Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/_5RO4xuh0XS-buORPeVHf3nt4xk.roa
File:                     _5RO4xuh0XS-buORPeVHf3nt4xk.roa (raw, json)
Hash identifier:          GwbwMbc9ETxupStOuHqXE5D/xVUoX4soH4nTHFzJxjI=
Subject key identifier:   FF:94:4E:E3:1B:A1:D1:74:BE:6E:E3:91:3D:E5:47:7F:79:ED:E3:19
Certificate issuer:       /CN=5d82ca6f8eb685a573e5d1d91f8f06121ab02a37
Certificate serial:       01856F42A09FE0574E56C723AD64C3C9E5A7
Authority key identifier: 5D:82:CA:6F:8E:B6:85:A5:73:E5:D1:D9:1F:8F:06:12:1A:B0:2A:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XYLKb462haVz5dHZH48GEhqwKjc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/_5RO4xuh0XS-buORPeVHf3nt4xk.roa
Signing time:             Sun 01 Jan 2023 21:35:15 +0000
ROA not before:           Sun 01 Jan 2023 21:35:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198949
IP address blocks:        91.231.192.0/22 maxlen: 22
                          91.231.192.0/24 maxlen: 24
                          91.231.194.0/24 maxlen: 24
                          91.231.193.0/24 maxlen: 24
                          91.231.195.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:42:a0:9f:e0:57:4e:56:c7:23:ad:64:c3:c9:e5:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d82ca6f8eb685a573e5d1d91f8f06121ab02a37
        Validity
            Not Before: Jan  1 21:35:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff944ee31ba1d174be6ee3913de5477f79ede319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:31:b7:21:ba:80:24:67:18:2a:56:c2:cc:57:
                    68:c2:1c:80:71:49:52:f6:ac:8a:51:2c:78:be:c4:
                    39:9c:25:2d:cc:7d:f5:08:77:c7:cd:02:49:e0:c8:
                    91:c3:5c:ea:84:29:1a:41:b6:6d:b4:1a:51:bc:13:
                    53:b1:8a:97:14:c1:a6:55:48:d5:4c:0c:9e:36:38:
                    72:c0:32:8a:4b:29:f2:31:cf:c7:48:9f:e9:20:81:
                    c7:b3:b5:73:b4:16:4f:c2:96:22:25:bd:89:36:c2:
                    41:5b:70:da:b7:bb:34:a9:7c:2c:7e:75:76:37:54:
                    87:8e:08:ff:b0:a9:ef:e8:ef:5d:91:e9:f1:91:05:
                    30:43:99:1f:0c:7d:d8:dc:91:48:51:fb:24:bd:b0:
                    1d:97:25:1b:1c:30:8b:f1:b5:ca:76:7c:e5:9b:5a:
                    8c:a2:2b:82:a9:bc:1e:0f:03:f4:44:49:19:5f:99:
                    14:ec:63:28:6e:e6:99:7f:98:0f:43:3b:fe:3b:74:
                    05:c5:1f:b0:e2:c3:b2:74:2f:dc:6a:c9:15:54:0d:
                    5d:f7:f9:94:a1:9b:67:9f:f2:0d:02:f2:8a:1a:be:
                    3d:db:ae:c8:53:fb:d6:2a:96:67:34:93:db:61:0f:
                    fc:1d:a6:9a:48:2a:b9:a0:b1:7e:f2:de:b3:40:e6:
                    be:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:94:4E:E3:1B:A1:D1:74:BE:6E:E3:91:3D:E5:47:7F:79:ED:E3:19
            X509v3 Authority Key Identifier:
