Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/Okpva2sKe0dhxZ_1r_uC30ddpYY.roa
File:                     Okpva2sKe0dhxZ_1r_uC30ddpYY.roa (raw, json)
Hash identifier:          0N4xNMvo2Np2zZhrSplyrxu/7ZKRmsnUOO55WDOxU4E=
Subject key identifier:   3A:4A:6F:6B:6B:0A:7B:47:61:C5:9F:F5:AF:FB:82:DF:47:5D:A5:86
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       018572E7FB5D0D7161E64BADB30367017C03
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/Okpva2sKe0dhxZ_1r_uC30ddpYY.roa
Signing time:             Mon 02 Jan 2023 14:34:43 +0000
ROA not before:           Mon 02 Jan 2023 14:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211513
IP address blocks:        202.164.206.0/24 maxlen: 24
                          202.164.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Dec 2023 12:28:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:e7:fb:5d:0d:71:61:e6:4b:ad:b3:03:67:01:7c:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Jan  2 14:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a4a6f6b6b0a7b4761c59ff5affb82df475da586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:23:f4:fa:29:32:95:a2:d7:bd:f6:19:77:26:
                    7c:be:72:8b:dd:4a:69:0c:bc:db:c7:b1:30:9e:f7:
                    ad:82:05:72:c3:2f:d7:a6:a1:8d:82:ec:10:6c:a4:
                    21:aa:d3:cc:e2:23:33:58:8a:e8:2a:70:b4:17:f9:
                    2b:ae:4a:d8:eb:ab:6b:50:d7:45:ef:a5:e0:40:85:
                    f0:be:1a:88:f9:d4:4e:0c:63:e4:0c:de:66:4e:06:
                    b3:44:6d:ac:bb:9c:0e:45:48:cb:9b:03:64:19:d4:
                    a1:77:1c:01:60:5e:ab:2b:0e:c4:80:4f:87:52:61:
                    ce:a3:8a:18:73:a0:74:40:a0:ec:6d:c8:0c:91:a2:
                    5b:ea:4a:2d:32:07:39:3a:17:c6:a2:09:57:fe:83:
                    3a:f2:46:7b:0d:51:f8:b3:af:e8:ab:2d:bf:71:40:
                    bb:fc:b7:e9:9e:48:60:73:b3:14:06:e0:2f:9c:d5:
                    c1:4e:56:f8:db:b7:7e:85:3d:86:bf:44:5a:fe:d1:
                    b0:89:64:4e:63:6f:27:7b:5c:be:b4:40:f5:91:2d:
                    91:96:9f:49:02:24:b9:b4:61:59:37:b3:78:d4:de:
                    37:f1:09:5e:93:07:5e:99:11:3e:73:36:38:05:14:
                    51:02:a9:f5:0c:ba:b3:77:2a:3f:51:11:ed:79:7f:
                    6c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:4A:6F:6B:6B:0A:7B:47:61:C5:9F:F5:AF:FB:82:DF:47:5D:A5:86
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/Okpva2sKe0dhxZ_1r_uC30ddpYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.164.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:89:fd:b0:06:d2:e0:cc:13:96:3e:e8:9c:d9:26:4c:ce:d1:
         c2:77:e4:95:81:1d:2c:f8:db:aa:6b:e5:04:32:4f:8e:3f:c3:
         3a:96:1e:48:a6:25:4c:87:eb:9e:98:a8:3c:9f:4e:63:66:28:
         d0:30:c3:61:61:ad:26:14:50:59:33:18:ca:b0:77:52:33:bf:
         2e:2d:6c:9d:d4:b7:da:f8:9a:4c:4a:4f:50:3e:07:4a:55:5a:
         b3:4e:13:ae:d3:be:ad:8b:48:8f:b5:b3:e2:98:78:eb:0d:5f:
         01:eb:d7:93:32:7f:e4:12:2e:c9:b8:f7:1e:62:33:29:b9:bf:
         68:e6:7b:2b:2a:a8:66:b9:0a:d7:75:d9:22:05:71:c4:67:20:
         f3:fc:9f:b9:ee:cb:0f:87:9d:8a:cb:31:13:d5:2e:57:03:ae:
         5c:61:b8:68:d4:0b:bc:2e:35:af:95:a0:dc:fb:9d:42:7d:a2:
         8b:3b:11:40:f5:a3:11:f1:7e:22:cc:64:d9:0e:48:6a:c9:2d:
         4c:a6:7c:2e:70:32:33:85:b2:e7:be:9c:e7:6b:14:ab:24:43:
         c0:1b:bb:e3:15:c0:7d:28:7e:ad:51:54:c4:7a:0a:a5:20:6c:
         75:d0:35:55:13:8d:b2:36:a6:86:88:a7:8d:f3:18:c1:b5:48:
         69:3a:30:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVy5/tdDXFh5kutswNnAXwDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjMwMTAyMTQzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTRhNmY2YjZiMGE3YjQ3NjFjNTlmZjVhZmZiODJkZjQ3NWRhNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySP0+ikylaLXvfYZdyZ8vnKL3Upp
DLzbx7EwnvetggVywy/XpqGNguwQbKQhqtPM4iMzWIroKnC0F/krrkrY66trUNdF
76XgQIXwvhqI+dRODGPkDN5mTgazRG2su5wORUjLmwNkGdShdxwBYF6rKw7EgE+H
UmHOo4oYc6B0QKDsbcgMkaJb6kotMgc5OhfGoglX/oM68kZ7DVH4s6/oqy2/cUC7
/Lfpnkhgc7MUBuAvnNXBTlb427d+hT2Gv0Ra/tGwiWROY28ne1y+tED1kS2Rlp9J
AiS5tGFZN7N41N438QlekwdemRE+czY4BRRRAqn1DLqzdyo/URHteX9sMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDpKb2trCntHYcWf9a/7gt9HXaWGMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvT2twdmEyc0tlMGRoeFpfMXJfdUMzMGRkcFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQByqTOMA0G
CSqGSIb3DQEBCwUAA4IBAQBrif2wBtLgzBOWPuic2SZMztHCd+SVgR0s+Nuqa+UE
Mk+OP8M6lh5IpiVMh+uemKg8n05jZijQMMNhYa0mFFBZMxjKsHdSM78uLWyd1Lfa
+JpMSk9QPgdKVVqzThOu076ti0iPtbPimHjrDV8B69eTMn/kEi7JuPceYjMpub9o
5nsrKqhmuQrXddkiBXHEZyDz/J+57ssPh52KyzET1S5XA65cYbho1Au8LjWvlaDc
+51CfaKLOxFA9aMR8X4izGTZDkhqyS1MpnwucDIzhbLnvpznaxSrJEPAG7vjFcB9
KH6tUVTEegqlIGx10DVVE42yNqaGiKeN8xjBtUhpOjD+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:50 2024 by rpki-client on console-ams.rpki-client.org