Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/0oktMnRwEj_JZur8sAwEOohN9pw.roa
File:                     0oktMnRwEj_JZur8sAwEOohN9pw.roa (raw, json)
Hash identifier:          6qkxUWJvYSUHLpv+k3j2KAdDJ8MBRDLHi5yJx72IwRw=
Subject key identifier:   D2:89:2D:32:74:70:12:3F:C9:66:EA:FC:B0:0C:04:3A:88:4D:F6:9C
Certificate issuer:       /CN=f973209625e2a03ddeecf91bb480548e5729d479
Certificate serial:       018571279D5F2778891FB42D81C3B270A4AC
Authority key identifier: F9:73:20:96:25:E2:A0:3D:DE:EC:F9:1B:B4:80:54:8E:57:29:D4:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/0oktMnRwEj_JZur8sAwEOohN9pw.roa
Signing time:             Mon 02 Jan 2023 06:24:59 +0000
ROA not before:           Mon 02 Jan 2023 06:24:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209323
IP address blocks:        147.78.144.0/22 maxlen: 22
                          2a09:24c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:27:9d:5f:27:78:89:1f:b4:2d:81:c3:b2:70:a4:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f973209625e2a03ddeecf91bb480548e5729d479
        Validity
            Not Before: Jan  2 06:24:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d2892d327470123fc966eafcb00c043a884df69c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:89:66:09:d0:3b:f4:40:b7:d7:4e:99:11:02:
                    1c:e8:e3:fe:fd:b5:38:fa:ce:94:39:d7:27:1f:9c:
                    50:b1:75:92:8d:ce:5e:bd:16:1e:ba:ba:7c:84:e9:
                    e8:ab:36:29:74:6a:5f:68:9f:f1:d9:a7:2b:c0:89:
                    1e:97:73:90:94:85:b5:bf:9f:50:38:de:50:08:ea:
                    8e:f2:9f:ed:c9:5d:1b:77:8b:12:63:a0:29:ad:91:
                    dd:df:b1:97:64:87:b9:c3:06:5d:a6:2b:bd:1a:83:
                    f4:55:ff:58:f2:c3:5e:d6:95:1b:47:62:e3:77:85:
                    b4:76:45:77:ae:78:e0:1c:34:d7:7f:bc:34:a1:3d:
                    95:e2:3d:e5:21:ce:eb:82:9b:f7:09:7a:33:31:07:
                    e7:c9:c1:4f:e7:5a:52:c8:d5:4a:33:13:f0:27:50:
                    86:ef:ac:27:f1:70:15:8f:3e:6a:4c:3a:d2:f0:e9:
                    00:4c:61:7c:02:13:2b:d3:32:dd:77:76:19:d3:8a:
                    b1:f5:d8:42:32:40:d9:43:0f:cc:37:63:06:6f:60:
                    92:7d:3a:51:a2:6c:69:5a:b1:ff:9c:d8:7e:3d:1d:
                    00:41:c4:42:7e:ac:8b:12:af:01:41:62:43:68:65:
                    b2:fd:e0:6c:58:8b:f2:1d:ca:c2:4e:1f:0e:2c:50:
                    bc:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:89:2D:32:74:70:12:3F:C9:66:EA:FC:B0:0C:04:3A:88:4D:F6:9C
            X509v3 Authority Key Identifier:
                keyid:F9:73:20:96:25:E2:A0:3D:DE:EC:F9:1B:B4:80:54:8E:57:29:D4:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XMgliXioD3e7PkbtIBUjlcp1Hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/0oktMnRwEj_JZur8sAwEOohN9pw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/af54e8-bd63-427d-8cc8-f4ecebbb1ec2/1/1-XMgliXioD3e7PkbtIBUjlcp1Hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.144.0/22
