Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/lbjUBu9xdR_sosRZ9MrJ4Rd9xAk.roa
File:                     lbjUBu9xdR_sosRZ9MrJ4Rd9xAk.roa (raw, json)
Hash identifier:          1c+qkhH5ETpQYkZ/qzHC3A3IBYZ9DGcn2dMD+9iLEmM=
Subject key identifier:   95:B8:D4:06:EF:71:75:1F:EC:A2:C4:59:F4:CA:C9:E1:17:7D:C4:09
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018BECD8A014CAF5EB9C5F74D4A78B601BF3
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/lbjUBu9xdR_sosRZ9MrJ4Rd9xAk.roa
Signing time:             Mon 20 Nov 2023 13:08:21 +0000
ROA not before:           Mon 20 Nov 2023 13:08:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     270214
IP address blocks:        201.77.56.0/24 maxlen: 24
                          91.109.163.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ec:d8:a0:14:ca:f5:eb:9c:5f:74:d4:a7:8b:60:1b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Nov 20 13:08:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=95b8d406ef71751feca2c459f4cac9e1177dc409
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ab:bd:18:77:10:d2:b7:a1:be:9e:3e:b2:0c:
                    9e:9b:0d:67:64:a7:e2:13:46:0e:35:24:8b:c9:6d:
                    eb:e3:33:74:4a:b9:95:20:f7:12:86:fd:73:0a:88:
                    e3:19:c4:53:f3:f1:6e:fd:1d:aa:20:20:97:d9:e8:
                    4c:b4:8f:10:01:5b:97:cd:32:94:49:5f:45:84:8f:
                    2b:05:3d:9c:ec:06:19:a5:d6:7b:91:9b:d1:0a:31:
                    ff:34:74:37:c1:e3:5d:e5:10:6f:5d:8e:c5:02:51:
                    04:a0:8b:79:77:ed:6e:96:37:00:ee:84:51:88:74:
                    b4:e4:e8:3d:ba:6f:7c:69:49:3c:be:46:d7:b9:88:
                    cc:af:da:9b:b0:85:cc:dd:e4:6c:80:02:6c:db:0d:
                    6f:29:2d:bf:66:d1:23:54:82:d8:99:25:46:1e:f7:
                    15:66:31:41:d7:85:e7:62:20:d8:53:ef:1f:0d:69:
                    27:e6:31:67:8b:b9:d4:b6:f4:33:69:e7:80:74:1a:
                    06:91:3a:22:89:38:88:99:10:07:b4:0e:73:b8:35:
                    76:53:79:b0:83:1f:2f:ba:fe:91:5e:06:63:f6:b4:
                    64:18:a3:28:84:48:64:5f:82:b3:50:27:12:0f:fe:
                    1f:59:1a:5d:b0:f8:1d:bf:be:d5:f5:c6:57:b3:c3:
                    37:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B8:D4:06:EF:71:75:1F:EC:A2:C4:59:F4:CA:C9:E1:17:7D:C4:09
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/lbjUBu9xdR_sosRZ9MrJ4Rd9xAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.163.0/24
                  201.77.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:39:f9:48:f9:65:c5:be:0b:ed:b8:d6:32:eb:66:97:1f:a7:
         6d:29:66:c9:37:6e:f6:39:cb:08:81:f9:98:db:10:19:4a:b8:
         ea:58:e8:e5:8c:4a:0f:c4:cf:51:c1:09:2f:b1:c5:77:6d:19:
         44:0d:c8:c9:ea:0b:03:c5:85:f1:43:82:3b:7f:c8:a0:ce:ac:
         90:6b:81:87:51:b3:59:0c:ed:94:87:b8:24:06:cb:6c:85:cf:
         78:da:61:33:84:f1:db:08:82:46:8f:e1:d4:3b:cd:aa:a1:85:
         e0:32:11:94:17:e4:49:8c:48:09:6d:13:ec:dd:c0:32:53:94:
         cb:9b:5c:9d:0d:b9:cb:ef:aa:73:63:84:49:ac:e9:cb:f6:13:
         94:e9:39:57:82:71:1c:29:8a:0e:57:ea:18:d2:d8:0b:ce:3b:
         f4:05:4b:ed:81:1d:3f:a1:7f:ba:2a:1a:d0:95:a1:bb:8e:a0:
         be:e2:be:a4:28:54:14:11:c6:2b:3e:11:7e:f9:fa:95:0b:b8:
         0e:2b:5c:65:6f:e7:e5:a7:33:64:69:e0:3f:d9:e4:31:56:4c:
         19:16:bc:f7:54:28:21:b2:e2:ff:ef:80:1a:b2:24:45:0d:d1:
         d5:3c:01:45:f3:a9:9b:94:55:a4:2a:c6:cd:ca:50:c9:00:ca:
         4f:bc:da:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYvs2KAUyvXrnF901KeLYBvzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjMxMTIwMTMwODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI4ZDQwNmVmNzE3NTFmZWNhMmM0NTlmNGNhYzllMTE3N2RjNDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsau9GHcQ0rehvp4+sgyemw1nZKfi
E0YONSSLyW3r4zN0SrmVIPcShv1zCojjGcRT8/Fu/R2qICCX2ehMtI8QAVuXzTKU
SV9FhI8rBT2c7AYZpdZ7kZvRCjH/NHQ3weNd5RBvXY7FAlEEoIt5d+1uljcA7oRR
iHS05Og9um98aUk8vkbXuYjMr9qbsIXM3eRsgAJs2w1vKS2/ZtEjVILYmSVGHvcV
ZjFB14XnYiDYU+8fDWkn5jFni7nUtvQzaeeAdBoGkToiiTiImRAHtA5zuDV2U3mw
gx8vuv6RXgZj9rRkGKMohEhkX4KzUCcSD/4fWRpdsPgdv77V9cZXs8M3LwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJW41AbvcXUf7KLEWfTKyeEXfcQJMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvbGJqVUJ1OXhkUl9zb3NSWjlNcko0UmQ5eEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW22jAwQA
yU04MA0GCSqGSIb3DQEBCwUAA4IBAQAVOflI+WXFvgvtuNYy62aXH6dtKWbJN272
OcsIgfmY2xAZSrjqWOjljEoPxM9RwQkvscV3bRlEDcjJ6gsDxYXxQ4I7f8igzqyQ
a4GHUbNZDO2Uh7gkBstshc942mEzhPHbCIJGj+HUO82qoYXgMhGUF+RJjEgJbRPs
3cAyU5TLm1ydDbnL76pzY4RJrOnL9hOU6TlXgnEcKYoOV+oY0tgLzjv0BUvtgR0/
oX+6KhrQlaG7jqC+4r6kKFQUEcYrPhF++fqVC7gOK1xlb+flpzNkaeA/2eQxVkwZ
Frz3VCghsuL/74AasiRFDdHVPAFF86mblFWkKsbNylDJAMpPvNp2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:56 2024 by rpki-client on console-fra.rpki-client.org