Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/A-nZaYOxC8ytAc0w-k3zY9MM90A.roa
File:                     A-nZaYOxC8ytAc0w-k3zY9MM90A.roa (raw, json)
Hash identifier:          GCHMtUC8kHflGv5yCNYDcRmgoXvW25nIADH6KZv26W8=
Subject key identifier:   03:E9:D9:69:83:B1:0B:CC:AD:01:CD:30:FA:4D:F3:63:D3:0C:F7:40
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       01856B4A3B5574F84081E942BDED2507833D
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/A-nZaYOxC8ytAc0w-k3zY9MM90A.roa
Signing time:             Sun 01 Jan 2023 03:05:04 +0000
ROA not before:           Sun 01 Jan 2023 03:05:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201138
IP address blocks:        141.101.235.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 10 May 2023 13:15:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:4a:3b:55:74:f8:40:81:e9:42:bd:ed:25:07:83:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  1 03:05:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=03e9d96983b10bccad01cd30fa4df363d30cf740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:72:27:02:61:1e:dc:20:42:38:b3:3f:33:73:
                    f2:bf:c5:b1:87:1a:ae:18:7f:b7:31:ef:26:99:83:
                    37:de:08:69:3f:8d:5b:dd:e1:96:8e:fb:2d:f5:cd:
                    29:42:0d:95:be:9b:32:89:a4:d6:10:cf:4a:d2:36:
                    77:e6:51:83:43:16:8d:29:55:fe:a2:05:45:f6:8d:
                    dc:42:5b:ed:fb:eb:ec:87:ef:f7:6d:d4:2b:05:01:
                    7e:62:c2:79:2d:c5:1c:0a:91:a4:7f:1c:36:fe:eb:
                    eb:b9:1b:58:08:39:57:f3:ea:8a:d4:6d:06:e1:b2:
                    09:d7:56:39:c4:e8:58:94:f7:9e:77:11:6a:11:c3:
                    ea:c3:c7:1d:25:c5:54:65:bd:0c:f0:8f:e3:25:e1:
                    31:b6:c4:ac:5a:06:4c:2f:e1:32:e6:26:a9:57:e3:
                    ca:0d:ac:af:51:3e:6b:4b:ac:0c:86:ab:0c:1f:49:
                    a3:2a:d0:2b:80:e2:37:51:ba:37:a2:30:20:64:86:
                    f8:0e:9b:59:76:b4:3c:3f:d6:25:c8:79:60:7a:25:
                    e9:04:c5:b2:83:2a:79:87:07:ba:b7:fd:66:a6:dd:
                    b7:75:a1:ec:04:be:02:77:11:b7:30:1a:75:f6:d1:
                    ac:1f:7d:73:c2:d5:c7:d5:21:ea:93:37:ad:a0:b0:
                    b5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:E9:D9:69:83:B1:0B:CC:AD:01:CD:30:FA:4D:F3:63:D3:0C:F7:40
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/A-nZaYOxC8ytAc0w-k3zY9MM90A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.101.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:18:d1:8e:ae:bf:61:3f:b2:a3:49:d0:5e:ff:06:3e:99:c2:
         4b:98:4d:6a:9c:64:82:ba:90:45:76:53:d4:7b:5d:5e:bd:40:
         f2:b7:88:06:52:06:3e:66:2c:cd:6f:54:97:27:09:9b:73:c8:
         d7:9c:37:68:07:da:20:4f:e2:fa:b8:4d:74:c2:b5:5c:b4:d8:
         9a:e3:67:88:19:ee:ae:a1:70:34:9b:d7:48:4f:f7:43:2e:ee:
         59:63:ea:70:82:38:88:12:f3:e8:aa:6a:5f:76:22:33:8a:26:
         6e:79:ac:c5:3d:b5:e9:e6:ce:e1:bc:5f:5a:9d:4b:e4:fc:93:
         1b:e8:32:a4:b8:75:eb:82:6d:23:90:52:2d:4c:97:ea:c4:d8:
         2b:1c:b8:23:df:25:28:95:2e:cd:f6:05:d2:8b:37:80:64:b1:
         6a:78:c7:7f:99:99:84:2c:94:93:44:be:c4:70:21:bb:c0:b2:
         0c:00:1c:2d:74:17:30:da:66:af:e0:5b:8f:e6:ce:8d:0a:ee:
         50:e5:c9:22:23:31:ec:72:4b:90:dd:a7:f9:bb:fb:84:aa:71:
         e9:e6:88:3b:8d:87:ea:8c:49:98:64:9d:79:b1:79:7d:1a:c4:
         dd:39:39:fa:17:67:c8:ac:ec:e0:cf:00:35:2a:55:d1:95:3a:
         07:fb:65:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVrSjtVdPhAgelCve0lB4M9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjMwMTAxMDMwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2U5ZDk2OTgzYjEwYmNjYWQwMWNkMzBmYTRkZjM2M2QzMGNmNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHInAmEe3CBCOLM/M3Pyv8Wxhxqu
GH+3Me8mmYM33ghpP41b3eGWjvst9c0pQg2VvpsyiaTWEM9K0jZ35lGDQxaNKVX+
ogVF9o3cQlvt++vsh+/3bdQrBQF+YsJ5LcUcCpGkfxw2/uvruRtYCDlX8+qK1G0G
4bIJ11Y5xOhYlPeedxFqEcPqw8cdJcVUZb0M8I/jJeExtsSsWgZML+Ey5iapV+PK
DayvUT5rS6wMhqsMH0mjKtArgOI3Ubo3ojAgZIb4DptZdrQ8P9YlyHlgeiXpBMWy
gyp5hwe6t/1mpt23daHsBL4CdxG3MBp19tGsH31zwtXH1SHqkzetoLC1lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPp2WmDsQvMrQHNMPpN82PTDPdAMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvQS1uWmFZT3hDOHl0QWMwdy1rM3pZOU1NOTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWXrMA0G
CSqGSIb3DQEBCwUAA4IBAQDOGNGOrr9hP7KjSdBe/wY+mcJLmE1qnGSCupBFdlPU
e11evUDyt4gGUgY+ZizNb1SXJwmbc8jXnDdoB9ogT+L6uE10wrVctNia42eIGe6u
oXA0m9dIT/dDLu5ZY+pwgjiIEvPoqmpfdiIziiZueazFPbXp5s7hvF9anUvk/JMb
6DKkuHXrgm0jkFItTJfqxNgrHLgj3yUolS7N9gXSizeAZLFqeMd/mZmELJSTRL7E
cCG7wLIMABwtdBcw2mav4FuP5s6NCu5Q5ckiIzHsckuQ3af5u/uEqnHp5og7jYfq
jEmYZJ15sXl9GsTdOTn6F2fIrOzgzwA1KlXRlToH+2Xx
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:38 2024 by rpki-client on console-fra.rpki-client.org