Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/Q2ezyYuYUA216N_GZ7cXxzq_Vpo.roa
File:                     Q2ezyYuYUA216N_GZ7cXxzq_Vpo.roa (raw, json)
Hash identifier:          y/LWmKDo5cmv4v2noAhSa1yP+bIAiEG5Vjo77b0g7os=
Subject key identifier:   43:67:B3:C9:8B:98:50:0D:B5:E8:DF:C6:67:B7:17:C7:3A:BF:56:9A
Certificate issuer:       /CN=678cebf7eec3d5e0121e401170ce01ff3888d4ec
Certificate serial:       01856F2FD149A3314700DA39E48D9F295276
Authority key identifier: 67:8C:EB:F7:EE:C3:D5:E0:12:1E:40:11:70:CE:01:FF:38:88:D4:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z4zr9-7D1eASHkARcM4B_ziI1Ow.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/Q2ezyYuYUA216N_GZ7cXxzq_Vpo.roa
Signing time:             Sun 01 Jan 2023 21:14:42 +0000
ROA not before:           Sun 01 Jan 2023 21:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     4358
IP address blocks:        91.228.109.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:2f:d1:49:a3:31:47:00:da:39:e4:8d:9f:29:52:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=678cebf7eec3d5e0121e401170ce01ff3888d4ec
        Validity
            Not Before: Jan  1 21:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4367b3c98b98500db5e8dfc667b717c73abf569a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0d:7e:b7:c6:af:7a:2d:96:62:44:a3:ae:d6:
                    cf:7a:21:1c:5b:e1:42:f0:bb:93:33:fc:cf:ce:20:
                    fd:08:d6:0b:eb:b4:57:b8:82:f0:05:e2:d3:02:a1:
                    f3:cf:c3:dc:d6:d2:58:a3:8c:43:a5:0f:d3:64:0e:
                    88:5f:56:c9:f0:62:09:e0:ff:67:71:a3:ec:1c:f3:
                    bb:dd:64:96:24:e2:d2:bb:83:c5:25:85:91:ad:d0:
                    94:dd:13:2a:80:d1:3e:f0:1e:7d:08:fe:bb:5a:7e:
                    2a:d0:a3:62:29:d6:df:8e:ee:88:b6:19:3c:af:1b:
                    c0:55:aa:51:f4:bd:76:58:bc:50:e4:64:d8:85:1c:
                    85:d4:03:b2:01:23:9d:b6:cd:2b:7d:63:f5:94:b0:
                    88:75:98:d1:b5:cf:c4:2e:14:93:98:ec:5c:9a:ec:
                    7d:94:ea:34:10:96:74:1b:a2:ee:7c:1c:da:2a:7d:
                    e5:10:0a:3d:9e:85:0a:4f:14:22:a4:72:c1:20:a7:
                    ec:8a:ae:da:c8:89:c7:c0:26:3b:b2:2e:2f:44:39:
                    6c:e2:d4:cc:c2:db:93:86:04:6b:f6:d7:dd:11:fc:
                    c9:53:bc:b1:a0:09:13:6c:10:92:50:1e:36:2f:e5:
                    e5:d1:a1:4d:06:0f:d6:be:e2:d8:60:4c:d7:f3:db:
                    80:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:67:B3:C9:8B:98:50:0D:B5:E8:DF:C6:67:B7:17:C7:3A:BF:56:9A
            X509v3 Authority Key Identifier:
                keyid:67:8C:EB:F7:EE:C3:D5:E0:12:1E:40:11:70:CE:01:FF:38:88:D4:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z4zr9-7D1eASHkARcM4B_ziI1Ow.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/Q2ezyYuYUA216N_GZ7cXxzq_Vpo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/Z4zr9-7D1eASHkARcM4B_ziI1Ow.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:cb:58:b7:c8:34:1b:b9:46:b4:5f:bc:86:82:f4:49:b2:84:
