Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/On-pdR3E0aYfrMkz8e9ZQyGVEK0.roa
File:                     On-pdR3E0aYfrMkz8e9ZQyGVEK0.roa (raw, json)
Hash identifier:          1uM1wnXf/KmkKPjmFTo0p6zgzTRbkitntdEGhkw2bmk=
Subject key identifier:   3A:7F:A9:75:1D:C4:D1:A6:1F:AC:C9:33:F1:EF:59:43:21:95:10:AD
Certificate issuer:       /CN=009a637282b3d0a0fca4a554f6936f7df42e8165
Certificate serial:       018570B97E1F8542A5E9721A9D3D971F359E
Authority key identifier: 00:9A:63:72:82:B3:D0:A0:FC:A4:A5:54:F6:93:6F:7D:F4:2E:81:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/On-pdR3E0aYfrMkz8e9ZQyGVEK0.roa
Signing time:             Mon 02 Jan 2023 04:24:42 +0000
ROA not before:           Mon 02 Jan 2023 04:24:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200457
IP address blocks:        185.106.172.0/22 maxlen: 24
                          2a06:3d40::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:b9:7e:1f:85:42:a5:e9:72:1a:9d:3d:97:1f:35:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=009a637282b3d0a0fca4a554f6936f7df42e8165
        Validity
            Not Before: Jan  2 04:24:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a7fa9751dc4d1a61facc933f1ef5943219510ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:81:36:bc:54:10:fb:0b:da:ac:be:c7:08:2e:
                    e8:79:83:58:d9:30:be:45:83:3c:85:32:2c:4d:2c:
                    73:9f:b9:81:a8:de:0d:2c:f9:cd:81:0d:74:7d:3c:
                    09:19:f4:f3:41:bd:77:b6:0b:56:36:ad:83:3a:81:
                    bb:43:07:e3:b1:d9:71:d7:04:ab:17:fe:e4:ca:64:
                    8f:0d:af:b6:ce:56:09:55:a5:76:e3:9b:9a:3f:7f:
                    7a:e5:b2:4c:65:40:4b:4a:1b:b3:a0:dc:6f:c7:c8:
                    73:da:e8:99:b8:e8:d3:64:d0:c7:a4:2f:8a:c0:53:
                    07:60:97:d3:45:3b:92:aa:ee:43:53:8a:82:5a:83:
                    17:8b:99:32:0d:30:eb:17:f1:ea:52:4d:a5:38:44:
                    bc:75:b3:01:c0:48:96:90:62:e5:32:5e:12:98:77:
                    19:9c:61:a8:ec:be:cd:31:f6:3b:3c:8b:f8:84:de:
                    31:7b:97:b7:2e:9d:87:91:08:71:42:71:3e:3a:68:
                    39:cc:62:0a:9e:94:94:b6:ef:43:6c:c0:ff:f8:3b:
                    0d:3e:78:43:61:a8:0d:d6:f9:93:5c:76:36:87:19:
                    b7:cc:79:96:75:3f:ce:3f:b4:ed:e8:64:ba:cf:f3:
                    ed:fb:db:a2:15:e1:ee:f2:13:03:eb:f6:3d:8d:df:
                    a0:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7F:A9:75:1D:C4:D1:A6:1F:AC:C9:33:F1:EF:59:43:21:95:10:AD
            X509v3 Authority Key Identifier:
                keyid:00:9A:63:72:82:B3:D0:A0:FC:A4:A5:54:F6:93:6F:7D:F4:2E:81:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AJpjcoKz0KD8pKVU9pNvffQugWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/On-pdR3E0aYfrMkz8e9ZQyGVEK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/ddc344-64c6-46c8-a25c-d4edc0eb3e0a/1/AJpjcoKz0KD8pKVU9pNvffQugWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.172.0/22
