Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/IbY91K4sg1jN4_JaRIuIqXlf9Nw.roa
File:                     IbY91K4sg1jN4_JaRIuIqXlf9Nw.roa (raw, json)
Hash identifier:          AnYE+cuteB3N6kWPPajiOOTVlQ+AZgWFukmD160ZYw0=
Subject key identifier:   21:B6:3D:D4:AE:2C:83:58:CD:E3:F2:5A:44:8B:88:A9:79:5F:F4:DC
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018C3591786A1D3AE997B6D55A885491B93E
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/IbY91K4sg1jN4_JaRIuIqXlf9Nw.roa
Signing time:             Mon 04 Dec 2023 16:02:55 +0000
ROA not before:           Mon 04 Dec 2023 16:02:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212487
IP address blocks:        109.248.61.0/24 maxlen: 24
                          46.8.219.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:35:91:78:6a:1d:3a:e9:97:b6:d5:5a:88:54:91:b9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Dec  4 16:02:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21b63dd4ae2c8358cde3f25a448b88a9795ff4dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:48:83:f4:0f:97:68:95:9d:28:f5:d5:03:06:
                    df:ab:07:4a:22:51:38:ca:1e:1f:fd:87:dd:c9:c2:
                    bd:4c:fa:5d:d1:56:54:fc:54:48:18:28:f2:64:b5:
                    57:4c:31:a3:40:7e:e6:f9:22:8d:6b:32:fd:48:83:
                    87:7f:f3:cb:77:2b:f3:fc:bf:cd:48:23:75:cf:85:
                    ad:93:4e:26:7a:40:1f:18:2b:19:3d:b8:6d:10:bb:
                    6f:31:47:c3:24:ca:55:b7:43:1d:5d:c3:ae:5c:ee:
                    2d:72:93:f0:dd:0c:07:a3:71:55:3b:ee:23:9a:ce:
                    aa:d2:11:12:22:1c:8c:bb:5d:f2:15:91:4c:50:d2:
                    74:b0:a0:95:e7:95:d0:3d:dd:b5:f7:b3:04:3e:bc:
                    ad:76:11:7d:e2:77:ef:49:fd:ed:26:e2:46:33:87:
                    3f:23:62:1d:f5:17:f3:ef:55:f7:bd:f0:cc:b4:0d:
                    00:0c:d3:94:ab:54:2e:54:0a:45:ab:27:01:7f:f7:
                    14:6b:d1:60:cf:66:df:e3:3e:d0:e5:cd:f4:96:22:
                    15:49:8b:ba:a7:f8:c5:39:fa:dc:60:a0:88:d7:82:
                    16:4f:19:0e:6e:58:dd:71:2e:0d:b5:93:0f:89:58:
                    92:0b:e8:bd:2d:03:74:c8:c9:07:47:f4:03:cc:56:
                    d9:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B6:3D:D4:AE:2C:83:58:CD:E3:F2:5A:44:8B:88:A9:79:5F:F4:DC
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/IbY91K4sg1jN4_JaRIuIqXlf9Nw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.219.0/24
                  109.248.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:5e:9f:1f:ba:5c:0a:f0:51:1b:ab:76:ca:2a:49:ab:6a:03:
         45:11:86:96:48:52:4c:a7:92:6f:9e:99:30:c8:46:14:c9:0e:
         b3:78:85:1f:7e:4c:26:10:e1:26:9e:7e:87:88:f1:a9:e3:48:
         5f:c8:65:07:7e:e2:16:21:76:c4:ce:d3:19:aa:68:7e:ec:aa:
         9b:ab:bb:44:60:fc:b1:0c:19:ad:57:b8:65:aa:ab:7d:38:34:
         99:b6:57:61:10:0c:e2:2b:88:05:99:30:b6:38:8a:3c:d8:aa:
         a6:75:29:d4:12:b6:dc:59:9a:2c:1f:a8:b8:7c:41:46:f5:22:
         5c:f0:97:71:5c:56:85:2c:4e:f8:68:e5:20:ba:56:df:0e:bc:
         a7:00:30:e6:00:ba:0e:80:a2:f8:34:39:39:50:f3:ac:e6:b0:
         d7:3d:c2:59:bb:15:ff:bf:96:4e:13:1d:26:d3:31:9d:37:cf:
         f2:3c:dc:33:9b:a1:72:75:1f:cc:ff:b0:b6:93:c7:85:25:ff:
         c2:45:5b:70:cc:e9:a0:c4:9a:93:17:47:0b:2a:00:8c:bb:e1:
         e5:c1:ee:81:fa:ec:05:74:86:9a:45:84:f7:21:01:9a:c1:9a:
         6f:25:f2:bd:f8:4c:d6:5e:24:e6:3f:90:8c:19:c5:06:4c:23:
         33:29:c7:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYw1kXhqHTrpl7bVWohUkbk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjMxMjA0MTYwMjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWI2M2RkNGFlMmM4MzU4Y2RlM2YyNWE0NDhiODhhOTc5NWZmNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUiD9A+XaJWdKPXVAwbfqwdKIlE4
yh4f/YfdycK9TPpd0VZU/FRIGCjyZLVXTDGjQH7m+SKNazL9SIOHf/PLdyvz/L/N
SCN1z4Wtk04mekAfGCsZPbhtELtvMUfDJMpVt0MdXcOuXO4tcpPw3QwHo3FVO+4j
ms6q0hESIhyMu13yFZFMUNJ0sKCV55XQPd2197MEPrytdhF94nfvSf3tJuJGM4c/
I2Id9Rfz71X3vfDMtA0ADNOUq1QuVApFqycBf/cUa9Fgz2bf4z7Q5c30liIVSYu6
p/jFOfrcYKCI14IWTxkObljdcS4NtZMPiViSC+i9LQN0yMkHR/QDzFbZ3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCG2PdSuLINYzePyWkSLiKl5X/TcMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvSWJZOTFLNHNnMWpONF9KYVJJdUlxWGxmOU53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALgjbAwQA
bfg9MA0GCSqGSIb3DQEBCwUAA4IBAQAgXp8fulwK8FEbq3bKKkmragNFEYaWSFJM
p5JvnpkwyEYUyQ6zeIUffkwmEOEmnn6HiPGp40hfyGUHfuIWIXbEztMZqmh+7Kqb
q7tEYPyxDBmtV7hlqqt9ODSZtldhEAziK4gFmTC2OIo82KqmdSnUErbcWZosH6i4
fEFG9SJc8JdxXFaFLE74aOUgulbfDrynADDmALoOgKL4NDk5UPOs5rDXPcJZuxX/
v5ZOEx0m0zGdN8/yPNwzm6FydR/M/7C2k8eFJf/CRVtwzOmgxJqTF0cLKgCMu+Hl
we6B+uwFdIaaRYT3IQGawZpvJfK9+EzWXiTmP5CMGcUGTCMzKcf7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org