Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/xDDSpfGM8hv7D_BZGpZp_aqmcnU.roa
File:                     xDDSpfGM8hv7D_BZGpZp_aqmcnU.roa (raw, json)
Hash identifier:          +M5ywDqYvLZXH8AaroSDln4rUdzR/8cLrMExYTDf/j0=
Subject key identifier:   C4:30:D2:A5:F1:8C:F2:1B:FB:0F:F0:59:1A:96:69:FD:AA:A6:72:75
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       018ADB02F234CC7D206965706B9A20D93BDD
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/xDDSpfGM8hv7D_BZGpZp_aqmcnU.roa
Signing time:             Thu 28 Sep 2023 08:58:37 +0000
ROA not before:           Thu 28 Sep 2023 08:58:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        141.226.246.0/24 maxlen: 24
                          141.226.244.0/24 maxlen: 24
                          141.226.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 01 Oct 2023 09:14:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:db:02:f2:34:cc:7d:20:69:65:70:6b:9a:20:d9:3b:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: Sep 28 08:58:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c430d2a5f18cf21bfb0ff0591a9669fdaaa67275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b0:a7:2f:eb:6b:12:a6:28:5b:11:70:78:1d:
                    c8:71:b0:28:ee:91:e7:89:84:54:83:6c:15:ec:26:
                    15:af:83:88:b4:bc:d4:dc:74:aa:f0:45:a3:08:e4:
                    a7:95:48:48:11:a9:eb:3b:0a:c5:1a:0d:03:9d:17:
                    e9:03:a7:b0:88:6d:98:81:34:94:8e:5c:58:4b:81:
                    0f:15:0d:d3:d6:ae:4f:62:3f:cb:5d:e5:17:29:29:
                    37:1b:65:41:93:8e:44:85:11:34:55:de:89:c0:0b:
                    48:d3:1b:61:73:16:0a:c1:8d:f6:3f:6e:c1:e1:94:
                    94:e2:82:ca:0e:b2:4c:9d:c5:48:94:e0:a7:df:16:
                    87:d5:b4:16:ff:0d:42:e1:a0:bb:2d:3b:f7:59:11:
                    77:02:10:cd:e4:79:a7:26:ca:46:d6:2b:19:8c:a6:
                    d3:b1:58:54:d0:35:13:a7:ee:36:e3:c3:fc:de:db:
                    26:e4:f3:5f:0a:db:75:59:da:d8:5f:ce:80:71:16:
                    ff:f3:02:cd:a2:15:a2:1b:ac:bf:7e:50:ee:d7:e9:
                    82:4c:fe:2a:e4:cd:ce:40:ca:2e:55:31:f6:a4:ff:
                    2e:85:7a:93:e9:d4:9c:07:ab:db:ec:19:d7:a4:65:
                    f4:60:1f:db:16:a2:17:65:c4:28:70:4c:38:5f:54:
                    f1:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:30:D2:A5:F1:8C:F2:1B:FB:0F:F0:59:1A:96:69:FD:AA:A6:72:75
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/xDDSpfGM8hv7D_BZGpZp_aqmcnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.244.0/24
                  141.226.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:e9:f3:db:69:b6:61:00:ce:12:3e:2d:21:a8:b7:c8:f0:f1:
         3f:1e:1a:a4:ff:dd:43:03:13:41:b3:a5:d3:ab:bf:3d:6b:2a:
         4c:cc:38:17:04:5a:16:b5:ef:a9:90:61:44:c7:ba:70:f1:6c:
         46:0d:f4:37:9c:37:4d:75:bd:1a:b5:7b:ee:ef:b7:3d:a0:bc:
         ad:71:f5:60:ef:0c:44:e9:65:60:d5:ad:04:7f:f9:22:58:c0:
         40:4f:e0:cc:98:e3:8c:68:59:05:50:da:d9:18:4d:79:38:c2:
         4f:69:8a:aa:76:41:d6:48:6d:70:fe:a8:fc:a5:4b:2a:c2:fa:
         07:a2:a0:4d:72:77:8c:92:dc:b3:75:62:1c:71:48:62:9e:09:
         6f:44:eb:38:83:b0:70:09:7f:cf:da:76:fe:a8:32:bc:a6:47:
         94:f4:9b:e5:f4:d8:4e:27:b6:a4:63:55:fe:c5:43:cd:02:59:
         87:eb:be:07:9d:d4:bc:48:b0:40:77:db:e2:8a:c4:f8:0d:84:
         02:36:de:a5:f4:b5:ea:d3:f5:81:3d:61:6b:b3:81:e6:31:e6:
         fa:d6:a7:51:ee:10:08:e6:51:09:c7:2e:15:7b:83:b8:f2:e4:
         f4:2d:2f:1b:ff:6b:1d:3a:f6:15:7e:aa:4e:0a:af:5c:19:64:
         ba:54:19:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYrbAvI0zH0gaWVwa5og2TvdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjMwOTI4MDg1ODM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDMwZDJhNWYxOGNmMjFiZmIwZmYwNTkxYTk2NjlmZGFhYTY3Mjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7CnL+trEqYoWxFweB3IcbAo7pHn
iYRUg2wV7CYVr4OItLzU3HSq8EWjCOSnlUhIEanrOwrFGg0DnRfpA6ewiG2YgTSU
jlxYS4EPFQ3T1q5PYj/LXeUXKSk3G2VBk45EhRE0Vd6JwAtI0xthcxYKwY32P27B
4ZSU4oLKDrJMncVIlOCn3xaH1bQW/w1C4aC7LTv3WRF3AhDN5HmnJspG1isZjKbT
sVhU0DUTp+4248P83tsm5PNfCtt1WdrYX86AcRb/8wLNohWiG6y/flDu1+mCTP4q
5M3OQMouVTH2pP8uhXqT6dScB6vb7BnXpGX0YB/bFqIXZcQocEw4X1Tx0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMQw0qXxjPIb+w/wWRqWaf2qpnJ1MB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEveEREU3BmR004aHY3RF9CWkdwWnBfYXFtY25VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjeL0AwQB
jeL2MA0GCSqGSIb3DQEBCwUAA4IBAQBt6fPbabZhAM4SPi0hqLfI8PE/Hhqk/91D
AxNBs6XTq789aypMzDgXBFoWte+pkGFEx7pw8WxGDfQ3nDdNdb0atXvu77c9oLyt
cfVg7wxE6WVg1a0Ef/kiWMBAT+DMmOOMaFkFUNrZGE15OMJPaYqqdkHWSG1w/qj8
pUsqwvoHoqBNcneMktyzdWIccUhinglvROs4g7BwCX/P2nb+qDK8pkeU9Jvl9NhO
J7akY1X+xUPNAlmH674HndS8SLBAd9viisT4DYQCNt6l9LXq0/WBPWFrs4HmMeb6
1qdR7hAI5lEJxy4Ve4O48uT0LS8b/2sdOvYVfqpOCq9cGWS6VBn6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:38 2024 by rpki-client on console-ams.rpki-client.org