:5f:30:13:86:db:ef:d6:ee:46:d0:f1:5d:
                    aa:b2:31:25:27:54:32:b9:c6:42:8c:78:f0:ae:e7:
                    01:db:d5:3c:d4:66:ef:7a:92:9f:72:e4:10:71:92:
                    d2:05:b6:a5:7b:64:58:1d:8c:16:57:4c:3a:2c:35:
                    1b:5a:13:10:c9:c5:85:4a:10:23:94:37:7a:96:7e:
                    0a:33:03:20:5c:ae:1e:2d:25:8b:47:e7:d7:3c:2e:
                    f9:d7:be:96:58:68:a8:fd:80:21:e9:05:ef:3d:7b:
                    7b:df:eb:08:05:c3:2d:e6:fe:b4:e9:41:7d:a8:e2:
                    4b:d0:51:34:21:1f:f1:e8:35:1c:9d:9f:7c:11:7f:
                    e8:22:41:42:ce:5e:27:e0:44:d2:81:9b:13:15:d1:
                    50:e9:7c:c6:19:38:12:8a:85:13:66:cb:e3:fc:9e:
                    97:eb:37:c1:fe:da:a4:de:92:56:10:ed:66:b4:13:
                    27:66:4e:53:52:0a:23:ee:b5:d9:88:0d:d8:e9:b1:
                    48:62:b6:16:db:19:a3:e2:53:88:3d:16:83:f1:79:
                    2f:97:8e:18:24:17:90:f1:5e:d1:c7:db:e7:16:75:
                    bf:f2:93:4c:b0:24:fe:63:b6:54:b2:ab:3c:d9:be:
                    97:23:b0:44:43:f4:98:34:61:c1:e6:a2:f0:a1:3d:
                    e2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:B6:BD:6B:83:EF:97:3B:D3:8B:84:58:02:83:FE:35:55:33:72:F9
            X509v3 Authority Key Identifier:
                keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/Jba9a4PvlzvTi4RYAoP-NVUzcvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.142.0/24
                  195.246.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:3e:78:3e:f8:9b:a6:e8:1e:cc:a5:44:cc:c6:e3:06:9c:32:
         9a:06:ca:0a:fe:e1:06:a9:1c:a8:47:48:cb:33:c2:4f:f0:01:
         40:a5:ec:0e:6c:38:40:f4:70:d1:3c:fd:bb:a8:bc:bd:2f:7a:
         34:b4:18:d7:e0:7b:13:d2:24:f1:40:cb:b5:bd:07:8f:b4:45:
         6b:df:35:8a:be:ba:9e:b1:11:0f:07:b2:f6:97:77:52:7c:1d:
         81:b4:b0:10:03:34:4b:b5:78:a4:2e:9a:ce:df:54:8d:51:1e:
         bf:12:7c:02:77:06:22:ed:b7:a0:3d:7e:22:c1:0a:fc:06:6c:
         52:b3:ab:41:1d:c3:50:94:94:41:5a:0f:ef:02:36:e5:b2:f6:
         e0:43:63:45:14:0b:0f:63:5b:bc:a8:dc:bb:af:ed:eb:a6:35:
         17:c9:99:80:6c:01:52:29:a2:3b:aa:e9:a5:8c:6e:a2:23:4f:
         c5:fa:f0:fb:32:4e:38:2b:c9:89:f7:f9:77:4e:c2:05:d9:73:
         20:e3:ee:27:5d:9c:79:0e:19:6d:3b:83:01:f4:e7:62:c4:74:
         b6:62:53:63:22:e7:91:0f:29:e5:47:ea:81:00:4f:02:65:b9:
         dd:ee:52:23:7b:59:02:fb:70:a9:69:41:cc:bb:50:6e:c5:94:
         c0:e4:ec:c8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYm2PoYIbJsB513FnZzrq4H0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjMwODAyMTIzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWI2YmQ2YjgzZWY5NzNiZDM4Yjg0NTgwMjgzZmUzNTU1MzM3MmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE1fMBOG2+/W7kbQ8V2qsjElJ1Qy
ucZCjHjwrucB29U81GbvepKfcuQQcZLSBbale2RYHYwWV0w6LDUbWhMQycWFShAj
lDd6ln4KMwMgXK4eLSWLR+fXPC75176WWGio/YAh6QXvPXt73+sIBcMt5v606UF9
qOJL0FE0IR/x6DUcnZ98EX/oIkFCzl4n4ETSgZsTFdFQ6XzGGTgSioUTZsvj/J6X
6zfB/tqk3pJWEO1mtBMnZk5TUgoj7rXZiA3Y6bFIYrYW2xmj4lOIPRaD8Xkvl44Y
JBeQ8V7Rx9vnFnW/8pNMsCT+Y7ZUsqs82b6XI7BEQ/SYNGHB5qLwoT3ieQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCW2vWuD75c704uEWAKD/jVVM3L5MB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvSmJhOWE0UHZsenZUaTRSWUFvUC1OVlV6Y3ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9COAwQB
w/byMA0GCSqGSIb3DQEBCwUAA4IBAQCEPng++Jum6B7MpUTMxuMGnDKaBsoK/uEG
qRyoR0jLM8JP8AFApewObDhA9HDRPP27qLy9L3o0tBjX4HsT0iTxQMu1vQePtEVr
3zWKvrqesREPB7L2l3dSfB2BtLAQAzRLtXikLprO31SNUR6/EnwCdwYi7begPX4i
wQr8BmxSs6tBHcNQlJRBWg/vAjblsvbgQ2NFFAsPY1u8qNy7r+3rpjUXyZmAbAFS
KaI7qumljG6iI0/F+vD7Mk44K8mJ9/l3TsIF2XMg4+4nXZx5DhltO4MB9OdixHS2
YlNjIueRDynlR+qBAE8CZbnd7lIje1kC+3CpaUHMu1BuxZTA5OzI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:27 2024 by rpki-client on console-fra.rpki-client.org