                keyid:5D:82:CA:6F:8E:B6:85:A5:73:E5:D1:D9:1F:8F:06:12:1A:B0:2A:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XYLKb462haVz5dHZH48GEhqwKjc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/_5RO4xuh0XS-buORPeVHf3nt4xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/d54bc0-f781-48b0-9f6d-b5f0d21053f8/1/XYLKb462haVz5dHZH48GEhqwKjc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:b0:41:0c:ad:bb:e4:d0:92:16:60:60:74:0e:dc:ff:aa:e1:
         d7:64:e6:87:57:fa:e9:dd:0f:e9:12:2f:8b:1b:c2:96:ed:c5:
         9f:fa:e4:9b:58:21:39:ca:7f:a1:00:89:c6:07:ab:85:25:f1:
         92:fb:a7:43:1d:08:7e:0e:a6:9c:c1:9c:a7:f8:d5:03:47:61:
         4d:45:b4:34:08:6b:e7:db:8c:15:ff:5a:b6:88:b0:3a:d9:5a:
         1a:6b:69:77:06:87:5f:4d:aa:16:42:ec:6f:19:e7:b4:23:ad:
         d8:c3:a7:0a:4e:25:57:14:45:78:10:9e:03:09:75:f3:ec:3f:
         76:0c:58:0a:0e:39:ed:cc:ba:1c:e3:b4:db:cf:b0:d1:2b:2a:
         5b:6e:d2:45:69:52:a0:32:25:de:1a:2b:d4:17:60:f8:fc:46:
         b3:e0:d7:c4:9e:25:86:9e:40:ca:81:8b:88:32:bc:3b:20:c4:
         02:82:75:8c:d5:d5:32:c2:49:ae:78:d2:47:bc:f3:de:df:aa:
         e7:e5:22:25:4c:ba:b0:a3:8e:7b:11:a7:0e:a6:d1:4f:ff:33:
         f1:a2:e2:7b:9d:9b:dd:12:6a:d5:64:3b:47:25:1b:9f:24:3d:
         2c:a1:dd:6a:16:13:8c:63:e1:27:6e:0b:30:d9:ca:c9:df:af:
         a5:11:8e:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvQqCf4FdOVscjrWTDyeWnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkODJjYTZmOGViNjg1YTU3M2U1ZDFkOTFmOGYwNjEyMWFi
MDJhMzcwHhcNMjMwMTAxMjEzNTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjk0NGVlMzFiYTFkMTc0YmU2ZWUzOTEzZGU1NDc3Zjc5ZWRlMzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDG3IbqAJGcYKlbCzFdowhyAcUlS
9qyKUSx4vsQ5nCUtzH31CHfHzQJJ4MiRw1zqhCkaQbZttBpRvBNTsYqXFMGmVUjV
TAyeNjhywDKKSynyMc/HSJ/pIIHHs7VztBZPwpYiJb2JNsJBW3Dat7s0qXwsfnV2
N1SHjgj/sKnv6O9dkenxkQUwQ5kfDH3Y3JFIUfskvbAdlyUbHDCL8bXKdnzlm1qM
oiuCqbweDwP0REkZX5kU7GMobuaZf5gPQzv+O3QFxR+w4sOydC/caskVVA1d9/mU
oZtnn/INAvKKGr49267IU/vWKpZnNJPbYQ/8HaaaSCq5oLF+8t6zQOa+IwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP+UTuMbodF0vm7jkT3lR3957eMZMB8GA1UdIwQY
MBaAFF2Cym+OtoWlc+XR2R+PBhIasCo3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFlMS2I0NjJoYVZ6NWRIWkg0OEdFaHF3S2pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9kNTRiYzAtZjc4MS00OGIwLTlmNmQt
YjVmMGQyMTA1M2Y4LzEvXzVSTzR4dWgwWFMtYnVPUlBlVkhmM250NHhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9kNTRiYzAtZjc4MS00OGIwLTlmNmQtYjVmMGQyMTA1M2Y4
LzEvWFlMS2I0NjJoYVZ6NWRIWkg0OEdFaHF3S2pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+fAMA0G
CSqGSIb3DQEBCwUAA4IBAQAVsEEMrbvk0JIWYGB0Dtz/quHXZOaHV/rp3Q/pEi+L
G8KW7cWf+uSbWCE5yn+hAInGB6uFJfGS+6dDHQh+DqacwZyn+NUDR2FNRbQ0CGvn
24wV/1q2iLA62Voaa2l3BodfTaoWQuxvGee0I63Yw6cKTiVXFEV4EJ4DCXXz7D92
DFgKDjntzLoc47Tbz7DRKypbbtJFaVKgMiXeGivUF2D4/Eaz4NfEniWGnkDKgYuI
Mrw7IMQCgnWM1dUywkmueNJHvPPe36rn5SIlTLqwo457EacOptFP/zPxouJ7nZvd
EmrVZDtHJRufJD0sod1qFhOMY+Enbgsw2crJ36+lEY4d
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:42 2024 by rpki-client on console-fra.rpki-client.org