Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/cOODB5JEkDOms9ICbR0WD36yagc.roa
File:                     cOODB5JEkDOms9ICbR0WD36yagc.roa (raw, json)
Hash identifier:          kxFghFAMJ7RN1F96xoZxbs7uBwkVjTVBfouSlGiO/C8=
Subject key identifier:   70:E3:83:07:92:44:90:33:A6:B3:D2:02:6D:1D:16:0F:7E:B2:6A:07
Certificate issuer:       /CN=67af9014b0dedd2c04840ae385b5339f6c6790f5
Certificate serial:       01856E6FB57500C18616FFE3E0CE01BBB982
Authority key identifier: 67:AF:90:14:B0:DE:DD:2C:04:84:0A:E3:85:B5:33:9F:6C:67:90:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/cOODB5JEkDOms9ICbR0WD36yagc.roa
Signing time:             Sun 01 Jan 2023 17:44:52 +0000
ROA not before:           Sun 01 Jan 2023 17:44:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51957
IP address blocks:        91.221.156.0/23 maxlen: 23
                          2a00:5180::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:6f:b5:75:00:c1:86:16:ff:e3:e0:ce:01:bb:b9:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67af9014b0dedd2c04840ae385b5339f6c6790f5
        Validity
            Not Before: Jan  1 17:44:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=70e3830792449033a6b3d2026d1d160f7eb26a07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:a8:39:5d:62:6f:cf:69:eb:56:f5:d0:76:87:
                    22:f8:05:44:e8:e2:e9:e4:64:78:5d:a9:bd:6b:d7:
                    72:e6:a9:2b:f7:f5:68:ae:6e:a7:18:d4:0f:12:62:
                    71:0b:04:87:9a:3b:bb:da:c0:17:1e:77:f5:9d:3a:
                    64:67:3c:2d:45:b1:a7:1b:6d:b9:10:00:b6:01:d0:
                    41:7d:07:6a:e4:38:1d:bc:ee:1c:28:d9:65:73:28:
                    93:d6:00:19:89:7c:80:26:a5:1d:85:8e:8d:10:c5:
                    4e:d0:78:97:52:de:0f:13:80:36:68:2c:cd:b3:15:
                    3e:12:6b:e5:1e:de:03:33:30:ff:95:2e:e9:55:57:
                    36:58:27:1e:01:78:4f:63:48:c9:cf:35:3a:94:29:
                    31:ed:2b:c3:bd:63:f2:d3:a8:ec:17:72:6a:98:54:
                    57:94:07:65:57:2c:30:9e:b1:8e:f3:3a:39:45:6a:
                    54:b4:51:70:b4:d3:ba:67:35:e2:4b:99:86:ae:16:
                    98:32:31:9b:e5:6e:cf:62:24:d8:1c:ec:b5:c4:48:
                    4e:fa:51:03:5b:b5:73:fc:68:8e:96:2a:a9:82:84:
                    2b:d7:aa:e5:b5:c0:9b:95:43:4d:85:b4:9b:55:ef:
                    9b:8a:94:4e:0c:ff:3a:ec:01:8a:bf:3a:26:86:d9:
                    75:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:E3:83:07:92:44:90:33:A6:B3:D2:02:6D:1D:16:0F:7E:B2:6A:07
            X509v3 Authority Key Identifier:
                keyid:67:AF:90:14:B0:DE:DD:2C:04:84:0A:E3:85:B5:33:9F:6C:67:90:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z6-QFLDe3SwEhArjhbUzn2xnkPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/cOODB5JEkDOms9ICbR0WD36yagc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/7c66b0-c808-45a1-9b50-5e758e81eff6/1/Z6-QFLDe3SwEhArjhbUzn2xnkPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.156.0/23
