Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/XGmi--lkCAaXtu0RRSsEdMK00eI.roa
File:                     XGmi--lkCAaXtu0RRSsEdMK00eI.roa (raw, json)
Hash identifier:          BzMGLSN0SKbHoCb57g7r0wFJYrIAsOvFdszN/D8/3v8=
Subject key identifier:   5C:69:A2:FB:E9:64:08:06:97:B6:ED:11:45:2B:04:74:C2:B4:D1:E2
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       01858396E6750B16EDCB306ED5D6488E56B4
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/XGmi--lkCAaXtu0RRSsEdMK00eI.roa
Signing time:             Thu 05 Jan 2023 20:19:42 +0000
ROA not before:           Thu 05 Jan 2023 20:19:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        188.191.108.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 Feb 2023 11:46:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:83:96:e6:75:0b:16:ed:cb:30:6e:d5:d6:48:8e:56:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  5 20:19:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c69a2fbe964080697b6ed11452b0474c2b4d1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0d:f9:a6:0b:41:30:ab:89:29:ea:67:3c:e2:
                    43:6b:a3:04:49:9f:ca:c3:95:dd:86:74:54:2e:83:
                    16:9f:18:f8:9d:18:07:0f:f5:64:ef:da:cb:58:5e:
                    5c:ac:0e:a0:a8:d8:11:2d:ea:36:1d:7a:48:7d:7b:
                    39:a6:f7:60:48:ac:e6:93:0b:63:4f:2e:5a:34:a1:
                    3d:25:0d:fb:b4:29:40:e4:e6:bf:4e:b4:4c:a4:f8:
                    18:e9:93:d6:f1:56:c4:6b:91:86:db:45:55:73:03:
                    ab:9d:c1:67:b4:97:0f:08:17:ba:f8:ea:aa:ad:23:
                    3f:cc:36:c5:cd:64:83:d5:8a:5e:56:8a:fb:25:c6:
                    7b:01:c8:93:1d:69:fc:ec:e8:72:a3:47:0d:0e:65:
                    7d:b5:c3:d6:6d:a9:76:c0:e2:d6:25:b3:15:1f:be:
                    0b:79:9f:d8:f4:86:66:1e:a3:dc:75:5b:90:9d:48:
                    2c:21:2d:3b:a5:07:f0:d0:33:22:4f:7b:1f:d7:b1:
                    af:46:8d:ff:72:49:cc:bb:cf:d2:42:83:14:91:82:
                    1a:07:17:ac:f5:eb:16:4f:90:7b:b2:c4:af:a3:35:
                    93:e0:05:00:23:18:a7:9b:1f:42:d1:e1:1c:74:e8:
                    fd:8a:4c:01:89:7e:82:8e:d6:eb:99:6f:68:cb:a3:
                    a2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:69:A2:FB:E9:64:08:06:97:B6:ED:11:45:2B:04:74:C2:B4:D1:E2
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/XGmi--lkCAaXtu0RRSsEdMK00eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:65:82:32:c5:d7:ce:36:a7:b9:db:16:d0:85:6e:f6:f0:c9:
         8a:0b:f9:59:2b:a3:a3:af:88:b1:e6:25:47:03:1f:16:2f:15:
         7c:f5:99:83:99:aa:f3:19:d3:8e:63:69:82:9d:91:cd:83:a9:
         da:13:9d:13:15:38:67:cb:7e:7a:4a:27:ba:46:6e:78:4d:5a:
         24:3d:94:9d:28:1d:d5:7e:52:d6:5e:c8:bd:79:f9:bf:52:0c:
         48:10:a7:e4:3c:37:14:dc:95:c8:3b:33:18:aa:d9:a3:50:77:
         ff:bf:c3:da:84:3c:c3:0c:b1:66:17:32:df:51:84:06:11:a5:
         5b:c9:2d:1d:a6:eb:df:0d:26:4a:a2:eb:41:8f:a0:09:fc:a6:
         51:d5:ad:ec:1f:73:2e:0e:0e:e0:51:ba:11:ef:6d:48:af:a6:
         8f:2a:26:83:b8:22:a9:39:1e:e9:f3:ab:4d:54:49:72:e0:c6:
         f9:55:12:28:a1:23:03:37:58:e3:7b:4f:36:64:eb:7d:fa:53:
         6b:bc:cd:51:21:05:d7:a4:27:81:ec:8b:5d:ef:1a:c9:88:a6:
         33:6d:71:12:e4:a7:1d:6d:9d:e5:4f:02:ad:fd:11:4a:7f:13:
         b9:6e:bb:81:8e:05:50:83:54:a7:61:2f:7b:41:5a:c9:f9:16:
         d3:e6:bf:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWDluZ1CxbtyzBu1dZIjla0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjMwMTA1MjAxOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzY5YTJmYmU5NjQwODA2OTdiNmVkMTE0NTJiMDQ3NGMyYjRkMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow35pgtBMKuJKepnPOJDa6MESZ/K
w5XdhnRULoMWnxj4nRgHD/Vk79rLWF5crA6gqNgRLeo2HXpIfXs5pvdgSKzmkwtj
Ty5aNKE9JQ37tClA5Oa/TrRMpPgY6ZPW8VbEa5GG20VVcwOrncFntJcPCBe6+Oqq
rSM/zDbFzWSD1YpeVor7JcZ7AciTHWn87Ohyo0cNDmV9tcPWbal2wOLWJbMVH74L
eZ/Y9IZmHqPcdVuQnUgsIS07pQfw0DMiT3sf17GvRo3/cknMu8/SQoMUkYIaBxes
9esWT5B7ssSvozWT4AUAIxinmx9C0eEcdOj9ikwBiX6CjtbrmW9oy6Oi8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxpovvpZAgGl7btEUUrBHTCtNHiMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvWEdtaS0tbGtDQWFYdHUwUlJTc0VkTUswMGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9sMA0G
CSqGSIb3DQEBCwUAA4IBAQAyZYIyxdfONqe52xbQhW728MmKC/lZK6Ojr4ix5iVH
Ax8WLxV89ZmDmarzGdOOY2mCnZHNg6naE50TFThny356Sie6Rm54TVokPZSdKB3V
flLWXsi9efm/UgxIEKfkPDcU3JXIOzMYqtmjUHf/v8PahDzDDLFmFzLfUYQGEaVb
yS0dpuvfDSZKoutBj6AJ/KZR1a3sH3MuDg7gUboR721Ir6aPKiaDuCKpOR7p86tN
VEly4Mb5VRIooSMDN1jje082ZOt9+lNrvM1RIQXXpCeB7Itd7xrJiKYzbXES5Kcd
bZ3lTwKt/RFKfxO5bruBjgVQg1SnYS97QVrJ+RbT5r8c
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:49 2024 by rpki-client on console-ams.rpki-client.org