Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/khKU2eXNh-JmOtuNfKzDJHeoHto.roa
File:                     khKU2eXNh-JmOtuNfKzDJHeoHto.roa (raw, json)
Hash identifier:          ywJBrHpAcHsqVcGqKaRxNPk46QseUi5IcvbfpCVrkB8=
Subject key identifier:   92:12:94:D9:E5:CD:87:E2:66:3A:DB:8D:7C:AC:C3:24:77:A8:1E:DA
Certificate issuer:       /CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
Certificate serial:       01856DD3EEEE4B77EB8FC4C9AA949F03692D
Authority key identifier: 66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/khKU2eXNh-JmOtuNfKzDJHeoHto.roa
Signing time:             Sun 01 Jan 2023 14:54:43 +0000
ROA not before:           Sun 01 Jan 2023 14:54:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200363
IP address blocks:        91.197.232.0/24 maxlen: 24
                          91.197.233.0/24 maxlen: 24
                          2a01:af::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:d3:ee:ee:4b:77:eb:8f:c4:c9:aa:94:9f:03:69:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
        Validity
            Not Before: Jan  1 14:54:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=921294d9e5cd87e2663adb8d7cacc32477a81eda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fa:71:4c:e6:07:0f:0d:1a:a9:4a:97:7b:c1:
                    51:5a:b1:8f:ff:c2:a5:b0:45:ab:e9:38:4b:f9:26:
                    11:58:84:aa:54:3e:d6:66:d8:ab:71:67:96:6d:e5:
                    c3:10:1d:82:46:7b:fe:ce:41:44:8e:09:0f:23:03:
                    93:aa:71:27:6d:ea:54:9c:38:8c:76:41:0b:6e:85:
                    f9:38:3b:b2:e7:2b:48:cd:b8:44:05:3d:d1:46:28:
                    ae:f4:aa:6f:d2:fa:8f:53:1d:83:e5:be:d1:09:56:
                    e7:55:90:eb:1d:7e:79:84:62:84:c5:ba:cf:84:59:
                    fb:02:9a:dc:92:58:5f:27:2e:87:13:f9:8b:99:a7:
                    4c:3b:30:63:49:cb:99:71:cc:ca:72:3f:3b:d7:8e:
                    5b:b2:0b:c7:68:fc:ae:3a:53:a5:67:38:c1:b1:ad:
                    a2:55:da:c9:dc:23:c1:05:e2:a9:6b:ae:6a:97:fa:
                    98:0c:69:1d:ce:e5:5e:5c:f9:3b:a4:84:cc:d7:7e:
                    b8:2c:5a:23:ab:57:d0:49:6b:dc:1d:2c:a2:b5:04:
                    b7:67:b4:3b:c3:63:b3:d9:47:07:b3:ba:1a:7c:3d:
                    5f:ba:92:5c:42:08:06:49:fa:52:e8:35:c2:63:51:
                    6e:83:32:24:bd:0e:49:97:96:cb:92:9c:80:56:af:
                    52:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:12:94:D9:E5:CD:87:E2:66:3A:DB:8D:7C:AC:C3:24:77:A8:1E:DA
            X509v3 Authority Key Identifier:
                keyid:66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/khKU2eXNh-JmOtuNfKzDJHeoHto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.232.0/23
                IPv6:
                  2a01:af::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:d1:53:c5:c5:f5:49:ac:ee:91:ff:7c:ca:d5:3f:2d:2a:e4:
         48:de:18:77:1c:f0:a9:7f:2c:e9:73:c4:04:86:be:64:00:b6:
         4e:c2:d6:82:4c:c2:69:34:1c:73:7f:79:f2:4a:7f:d8:d2:83:
         75:01:da:7a:c5:0a:c2:11:e3:25:bd:e8:c6:a9:1a:77:f3:cb:
         47:9f:28:a7:e5:a3:f7:e6:c9:01:85:fe:f8:97:41:4f:d6:b8:
         30:05:5f:b0:00:49:47:52:b9:c0:34:7a:a8:84:dc:6f:9f:39:
         75:a6:52:93:62:15:3e:c5:8c:ba:bb:cf:97:ba:3b:61:9f:f8:
         1e:6e:91:55:a8:77:34:96:b3:02:81:15:c0:1d:65:e8:e8:99:
         c5:f2:53:32:d9:80:8a:1e:cb:c6:c2:0c:e9:c8:70:ab:19:71:
         66:5f:1e:5a:ee:19:31:51:37:94:23:dd:f9:79:cf:82:8d:09:
         ba:b6:df:dc:29:c5:45:73:06:cc:34:fa:0e:6d:58:ec:e8:9e:
         a9:25:02:59:21:25:cf:c1:98:98:44:0e:91:96:39:dd:3b:0c:
         e0:f6:db:2a:e8:f8:97:52:15:9c:32:19:71:d0:bc:c3:f8:53:
         0c:77:33:0f:b2:26:39:d2:cb:21:a2:c9:ce:2c:0c:e0:30:c0:
         38:04:6b:73
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVt0+7uS3frj8TJqpSfA2ktMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTZhZWE2YmFiNzljNDhmNWRkZWU0YTQ2YmY0YWI2NGQ4
NjMxNjAwHhcNMjMwMTAxMTQ1NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjEyOTRkOWU1Y2Q4N2UyNjYzYWRiOGQ3Y2FjYzMyNDc3YTgxZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfpxTOYHDw0aqUqXe8FRWrGP/8Kl
sEWr6ThL+SYRWISqVD7WZtircWeWbeXDEB2CRnv+zkFEjgkPIwOTqnEnbepUnDiM
dkELboX5ODuy5ytIzbhEBT3RRiiu9Kpv0vqPUx2D5b7RCVbnVZDrHX55hGKExbrP
hFn7AprcklhfJy6HE/mLmadMOzBjScuZcczKcj87145bsgvHaPyuOlOlZzjBsa2i
VdrJ3CPBBeKpa65ql/qYDGkdzuVeXPk7pITM1364LFojq1fQSWvcHSyitQS3Z7Q7
w2Oz2UcHs7oafD1fupJcQggGSfpS6DXCY1FugzIkvQ5Jl5bLkpyAVq9SrQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJISlNnlzYfiZjrbjXyswyR3qB7aMB8GA1UdIwQY
MBaAFGaWrqa6t5xI9d3uSka/SrZNhjFgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2Qt
ZjAxOThjNmMyNDc0LzEva2hLVTJlWE5oLUptT3R1TmZLekRKSGVvSHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2QtZjAxOThjNmMyNDc0
LzEvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW8XoMA0E
AgACMAcDBQAqAQCvMA0GCSqGSIb3DQEBCwUAA4IBAQA40VPFxfVJrO6R/3zK1T8t
KuRI3hh3HPCpfyzpc8QEhr5kALZOwtaCTMJpNBxzf3nySn/Y0oN1Adp6xQrCEeMl
vejGqRp388tHnyin5aP35skBhf74l0FP1rgwBV+wAElHUrnANHqohNxvnzl1plKT
YhU+xYy6u8+Xujthn/gebpFVqHc0lrMCgRXAHWXo6JnF8lMy2YCKHsvGwgzpyHCr
GXFmXx5a7hkxUTeUI935ec+CjQm6tt/cKcVFcwbMNPoObVjs6J6pJQJZISXPwZiY
RA6RljndOwzg9tsq6PiXUhWcMhlx0LzD+FMMdzMPsiY50sshosnOLAzgMMA4BGtz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:39 2024 by rpki-client on console-fra.rpki-client.org