Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ojXBBOQR2dDm4zWs4pM_Zn9pgl0.roa
File:                     ojXBBOQR2dDm4zWs4pM_Zn9pgl0.roa (raw, json)
Hash identifier:          /DpTgbDkHrSTzZtrW7f+IZZUkhi+t0cRv6ByEZETgkA=
Subject key identifier:   A2:35:C1:04:E4:11:D9:D0:E6:E3:35:AC:E2:93:3F:66:7F:69:82:5D
Certificate issuer:       /CN=a214fabfef203a8ee08ccb47dd6473fce799a28f
Certificate serial:       01857203591711C6865D3A9FED638DD603C5
Authority key identifier: A2:14:FA:BF:EF:20:3A:8E:E0:8C:CB:47:DD:64:73:FC:E7:99:A2:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ohT6v-8gOo7gjMtH3WRz_OeZoo8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ojXBBOQR2dDm4zWs4pM_Zn9pgl0.roa
Signing time:             Mon 02 Jan 2023 10:25:00 +0000
ROA not before:           Mon 02 Jan 2023 10:25:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49544
IP address blocks:        89.104.160.0/21 maxlen: 21
                          2a00:1708::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:03:59:17:11:c6:86:5d:3a:9f:ed:63:8d:d6:03:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a214fabfef203a8ee08ccb47dd6473fce799a28f
        Validity
            Not Before: Jan  2 10:25:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a235c104e411d9d0e6e335ace2933f667f69825d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:7c:5b:15:d0:4e:ac:54:ad:22:86:8a:56:6d:
                    15:08:9e:36:ff:9f:9c:8c:7f:5f:68:69:cc:4e:57:
                    ad:1d:1c:e7:7e:ee:4b:1c:97:5e:9d:20:5b:bf:71:
                    af:1e:c5:a5:31:23:40:7a:95:32:d6:6c:7e:63:6d:
                    0c:d3:81:7f:30:54:22:12:a9:ae:78:2e:b0:eb:bc:
                    6b:8c:6d:be:3d:66:3a:c3:9b:7a:64:79:ae:e9:c3:
                    f0:22:64:49:f3:4a:92:2a:5e:98:c5:10:b3:c3:cb:
                    57:b2:91:81:29:52:da:e4:25:5c:8e:bb:8d:12:3a:
                    1f:91:cc:b6:92:f5:2d:c7:bd:f9:49:43:00:a3:7f:
                    fb:f3:0e:67:63:c7:84:2a:84:a1:79:ad:f8:d9:43:
                    df:93:cb:09:0b:da:83:a2:f4:46:c2:15:79:eb:75:
                    97:fa:24:b9:13:8a:26:17:09:51:6e:6d:4d:0c:2a:
                    98:7f:43:d7:72:c4:38:0f:d0:e5:64:89:fc:d0:85:
                    05:f8:cd:e7:36:9f:c2:29:c0:71:51:e3:55:d1:41:
                    cf:e4:a2:53:b2:e1:d0:16:b5:b8:9d:bb:53:0d:99:
                    65:bb:78:0f:e7:82:77:2c:10:f1:9a:cc:a2:a1:4d:
                    79:be:64:05:a4:e5:f3:f7:9a:7a:41:e8:1c:ea:0a:
                    14:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:35:C1:04:E4:11:D9:D0:E6:E3:35:AC:E2:93:3F:66:7F:69:82:5D
            X509v3 Authority Key Identifier:
                keyid:A2:14:FA:BF:EF:20:3A:8E:E0:8C:CB:47:DD:64:73:FC:E7:99:A2:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ohT6v-8gOo7gjMtH3WRz_OeZoo8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ojXBBOQR2dDm4zWs4pM_Zn9pgl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/eba459-03d3-4cd5-8606-25c5f7123e35/1/ohT6v-8gOo7gjMtH3WRz_OeZoo8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.104.160.0/21
