Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gos3WDE8rffQItfsilZHUzi8bh0.roa
File:                     gos3WDE8rffQItfsilZHUzi8bh0.roa (raw, json)
Hash identifier:          b8Z7HJUZIFPMyr3dtnDB5yOsUCOfzrAesXsap/T41uc=
Subject key identifier:   82:8B:37:58:31:3C:AD:F7:D0:22:D7:EC:8A:56:47:53:38:BC:6E:1D
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       01856ED4C74E1A4814D671A34CF1BAC007FC
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gos3WDE8rffQItfsilZHUzi8bh0.roa
Signing time:             Sun 01 Jan 2023 19:35:16 +0000
ROA not before:           Sun 01 Jan 2023 19:35:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44428
IP address blocks:        201.49.188.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 17 Nov 2023 13:16:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:d4:c7:4e:1a:48:14:d6:71:a3:4c:f1:ba:c0:07:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 19:35:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=828b3758313cadf7d022d7ec8a56475338bc6e1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:92:ad:7f:7d:35:14:32:50:e6:24:4e:be:25:
                    ca:7e:4b:8e:41:ad:a8:fd:8f:6e:3f:33:71:9b:eb:
                    69:94:85:c7:81:81:3b:8b:8c:ed:43:06:ec:47:d5:
                    80:48:af:9a:37:51:4c:aa:8f:c8:32:4f:c3:6a:fe:
                    93:be:2c:3e:e2:ec:3d:0c:c7:93:ec:3d:b9:ee:e1:
                    8a:04:bb:e5:df:65:3c:a8:94:fd:10:02:33:92:2b:
                    be:09:18:b7:a3:22:a5:c1:db:e7:0f:86:8e:e6:ad:
                    3f:35:fb:54:48:71:6b:86:d1:3e:18:3e:de:f5:f6:
                    69:64:ac:0d:6b:83:dc:b0:c3:44:08:1a:6f:8a:92:
                    61:3a:e9:08:71:3c:1b:7d:ec:07:6d:84:86:59:4d:
                    ae:cf:ae:17:7e:07:c7:78:e7:a9:ec:fc:4f:77:83:
                    f1:7e:f9:36:29:e7:dc:b2:4d:1d:0f:65:f8:59:79:
                    c2:9b:f3:5a:0d:1c:42:79:ec:09:59:58:ac:f2:c7:
                    83:74:99:79:5d:d5:d0:92:c1:0f:31:e4:2a:67:15:
                    58:86:33:85:88:f0:00:f0:de:5b:18:f7:f4:e5:1c:
                    81:77:06:a7:5d:89:76:79:85:6a:37:e5:5d:8c:27:
                    b0:c4:df:a7:49:b2:e4:1b:92:ac:31:21:46:61:5a:
                    6c:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:8B:37:58:31:3C:AD:F7:D0:22:D7:EC:8A:56:47:53:38:BC:6E:1D
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/gos3WDE8rffQItfsilZHUzi8bh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:f8:f6:72:32:3a:42:68:3c:9a:81:1a:07:95:57:13:fa:63:
         dd:60:b0:3e:fc:b5:2e:e3:9e:41:63:e8:d0:5a:d3:0d:9f:f7:
         f8:e8:8b:22:d5:48:d8:f2:71:89:12:d3:08:62:eb:01:eb:e1:
         bc:28:c8:b4:30:9b:fc:e6:03:c0:bf:98:23:57:72:62:58:68:
         11:96:f0:25:8b:20:10:f2:c8:6b:13:18:40:87:55:05:97:b0:
         b5:41:1a:f9:e2:3a:2b:92:f6:b8:0a:8f:f6:51:ad:07:80:d9:
         58:27:4a:af:12:2a:20:99:2d:ec:f1:95:76:56:93:86:89:dd:
         6a:f5:70:1f:03:bb:9e:a0:73:5e:81:e8:a3:b7:7c:a3:46:c1:
         96:6e:91:32:48:a1:6a:2e:02:1d:c7:35:ec:e8:ce:47:49:c0:
         f4:ab:1a:52:28:95:0a:72:ff:2e:77:68:1f:5b:1d:ea:4a:82:
         9e:f2:d5:9a:07:ff:fa:6d:54:10:74:76:2e:d2:10:bb:7d:af:
         e7:fe:30:e8:f1:60:c6:de:d2:7e:f0:c6:60:8c:24:68:a7:37:
         af:0d:8a:bb:cc:38:0b:3c:f0:9f:67:8b:1e:d5:e3:7f:f8:b3:
         b9:ec:60:fc:a8:be:33:d3:cf:8b:15:9c:90:1f:44:86:f6:62:
         b5:fd:db:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVu1MdOGkgU1nGjTPG6wAf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjMwMTAxMTkzNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjhiMzc1ODMxM2NhZGY3ZDAyMmQ3ZWM4YTU2NDc1MzM4YmM2ZTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJKtf301FDJQ5iROviXKfkuOQa2o
/Y9uPzNxm+tplIXHgYE7i4ztQwbsR9WASK+aN1FMqo/IMk/Dav6Tviw+4uw9DMeT
7D257uGKBLvl32U8qJT9EAIzkiu+CRi3oyKlwdvnD4aO5q0/NftUSHFrhtE+GD7e
9fZpZKwNa4PcsMNECBpvipJhOukIcTwbfewHbYSGWU2uz64XfgfHeOep7PxPd4Px
fvk2Kefcsk0dD2X4WXnCm/NaDRxCeewJWVis8seDdJl5XdXQksEPMeQqZxVYhjOF
iPAA8N5bGPf05RyBdwanXYl2eYVqN+VdjCewxN+nSbLkG5KsMSFGYVpsYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIKLN1gxPK330CLX7IpWR1M4vG4dMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZ29zM1dERThyZmZRSXRmc2lsWkhVemk4YmgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyTG8MA0G
CSqGSIb3DQEBCwUAA4IBAQA5+PZyMjpCaDyagRoHlVcT+mPdYLA+/LUu455BY+jQ
WtMNn/f46Isi1UjY8nGJEtMIYusB6+G8KMi0MJv85gPAv5gjV3JiWGgRlvAliyAQ
8shrExhAh1UFl7C1QRr54jorkva4Co/2Ua0HgNlYJ0qvEiogmS3s8ZV2VpOGid1q
9XAfA7ueoHNegeijt3yjRsGWbpEySKFqLgIdxzXs6M5HScD0qxpSKJUKcv8ud2gf
Wx3qSoKe8tWaB//6bVQQdHYu0hC7fa/n/jDo8WDG3tJ+8MZgjCRopzevDYq7zDgL
PPCfZ4se1eN/+LO57GD8qL4z08+LFZyQH0SG9mK1/dtv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:56 2024 by rpki-client on console-fra.rpki-client.org