Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/o_hJH45w_YdG8DNGrUoSeR3CUsg.roa
File:                     o_hJH45w_YdG8DNGrUoSeR3CUsg.roa (raw, json)
Hash identifier:          xYLzUo8jlb0BIwsyQvOvMzX5JXDUs1O2vDvnjlldRMI=
Subject key identifier:   A3:F8:49:1F:8E:70:FD:87:46:F0:33:46:AD:4A:12:79:1D:C2:52:C8
Certificate issuer:       /CN=fb987244611b5230536744b6a89f044f32f462ea
Certificate serial:       018570E755D37584263B2485A5CAE4DBB818
Authority key identifier: FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/o_hJH45w_YdG8DNGrUoSeR3CUsg.roa
Signing time:             Mon 02 Jan 2023 05:14:47 +0000
ROA not before:           Mon 02 Jan 2023 05:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60121
IP address blocks:        212.59.16.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:e7:55:d3:75:84:26:3b:24:85:a5:ca:e4:db:b8:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb987244611b5230536744b6a89f044f32f462ea
        Validity
            Not Before: Jan  2 05:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a3f8491f8e70fd8746f03346ad4a12791dc252c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:17:d7:74:0a:73:c9:db:3d:82:d8:6b:4f:b9:
                    22:19:fa:f0:f9:7b:3b:a7:7e:ba:5e:b3:4f:5e:f9:
                    72:60:6d:97:af:d4:00:c9:9e:5c:c7:5d:d3:d5:ff:
                    cd:26:32:f8:a5:9a:6f:2c:24:39:5a:a8:d7:e5:83:
                    41:8f:e9:7e:9e:a3:68:13:a3:59:e4:d5:90:f0:3d:
                    82:3c:7b:24:05:8c:2d:23:5c:3c:cf:d2:6d:71:55:
                    2a:71:ac:a2:78:c6:8a:86:51:d5:5c:75:48:b3:67:
                    98:95:ad:12:3a:7e:16:75:d2:d3:e7:9a:1c:f5:bf:
                    67:90:4d:55:44:b3:3b:8d:de:d8:4e:43:46:b4:7e:
                    7d:50:3e:0b:84:4d:88:78:82:97:e6:9b:8d:df:27:
                    1c:0a:8d:27:fb:d0:f0:98:1a:28:29:b9:b3:04:ca:
                    3a:b3:1f:3f:cd:fe:e2:c0:27:7f:86:6f:2f:0f:c9:
                    7c:7d:80:0c:66:09:d5:e2:94:be:54:b7:51:3e:8f:
                    af:be:d0:f3:a4:08:b1:dd:72:9d:f5:3c:d1:41:9b:
                    bf:68:99:91:91:56:53:80:3b:ea:db:1e:56:3f:b7:
                    a8:d4:9d:6a:99:56:a1:a8:dd:e7:5a:1a:db:58:f4:
                    ac:ab:8e:51:01:c3:ae:2b:13:1a:fe:0e:e2:3b:3f:
                    58:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:F8:49:1F:8E:70:FD:87:46:F0:33:46:AD:4A:12:79:1D:C2:52:C8
            X509v3 Authority Key Identifier:
                keyid:FB:98:72:44:61:1B:52:30:53:67:44:B6:A8:9F:04:4F:32:F4:62:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/o_hJH45w_YdG8DNGrUoSeR3CUsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/319d7c-7e76-4308-bc00-be5832d5f7aa/1/1-5hyRGEbUjBTZ0S2qJ8ETzL0Yuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.59.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:4f:25:63:87:20:b5:06:7b:32:8b:46:d7:a0:b1:49:64:b4:
         8a:f2:f3:ed:c0:a3:30:51:b3:9c:aa:ff:df:bc:dc:fa:66:a8:
         43:5b:cc:9a:14:0c:f2:3b:f9:63:22:9d:83:24:27:ad:dc:2e:
         d8:7b:a3:a3:9f:24:30:37:27:77:44:dd:13:d2:c4:3d:fc:3f:
         b1:0a:ad:0e:32:47:a8:75:2e:03:ad:4e:42:74:fb:ab:9a:19:
         76:70:a9:5d:d4:ec:8b:ab:25:1e:c0:db:7b:15:60:51:c0:01:
         2d:e4:fe:cd:6f:a3:22:1a:28:28:d6:c5:d4:c5:0c:b6:f7:52:
         b8:97:c1:d4:1f:37:aa:f6:27:15:70:6c:16:15:04:84:6f:f0:
         f2:da:a5:7e:e9:1d:3c:a8:51:58:4f:63:e0:83:e0:3d:0d:0b:
         16:05:0d:a5:77:c7:94:6a:57:8a:cd:e1:be:35:07:0a:63:fd:
         37:8c:fc:6f:4e:cf:d5:3d:cf:8b:18:7b:43:be:d8:64:ce:a1:
         ce:23:1c:c4:71:29:22:bd:de:ab:41:d1:f3:85:50:79:cb:a6:
         5f:e3:58:d7:91:62:3b:97:45:d3:f9:48:c8:e2:fc:53:f4:f3:
         32:10:b7:6a:40:ed:6d:b5:9a:7c:a3:87:17:bd:8a:9b:ae:d9:
         72:20:06:33
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYVw51XTdYQmOySFpcrk27gYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiOTg3MjQ0NjExYjUyMzA1MzY3NDRiNmE4OWYwNDRmMzJm
NDYyZWEwHhcNMjMwMTAyMDUxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Y4NDkxZjhlNzBmZDg3NDZmMDMzNDZhZDRhMTI3OTFkYzI1MmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBfXdApzyds9gthrT7kiGfrw+Xs7
p366XrNPXvlyYG2Xr9QAyZ5cx13T1f/NJjL4pZpvLCQ5WqjX5YNBj+l+nqNoE6NZ
5NWQ8D2CPHskBYwtI1w8z9JtcVUqcayieMaKhlHVXHVIs2eYla0SOn4WddLT55oc
9b9nkE1VRLM7jd7YTkNGtH59UD4LhE2IeIKX5puN3yccCo0n+9DwmBooKbmzBMo6
sx8/zf7iwCd/hm8vD8l8fYAMZgnV4pS+VLdRPo+vvtDzpAix3XKd9TzRQZu/aJmR
kVZTgDvq2x5WP7eo1J1qmVahqN3nWhrbWPSsq45RAcOuKxMa/g7iOz9Y4QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKP4SR+OcP2HRvAzRq1KEnkdwlLIMB8GA1UdIwQY
MBaAFPuYckRhG1IwU2dEtqifBE8y9GLqMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS01aHlSR0ViVWpCVFowUzJxSjhFVHpMMFl1by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAw
LWJlNTgzMmQ1ZjdhYS8xL29faEpINDV3X1lkRzhETkdyVW9TZVIzQ1VzZy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDQvMzE5ZDdjLTdlNzYtNDMwOC1iYzAwLWJlNTgzMmQ1Zjdh
YS8xLzEtNWh5UkdFYlVqQlRaMFMycUo4RVR6TDBZdW8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUOxAw
DQYJKoZIhvcNAQELBQADggEBAC5PJWOHILUGezKLRtegsUlktIry8+3AozBRs5yq
/9+83PpmqENbzJoUDPI7+WMinYMkJ63cLth7o6OfJDA3J3dE3RPSxD38P7EKrQ4y
R6h1LgOtTkJ0+6uaGXZwqV3U7IurJR7A23sVYFHAAS3k/s1voyIaKCjWxdTFDLb3
UriXwdQfN6r2JxVwbBYVBIRv8PLapX7pHTyoUVhPY+CD4D0NCxYFDaV3x5RqV4rN
4b41Bwpj/TeM/G9Oz9U9z4sYe0O+2GTOoc4jHMRxKSK93qtB0fOFUHnLpl/jWNeR
YjuXRdP5SMji/FP08zIQt2pA7W21mnyjhxe9ipuu2XIgBjM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:42 2024 by rpki-client on console-ams.rpki-client.org