                IPv6:
                  2a00:1708::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:ae:95:0a:a6:c0:e6:e9:62:0e:b5:d5:e9:4e:e2:d1:92:7a:
         cf:56:74:a7:ab:06:b1:09:c1:cf:c7:eb:c3:90:0c:6d:92:45:
         ee:91:31:3c:8a:3b:f6:80:1c:9d:14:8c:53:84:b8:9f:25:04:
         a8:70:99:7f:1a:cc:8d:a5:cb:0a:c9:e6:ec:77:2f:df:2f:1c:
         52:ce:a2:26:e1:c4:03:cd:1d:1a:4c:e3:72:04:e3:cc:68:c7:
         3b:96:1b:9c:da:cf:d2:c7:1d:60:ea:0e:cd:6b:27:41:74:ab:
         52:01:1f:e1:51:d4:8b:d5:e1:e1:b1:3c:67:1c:98:29:fd:8e:
         ec:36:7d:06:1d:85:4d:cb:5f:54:26:4f:02:25:17:14:72:5f:
         8d:e7:20:c9:66:55:e7:c0:3f:2e:5b:8a:09:92:de:bf:78:30:
         69:d8:37:e6:fe:0c:cf:a8:b9:28:ae:ae:1d:53:8a:ba:0a:85:
         84:df:ff:f4:7f:4a:4e:e9:64:ed:79:68:af:47:0c:67:92:f8:
         11:9f:13:c8:cf:5e:10:5b:46:56:c0:dc:a7:b7:99:63:9a:7b:
         c8:01:d2:e1:45:5f:85:ce:8f:32:ba:54:b0:52:de:f3:2f:33:
         9f:00:0a:57:55:92:a2:d0:a4:8f:80:dc:a4:f3:ec:5c:ff:74:
         ac:21:a6:5d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyA1kXEcaGXTqf7WON1gPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMTRmYWJmZWYyMDNhOGVlMDhjY2I0N2RkNjQ3M2ZjZTc5
OWEyOGYwHhcNMjMwMTAyMTAyNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjM1YzEwNGU0MTFkOWQwZTZlMzM1YWNlMjkzM2Y2NjdmNjk4MjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnxbFdBOrFStIoaKVm0VCJ42/5+c
jH9faGnMTletHRznfu5LHJdenSBbv3GvHsWlMSNAepUy1mx+Y20M04F/MFQiEqmu
eC6w67xrjG2+PWY6w5t6ZHmu6cPwImRJ80qSKl6YxRCzw8tXspGBKVLa5CVcjruN
Ejofkcy2kvUtx735SUMAo3/78w5nY8eEKoShea342UPfk8sJC9qDovRGwhV563WX
+iS5E4omFwlRbm1NDCqYf0PXcsQ4D9DlZIn80IUF+M3nNp/CKcBxUeNV0UHP5KJT
suHQFrW4nbtTDZllu3gP54J3LBDxmsyioU15vmQFpOXz95p6Qegc6goUTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKI1wQTkEdnQ5uM1rOKTP2Z/aYJdMB8GA1UdIwQY
MBaAFKIU+r/vIDqO4IzLR91kc/znmaKPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2hUNnYtOGdPbzdnak10SDNXUnpfT2Vab284LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9lYmE0NTktMDNkMy00Y2Q1LTg2MDYt
MjVjNWY3MTIzZTM1LzEvb2pYQkJPUVIyZERtNHpXczRwTV9abjlwZ2wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9lYmE0NTktMDNkMy00Y2Q1LTg2MDYtMjVjNWY3MTIzZTM1
LzEvb2hUNnYtOGdPbzdnak10SDNXUnpfT2Vab284LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDWWigMA0E
AgACMAcDBQAqABcIMA0GCSqGSIb3DQEBCwUAA4IBAQBhrpUKpsDm6WIOtdXpTuLR
knrPVnSnqwaxCcHPx+vDkAxtkkXukTE8ijv2gBydFIxThLifJQSocJl/GsyNpcsK
yebsdy/fLxxSzqIm4cQDzR0aTONyBOPMaMc7lhuc2s/Sxx1g6g7NaydBdKtSAR/h
UdSL1eHhsTxnHJgp/Y7sNn0GHYVNy19UJk8CJRcUcl+N5yDJZlXnwD8uW4oJkt6/
eDBp2Dfm/gzPqLkorq4dU4q6CoWE3//0f0pO6WTteWivRwxnkvgRnxPIz14QW0ZW
wNynt5ljmnvIAdLhRV+Fzo8yulSwUt7zLzOfAApXVZKi0KSPgNyk8+xc/3SsIaZd
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:49 2024 by rpki-client on console-ams.rpki-client.org