Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/LrZ3aOfe88F8s0xz3WiTf2RSBu8.roa
File:                     LrZ3aOfe88F8s0xz3WiTf2RSBu8.roa (raw, json)
Hash identifier:          GqdW274gwM259sCHDODNRI8fXShfz9H+5Mm3zo419Vg=
Subject key identifier:   2E:B6:77:68:E7:DE:F3:C1:7C:B3:4C:73:DD:68:93:7F:64:52:06:EF
Certificate issuer:       /CN=5ed99d49c4b0e46b2786842731e153485c8ac48b
Certificate serial:       01857030537DC119E5FD8883DE36CFAA73E4
Authority key identifier: 5E:D9:9D:49:C4:B0:E4:6B:27:86:84:27:31:E1:53:48:5C:8A:C4:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/LrZ3aOfe88F8s0xz3WiTf2RSBu8.roa
Signing time:             Mon 02 Jan 2023 01:54:53 +0000
ROA not before:           Mon 02 Jan 2023 01:54:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3303
IP address blocks:        91.209.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 10:30:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:53:7d:c1:19:e5:fd:88:83:de:36:cf:aa:73:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ed99d49c4b0e46b2786842731e153485c8ac48b
        Validity
            Not Before: Jan  2 01:54:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2eb67768e7def3c17cb34c73dd68937f645206ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:66:2d:78:73:8d:20:13:66:96:b3:e8:de:02:
                    8d:da:07:5e:6b:93:cb:0c:e0:b7:a3:9d:ae:c2:e4:
                    66:4e:3a:e7:5e:1f:c6:1e:37:c7:f1:57:a1:af:6d:
                    22:89:a0:9c:06:64:b7:6b:07:74:db:85:94:15:02:
                    c3:80:64:d6:22:13:a5:00:ef:b1:66:11:cd:60:35:
                    e9:8b:8b:8e:9a:6c:6e:7d:ec:ca:76:1f:f0:ee:0e:
                    39:f7:ed:77:57:93:94:1b:70:36:ed:d2:09:22:b5:
                    a6:3c:d6:08:60:34:ea:84:17:12:13:fe:82:da:4b:
                    05:45:ca:88:30:cf:2e:f5:e4:ed:12:d6:be:ab:1a:
                    b7:af:a0:80:f9:d6:c9:91:61:59:45:65:17:67:3b:
                    1e:ae:0f:90:44:0f:33:f1:53:53:83:ee:9d:e5:7b:
                    e7:0c:fb:fd:e2:b9:e7:41:00:1f:48:1a:1f:fb:64:
                    28:ff:63:37:39:43:9d:13:d3:97:f2:32:ba:c6:fa:
                    b9:31:ec:60:ea:a8:da:71:00:f4:7b:0f:e4:45:af:
                    0f:e5:64:65:a8:3f:b2:ef:23:69:a0:b9:90:57:45:
                    f3:0b:b4:02:98:16:55:64:4c:d1:c5:92:7b:32:f1:
                    67:97:83:8f:aa:5b:45:ba:c2:7d:49:1c:29:38:e9:
                    ee:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B6:77:68:E7:DE:F3:C1:7C:B3:4C:73:DD:68:93:7F:64:52:06:EF
            X509v3 Authority Key Identifier:
                keyid:5E:D9:9D:49:C4:B0:E4:6B:27:86:84:27:31:E1:53:48:5C:8A:C4:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XtmdScSw5GsnhoQnMeFTSFyKxIs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/LrZ3aOfe88F8s0xz3WiTf2RSBu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9b893e-7b0c-41aa-a951-90c3afc7c947/1/XtmdScSw5GsnhoQnMeFTSFyKxIs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:05:07:9c:8c:64:51:6b:1a:b3:4f:e6:06:66:b4:cd:26:a1:
