Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/rhN2A1RxqVBqTI6AHFi83G3NxvA.roa
File:                     rhN2A1RxqVBqTI6AHFi83G3NxvA.roa (raw, json)
Hash identifier:          357jHYemsBJ23frOCjUc4tZkknIt8ePBG/OgrQ8fqBo=
Subject key identifier:   AE:13:76:03:54:71:A9:50:6A:4C:8E:80:1C:58:BC:DC:6D:CD:C6:F0
Certificate issuer:       /CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
Certificate serial:       018DF0970FAE07625E31EEAC0A64727E902D
Authority key identifier: 72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/rhN2A1RxqVBqTI6AHFi83G3NxvA.roa
Signing time:             Wed 28 Feb 2024 16:40:48 +0000
ROA not before:           Wed 28 Feb 2024 16:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        109.122.218.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 14:32:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f0:97:0f:ae:07:62:5e:31:ee:ac:0a:64:72:7e:90:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7222c5ab7db3dd3966192faafe07f3115b0c8ee5
        Validity
            Not Before: Feb 28 16:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae1376035471a9506a4c8e801c58bcdc6dcdc6f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:40:f6:75:fa:49:96:71:12:ca:c7:bb:cd:71:
                    59:d7:0b:44:16:fe:d0:a4:74:75:50:1d:a9:2d:c9:
                    75:da:a7:e6:51:9a:2b:43:13:16:3a:4f:b4:31:12:
                    e9:29:c2:e6:09:99:06:65:47:70:ef:58:1b:43:83:
                    9f:fb:38:cd:e8:fd:16:0f:f1:32:4d:a7:d0:fe:3c:
                    41:1b:3b:fa:25:bc:f7:54:86:98:c6:00:46:0d:b8:
                    e6:a2:fc:02:b6:44:e1:ca:81:4f:0d:a5:85:ce:da:
                    a6:d7:5f:66:1a:c2:28:44:cb:10:09:35:0f:aa:9b:
                    37:ba:d0:87:43:3b:76:34:2e:be:e1:9f:07:7b:47:
                    fd:c2:7e:19:df:d4:99:5b:46:ef:fa:c7:c1:f0:eb:
                    7d:2a:e7:f5:3f:f6:08:e0:3a:2c:ce:df:26:99:d6:
                    38:35:6d:8c:2c:30:99:cb:e6:4f:3a:91:20:e5:45:
                    24:b3:ae:24:18:7b:9e:67:f1:0a:ed:40:30:d6:ea:
                    ba:f2:20:06:73:bf:c4:4b:31:03:fd:c2:87:78:c3:
                    ee:d2:33:12:d5:de:3f:66:51:b2:fe:f1:8e:18:03:
                    09:2f:9e:99:58:9a:7c:85:17:04:8c:ba:4c:5c:46:
                    07:18:bb:3a:7d:37:5f:dd:67:ce:c2:21:0a:87:dc:
                    a5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:13:76:03:54:71:A9:50:6A:4C:8E:80:1C:58:BC:DC:6D:CD:C6:F0
            X509v3 Authority Key Identifier:
                keyid:72:22:C5:AB:7D:B3:DD:39:66:19:2F:AA:FE:07:F3:11:5B:0C:8E:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ciLFq32z3TlmGS-q_gfzEVsMjuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/rhN2A1RxqVBqTI6AHFi83G3NxvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1c60ac-ba3f-440b-868b-ea12ef9422ec/1/ciLFq32z3TlmGS-q_gfzEVsMjuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:b7:f1:b1:de:3d:cf:e6:dc:c4:10:30:3a:4c:2f:48:69:ec:
         52:75:25:67:93:e9:3c:c1:40:5f:b0:24:b9:41:31:20:77:77:
         45:6e:72:09:2e:a6:1c:3f:b1:56:8d:87:a0:bb:b6:c2:29:8b:
         72:c4:0e:c1:72:4b:03:39:2c:35:38:d6:7d:47:fe:d5:f1:96:
         d2:3e:4c:0a:2c:bd:5a:8e:bf:22:ef:e7:08:ca:84:38:dd:06:
         74:93:20:f8:30:1e:24:ce:7a:d1:b1:75:00:fa:17:22:37:68:
         84:38:32:51:21:ef:df:22:39:5b:0e:79:1f:5e:2a:b3:ea:c4:
         b4:80:1e:33:ab:ef:86:34:2f:2d:ef:ec:1c:86:ef:75:68:fb:
         af:33:b0:b9:c0:1b:7a:80:cb:b3:d6:7f:73:d0:c9:a3:b2:58:
         00:7d:34:3c:da:e8:57:46:13:37:da:6c:da:b6:b0:32:e7:7b:
         e8:7a:39:9f:e1:74:ae:9c:64:aa:e8:23:90:ef:37:91:bc:e2:
         08:8f:de:97:e3:3c:30:78:dc:8a:46:04:a8:6e:f1:15:82:51:
         5b:36:4b:e6:77:11:31:ca:67:9a:63:92:74:6a:ce:f1:4b:78:
         06:28:d5:54:f3:be:fd:35:4a:1c:9a:55:a5:4c:b9:52:90:16:
         60:8e:a4:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3wlw+uB2JeMe6sCmRyfpAtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyMjJjNWFiN2RiM2RkMzk2NjE5MmZhYWZlMDdmMzExNWIw
YzhlZTUwHhcNMjQwMjI4MTY0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTEzNzYwMzU0NzFhOTUwNmE0YzhlODAxYzU4YmNkYzZkY2RjNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUD2dfpJlnESyse7zXFZ1wtEFv7Q
pHR1UB2pLcl12qfmUZorQxMWOk+0MRLpKcLmCZkGZUdw71gbQ4Of+zjN6P0WD/Ey
TafQ/jxBGzv6Jbz3VIaYxgBGDbjmovwCtkThyoFPDaWFztqm119mGsIoRMsQCTUP
qps3utCHQzt2NC6+4Z8He0f9wn4Z39SZW0bv+sfB8Ot9Kuf1P/YI4Doszt8mmdY4
NW2MLDCZy+ZPOpEg5UUks64kGHueZ/EK7UAw1uq68iAGc7/ESzED/cKHeMPu0jMS
1d4/ZlGy/vGOGAMJL56ZWJp8hRcEjLpMXEYHGLs6fTdf3WfOwiEKh9ylNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4TdgNUcalQakyOgBxYvNxtzcbwMB8GA1UdIwQY
MBaAFHIixat9s905Zhkvqv4H8xFbDI7lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGIt
ZWExMmVmOTQyMmVjLzEvcmhOMkExUnhxVkJxVEk2QUhGaTgzRzNOeHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYzYwYWMtYmEzZi00NDBiLTg2OGItZWExMmVmOTQyMmVj
LzEvY2lMRnEzMnozVGxtR1MtcV9nZnpFVnNNanVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXraMA0G
CSqGSIb3DQEBCwUAA4IBAQBDt/Gx3j3P5tzEEDA6TC9IaexSdSVnk+k8wUBfsCS5
QTEgd3dFbnIJLqYcP7FWjYegu7bCKYtyxA7BcksDOSw1ONZ9R/7V8ZbSPkwKLL1a
jr8i7+cIyoQ43QZ0kyD4MB4kznrRsXUA+hciN2iEODJRIe/fIjlbDnkfXiqz6sS0
gB4zq++GNC8t7+wchu91aPuvM7C5wBt6gMuz1n9z0MmjslgAfTQ82uhXRhM32mza
trAy53voejmf4XSunGSq6COQ7zeRvOIIj96X4zwweNyKRgSobvEVglFbNkvmdxEx
ymeaY5J0as7xS3gGKNVU8779NUocmlWlTLlSkBZgjqRP
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:27 2024 by rpki-client on console-ams.rpki-client.org