Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/pOkXbHieeED4uMBk1fwgVTBKCuA.roa
File:                     pOkXbHieeED4uMBk1fwgVTBKCuA.roa (raw, json)
Hash identifier:          svk3QIHPM266/z73EUCPzjb3/k42t84uDabLRBG389c=
Subject key identifier:   A4:E9:17:6C:78:9E:78:40:F8:B8:C0:64:D5:FC:20:55:30:4A:0A:E0
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       01856F94BD75D74E912F6E0A08BD26492951
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/pOkXbHieeED4uMBk1fwgVTBKCuA.roa
Signing time:             Sun 01 Jan 2023 23:04:56 +0000
ROA not before:           Sun 01 Jan 2023 23:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     680
IP address blocks:        192.166.56.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:35:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:94:bd:75:d7:4e:91:2f:6e:0a:08:bd:26:49:29:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Jan  1 23:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a4e9176c789e7840f8b8c064d5fc2055304a0ae0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:30:67:bd:d5:93:c9:cb:1a:da:9c:31:b9:c2:
                    62:3f:8e:0b:53:9b:e0:b8:80:e4:22:f9:5e:44:64:
                    1f:9b:9e:f0:38:53:ad:bb:c5:70:e7:75:7c:b0:02:
                    1e:58:f5:cc:98:6f:02:2f:5f:57:c3:7a:e0:f3:73:
                    33:39:d9:d9:79:b6:95:44:19:af:a0:ee:28:c8:b3:
                    6f:59:4e:e9:cb:8f:c1:b2:d3:d6:52:80:9c:96:ab:
                    38:62:e5:be:8e:44:d8:a6:25:00:43:11:87:03:a7:
                    82:d0:d2:e9:0b:97:3a:37:d9:a5:15:6f:c8:dd:88:
                    a0:2e:ce:bd:6d:4d:bb:4d:35:fa:7f:30:f1:40:f7:
                    72:20:a9:df:05:5f:6d:a2:d9:cf:b1:18:06:aa:96:
                    df:64:85:3b:b3:9f:68:cb:33:7b:7b:7c:da:30:4e:
                    ca:84:b2:e8:05:67:04:35:d5:ae:26:6c:06:98:f0:
                    dc:f1:2f:31:fb:dc:0a:1d:2b:44:ce:10:31:c3:76:
                    f8:a0:fb:a1:48:62:ce:ec:cf:85:14:25:ae:dc:44:
                    a0:a6:18:5f:4c:55:fc:14:7c:29:eb:ae:b0:b8:17:
                    aa:b5:20:eb:cb:5b:0b:83:c8:3f:e9:d0:5e:ce:aa:
                    46:96:85:8e:3b:4e:ed:fa:b5:cf:d0:71:b2:61:08:
                    d6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:E9:17:6C:78:9E:78:40:F8:B8:C0:64:D5:FC:20:55:30:4A:0A:E0
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/pOkXbHieeED4uMBk1fwgVTBKCuA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.56.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:8a:ae:b1:80:73:30:f4:bf:ee:4a:08:b7:b5:03:c2:8b:52:
         d7:77:5c:2b:0b:0c:c1:63:1b:72:f0:45:08:cc:81:aa:99:a8:
         a2:f9:c6:9f:a4:62:6f:be:7d:e2:9f:b4:f9:58:ad:50:09:b8:
         15:62:43:04:b1:71:9d:b0:3d:67:9a:04:ad:6f:b2:6d:f4:42:
         3e:71:cb:8a:06:54:a9:61:c3:ba:be:18:93:10:66:11:2c:71:
         a2:da:66:40:10:ed:f4:48:d7:ca:8e:3d:cb:d9:9c:ba:b5:09:
         50:6d:46:b0:40:dc:50:18:fb:40:f7:da:e3:06:68:3c:95:7c:
         36:a2:fb:67:e7:70:dc:20:09:e3:9d:35:07:44:7c:86:2c:33:
         9e:28:01:0f:6b:05:5a:6d:a0:a3:e4:a6:79:79:57:3f:0a:f3:
         eb:c9:c6:01:5e:f5:a9:e5:7d:ac:26:aa:fa:0c:84:17:49:14:
         0d:a8:d5:50:a7:73:82:e7:c9:e7:b4:da:90:4b:1e:fb:8d:83:
         a0:cd:c1:b8:76:99:9e:cf:35:de:28:c2:d5:0c:04:c8:9f:75:
         25:15:7a:44:42:c3:31:34:b4:cc:b4:a2:2e:f0:44:9b:96:a0:
         ce:5a:6d:ec:99:7f:2b:23:d2:d4:f0:68:76:42:2e:aa:29:b8:
         16:b4:c6:d6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVvlL11106RL24KCL0mSSlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjMwMTAxMjMwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGU5MTc2Yzc4OWU3ODQwZjhiOGMwNjRkNWZjMjA1NTMwNGEwYWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizBnvdWTycsa2pwxucJiP44LU5vg
uIDkIvleRGQfm57wOFOtu8Vw53V8sAIeWPXMmG8CL19Xw3rg83MzOdnZebaVRBmv
oO4oyLNvWU7py4/BstPWUoCclqs4YuW+jkTYpiUAQxGHA6eC0NLpC5c6N9mlFW/I
3YigLs69bU27TTX6fzDxQPdyIKnfBV9totnPsRgGqpbfZIU7s59oyzN7e3zaME7K
hLLoBWcENdWuJmwGmPDc8S8x+9wKHStEzhAxw3b4oPuhSGLO7M+FFCWu3ESgphhf
TFX8FHwp666wuBeqtSDry1sLg8g/6dBezqpGloWOO07t+rXP0HGyYQjWxwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKTpF2x4nnhA+LjAZNX8IFUwSgrgMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL3BPa1hiSGllZUVENHVNQmsxZndnVlRCS0N1QS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAPApjgw
DQYJKoZIhvcNAQELBQADggEBAGiKrrGAczD0v+5KCLe1A8KLUtd3XCsLDMFjG3Lw
RQjMgaqZqKL5xp+kYm++feKftPlYrVAJuBViQwSxcZ2wPWeaBK1vsm30Qj5xy4oG
VKlhw7q+GJMQZhEscaLaZkAQ7fRI18qOPcvZnLq1CVBtRrBA3FAY+0D32uMGaDyV
fDai+2fncNwgCeOdNQdEfIYsM54oAQ9rBVptoKPkpnl5Vz8K8+vJxgFe9anlfawm
qvoMhBdJFA2o1VCnc4Lnyee02pBLHvuNg6DNwbh2mZ7PNd4owtUMBMifdSUVekRC
wzE0tMy0oi7wRJuWoM5abeyZfysj0tTwaHZCLqopuBa0xtY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:27 2024 by rpki-client on console-fra.rpki-client.org