         f6:08:65:36:47:7e:ff:47:b2:ca:70:67:60:b7:fa:9f:82:cd:
         06:8c:bd:f4:94:15:72:76:10:e0:7a:ae:70:82:a2:9b:bb:c4:
         82:55:0a:53:bd:00:c4:49:fd:3f:b7:0a:37:dc:2e:7e:5b:67:
         e6:81:93:11:62:7c:c2:f1:df:f6:a8:9c:a2:93:12:1a:83:3b:
         d6:e2:c4:9f:45:5d:a3:91:6f:40:af:cc:4c:36:68:32:5b:27:
         2e:d2:2c:ad:b1:48:7f:fe:8c:37:05:00:9c:bd:1c:9a:c6:b8:
         93:03:8f:c8:f0:6f:93:ff:57:da:cd:29:d9:98:88:93:62:75:
         af:62:52:6d:61:b6:f6:e4:f9:d8:df:d3:ce:48:af:1d:e8:3b:
         d2:81:43:06:9d:a2:d8:fe:b1:bc:88:e8:e2:cc:43:a3:92:ee:
         d9:87:eb:d6:ad:d4:51:eb:57:b2:19:d8:23:97:f5:15:87:13:
         f0:80:e9:23:6f:71:1b:15:50:d7:29:3c:57:c4:93:ee:4e:97:
         ca:54:5b:17:81:32:b4:2e:91:45:7b:52:de:07:0d:1d:fc:4e:
         b7:9c:e0:87:17:80:c8:de:7a:6a:df:81:9b:7a:48:78:87:52:
         70:79:34:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwMFN9wRnl/YiD3jbPqnPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZDk5ZDQ5YzRiMGU0NmIyNzg2ODQyNzMxZTE1MzQ4NWM4
YWM0OGIwHhcNMjMwMTAyMDE1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWI2Nzc2OGU3ZGVmM2MxN2NiMzRjNzNkZDY4OTM3ZjY0NTIwNmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmYteHONIBNmlrPo3gKN2gdea5PL
DOC3o52uwuRmTjrnXh/GHjfH8Vehr20iiaCcBmS3awd024WUFQLDgGTWIhOlAO+x
ZhHNYDXpi4uOmmxufezKdh/w7g459+13V5OUG3A27dIJIrWmPNYIYDTqhBcSE/6C
2ksFRcqIMM8u9eTtEta+qxq3r6CA+dbJkWFZRWUXZzserg+QRA8z8VNTg+6d5Xvn
DPv94rnnQQAfSBof+2Qo/2M3OUOdE9OX8jK6xvq5Mexg6qjacQD0ew/kRa8P5WRl
qD+y7yNpoLmQV0XzC7QCmBZVZEzRxZJ7MvFnl4OPqltFusJ9SRwpOOnuvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC62d2jn3vPBfLNMc91ok39kUgbvMB8GA1UdIwQY
MBaAFF7ZnUnEsORrJ4aEJzHhU0hcisSLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHRtZFNjU3c1R3NuaG9Rbk1lRlRTRnlLeElzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS85Yjg5M2UtN2IwYy00MWFhLWE5NTEt
OTBjM2FmYzdjOTQ3LzEvTHJaM2FPZmU4OEY4czB4ejNXaVRmMlJTQnU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS85Yjg5M2UtN2IwYy00MWFhLWE5NTEtOTBjM2FmYzdjOTQ3
LzEvWHRtZFNjU3c1R3NuaG9Rbk1lRlRTRnlLeElzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GqMA0G
CSqGSIb3DQEBCwUAA4IBAQASBQecjGRRaxqzT+YGZrTNJqH2CGU2R37/R7LKcGdg
t/qfgs0GjL30lBVydhDgeq5wgqKbu8SCVQpTvQDESf0/two33C5+W2fmgZMRYnzC
8d/2qJyikxIagzvW4sSfRV2jkW9Ar8xMNmgyWycu0iytsUh//ow3BQCcvRyaxriT
A4/I8G+T/1fazSnZmIiTYnWvYlJtYbb25PnY39POSK8d6DvSgUMGnaLY/rG8iOji
zEOjku7Zh+vWrdRR61eyGdgjl/UVhxPwgOkjb3EbFVDXKTxXxJPuTpfKVFsXgTK0
LpFFe1LeBw0d/E63nOCHF4DI3npq34Gbekh4h1JweTQa
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:56 2024 by rpki-client on console-fra.rpki-client.org