                IPv6:
                  2a09:24c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:66:c9:27:2d:2d:fd:45:4e:cb:1c:f0:2a:9e:f3:80:82:25:
         3d:97:64:b1:17:d1:c4:c2:7e:77:b3:f1:d9:02:d2:46:7d:31:
         05:df:06:36:46:29:8f:6f:c6:a0:d8:9c:18:2d:87:2c:b9:98:
         d0:e8:08:23:a7:16:3e:2c:3d:1c:fe:8b:55:9e:27:6b:49:e1:
         81:65:99:81:84:e2:d0:31:ae:e8:b5:fc:47:72:f8:62:53:06:
         a1:ea:d2:d0:c1:03:31:47:77:f5:af:f7:64:51:8f:87:d2:d2:
         6c:bb:7b:96:61:cb:8b:1c:58:07:ed:9c:3f:12:11:83:c4:d7:
         f3:11:1b:13:7d:38:32:4a:80:78:c4:42:4e:68:fa:78:a7:0b:
         62:dd:06:86:d3:d1:aa:0e:6c:ef:e5:9c:af:c0:4e:a2:c4:68:
         0e:28:ad:a9:fe:2e:73:09:2b:a4:e7:89:05:97:86:e8:6e:d6:
         42:e3:48:b1:f5:4a:47:4e:da:b4:29:7f:ad:ac:be:ba:6d:9b:
         cc:d4:a9:de:0b:5b:7c:09:7d:36:50:31:6d:dc:fb:cc:c6:13:
         6f:4d:55:76:c4:86:af:0e:19:8f:6e:81:4e:32:96:55:43:8b:
         cb:c0:a8:06:33:61:a5:74:51:fa:15:34:d8:bc:00:74:e9:f8:
         53:a2:74:0f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVxJ51fJ3iJH7QtgcOycKSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NzMyMDk2MjVlMmEwM2RkZWVjZjkxYmI0ODA1NDhlNTcy
OWQ0NzkwHhcNMjMwMTAyMDYyNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjg5MmQzMjc0NzAxMjNmYzk2NmVhZmNiMDBjMDQzYTg4NGRmNjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAholmCdA79EC3106ZEQIc6OP+/bU4
+s6UOdcnH5xQsXWSjc5evRYeurp8hOnoqzYpdGpfaJ/x2acrwIkel3OQlIW1v59Q
ON5QCOqO8p/tyV0bd4sSY6AprZHd37GXZIe5wwZdpiu9GoP0Vf9Y8sNe1pUbR2Lj
d4W0dkV3rnjgHDTXf7w0oT2V4j3lIc7rgpv3CXozMQfnycFP51pSyNVKMxPwJ1CG
76wn8XAVjz5qTDrS8OkATGF8AhMr0zLdd3YZ04qx9dhCMkDZQw/MN2MGb2CSfTpR
omxpWrH/nNh+PR0AQcRCfqyLEq8BQWJDaGWy/eBsWIvyHcrCTh8OLFC8hQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNKJLTJ0cBI/yWbq/LAMBDqITfacMB8GA1UdIwQY
MBaAFPlzIJYl4qA93uz5G7SAVI5XKdR5MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YTWdsaVhpb0QzZTdQa2J0SUJVamxjcDFIay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYWY1NGU4LWJkNjMtNDI3ZC04Y2M4
LWY0ZWNlYmJiMWVjMi8xLzBva3RNblJ3RWpfSlp1cjhzQXdFT29oTjlwdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWQvYWY1NGU4LWJkNjMtNDI3ZC04Y2M4LWY0ZWNlYmJiMWVj
Mi8xLzEtWE1nbGlYaW9EM2U3UGtidElCVWpsY3AxSGsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAKTTpAw
DQQCAAIwBwMFACoJJMAwDQYJKoZIhvcNAQELBQADggEBAHxmySctLf1FTssc8Cqe
84CCJT2XZLEX0cTCfnez8dkC0kZ9MQXfBjZGKY9vxqDYnBgthyy5mNDoCCOnFj4s
PRz+i1WeJ2tJ4YFlmYGE4tAxrui1/Edy+GJTBqHq0tDBAzFHd/Wv92RRj4fS0my7
e5Zhy4scWAftnD8SEYPE1/MRGxN9ODJKgHjEQk5o+ninC2LdBobT0aoObO/lnK/A
TqLEaA4oran+LnMJK6TniQWXhuhu1kLjSLH1SkdO2rQpf62svrptm8zUqd4LW3wJ
fTZQMW3c+8zGE29NVXbEhq8OGY9ugU4yllVDi8vAqAYzYaV0UfoVNNi8AHTp+FOi
dA8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:25 2024 by rpki-client on console-fra.rpki-client.org