                IPv6:
                  2a00:5180::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:c3:b1:44:cf:b0:01:9e:68:26:b8:38:e4:eb:3e:dd:1a:a1:
         d8:a7:a1:ba:06:21:02:e4:b1:d3:69:12:30:ba:d2:f9:f9:71:
         c3:83:f1:80:b4:83:b6:96:95:8d:bf:b7:40:16:23:8c:eb:9a:
         e7:6e:94:68:19:c8:5f:39:12:85:85:13:47:b0:21:cf:71:ed:
         bf:51:6a:5c:74:36:dd:a5:b6:9c:61:17:76:15:d2:e2:d9:ce:
         7a:52:eb:a2:a1:7d:37:b5:0f:35:eb:7f:fa:30:33:1b:23:c1:
         08:13:64:83:c2:5e:c2:fb:d2:9e:25:d4:71:04:c6:73:ce:87:
         5c:24:87:44:ee:e4:3f:b1:5e:04:4f:40:08:d8:33:4f:d8:f6:
         41:ab:62:e5:ca:8b:63:a4:ca:e6:c6:65:ce:fa:f4:92:6b:60:
         1b:bb:65:7e:06:c5:63:66:c0:6d:9a:f8:27:cf:ae:d8:52:5e:
         48:47:c6:18:9c:df:d2:a1:2b:4b:79:07:b4:e6:f4:04:2a:dd:
         2f:b6:94:02:44:5b:41:45:c8:eb:bc:23:6d:b5:be:67:a6:ec:
         18:de:fa:52:5d:85:e4:f0:f7:a0:09:73:59:49:b0:d1:3b:f9:
         a3:e4:9e:11:c7:09:b1:48:61:93:73:fb:b0:9e:e6:14:0e:d1:
         c0:5c:f5:78
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVub7V1AMGGFv/j4M4Bu7mCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YWY5MDE0YjBkZWRkMmMwNDg0MGFlMzg1YjUzMzlmNmM2
NzkwZjUwHhcNMjMwMTAxMTc0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGUzODMwNzkyNDQ5MDMzYTZiM2QyMDI2ZDFkMTYwZjdlYjI2YTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Kg5XWJvz2nrVvXQdoci+AVE6OLp
5GR4Xam9a9dy5qkr9/Vorm6nGNQPEmJxCwSHmju72sAXHnf1nTpkZzwtRbGnG225
EAC2AdBBfQdq5DgdvO4cKNllcyiT1gAZiXyAJqUdhY6NEMVO0HiXUt4PE4A2aCzN
sxU+EmvlHt4DMzD/lS7pVVc2WCceAXhPY0jJzzU6lCkx7SvDvWPy06jsF3JqmFRX
lAdlVywwnrGO8zo5RWpUtFFwtNO6ZzXiS5mGrhaYMjGb5W7PYiTYHOy1xEhO+lED
W7Vz/GiOliqpgoQr16rltcCblUNNhbSbVe+bipRODP867AGKvzomhtl11wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHDjgweSRJAzprPSAm0dFg9+smoHMB8GA1UdIwQY
MBaAFGevkBSw3t0sBIQK44W1M59sZ5D1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjYtUUZMRGUzU3dFaEFyamhiVXpuMnhua1BVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC83YzY2YjAtYzgwOC00NWExLTliNTAt
NWU3NThlODFlZmY2LzEvY09PREI1SkVrRE9tczlJQ2JSMFdEMzZ5YWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC83YzY2YjAtYzgwOC00NWExLTliNTAtNWU3NThlODFlZmY2
LzEvWjYtUUZMRGUzU3dFaEFyamhiVXpuMnhua1BVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW92cMA8E
AgACMAkDBwAqAFGAAAAwDQYJKoZIhvcNAQELBQADggEBAAzDsUTPsAGeaCa4OOTr
Pt0aodinoboGIQLksdNpEjC60vn5ccOD8YC0g7aWlY2/t0AWI4zrmudulGgZyF85
EoWFE0ewIc9x7b9Ralx0Nt2ltpxhF3YV0uLZznpS66KhfTe1DzXrf/owMxsjwQgT
ZIPCXsL70p4l1HEExnPOh1wkh0Tu5D+xXgRPQAjYM0/Y9kGrYuXKi2OkyubGZc76
9JJrYBu7ZX4GxWNmwG2a+CfPrthSXkhHxhic39KhK0t5B7Tm9AQq3S+2lAJEW0FF
yOu8I221vmem7Bje+lJdheTw96AJc1lJsNE7+aPknhHHCbFIYZNz+7Ce5hQO0cBc
9Xg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:37 2024 by rpki-client on console-ams.rpki-client.org