Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/TG-kbhdv3gW0pjqhPxqfVumu2uQ.roa
File:                     TG-kbhdv3gW0pjqhPxqfVumu2uQ.roa (raw, json)
Hash identifier:          ZKfddYQ+nQ/eguA8YLcPsRHLGrC/BImE62PSVTWB2ew=
Subject key identifier:   4C:6F:A4:6E:17:6F:DE:05:B4:A6:3A:A1:3F:1A:9F:56:E9:AE:DA:E4
Certificate issuer:       /CN=b7f39e3670b43f57f1511b78dde2085964017455
Certificate serial:       01856D0ACC23E35A57D7965126BFABEE2A74
Authority key identifier: B7:F3:9E:36:70:B4:3F:57:F1:51:1B:78:DD:E2:08:59:64:01:74:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t_OeNnC0P1fxURt43eIIWWQBdFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/TG-kbhdv3gW0pjqhPxqfVumu2uQ.roa
Signing time:             Sun 01 Jan 2023 11:15:02 +0000
ROA not before:           Sun 01 Jan 2023 11:15:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43326
IP address blocks:        185.124.242.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:0a:cc:23:e3:5a:57:d7:96:51:26:bf:ab:ee:2a:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7f39e3670b43f57f1511b78dde2085964017455
        Validity
            Not Before: Jan  1 11:15:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c6fa46e176fde05b4a63aa13f1a9f56e9aedae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e2:30:56:bb:df:51:5d:80:e2:71:3d:c0:10:
                    fb:a8:05:d2:18:7b:fd:b2:ee:1b:e4:b2:c7:2a:ff:
                    73:51:94:81:f7:e8:f9:1a:70:ff:f4:b7:2a:44:c3:
                    00:b1:75:12:62:11:95:32:aa:ae:05:c2:66:9f:eb:
                    ac:2a:70:f9:d3:3f:44:0e:69:d5:82:76:73:be:4f:
                    57:a1:bd:b1:f1:cf:8e:5a:7a:51:0a:8c:3a:80:b3:
                    b0:43:f8:fc:2e:a9:93:96:f8:fa:e0:bf:38:32:78:
                    8e:fc:fe:c6:d0:96:ea:64:f8:0d:ad:01:4a:9e:37:
                    20:02:cf:83:30:06:9d:26:f9:82:50:5d:b8:66:4d:
                    eb:76:a8:aa:1a:b7:3e:5e:ce:2b:57:e5:01:83:1d:
                    4a:b9:17:79:d9:92:a2:b9:05:c6:c4:7b:cc:4f:a5:
                    7f:8f:c1:9f:a1:47:88:67:94:2c:72:1f:9d:6d:fa:
                    2b:b5:4f:f3:5a:0d:a9:7f:24:80:95:11:25:8b:43:
                    26:4d:a1:3d:36:a8:22:3c:d6:02:b9:1d:a6:44:07:
                    1b:1a:63:1d:02:a5:e2:7f:1a:75:b8:b8:01:3e:da:
                    dc:99:bb:ce:50:ca:47:75:24:9c:b9:26:a8:4e:cc:
                    31:2a:4e:96:7d:55:25:9f:75:97:0e:0b:c1:8b:fd:
                    5d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:6F:A4:6E:17:6F:DE:05:B4:A6:3A:A1:3F:1A:9F:56:E9:AE:DA:E4
            X509v3 Authority Key Identifier:
                keyid:B7:F3:9E:36:70:B4:3F:57:F1:51:1B:78:DD:E2:08:59:64:01:74:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t_OeNnC0P1fxURt43eIIWWQBdFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/TG-kbhdv3gW0pjqhPxqfVumu2uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/4a64cb-a7f5-42b0-ac15-ce29fd3526a8/1/t_OeNnC0P1fxURt43eIIWWQBdFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:2e:83:45:49:3f:a9:b8:6e:c5:d3:0f:58:0f:d1:90:58:be:
         90:60:5a:bf:ee:31:4f:6a:ea:fa:aa:44:3b:fa:8d:8e:a7:30:
         1d:6a:ec:9e:0a:7c:04:a1:3e:2b:7e:80:6c:a4:49:b0:d6:f5:
         7d:57:f2:da:fd:50:d1:ec:cf:37:94:39:9f:64:d5:d2:25:31:
         88:2e:62:0f:30:d7:ca:cc:d8:a3:34:e2:f9:38:f3:6f:fa:50:
         af:5e:a8:7a:ea:ce:92:a3:e7:60:c6:bd:ad:dd:fe:8a:c7:aa:
         7e:60:bc:a6:f7:e8:cb:99:04:19:af:e3:1d:f7:98:82:b8:3f:
         8e:69:d1:8c:03:92:4b:13:43:bb:75:61:93:6c:ba:f5:43:7e:
         cd:82:ae:af:85:2d:9c:8b:4b:a5:bc:ad:72:ca:10:26:5f:a6:
         30:80:86:ad:5e:ea:64:43:1f:b4:f0:25:9b:65:9c:e2:8e:e7:
         c5:44:4f:0e:da:70:8a:8e:2c:8f:94:89:6d:2e:89:0c:fa:c7:
         4c:ac:ad:c5:22:07:3d:73:b0:2a:b4:89:87:5e:c7:82:0e:dc:
         49:27:3a:7a:24:25:e6:06:71:fe:3d:09:b1:85:cc:f3:22:00:
         09:a3:9b:43:ac:4f:dd:89:ba:de:78:35:0b:3e:d9:6e:fb:c2:
         43:8e:eb:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtCswj41pX15ZRJr+r7ip0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZjM5ZTM2NzBiNDNmNTdmMTUxMWI3OGRkZTIwODU5NjQw
MTc0NTUwHhcNMjMwMTAxMTExNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzZmYTQ2ZTE3NmZkZTA1YjRhNjNhYTEzZjFhOWY1NmU5YWVkYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeIwVrvfUV2A4nE9wBD7qAXSGHv9
su4b5LLHKv9zUZSB9+j5GnD/9LcqRMMAsXUSYhGVMqquBcJmn+usKnD50z9EDmnV
gnZzvk9Xob2x8c+OWnpRCow6gLOwQ/j8LqmTlvj64L84MniO/P7G0JbqZPgNrQFK
njcgAs+DMAadJvmCUF24Zk3rdqiqGrc+Xs4rV+UBgx1KuRd52ZKiuQXGxHvMT6V/
j8GfoUeIZ5Qsch+dbfortU/zWg2pfySAlREli0MmTaE9NqgiPNYCuR2mRAcbGmMd
AqXifxp1uLgBPtrcmbvOUMpHdSScuSaoTswxKk6WfVUln3WXDgvBi/1dbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExvpG4Xb94FtKY6oT8an1bprtrkMB8GA1UdIwQY
MBaAFLfznjZwtD9X8VEbeN3iCFlkAXRVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdF9PZU5uQzBQMWZ4VVJ0NDNlSUlXV1FCZEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi80YTY0Y2ItYTdmNS00MmIwLWFjMTUt
Y2UyOWZkMzUyNmE4LzEvVEcta2JoZHYzZ1cwcGpxaFB4cWZWdW11MnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi80YTY0Y2ItYTdmNS00MmIwLWFjMTUtY2UyOWZkMzUyNmE4
LzEvdF9PZU5uQzBQMWZ4VVJ0NDNlSUlXV1FCZEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXzyMA0G
CSqGSIb3DQEBCwUAA4IBAQAPLoNFST+puG7F0w9YD9GQWL6QYFq/7jFPaur6qkQ7
+o2OpzAdauyeCnwEoT4rfoBspEmw1vV9V/La/VDR7M83lDmfZNXSJTGILmIPMNfK
zNijNOL5OPNv+lCvXqh66s6So+dgxr2t3f6Kx6p+YLym9+jLmQQZr+Md95iCuD+O
adGMA5JLE0O7dWGTbLr1Q37Ngq6vhS2ci0ulvK1yyhAmX6YwgIatXupkQx+08CWb
ZZzijufFRE8O2nCKjiyPlIltLokM+sdMrK3FIgc9c7AqtImHXseCDtxJJzp6JCXm
BnH+PQmxhczzIgAJo5tDrE/dibreeDULPtlu+8JDjuum
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:23 2024 by rpki-client on console-ams.rpki-client.org