         0f:8b:5f:6d:f3:fe:57:d3:71:0c:4f:f7:5c:00:65:ca:a2:f1:
         43:cf:c4:0b:18:d1:0f:22:b6:0d:b0:5a:30:fb:73:6e:7b:3b:
         9d:11:fd:f3:71:5e:4e:16:b3:5e:24:06:da:0b:b7:4d:c7:85:
         d0:d2:64:4b:d0:d1:6a:1e:cc:23:4e:83:27:c4:f5:7f:cc:8e:
         92:bc:ba:95:7e:b2:c4:86:64:67:8c:c9:ff:12:d6:27:c1:a4:
         40:8d:f3:85:e5:97:e3:4d:25:b1:fb:ce:df:87:a9:fe:aa:bb:
         5c:7e:02:ee:99:c7:ba:20:41:cf:2c:f6:42:4d:b0:ea:65:d3:
         dd:d8:78:37:e7:ca:db:9c:4f:8c:b1:5a:bc:33:7d:2e:5f:ca:
         cf:6c:f1:55:a8:3e:12:84:b8:a5:33:b1:61:c1:63:cf:c3:a1:
         b0:79:b7:80:81:94:55:e7:1f:19:2e:45:80:48:e5:8f:69:37:
         c6:5e:ed:26:3d:61:08:86:1e:74:79:47:54:a1:ea:53:ed:81:
         d5:eb:04:75:3a:7d:6b:2f:7e:29:c3:bf:ae:85:aa:88:e4:e8:
         4f:7c:63:30:4f:54:fa:2e:8a:97:89:c0:b4:51:33:80:c0:a8:
         fa:e7:4a:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvL9FJozFHANo55I2fKVJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OGNlYmY3ZWVjM2Q1ZTAxMjFlNDAxMTcwY2UwMWZmMzg4
OGQ0ZWMwHhcNMjMwMTAxMjExNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY3YjNjOThiOTg1MDBkYjVlOGRmYzY2N2I3MTdjNzNhYmY1NjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA1+t8avei2WYkSjrtbPeiEcW+FC
8LuTM/zPziD9CNYL67RXuILwBeLTAqHzz8Pc1tJYo4xDpQ/TZA6IX1bJ8GIJ4P9n
caPsHPO73WSWJOLSu4PFJYWRrdCU3RMqgNE+8B59CP67Wn4q0KNiKdbfju6Ithk8
rxvAVapR9L12WLxQ5GTYhRyF1AOyASOdts0rfWP1lLCIdZjRtc/ELhSTmOxcmux9
lOo0EJZ0G6LufBzaKn3lEAo9noUKTxQipHLBIKfsiq7ayInHwCY7si4vRDls4tTM
wtuThgRr9tfdEfzJU7yxoAkTbBCSUB42L+Xl0aFNBg/WvuLYYEzX89uAywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFENns8mLmFANtejfxme3F8c6v1aaMB8GA1UdIwQY
MBaAFGeM6/fuw9XgEh5AEXDOAf84iNTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjR6cjktN0QxZUFTSGtBUmNNNEJfemlJMU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mMmI4N2ItOTVlOS00Y2Y4LWFiZWIt
NmRmYmJhNGVkZDU5LzEvUTJlenlZdVlVQTIxNk5fR1o3Y1h4enFfVnBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mMmI4N2ItOTVlOS00Y2Y4LWFiZWItNmRmYmJhNGVkZDU5
LzEvWjR6cjktN0QxZUFTSGtBUmNNNEJfemlJMU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+RtMA0G
CSqGSIb3DQEBCwUAA4IBAQB0y1i3yDQbuUa0X7yGgvRJsoQPi19t8/5X03EMT/dc
AGXKovFDz8QLGNEPIrYNsFow+3NuezudEf3zcV5OFrNeJAbaC7dNx4XQ0mRL0NFq
HswjToMnxPV/zI6SvLqVfrLEhmRnjMn/EtYnwaRAjfOF5ZfjTSWx+87fh6n+qrtc
fgLumce6IEHPLPZCTbDqZdPd2Hg358rbnE+MsVq8M30uX8rPbPFVqD4ShLilM7Fh
wWPPw6GwebeAgZRV5x8ZLkWASOWPaTfGXu0mPWEIhh50eUdUoepT7YHV6wR1On1r
L34pw7+uhaqI5OhPfGMwT1T6LoqXicC0UTOAwKj650pX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:30 2024 by rpki-client on console-ams.rpki-client.org