Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/IPjkyCGHmAOgbP7QYmyOZ83n7Pg.roa
File:                     IPjkyCGHmAOgbP7QYmyOZ83n7Pg.roa (raw, json)
Hash identifier:          hLRUlG3AWwh6ooPrjkvrJv3Wk7rUBNHIeTiPAVCXvXs=
Subject key identifier:   20:F8:E4:C8:21:87:98:03:A0:6C:FE:D0:62:6C:8E:67:CD:E7:EC:F8
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       018B1E23AAA882888A8B6EC4ECCEF312C396
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/IPjkyCGHmAOgbP7QYmyOZ83n7Pg.roa
Signing time:             Wed 11 Oct 2023 09:48:55 +0000
ROA not before:           Wed 11 Oct 2023 09:48:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204770
IP address blocks:        185.8.106.0/23 maxlen: 32
                          2a02:ae02::/36 maxlen: 36

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1e:23:aa:a8:82:88:8a:8b:6e:c4:ec:ce:f3:12:c3:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Oct 11 09:48:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20f8e4c821879803a06cfed0626c8e67cde7ecf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:3a:e4:a7:bc:fd:31:f8:86:5a:a8:28:a8:bd:
                    a4:5c:a5:c9:4a:51:b3:79:29:df:86:57:65:5b:a2:
                    e6:3d:99:b7:71:1a:31:2e:73:67:51:3d:42:49:11:
                    13:11:f0:e3:e0:a5:f9:f2:de:3f:c2:ed:59:fd:23:
                    26:7f:e7:8c:65:ea:58:9e:9c:66:68:f4:42:87:22:
                    2c:6d:98:70:7e:b2:d8:e4:86:72:1d:f8:25:b1:4c:
                    94:37:46:81:f1:c9:29:51:6c:8f:be:08:83:08:c1:
                    d5:d5:c0:c8:5b:88:fa:96:44:4b:4a:01:de:c8:27:
                    d1:78:c0:34:26:1c:38:d0:a8:ba:ae:e7:cd:f0:eb:
                    d2:46:a7:67:60:61:19:90:c7:ff:fa:28:fc:9b:db:
                    f2:15:b3:0d:d3:c5:ef:77:e7:eb:0f:0b:4b:d1:b1:
                    09:a9:42:59:f1:4e:1f:b9:f3:1c:99:30:d9:a4:f9:
                    06:4b:cc:22:fa:72:74:00:5a:bf:f4:43:52:80:42:
                    ef:fa:1d:3b:90:9d:b5:d8:50:e8:1e:8a:22:e2:1b:
                    b5:a7:89:ab:e4:3a:30:73:6b:18:eb:b3:d3:5a:0c:
                    f1:3c:5c:7a:0f:40:23:ed:b0:f4:ff:90:04:98:0f:
                    dd:99:e1:67:6b:e1:71:da:0b:f4:89:79:53:17:75:
                    82:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F8:E4:C8:21:87:98:03:A0:6C:FE:D0:62:6C:8E:67:CD:E7:EC:F8
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/IPjkyCGHmAOgbP7QYmyOZ83n7Pg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.106.0/23
                IPv6:
                  2a02:ae02::/36

    Signature Algorithm: sha256WithRSAEncryption
         37:3f:33:48:92:20:1e:c2:e6:d9:aa:7e:1d:fc:5a:50:51:b3:
         63:26:85:0d:ca:8f:0b:0d:5e:0c:80:35:6a:7c:80:ef:7a:96:
         03:62:78:a1:af:10:72:ab:dd:f0:60:88:2c:fc:dc:b1:3d:ed:
         45:dc:09:df:91:35:ee:a1:f0:5a:9a:96:5f:af:38:f1:1c:ae:
         93:7a:90:dd:25:5d:12:5c:80:55:68:dc:fe:b3:9f:f1:5f:81:
         c3:4c:85:46:d5:1d:a0:21:28:64:75:38:ef:17:2d:be:f4:f1:
         34:75:28:b7:ca:5d:1a:37:e5:48:91:8b:af:a2:14:87:f5:90:
         47:1f:a0:90:fe:7b:ed:72:7e:d3:4d:55:01:03:db:31:7b:13:
         25:25:e1:d0:d0:72:50:0a:f4:68:dd:5d:b1:eb:56:a4:1b:33:
         bd:3a:4d:57:1e:b7:5f:00:46:3c:c1:b7:f3:78:1a:f1:f4:df:
         ab:29:cc:ad:ab:8a:95:2d:b5:dd:29:95:60:37:17:73:6f:fc:
         fb:b3:b9:95:cf:7c:b6:b1:c4:17:43:c5:d1:a4:40:12:3f:69:
         71:7a:cc:ce:6c:c1:f6:91:3d:8a:35:3d:55:35:d0:2b:a7:3f:
         27:c7:45:d5:8a:1b:b9:ca:ea:d5:3a:b5:a2:3e:fb:10:e3:98:
         9c:76:c1:ca
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYseI6qogoiKi27E7M7zEsOWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjMxMDExMDk0ODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY4ZTRjODIxODc5ODAzYTA2Y2ZlZDA2MjZjOGU2N2NkZTdlY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTrkp7z9MfiGWqgoqL2kXKXJSlGz
eSnfhldlW6LmPZm3cRoxLnNnUT1CSRETEfDj4KX58t4/wu1Z/SMmf+eMZepYnpxm
aPRChyIsbZhwfrLY5IZyHfglsUyUN0aB8ckpUWyPvgiDCMHV1cDIW4j6lkRLSgHe
yCfReMA0Jhw40Ki6rufN8OvSRqdnYGEZkMf/+ij8m9vyFbMN08Xvd+frDwtL0bEJ
qUJZ8U4fufMcmTDZpPkGS8wi+nJ0AFq/9ENSgELv+h07kJ212FDoHooi4hu1p4mr
5Dowc2sY67PTWgzxPFx6D0Aj7bD0/5AEmA/dmeFna+Fx2gv0iXlTF3WCfQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCD45Mghh5gDoGz+0GJsjmfN5+z4MB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEvSVBqa3lDR0htQU9nYlA3UVlteU9aODNuN1BnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBuQhqMA4E
AgACMAgDBgQqAq4CADANBgkqhkiG9w0BAQsFAAOCAQEANz8zSJIgHsLm2ap+Hfxa
UFGzYyaFDcqPCw1eDIA1anyA73qWA2J4oa8Qcqvd8GCILPzcsT3tRdwJ35E17qHw
WpqWX6848Ryuk3qQ3SVdElyAVWjc/rOf8V+Bw0yFRtUdoCEoZHU47xctvvTxNHUo
t8pdGjflSJGLr6IUh/WQRx+gkP577XJ+001VAQPbMXsTJSXh0NByUAr0aN1dsetW
pBszvTpNVx63XwBGPMG383ga8fTfqynMrauKlS213SmVYDcXc2/8+7O5lc98trHE
F0PF0aRAEj9pcXrMzmzB9pE9ijU9VTXQK6c/J8dF1Yobucrq1Tq1oj77EOOYnHbB
yg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:13 2024 by rpki-client on console-fra.rpki-client.org