Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/TJlsK-hpURFOHyQad20OXsmwQAo.roa
File:                     TJlsK-hpURFOHyQad20OXsmwQAo.roa (raw, json)
Hash identifier:          a6wANBFTTCxFkSC8q4VWN1eYH7jwbVw1MgMLkY7wm78=
Subject key identifier:   4C:99:6C:2B:E8:69:51:11:4E:1F:24:1A:77:6D:0E:5E:C9:B0:40:0A
Certificate issuer:       /CN=37949ac84d0b86910f4fd3cf5962927d83450aeb
Certificate serial:       0185718303BCF9C9DDC4B67FA420F9B0419D
Authority key identifier: 37:94:9A:C8:4D:0B:86:91:0F:4F:D3:CF:59:62:92:7D:83:45:0A:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N5SayE0LhpEPT9PPWWKSfYNFCus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/TJlsK-hpURFOHyQad20OXsmwQAo.roa
Signing time:             Mon 02 Jan 2023 08:04:49 +0000
ROA not before:           Mon 02 Jan 2023 08:04:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30781
IP address blocks:        91.209.107.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:83:03:bc:f9:c9:dd:c4:b6:7f:a4:20:f9:b0:41:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37949ac84d0b86910f4fd3cf5962927d83450aeb
        Validity
            Not Before: Jan  2 08:04:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c996c2be86951114e1f241a776d0e5ec9b0400a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:78:4a:be:3f:ea:02:55:14:bd:2b:8c:67:b4:
                    62:da:5b:43:83:ee:ed:03:b3:13:07:90:76:0d:f2:
                    6a:84:12:bd:e9:f3:43:e9:6c:5c:88:ca:92:57:de:
                    b0:44:b8:a7:93:5c:b6:2e:0c:88:9c:79:31:f3:d7:
                    e8:0c:63:b6:87:d0:33:08:10:0d:e7:60:51:45:c2:
                    c9:b7:2d:c6:eb:ab:d5:cb:2c:51:24:1d:f7:46:e6:
                    ae:a4:bd:dc:fd:2d:08:b9:65:2e:20:c0:c0:49:a3:
                    93:d0:44:ce:34:ad:2d:3f:6f:b0:ab:af:c7:a7:07:
                    8a:1a:a1:29:d7:b8:da:3a:01:f5:59:75:1c:c6:88:
                    e2:a4:0b:9b:e4:24:a5:f8:f4:e1:a6:6c:0f:c4:dc:
                    23:df:79:17:e3:1c:a7:a4:b0:f9:b1:39:7b:1c:46:
                    e3:4a:bb:f2:44:7a:98:1a:5a:af:56:d1:f2:49:24:
                    ce:90:1d:59:a1:a0:de:d0:3d:0d:2d:e0:7c:d0:c3:
                    91:d9:81:bc:19:9f:bb:2c:de:0d:48:77:c8:24:09:
                    a8:0b:4b:4b:16:3f:4b:64:62:05:a7:ec:ee:fa:68:
                    e2:1d:f5:56:a4:a1:51:d7:e8:ca:2f:d7:2e:a0:46:
                    d1:f7:f9:6d:be:ae:d9:c1:a3:fd:5c:8d:2e:ab:1d:
                    d5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:99:6C:2B:E8:69:51:11:4E:1F:24:1A:77:6D:0E:5E:C9:B0:40:0A
            X509v3 Authority Key Identifier:
                keyid:37:94:9A:C8:4D:0B:86:91:0F:4F:D3:CF:59:62:92:7D:83:45:0A:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N5SayE0LhpEPT9PPWWKSfYNFCus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/TJlsK-hpURFOHyQad20OXsmwQAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/c28ea4-059c-49dd-9278-a4db396c8987/1/N5SayE0LhpEPT9PPWWKSfYNFCus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:68:62:5a:15:3c:27:8b:e9:2e:50:7f:35:77:72:f1:bd:43:
         d0:73:f6:62:0a:c5:ff:5e:5e:85:dc:6a:bf:c6:82:81:b0:12:
         e1:b4:70:22:55:dc:5d:1b:33:e7:4c:05:8e:13:30:c5:61:e3:
         87:e5:13:9f:d1:fb:dc:aa:f1:18:86:39:ec:c3:0b:24:f4:59:
         64:da:d7:b5:96:dd:38:6b:4b:b8:cc:e4:46:76:67:b4:52:54:
         4f:a7:6e:e2:05:a1:05:85:a6:01:58:23:d1:ab:3d:e2:c0:53:
         d5:ca:70:9a:41:65:d2:11:db:6c:57:28:ac:b1:d9:f7:c9:e1:
         cc:12:b8:bd:64:60:07:95:82:c5:41:14:55:80:97:75:36:2c:
         57:bf:0a:80:7e:fc:ce:fc:25:d9:1c:0c:13:95:ec:06:ae:47:
         60:81:32:8e:30:75:c6:8c:6d:ec:e8:c6:e5:6b:4f:08:35:d3:
         96:26:7e:eb:91:58:85:d1:66:2b:1d:e0:5c:7f:e9:4f:50:d2:
         3c:6b:72:f0:57:6b:39:9d:ba:11:50:c3:e9:b4:72:d2:f0:93:
         da:53:91:f2:3f:a3:63:56:a9:fa:3c:78:1d:f6:78:38:49:b6:
         9e:a2:68:fe:51:97:8a:b0:5e:6d:ea:3a:53:86:7a:f5:c3:5a:
         db:44:56:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxgwO8+cndxLZ/pCD5sEGdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3OTQ5YWM4NGQwYjg2OTEwZjRmZDNjZjU5NjI5MjdkODM0
NTBhZWIwHhcNMjMwMTAyMDgwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzk5NmMyYmU4Njk1MTExNGUxZjI0MWE3NzZkMGU1ZWM5YjA0MDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknhKvj/qAlUUvSuMZ7Ri2ltDg+7t
A7MTB5B2DfJqhBK96fND6WxciMqSV96wRLink1y2LgyInHkx89foDGO2h9AzCBAN
52BRRcLJty3G66vVyyxRJB33RuaupL3c/S0IuWUuIMDASaOT0ETONK0tP2+wq6/H
pweKGqEp17jaOgH1WXUcxojipAub5CSl+PThpmwPxNwj33kX4xynpLD5sTl7HEbj
SrvyRHqYGlqvVtHySSTOkB1ZoaDe0D0NLeB80MOR2YG8GZ+7LN4NSHfIJAmoC0tL
Fj9LZGIFp+zu+mjiHfVWpKFR1+jKL9cuoEbR9/ltvq7ZwaP9XI0uqx3VWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyZbCvoaVERTh8kGndtDl7JsEAKMB8GA1UdIwQY
MBaAFDeUmshNC4aRD0/Tz1likn2DRQrrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjVTYXlFMExocEVQVDlQUFdXS1NmWU5GQ3VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9jMjhlYTQtMDU5Yy00OWRkLTkyNzgt
YTRkYjM5NmM4OTg3LzEvVEpsc0staHBVUkZPSHlRYWQyME9Yc213UUFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9jMjhlYTQtMDU5Yy00OWRkLTkyNzgtYTRkYjM5NmM4OTg3
LzEvTjVTYXlFMExocEVQVDlQUFdXS1NmWU5GQ3VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FrMA0G
CSqGSIb3DQEBCwUAA4IBAQCvaGJaFTwni+kuUH81d3LxvUPQc/ZiCsX/Xl6F3Gq/
xoKBsBLhtHAiVdxdGzPnTAWOEzDFYeOH5ROf0fvcqvEYhjnswwsk9Flk2te1lt04
a0u4zORGdme0UlRPp27iBaEFhaYBWCPRqz3iwFPVynCaQWXSEdtsVyissdn3yeHM
Eri9ZGAHlYLFQRRVgJd1NixXvwqAfvzO/CXZHAwTlewGrkdggTKOMHXGjG3s6Mbl
a08INdOWJn7rkViF0WYrHeBcf+lPUNI8a3LwV2s5nboRUMPptHLS8JPaU5HyP6Nj
Vqn6PHgd9ng4Sbaeomj+UZeKsF5t6jpThnr1w1rbRFaS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:51 2024 by rpki-client on console-fra.rpki-client.org