Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/61d1ce-cd80-429d-bfe1-89b3a3f15df0/1/t5YM8CMKsgYvsJKX54mWKuOhyvM.roa
File:                     t5YM8CMKsgYvsJKX54mWKuOhyvM.roa (raw, json)
Hash identifier:          A7vWASrvFji2dNGtLDp90U29k7OVqT840hrhczouedc=
Subject key identifier:   B7:96:0C:F0:23:0A:B2:06:2F:B0:92:97:E7:89:96:2A:E3:A1:CA:F3
Certificate issuer:       /CN=0eb8bc44e36fae16d37102fd0d519f284d663d90
Certificate serial:       01856D41A1ED85683B7FC2D346C667EA7AE4
Authority key identifier: 0E:B8:BC:44:E3:6F:AE:16:D3:71:02:FD:0D:51:9F:28:4D:66:3D:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dri8RONvrhbTcQL9DVGfKE1mPZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/61d1ce-cd80-429d-bfe1-89b3a3f15df0/1/t5YM8CMKsgYvsJKX54mWKuOhyvM.roa
Signing time:             Sun 01 Jan 2023 12:14:55 +0000
ROA not before:           Sun 01 Jan 2023 12:14:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209680
IP address blocks:        91.132.204.0/24 maxlen: 24
                          2a09:d881::/48 maxlen: 48
                          2a09:d880::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:41:a1:ed:85:68:3b:7f:c2:d3:46:c6:67:ea:7a:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0eb8bc44e36fae16d37102fd0d519f284d663d90
        Validity
            Not Before: Jan  1 12:14:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7960cf0230ab2062fb09297e789962ae3a1caf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f5:b6:5c:2b:05:b0:e7:52:a5:46:f8:8f:6c:
                    1c:8f:a1:ce:28:c6:63:54:80:78:4d:9d:27:de:af:
                    48:b9:5a:7a:de:3e:58:e6:e5:3c:20:e6:9d:98:8d:
                    23:fb:72:39:b5:80:0f:6b:53:72:8a:e7:52:2b:15:
                    35:37:49:d9:43:01:21:d2:63:58:a5:f8:42:61:6d:
                    9b:82:db:82:1f:f0:bb:8e:05:d7:26:98:94:0b:8a:
                    a2:32:ce:81:69:16:9c:06:67:bd:4a:f3:27:e7:14:
                    c7:34:32:a7:96:e8:95:22:a5:b7:68:81:01:1b:2b:
                    1c:89:0f:7f:d5:11:40:e4:5e:a5:5f:d3:e1:b0:00:
                    50:d3:b5:81:ae:e2:ef:66:2d:09:29:77:18:14:d2:
                    ac:21:71:2d:f6:50:78:49:2a:bb:cd:89:c5:a9:e6:
                    6a:df:53:40:04:e9:60:95:b3:c7:e5:53:30:e7:bc:
                    c1:7a:d1:77:16:98:7a:63:43:14:2a:a1:70:eb:06:
                    5d:5a:4b:cb:c0:4a:01:f8:62:49:8e:f0:bc:9a:fa:
                    54:62:62:e8:11:f6:97:98:3d:9b:3b:47:7c:17:16:
                    52:b8:66:17:5f:e2:31:ff:8c:08:8d:81:04:0d:78:
                    54:67:65:e2:97:e4:12:0a:a6:86:8e:2f:37:a2:9e:
                    3a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:96:0C:F0:23:0A:B2:06:2F:B0:92:97:E7:89:96:2A:E3:A1:CA:F3
            X509v3 Authority Key Identifier:
                keyid:0E:B8:BC:44:E3:6F:AE:16:D3:71:02:FD:0D:51:9F:28:4D:66:3D:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dri8RONvrhbTcQL9DVGfKE1mPZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/61d1ce-cd80-429d-bfe1-89b3a3f15df0/1/t5YM8CMKsgYvsJKX54mWKuOhyvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/61d1ce-cd80-429d-bfe1-89b3a3f15df0/1/Dri8RONvrhbTcQL9DVGfKE1mPZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.204.0/24
