Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/OkLT48p5zL8u1rWbOtshs0QhL_U.roa
File:                     OkLT48p5zL8u1rWbOtshs0QhL_U.roa (raw, json)
Hash identifier:          GW3cEWG/eJWXdw0dumHEvMjTdF7MO0UlqgiiHFAM4yA=
Subject key identifier:   3A:42:D3:E3:CA:79:CC:BF:2E:D6:B5:9B:3A:DB:21:B3:44:21:2F:F5
Certificate issuer:       /CN=c9a7ff012cb72ea84d1b83c002c3203cc024e6a6
Certificate serial:       0185727106762AFE321C3399175DC5454C3D
Authority key identifier: C9:A7:FF:01:2C:B7:2E:A8:4D:1B:83:C0:02:C3:20:3C:C0:24:E6:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/OkLT48p5zL8u1rWbOtshs0QhL_U.roa
Signing time:             Mon 02 Jan 2023 12:24:47 +0000
ROA not before:           Mon 02 Jan 2023 12:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212426
IP address blocks:        193.28.11.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 27 Apr 2023 11:38:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:71:06:76:2a:fe:32:1c:33:99:17:5d:c5:45:4c:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9a7ff012cb72ea84d1b83c002c3203cc024e6a6
        Validity
            Not Before: Jan  2 12:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a42d3e3ca79ccbf2ed6b59b3adb21b344212ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bc:05:96:69:f2:56:7c:7a:10:30:1c:62:8d:
                    29:92:21:2f:a8:77:9f:31:d6:6b:9f:a9:24:0e:d4:
                    5d:50:27:bb:98:7b:21:cf:e5:bd:3c:88:97:4f:8b:
                    1a:95:e5:5e:3a:b2:08:14:0b:1d:f1:e4:f4:2c:54:
                    53:43:4c:c4:3e:80:fd:c8:73:7b:d9:40:56:75:d3:
                    f5:f3:42:79:bc:db:ee:7f:b2:2d:4a:b4:3f:47:41:
                    b9:7b:c1:69:17:a2:6c:56:8e:54:55:be:33:dd:52:
                    d0:ee:e4:75:e9:4f:35:ae:29:b2:07:ad:c0:c6:ae:
                    10:88:fa:e8:6d:e9:66:91:f4:ae:56:6a:2d:02:75:
                    5e:e2:aa:94:84:5a:7e:1f:a6:06:0a:21:6a:5d:b8:
                    71:1b:39:50:10:75:8e:8c:06:92:3b:f6:c3:54:c9:
                    22:ca:05:93:62:b6:a8:fb:14:c4:c9:8d:41:c6:26:
                    59:a4:2e:23:50:50:ba:98:86:46:ad:01:04:a9:bf:
                    e8:44:f9:5d:8d:55:70:02:ad:53:a1:24:7d:4b:f3:
                    83:5b:04:8b:34:d1:96:30:42:8f:a7:cf:7e:05:ef:
                    28:fd:4c:a2:27:06:03:2b:58:8c:21:0f:61:f1:3f:
                    51:3a:42:a3:bb:d7:8a:d6:9f:a2:83:d8:b5:79:a9:
                    93:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:42:D3:E3:CA:79:CC:BF:2E:D6:B5:9B:3A:DB:21:B3:44:21:2F:F5
            X509v3 Authority Key Identifier:
                keyid:C9:A7:FF:01:2C:B7:2E:A8:4D:1B:83:C0:02:C3:20:3C:C0:24:E6:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yaf_ASy3LqhNG4PAAsMgPMAk5qY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/OkLT48p5zL8u1rWbOtshs0QhL_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/42fb3c-61a6-45ca-a47e-d2d1209c4825/1/yaf_ASy3LqhNG4PAAsMgPMAk5qY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:6a:41:36:0b:fd:f4:5f:b7:8f:8a:ca:fe:85:37:7b:99:b8:
         f3:b4:8d:a9:30:e5:68:5f:f1:33:30:7b:fb:5b:72:5a:89:20:
         11:65:90:2f:1d:0c:09:fc:99:9a:d5:1a:de:e3:02:57:46:71:
         e7:de:67:ce:08:1f:65:86:dd:3b:04:17:ee:50:73:b7:d0:05:
         0c:c2:43:d7:97:45:d9:40:a1:e1:24:22:66:69:bc:1a:9d:b4:
         57:63:5e:71:62:45:e9:87:03:b9:2f:1a:c0:90:80:ff:48:fd:
         9c:8c:e5:b8:d1:c1:5a:8d:1b:10:d8:ce:bb:61:de:69:bf:05:
         3d:62:18:78:14:a9:8e:85:ec:d3:cb:ea:f0:2a:9c:a1:b2:78:
         c1:5a:ed:3e:e9:b3:ce:bd:b7:06:d5:b7:c4:e6:51:11:7b:3f:
         49:3c:49:09:34:69:a6:9d:32:76:3b:cb:6b:23:b5:92:9f:a6:
         34:b7:4b:63:e7:18:db:ff:17:fe:f4:30:6a:55:41:41:a1:4e:
         c0:64:25:e4:6f:93:d7:2c:3b:b7:53:4f:b2:77:08:2f:cf:b4:
         a9:2f:96:33:f3:dd:2e:cd:6f:6b:d9:c8:83:3c:ab:36:4d:f2:
         dc:16:b9:3c:32:8f:5a:cd:92:22:0e:01:6d:c7:68:dc:28:9b:
         42:e7:33:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVycQZ2Kv4yHDOZF13FRUw9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5YTdmZjAxMmNiNzJlYTg0ZDFiODNjMDAyYzMyMDNjYzAy
NGU2YTYwHhcNMjMwMTAyMTIyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQyZDNlM2NhNzljY2JmMmVkNmI1OWIzYWRiMjFiMzQ0MjEyZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLwFlmnyVnx6EDAcYo0pkiEvqHef
MdZrn6kkDtRdUCe7mHshz+W9PIiXT4saleVeOrIIFAsd8eT0LFRTQ0zEPoD9yHN7
2UBWddP180J5vNvuf7ItSrQ/R0G5e8FpF6JsVo5UVb4z3VLQ7uR16U81rimyB63A
xq4QiProbelmkfSuVmotAnVe4qqUhFp+H6YGCiFqXbhxGzlQEHWOjAaSO/bDVMki
ygWTYrao+xTEyY1BxiZZpC4jUFC6mIZGrQEEqb/oRPldjVVwAq1ToSR9S/ODWwSL
NNGWMEKPp89+Be8o/UyiJwYDK1iMIQ9h8T9ROkKju9eK1p+ig9i1eamT3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpC0+PKecy/Lta1mzrbIbNEIS/1MB8GA1UdIwQY
MBaAFMmn/wEsty6oTRuDwALDIDzAJOamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWFmX0FTeTNMcWhORzRQQUFzTWdQTUFrNXFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MmZiM2MtNjFhNi00NWNhLWE0N2Ut
ZDJkMTIwOWM0ODI1LzEvT2tMVDQ4cDV6TDh1MXJXYk90c2hzMFFoTF9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MmZiM2MtNjFhNi00NWNhLWE0N2UtZDJkMTIwOWM0ODI1
LzEveWFmX0FTeTNMcWhORzRQQUFzTWdQTUFrNXFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRwLMA0G
CSqGSIb3DQEBCwUAA4IBAQANakE2C/30X7ePisr+hTd7mbjztI2pMOVoX/EzMHv7
W3JaiSARZZAvHQwJ/Jma1Rre4wJXRnHn3mfOCB9lht07BBfuUHO30AUMwkPXl0XZ
QKHhJCJmabwanbRXY15xYkXphwO5LxrAkID/SP2cjOW40cFajRsQ2M67Yd5pvwU9
Yhh4FKmOhezTy+rwKpyhsnjBWu0+6bPOvbcG1bfE5lERez9JPEkJNGmmnTJ2O8tr
I7WSn6Y0t0tj5xjb/xf+9DBqVUFBoU7AZCXkb5PXLDu3U0+ydwgvz7SpL5Yz890u
zW9r2ciDPKs2TfLcFrk8Mo9azZIiDgFtx2jcKJtC5zM3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:37 2024 by rpki-client on console-fra.rpki-client.org