                IPv6:
                  2a06:3d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:eb:e9:66:85:31:46:cd:f0:c2:1b:42:9c:15:eb:ce:60:2c:
         94:85:35:9a:12:43:a1:45:99:be:36:9f:98:21:df:72:72:bd:
         e2:17:7a:05:f2:dd:8d:77:3c:d9:7f:67:b6:8e:bd:dc:ef:47:
         f7:96:a7:08:2f:c1:e9:68:a2:90:e3:1f:3f:58:6f:7d:02:ac:
         79:75:ff:b9:74:31:64:e9:54:48:19:cd:c3:3a:92:b3:30:46:
         fc:59:ac:f9:5e:27:57:0e:6f:88:9f:3d:1f:bf:07:1f:68:cc:
         97:41:2c:1a:ee:21:fa:2f:5e:81:e8:22:56:8c:c6:55:8d:b0:
         2d:2c:c7:6a:de:b7:7c:d9:63:7e:aa:bf:3d:43:1a:e3:c5:f8:
         f5:f0:23:25:9d:d2:e4:a3:ec:30:c7:12:6b:02:29:4b:28:78:
         93:fe:8c:cf:94:1e:6f:a8:6f:f7:2d:ad:0d:0a:69:18:30:d3:
         2a:5e:9e:b3:ca:69:9b:ae:25:10:e0:41:68:92:96:4f:15:85:
         41:6f:41:7d:d5:a6:d0:8c:1f:e7:4f:a9:5a:ec:fc:e1:89:ee:
         e5:df:c3:ea:bb:93:fb:68:8c:b9:58:ad:04:66:d3:d5:0d:25:
         c6:59:6c:73:a4:1e:aa:4b:2a:8f:41:65:46:14:ce:20:6f:ea:
         0e:59:e8:b6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVwuX4fhUKl6XIanT2XHzWeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwOWE2MzcyODJiM2QwYTBmY2E0YTU1NGY2OTM2ZjdkZjQy
ZTgxNjUwHhcNMjMwMTAyMDQyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdmYTk3NTFkYzRkMWE2MWZhY2M5MzNmMWVmNTk0MzIxOTUxMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIE2vFQQ+wvarL7HCC7oeYNY2TC+
RYM8hTIsTSxzn7mBqN4NLPnNgQ10fTwJGfTzQb13tgtWNq2DOoG7Qwfjsdlx1wSr
F/7kymSPDa+2zlYJVaV245uaP3965bJMZUBLShuzoNxvx8hz2uiZuOjTZNDHpC+K
wFMHYJfTRTuSqu5DU4qCWoMXi5kyDTDrF/HqUk2lOES8dbMBwEiWkGLlMl4SmHcZ
nGGo7L7NMfY7PIv4hN4xe5e3Lp2HkQhxQnE+Omg5zGIKnpSUtu9DbMD/+DsNPnhD
YagN1vmTXHY2hxm3zHmWdT/OP7Tt6GS6z/Pt+9uiFeHu8hMD6/Y9jd+gcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDp/qXUdxNGmH6zJM/HvWUMhlRCtMB8GA1UdIwQY
MBaAFACaY3KCs9Cg/KSlVPaTb330LoFlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUpwamNvS3owS0Q4cEtWVTlwTnZmZlF1Z1dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9kZGMzNDQtNjRjNi00NmM4LWEyNWMt
ZDRlZGMwZWIzZTBhLzEvT24tcGRSM0UwYVlmck1rejhlOVpReUdWRUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9kZGMzNDQtNjRjNi00NmM4LWEyNWMtZDRlZGMwZWIzZTBh
LzEvQUpwamNvS3owS0Q4cEtWVTlwTnZmZlF1Z1dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWqsMA0E
AgACMAcDBQMqBj1AMA0GCSqGSIb3DQEBCwUAA4IBAQAs6+lmhTFGzfDCG0KcFevO
YCyUhTWaEkOhRZm+Np+YId9ycr3iF3oF8t2NdzzZf2e2jr3c70f3lqcIL8HpaKKQ
4x8/WG99Aqx5df+5dDFk6VRIGc3DOpKzMEb8Waz5XidXDm+Inz0fvwcfaMyXQSwa
7iH6L16B6CJWjMZVjbAtLMdq3rd82WN+qr89Qxrjxfj18CMlndLko+wwxxJrAilL
KHiT/ozPlB5vqG/3La0NCmkYMNMqXp6zymmbriUQ4EFokpZPFYVBb0F91abQjB/n
T6la7Pzhie7l38Pqu5P7aIy5WK0EZtPVDSXGWWxzpB6qSyqPQWVGFM4gb+oOWei2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:15 2024 by rpki-client on console-ams.rpki-client.org