                IPv6:
                  2a09:d880::/48
                  2a09:d881::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:2d:8b:6e:6f:16:eb:e1:91:ae:fe:cd:57:36:29:22:55:f7:
         87:e3:f5:6a:a4:6a:23:d3:53:d6:3e:b4:e4:61:15:ec:e1:59:
         e8:3a:85:cf:f7:3c:9a:b7:5a:23:0a:90:04:1b:62:a2:44:62:
         b8:62:12:c2:10:d2:80:d8:b0:ab:4b:fa:92:89:9c:19:b1:17:
         be:c9:07:94:22:1c:cd:5b:0e:b1:fc:cf:88:77:16:f4:83:b1:
         07:bd:c7:3d:6f:17:2d:58:e9:20:10:00:c9:39:50:8c:30:bc:
         5f:8d:49:c0:49:ea:eb:3d:01:a8:8c:4e:2e:8f:77:23:92:d3:
         0f:bb:49:cc:dd:6c:93:26:70:dc:fd:cc:c3:f9:ca:25:e2:22:
         ae:2f:dd:30:f5:c0:ee:6d:89:81:a8:18:6e:65:f2:1e:37:3a:
         df:67:27:74:e0:83:81:50:00:f3:cb:3b:a4:8d:86:c9:23:37:
         23:59:5a:27:5a:70:ac:ef:c4:32:94:04:f0:ea:fa:74:6e:e5:
         13:b4:8d:55:16:f9:44:79:b3:85:2c:a3:cc:14:e8:b0:f5:b8:
         fd:e9:44:68:df:f5:1c:a9:78:05:b1:7b:c7:40:dd:dd:ad:d1:
         79:cf:b6:24:0f:7c:56:16:94:5f:bb:9f:f5:b5:06:05:0e:51:
         14:5c:d6:d0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVtQaHthWg7f8LTRsZn6nrkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlYjhiYzQ0ZTM2ZmFlMTZkMzcxMDJmZDBkNTE5ZjI4NGQ2
NjNkOTAwHhcNMjMwMTAxMTIxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk2MGNmMDIzMGFiMjA2MmZiMDkyOTdlNzg5OTYyYWUzYTFjYWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifW2XCsFsOdSpUb4j2wcj6HOKMZj
VIB4TZ0n3q9IuVp63j5Y5uU8IOadmI0j+3I5tYAPa1NyiudSKxU1N0nZQwEh0mNY
pfhCYW2bgtuCH/C7jgXXJpiUC4qiMs6BaRacBme9SvMn5xTHNDKnluiVIqW3aIEB
GysciQ9/1RFA5F6lX9PhsABQ07WBruLvZi0JKXcYFNKsIXEt9lB4SSq7zYnFqeZq
31NABOlglbPH5VMw57zBetF3Fph6Y0MUKqFw6wZdWkvLwEoB+GJJjvC8mvpUYmLo
EfaXmD2bO0d8FxZSuGYXX+Ix/4wIjYEEDXhUZ2Xil+QSCqaGji83op469wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFLeWDPAjCrIGL7CSl+eJlirjocrzMB8GA1UdIwQY
MBaAFA64vETjb64W03EC/Q1RnyhNZj2QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHJpOFJPTnZyaGJUY1FMOURWR2ZLRTFtUFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS82MWQxY2UtY2Q4MC00MjlkLWJmZTEt
ODliM2EzZjE1ZGYwLzEvdDVZTThDTUtzZ1l2c0pLWDU0bVdLdU9oeXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS82MWQxY2UtY2Q4MC00MjlkLWJmZTEtODliM2EzZjE1ZGYw
LzEvRHJpOFJPTnZyaGJUY1FMOURWR2ZLRTFtUFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQAW4TMMBgE
AgACMBIDBwAqCdiAAAADBwAqCdiBAAAwDQYJKoZIhvcNAQELBQADggEBAIEti25v
Fuvhka7+zVc2KSJV94fj9WqkaiPTU9Y+tORhFezhWeg6hc/3PJq3WiMKkAQbYqJE
YrhiEsIQ0oDYsKtL+pKJnBmxF77JB5QiHM1bDrH8z4h3FvSDsQe9xz1vFy1Y6SAQ
AMk5UIwwvF+NScBJ6us9AaiMTi6PdyOS0w+7SczdbJMmcNz9zMP5yiXiIq4v3TD1
wO5tiYGoGG5l8h43Ot9nJ3Tgg4FQAPPLO6SNhskjNyNZWidacKzvxDKUBPDq+nRu
5RO0jVUW+UR5s4Uso8wU6LD1uP3pRGjf9RypeAWxe8dA3d2t0XnPtiQPfFYWlF+7
n/W1BgUOURRc1tA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:43 2024 by rpki-client on console-fra.rpki-client.org