Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kfrHrDoBM35wxI_vWkNcxnGYIz0.roa
File:                     kfrHrDoBM35wxI_vWkNcxnGYIz0.roa (raw, json)
Hash identifier:          roy7Q5Kkq0CEqmjCyb04FsFYsqDlF/fMDKJpTwSShHw=
Subject key identifier:   91:FA:C7:AC:3A:01:33:7E:70:C4:8F:EF:5A:43:5C:C6:71:98:23:3D
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0189867A43E9D366C1E114994DD40DEEAFA2
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kfrHrDoBM35wxI_vWkNcxnGYIz0.roa
Signing time:             Mon 24 Jul 2023 05:58:26 +0000
ROA not before:           Mon 24 Jul 2023 05:58:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3320
IP address blocks:        84.32.208.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Sep 2023 05:05:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:86:7a:43:e9:d3:66:c1:e1:14:99:4d:d4:0d:ee:af:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jul 24 05:58:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91fac7ac3a01337e70c48fef5a435cc67198233d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7e:e4:0f:a4:ba:6c:e6:bb:dc:0a:30:16:76:
                    a2:7f:4e:59:ef:44:b2:da:8f:e9:ac:ce:a8:d2:ec:
                    23:d3:a7:08:b0:d6:7a:3b:d6:34:48:02:e7:2d:88:
                    aa:ba:3f:ad:80:a9:38:64:91:3f:08:62:1e:16:cb:
                    51:68:73:58:4b:aa:cc:24:76:d6:f3:11:40:52:7d:
                    24:e9:d0:1c:8c:f8:e7:6e:f0:62:1c:43:75:38:6d:
                    bf:51:e5:75:12:7f:b5:ff:e6:7e:af:51:e9:11:d4:
                    3d:b5:65:6a:e4:a5:12:8a:20:51:b5:63:d8:b5:b2:
                    0c:26:ce:2e:4f:d3:4c:fd:ce:cf:1a:1a:17:dc:ae:
                    73:69:7d:ff:f7:9f:71:cb:0b:9c:26:7a:b3:e2:9b:
                    2f:f5:f2:38:18:26:8d:d1:64:bf:63:54:01:e0:b5:
                    14:06:cd:80:5f:6e:ae:c6:06:87:71:db:1b:14:92:
                    25:40:c7:90:3b:1b:df:81:78:b2:5d:0e:c4:75:19:
                    59:b1:bb:0d:03:6f:b4:1c:81:c6:21:3d:72:1b:f4:
                    46:a4:bf:15:92:e4:27:e2:7c:a3:59:38:ca:56:7a:
                    4c:ed:02:27:c2:33:00:57:64:83:65:43:fb:9a:a3:
                    b6:4c:78:14:af:86:07:7c:5a:31:48:b1:ff:c4:9e:
                    8f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:FA:C7:AC:3A:01:33:7E:70:C4:8F:EF:5A:43:5C:C6:71:98:23:3D
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/kfrHrDoBM35wxI_vWkNcxnGYIz0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5f:67:c7:d5:87:fd:16:af:13:12:91:77:7c:93:bf:aa:ec:1c:
         c6:55:1f:72:3b:53:b0:7b:17:14:6c:00:6e:03:7b:db:65:ad:
         5f:75:e4:84:19:40:a7:15:df:c4:36:bc:64:bd:04:f4:c2:af:
         d3:0a:6a:30:b0:c4:51:3a:b3:c8:e1:95:43:1a:fc:90:24:03:
         e8:55:77:11:07:cd:6b:5d:bb:1c:67:51:af:64:21:52:e3:f8:
         d0:f6:1c:f3:bb:a4:8a:18:d2:10:70:08:6b:e2:19:58:4f:5c:
         4e:1e:b8:78:fd:fa:7d:ad:ad:75:97:e8:8c:e3:67:f5:a4:b3:
         9c:a2:1c:39:3b:0c:b1:07:cc:21:37:49:b5:b5:81:6b:f3:ba:
         d7:6c:d9:23:61:09:e3:bc:c9:7f:4a:f9:92:23:41:7f:de:7c:
         42:7c:9a:e1:67:8d:09:63:98:84:52:6f:94:10:57:38:37:63:
         25:ad:00:d8:83:f7:81:6f:a0:ad:62:26:cb:c7:cd:a6:81:2c:
         ff:96:f1:68:db:bd:80:89:71:e3:a6:9b:82:a9:11:e7:6d:39:
         24:06:61:f3:b9:67:4c:1a:b0:fb:be:20:c8:dd:75:f7:48:ba:
         69:4d:62:a7:93:ad:fa:d1:6d:8d:ca:13:85:34:d8:d3:1b:97:
         e5:89:76:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYmGekPp02bB4RSZTdQN7q+iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNzI0MDU1ODI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWZhYzdhYzNhMDEzMzdlNzBjNDhmZWY1YTQzNWNjNjcxOTgyMzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj37kD6S6bOa73AowFnaif05Z70Sy
2o/prM6o0uwj06cIsNZ6O9Y0SALnLYiquj+tgKk4ZJE/CGIeFstRaHNYS6rMJHbW
8xFAUn0k6dAcjPjnbvBiHEN1OG2/UeV1En+1/+Z+r1HpEdQ9tWVq5KUSiiBRtWPY
tbIMJs4uT9NM/c7PGhoX3K5zaX3/959xywucJnqz4psv9fI4GCaN0WS/Y1QB4LUU
Bs2AX26uxgaHcdsbFJIlQMeQOxvfgXiyXQ7EdRlZsbsNA2+0HIHGIT1yG/RGpL8V
kuQn4nyjWTjKVnpM7QInwjMAV2SDZUP7mqO2THgUr4YHfFoxSLH/xJ6PnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJH6x6w6ATN+cMSP71pDXMZxmCM9MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEva2ZySHJEb0JNMzV3eElfdldrTmN4bkdZSXowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVCDQMA0G
CSqGSIb3DQEBCwUAA4IBAQBfZ8fVh/0WrxMSkXd8k7+q7BzGVR9yO1OwexcUbABu
A3vbZa1fdeSEGUCnFd/ENrxkvQT0wq/TCmowsMRROrPI4ZVDGvyQJAPoVXcRB81r
XbscZ1GvZCFS4/jQ9hzzu6SKGNIQcAhr4hlYT1xOHrh4/fp9ra11l+iM42f1pLOc
ohw5OwyxB8whN0m1tYFr87rXbNkjYQnjvMl/SvmSI0F/3nxCfJrhZ40JY5iEUm+U
EFc4N2MlrQDYg/eBb6CtYibLx82mgSz/lvFo272AiXHjppuCqRHnbTkkBmHzuWdM
GrD7viDI3XX3SLppTWKnk6360W2NyhOFNNjTG5fliXbZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:35 2024 by rpki-client on console-fra.rpki-client.org