Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/vySO4sfRerRq8fMdtM4U5t9CjCk.roa
File:                     vySO4sfRerRq8fMdtM4U5t9CjCk.roa (raw, json)
Hash identifier:          9FMO9YTuNvzYsYr9QayneKkeSpn8/wlZaCb/LT9gsso=
Subject key identifier:   BF:24:8E:E2:C7:D1:7A:B4:6A:F1:F3:1D:B4:CE:14:E6:DF:42:8C:29
Certificate issuer:       /CN=5d99e8d5713a5e6382c0d1389d6242816f9d6fb9
Certificate serial:       01856DA66F48C9A5D0529AA5C8404F36C021
Authority key identifier: 5D:99:E8:D5:71:3A:5E:63:82:C0:D1:38:9D:62:42:81:6F:9D:6F:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/vySO4sfRerRq8fMdtM4U5t9CjCk.roa
Signing time:             Sun 01 Jan 2023 14:05:01 +0000
ROA not before:           Sun 01 Jan 2023 14:05:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208034
IP address blocks:        185.194.249.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 14:32:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:a6:6f:48:c9:a5:d0:52:9a:a5:c8:40:4f:36:c0:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5d99e8d5713a5e6382c0d1389d6242816f9d6fb9
        Validity
            Not Before: Jan  1 14:05:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bf248ee2c7d17ab46af1f31db4ce14e6df428c29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:da:76:d1:55:4f:2c:99:9e:5f:f4:ef:33:42:
                    24:60:71:ef:e7:e8:a7:c8:1a:0a:62:18:d3:37:36:
                    34:2c:7a:db:12:05:10:3d:95:b0:29:eb:83:bf:06:
                    a2:76:1a:fd:68:cb:0c:05:e0:ea:7a:8f:7f:b4:8b:
                    bc:5f:67:5e:32:03:ea:06:ce:02:34:d9:69:86:ea:
                    30:34:1d:dc:74:73:c3:3a:c5:ca:d5:79:93:e9:92:
                    0b:76:42:d4:88:5a:ad:cc:7b:d7:8e:a0:74:65:61:
                    6e:f8:31:77:2d:f6:9b:cc:ab:1c:70:28:9f:58:5e:
                    37:31:c1:6d:94:e9:3c:af:b4:c1:ed:50:f0:7f:31:
                    73:c0:e8:53:55:18:d9:f6:a3:86:25:1d:03:8f:d6:
                    70:88:bd:a1:48:86:ee:68:0a:f9:a4:bc:d5:f4:6a:
                    8a:82:1e:bb:af:94:07:4f:09:23:2c:3f:76:88:dc:
                    97:dc:70:41:3f:e1:a9:36:4b:e1:33:ce:ea:d2:ea:
                    cf:89:d4:04:85:7b:e1:0f:ad:32:ce:61:15:4c:45:
                    88:09:e4:90:7c:3a:27:9a:2b:07:3f:42:54:97:42:
                    42:8a:46:89:57:6d:09:45:c8:dd:04:dc:57:c3:62:
                    73:c7:d4:6b:ed:d8:28:a5:63:02:b1:03:66:ee:f4:
                    96:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:24:8E:E2:C7:D1:7A:B4:6A:F1:F3:1D:B4:CE:14:E6:DF:42:8C:29
            X509v3 Authority Key Identifier:
                keyid:5D:99:E8:D5:71:3A:5E:63:82:C0:D1:38:9D:62:42:81:6F:9D:6F:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XZno1XE6XmOCwNE4nWJCgW-db7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/vySO4sfRerRq8fMdtM4U5t9CjCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d2f992-3a17-4975-9c2c-9ca8ea90e617/1/XZno1XE6XmOCwNE4nWJCgW-db7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:23:db:0a:0c:90:a0:93:7d:dd:86:58:5e:70:08:f1:64:67:
         02:8f:5f:ce:64:e0:b1:53:72:0e:a3:c6:cd:1c:44:b7:ae:e2:
         b9:11:5d:38:7a:04:95:74:87:de:6e:54:de:a0:6a:97:c8:01:
         00:41:08:d6:34:cc:14:ec:13:dc:ec:a3:21:47:96:5f:73:c4:
         ba:26:35:b7:f7:79:0c:4b:a4:c3:d5:db:dd:dc:2e:4a:e4:ac:
         f4:05:ed:11:6c:4a:0d:a6:d0:a0:ac:0f:bc:43:6c:78:dd:d2:
         99:dc:b0:e8:a7:4e:8a:aa:b5:cb:28:a2:9f:cf:a6:c4:1b:98:
         62:27:e5:41:41:fa:48:b3:d3:71:3e:9e:e3:da:1d:c4:77:60:
         51:ae:dc:40:b3:55:a1:4b:9c:5a:d8:5b:ce:1c:9e:ee:d4:98:
         ce:3d:74:a7:bc:b5:e3:92:d3:fc:28:6b:93:41:0a:38:4d:be:
         ae:37:b2:6a:60:a8:35:93:d5:d4:3c:8d:e5:21:12:cd:21:e7:
         e0:c6:cc:c5:c7:14:2e:3a:39:08:63:7a:85:5b:44:da:c3:8d:
         7e:08:f8:c2:d8:1b:0a:26:e4:3a:a0:6c:5e:b4:1c:7a:78:9a:
         71:d8:ad:df:e3:e8:56:46:27:b3:0b:f3:98:f6:33:75:19:82:
         87:23:73:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtpm9IyaXQUpqlyEBPNsAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkOTllOGQ1NzEzYTVlNjM4MmMwZDEzODlkNjI0MjgxNmY5
ZDZmYjkwHhcNMjMwMTAxMTQwNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjI0OGVlMmM3ZDE3YWI0NmFmMWYzMWRiNGNlMTRlNmRmNDI4YzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9p20VVPLJmeX/TvM0IkYHHv5+in
yBoKYhjTNzY0LHrbEgUQPZWwKeuDvwaidhr9aMsMBeDqeo9/tIu8X2deMgPqBs4C
NNlphuowNB3cdHPDOsXK1XmT6ZILdkLUiFqtzHvXjqB0ZWFu+DF3LfabzKsccCif
WF43McFtlOk8r7TB7VDwfzFzwOhTVRjZ9qOGJR0Dj9ZwiL2hSIbuaAr5pLzV9GqK
gh67r5QHTwkjLD92iNyX3HBBP+GpNkvhM87q0urPidQEhXvhD60yzmEVTEWICeSQ
fDonmisHP0JUl0JCikaJV20JRcjdBNxXw2Jzx9Rr7dgopWMCsQNm7vSWswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8kjuLH0Xq0avHzHbTOFObfQowpMB8GA1UdIwQY
MBaAFF2Z6NVxOl5jgsDROJ1iQoFvnW+5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFpubzFYRTZYbU9Dd05FNG5XSkNnVy1kYjdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9kMmY5OTItM2ExNy00OTc1LTljMmMt
OWNhOGVhOTBlNjE3LzEvdnlTTzRzZlJlclJxOGZNZHRNNFU1dDlDakNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9kMmY5OTItM2ExNy00OTc1LTljMmMtOWNhOGVhOTBlNjE3
LzEvWFpubzFYRTZYbU9Dd05FNG5XSkNnVy1kYjdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucL5MA0G
CSqGSIb3DQEBCwUAA4IBAQCGI9sKDJCgk33dhlhecAjxZGcCj1/OZOCxU3IOo8bN
HES3ruK5EV04egSVdIfeblTeoGqXyAEAQQjWNMwU7BPc7KMhR5Zfc8S6JjW393kM
S6TD1dvd3C5K5Kz0Be0RbEoNptCgrA+8Q2x43dKZ3LDop06KqrXLKKKfz6bEG5hi
J+VBQfpIs9NxPp7j2h3Ed2BRrtxAs1WhS5xa2FvOHJ7u1JjOPXSnvLXjktP8KGuT
QQo4Tb6uN7JqYKg1k9XUPI3lIRLNIefgxszFxxQuOjkIY3qFW0Taw41+CPjC2BsK
JuQ6oGxetBx6eJpx2K3f4+hWRiezC/OY9jN1GYKHI3M/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:57 2024 by rpki-client on console-ams.rpki-client.org