Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/nZa7vJLJXmGwXc3jves21sXgeic.roa
File:                     nZa7vJLJXmGwXc3jves21sXgeic.roa (raw, json)
Hash identifier:          2ZG0BCkQUgSlpXweHyX4ABhl0CkZk5j7OEXYu8QL6fg=
Subject key identifier:   9D:96:BB:BC:92:C9:5E:61:B0:5D:CD:E3:BD:EB:36:D6:C5:E0:7A:27
Certificate issuer:       /CN=d3277a239664d245becf4214dde15923042a142f
Certificate serial:       01856BC10EE56EC1B6E282261AD4F43F774D
Authority key identifier: D3:27:7A:23:96:64:D2:45:BE:CF:42:14:DD:E1:59:23:04:2A:14:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0yd6I5Zk0kW-z0IU3eFZIwQqFC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/nZa7vJLJXmGwXc3jves21sXgeic.roa
Signing time:             Sun 01 Jan 2023 05:14:52 +0000
ROA not before:           Sun 01 Jan 2023 05:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197130
IP address blocks:        91.216.201.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:30:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:c1:0e:e5:6e:c1:b6:e2:82:26:1a:d4:f4:3f:77:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3277a239664d245becf4214dde15923042a142f
        Validity
            Not Before: Jan  1 05:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9d96bbbc92c95e61b05dcde3bdeb36d6c5e07a27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e9:02:66:3d:f8:f3:8d:41:0e:b2:99:5f:e9:
                    a3:09:7a:67:0e:5e:54:07:1c:3e:de:b3:98:20:6a:
                    bf:dd:57:17:44:68:c8:b6:0d:7d:ac:5d:ef:e4:dd:
                    3d:4b:92:80:b4:ac:bd:37:8f:79:78:4a:1c:11:42:
                    44:32:23:e1:b5:f0:45:a0:f4:af:44:53:11:bc:3a:
                    1a:0d:07:01:82:42:ab:ad:c4:cf:76:9b:b0:1c:4d:
                    bf:61:25:5f:27:65:44:f9:d4:bb:1e:f6:f7:85:40:
                    a9:5d:11:94:b4:9b:6e:ae:95:fa:e7:91:a5:6b:17:
                    7c:8d:8c:84:57:11:0a:13:26:b9:07:b2:c4:06:da:
                    6d:71:41:12:21:4a:25:06:4f:37:14:3c:12:5a:2f:
                    d5:f8:ae:f8:ba:ca:a4:a8:91:2b:7d:5c:65:79:12:
                    43:25:16:b5:e1:79:90:c7:4c:a5:22:2e:60:b6:b2:
                    84:9a:9a:28:75:5b:a1:ad:5b:5c:e1:29:71:09:0a:
                    50:64:c8:f0:2a:05:b9:d4:57:85:d4:c2:e5:89:a1:
                    28:3b:79:96:45:90:0f:2b:30:59:08:1c:82:db:84:
                    fb:f7:3d:e3:fb:d6:d7:c9:73:16:61:8e:c1:47:ac:
                    9a:51:05:d8:73:61:37:f1:49:33:ff:60:d6:f7:9d:
                    7d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:96:BB:BC:92:C9:5E:61:B0:5D:CD:E3:BD:EB:36:D6:C5:E0:7A:27
            X509v3 Authority Key Identifier:
                keyid:D3:27:7A:23:96:64:D2:45:BE:CF:42:14:DD:E1:59:23:04:2A:14:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0yd6I5Zk0kW-z0IU3eFZIwQqFC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/nZa7vJLJXmGwXc3jves21sXgeic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/6b4386-df3d-4f9c-af1c-c373f453a245/1/0yd6I5Zk0kW-z0IU3eFZIwQqFC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:ba:02:6c:56:84:69:1a:66:f9:86:f6:98:f5:e9:e1:0e:79:
         c9:81:df:79:bc:e7:d1:a1:60:01:0c:d5:86:d8:87:88:86:1c:
         ef:f9:dc:8c:ee:09:7f:80:8c:75:c5:01:94:43:04:0f:a6:e7:
         32:6f:a7:e4:d4:38:f7:b0:ad:9d:1b:5d:4b:ea:11:ca:07:ff:
         f3:90:54:bb:f1:c4:a7:b2:80:a9:8f:01:65:35:aa:aa:8b:64:
         55:48:a8:2f:9e:cb:f9:be:e1:90:75:44:97:6e:eb:8c:6f:a5:
         79:17:23:43:50:7b:79:a0:0b:69:c5:93:8f:45:e2:34:2a:25:
         d5:40:b9:50:7d:3a:8e:d0:0d:15:5c:bf:7a:8e:db:08:61:82:
         31:0b:be:ad:cd:79:b0:ed:af:24:fe:6d:76:03:ab:a0:5f:4b:
         81:43:71:89:fa:8d:b3:8e:92:58:75:5e:5f:ec:a8:dd:69:9a:
         43:3a:26:44:c1:54:cb:74:80:c4:89:3e:33:db:a8:80:eb:2e:
         02:8c:fa:c9:d8:f9:58:d5:9c:20:68:7d:1f:1e:3a:e1:93:bb:
         c8:31:2b:c8:e5:21:97:f0:52:53:07:a7:49:aa:b9:26:f9:35:
         4c:e1:dd:5d:27:6f:70:e9:16:a0:41:13:72:5d:9e:9b:73:89:
         a6:46:10:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVrwQ7lbsG24oImGtT0P3dNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMjc3YTIzOTY2NGQyNDViZWNmNDIxNGRkZTE1OTIzMDQy
YTE0MmYwHhcNMjMwMTAxMDUxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDk2YmJiYzkyYzk1ZTYxYjA1ZGNkZTNiZGViMzZkNmM1ZTA3YTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmekCZj34841BDrKZX+mjCXpnDl5U
Bxw+3rOYIGq/3VcXRGjItg19rF3v5N09S5KAtKy9N495eEocEUJEMiPhtfBFoPSv
RFMRvDoaDQcBgkKrrcTPdpuwHE2/YSVfJ2VE+dS7Hvb3hUCpXRGUtJturpX655Gl
axd8jYyEVxEKEya5B7LEBtptcUESIUolBk83FDwSWi/V+K74usqkqJErfVxleRJD
JRa14XmQx0ylIi5gtrKEmpoodVuhrVtc4SlxCQpQZMjwKgW51FeF1MLliaEoO3mW
RZAPKzBZCByC24T79z3j+9bXyXMWYY7BR6yaUQXYc2E38Ukz/2DW9519NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2Wu7ySyV5hsF3N473rNtbF4HonMB8GA1UdIwQY
MBaAFNMneiOWZNJFvs9CFN3hWSMEKhQvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHlkNkk1Wmswa1ctejBJVTNlRlpJd1FxRkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS82YjQzODYtZGYzZC00ZjljLWFmMWMt
YzM3M2Y0NTNhMjQ1LzEvblphN3ZKTEpYbUd3WGMzanZlczIxc1hnZWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS82YjQzODYtZGYzZC00ZjljLWFmMWMtYzM3M2Y0NTNhMjQ1
LzEvMHlkNkk1Wmswa1ctejBJVTNlRlpJd1FxRkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jJMA0G
CSqGSIb3DQEBCwUAA4IBAQA5ugJsVoRpGmb5hvaY9enhDnnJgd95vOfRoWABDNWG
2IeIhhzv+dyM7gl/gIx1xQGUQwQPpucyb6fk1Dj3sK2dG11L6hHKB//zkFS78cSn
soCpjwFlNaqqi2RVSKgvnsv5vuGQdUSXbuuMb6V5FyNDUHt5oAtpxZOPReI0KiXV
QLlQfTqO0A0VXL96jtsIYYIxC76tzXmw7a8k/m12A6ugX0uBQ3GJ+o2zjpJYdV5f
7KjdaZpDOiZEwVTLdIDEiT4z26iA6y4CjPrJ2PlY1ZwgaH0fHjrhk7vIMSvI5SGX
8FJTB6dJqrkm+TVM4d1dJ29w6RagQRNyXZ6bc4mmRhA8
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:36 2024 by rpki-client on console-ams.rpki-client.org