Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/xJBae1so1m8OwSkivK1GY7T0fhg.roa
File:                     xJBae1so1m8OwSkivK1GY7T0fhg.roa (raw, json)
Hash identifier:          hicKSy9S6+Ge2dfnXdARgTCVjy3FtftO00w8K7fMTaA=
Subject key identifier:   C4:90:5A:7B:5B:28:D6:6F:0E:C1:29:22:BC:AD:46:63:B4:F4:7E:18
Certificate issuer:       /CN=a0afe1fed1f2b7db24a0c2d1f61010684e93cbd5
Certificate serial:       01856D2F3C624F7EF2C6E6EF8BBF8A4832AE
Authority key identifier: A0:AF:E1:FE:D1:F2:B7:DB:24:A0:C2:D1:F6:10:10:68:4E:93:CB:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/xJBae1so1m8OwSkivK1GY7T0fhg.roa
Signing time:             Sun 01 Jan 2023 11:54:50 +0000
ROA not before:           Sun 01 Jan 2023 11:54:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200621
IP address blocks:        188.214.101.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:2f:3c:62:4f:7e:f2:c6:e6:ef:8b:bf:8a:48:32:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0afe1fed1f2b7db24a0c2d1f61010684e93cbd5
        Validity
            Not Before: Jan  1 11:54:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4905a7b5b28d66f0ec12922bcad4663b4f47e18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:66:52:3b:f7:0d:50:a7:e0:a9:5b:9a:ed:37:
                    c4:64:9c:b4:30:23:a8:6b:97:07:1d:17:85:1b:eb:
                    a7:ca:53:57:cc:67:9d:36:83:58:2a:28:a1:32:b7:
                    ae:e2:23:77:f8:89:7b:08:d5:d4:c4:b9:1c:a6:3a:
                    cb:6b:cf:80:51:8d:7c:b4:1c:a8:7d:19:d6:8b:5f:
                    92:37:45:ae:64:56:12:ec:40:01:63:35:40:9c:80:
                    d2:b4:a2:58:c6:cf:b0:ea:19:20:ec:ad:34:ef:be:
                    24:30:88:a9:61:04:bb:99:bd:15:97:b1:13:86:e8:
                    ce:60:e7:d8:56:fc:74:33:37:b1:9a:61:1a:78:d8:
                    c7:1c:8d:80:2e:87:4c:ee:46:f7:4b:7b:2d:2c:e3:
                    20:4c:ab:d8:12:2a:d7:d1:1a:8a:f7:fc:5b:66:ad:
                    d1:f5:98:ab:ed:ed:5f:6d:9c:be:0e:2b:7f:8e:8a:
                    f8:fc:3b:1f:88:c6:f9:cc:16:3e:0a:86:83:a0:17:
                    08:0c:15:97:a8:98:61:93:58:a5:9d:ab:c3:fd:5b:
                    d1:f9:79:3e:a2:d0:c9:c7:b5:9c:05:fb:bb:1e:6c:
                    1a:cd:05:a2:8d:5a:e0:b1:99:c2:88:3f:c1:b8:64:
                    cd:af:08:15:42:81:e0:ae:8d:95:e2:08:2d:8b:cd:
                    6d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:90:5A:7B:5B:28:D6:6F:0E:C1:29:22:BC:AD:46:63:B4:F4:7E:18
            X509v3 Authority Key Identifier:
                keyid:A0:AF:E1:FE:D1:F2:B7:DB:24:A0:C2:D1:F6:10:10:68:4E:93:CB:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oK_h_tHyt9skoMLR9hAQaE6Ty9U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/xJBae1so1m8OwSkivK1GY7T0fhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3202ad-7b46-422d-a4d2-eca53a7f7762/1/oK_h_tHyt9skoMLR9hAQaE6Ty9U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:ca:ae:24:9d:ab:8f:93:4e:b6:39:27:7f:6b:f6:d9:a7:68:
         79:75:7b:8d:bd:01:ec:05:51:2c:f7:6d:97:4f:e3:cc:f9:8a:
         60:2f:f7:e3:55:42:0a:11:6e:3a:c4:46:4f:83:a0:4a:9a:48:
         dd:1c:4b:3c:bf:90:c1:56:5b:35:54:85:f6:9d:b0:c1:9a:92:
         5d:5d:da:e4:75:40:84:24:77:39:65:28:15:71:47:15:f5:ec:
         1f:85:26:6b:7c:66:50:8d:06:2c:77:c9:ec:55:5b:9d:60:d5:
         7b:80:12:49:bc:d9:60:46:97:97:7e:62:ff:dd:61:0a:95:a6:
         21:5a:be:47:ae:a4:16:80:65:f8:f9:31:6a:e0:7a:21:ce:75:
         24:cc:14:9a:fa:bb:6b:72:49:84:ed:91:5a:b7:8a:e3:d6:c8:
         bc:f0:15:2d:b3:65:d2:74:e0:28:9c:25:a3:34:2f:3d:bd:5d:
         65:bb:3b:e9:dc:ff:44:fc:b3:d2:15:56:0b:38:b1:3c:1d:bb:
         36:1a:9d:a1:c1:73:a4:6e:47:50:b8:f1:76:70:8c:2b:2d:9a:
         11:9a:23:9e:e3:77:c8:0d:18:d4:32:4b:50:6c:06:30:d9:57:
         8b:d5:e5:01:3e:47:91:ba:c4:71:f2:06:1a:1f:f4:e3:e7:37:
         03:89:b1:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtLzxiT37yxubvi7+KSDKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwYWZlMWZlZDFmMmI3ZGIyNGEwYzJkMWY2MTAxMDY4NGU5
M2NiZDUwHhcNMjMwMTAxMTE1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDkwNWE3YjViMjhkNjZmMGVjMTI5MjJiY2FkNDY2M2I0ZjQ3ZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGZSO/cNUKfgqVua7TfEZJy0MCOo
a5cHHReFG+unylNXzGedNoNYKiihMreu4iN3+Il7CNXUxLkcpjrLa8+AUY18tByo
fRnWi1+SN0WuZFYS7EABYzVAnIDStKJYxs+w6hkg7K00774kMIipYQS7mb0Vl7ET
hujOYOfYVvx0MzexmmEaeNjHHI2ALodM7kb3S3stLOMgTKvYEirX0RqK9/xbZq3R
9Zir7e1fbZy+Dit/jor4/DsfiMb5zBY+CoaDoBcIDBWXqJhhk1ilnavD/VvR+Xk+
otDJx7WcBfu7HmwazQWijVrgsZnCiD/BuGTNrwgVQoHgro2V4ggti81tqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSQWntbKNZvDsEpIrytRmO09H4YMB8GA1UdIwQY
MBaAFKCv4f7R8rfbJKDC0fYQEGhOk8vVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0tfaF90SHl0OXNrb01MUjloQVFhRTZUeTlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zMjAyYWQtN2I0Ni00MjJkLWE0ZDIt
ZWNhNTNhN2Y3NzYyLzEveEpCYWUxc28xbThPd1NraXZLMUdZN1QwZmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zMjAyYWQtN2I0Ni00MjJkLWE0ZDItZWNhNTNhN2Y3NzYy
LzEvb0tfaF90SHl0OXNrb01MUjloQVFhRTZUeTlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNZlMA0G
CSqGSIb3DQEBCwUAA4IBAQAVyq4knauPk062OSd/a/bZp2h5dXuNvQHsBVEs922X
T+PM+YpgL/fjVUIKEW46xEZPg6BKmkjdHEs8v5DBVls1VIX2nbDBmpJdXdrkdUCE
JHc5ZSgVcUcV9ewfhSZrfGZQjQYsd8nsVVudYNV7gBJJvNlgRpeXfmL/3WEKlaYh
Wr5HrqQWgGX4+TFq4HohznUkzBSa+rtrckmE7ZFat4rj1si88BUts2XSdOAonCWj
NC89vV1luzvp3P9E/LPSFVYLOLE8Hbs2Gp2hwXOkbkdQuPF2cIwrLZoRmiOe43fI
DRjUMktQbAYw2VeL1eUBPkeRusRx8gYaH/Tj5zcDibFo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:52 2024 by rpki-client on console-ams.rpki-client.org