Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/okDJtvLU_aCk39kWLpZmccbDwQE.roa
File:                     okDJtvLU_aCk39kWLpZmccbDwQE.roa (raw, json)
Hash identifier:          9Ebxr3vDvm0qSNhMWGzsBOftJKYYNN7znS74tSEj29g=
Subject key identifier:   A2:40:C9:B6:F2:D4:FD:A0:A4:DF:D9:16:2E:96:66:71:C6:C3:C1:01
Certificate issuer:       /CN=bb4bbd334581ddcdd935bcef47d9a04cbce5fded
Certificate serial:       018571D79B6B97C92BB520450D8B7D438D68
Authority key identifier: BB:4B:BD:33:45:81:DD:CD:D9:35:BC:EF:47:D9:A0:4C:BC:E5:FD:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/okDJtvLU_aCk39kWLpZmccbDwQE.roa
Signing time:             Mon 02 Jan 2023 09:37:13 +0000
ROA not before:           Mon 02 Jan 2023 09:37:13 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199408
IP address blocks:        185.14.168.0/22 maxlen: 22
                          91.195.1.0/24 maxlen: 24
                          91.195.0.0/23 maxlen: 23
                          2a03:aec0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:d7:9b:6b:97:c9:2b:b5:20:45:0d:8b:7d:43:8d:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb4bbd334581ddcdd935bcef47d9a04cbce5fded
        Validity
            Not Before: Jan  2 09:37:13 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a240c9b6f2d4fda0a4dfd9162e966671c6c3c101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:3b:45:61:77:b7:8e:52:e7:24:31:7c:28:84:
                    a5:c6:aa:18:76:d3:d2:57:f7:1d:bc:d8:ae:03:00:
                    28:1d:1c:60:24:b5:3e:0a:cd:cd:c7:d2:6d:db:c5:
                    99:a3:6a:b4:50:55:a2:dd:ed:d7:d8:91:dd:62:8e:
                    79:7b:df:88:d6:f1:9e:ac:b3:c4:89:29:41:74:11:
                    e5:a2:a7:93:e0:87:03:64:51:37:42:f6:dd:9a:6a:
                    a6:f0:d4:41:bb:73:cb:68:81:33:e3:3f:5b:64:8d:
                    64:e9:74:c0:30:6e:ea:3e:ac:3a:5b:51:8e:aa:c7:
                    b8:c1:e6:1b:4c:40:bf:80:ee:ca:f1:de:1d:85:17:
                    25:11:6c:da:04:88:02:1b:61:c1:a1:aa:26:26:cf:
                    53:8f:16:e7:46:38:ac:8b:ef:f3:8c:be:6b:dd:1e:
                    b0:bc:5c:62:de:86:73:d3:1d:5d:6a:97:a6:bd:25:
                    a0:8e:10:30:6d:38:2b:87:00:e6:a6:9a:d1:7a:1c:
                    eb:a4:02:b7:b6:bc:e2:09:24:7f:d4:86:29:ca:47:
                    71:f0:90:33:05:dd:bb:34:50:7d:71:79:97:a2:c2:
                    9e:c1:c4:24:61:32:77:f7:84:aa:a5:d0:9e:e9:74:
                    47:af:bf:09:39:0b:e1:35:c2:ae:b5:e4:5e:6a:fe:
                    e4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:40:C9:B6:F2:D4:FD:A0:A4:DF:D9:16:2E:96:66:71:C6:C3:C1:01
            X509v3 Authority Key Identifier:
                keyid:BB:4B:BD:33:45:81:DD:CD:D9:35:BC:EF:47:D9:A0:4C:BC:E5:FD:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/okDJtvLU_aCk39kWLpZmccbDwQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/7a7ce6-06a6-41d3-b5fa-97174a96e815/1/u0u9M0WB3c3ZNbzvR9mgTLzl_e0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.0.0/23
                  185.14.168.0/22
                IPv6:
                  2a03:aec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:80:3a:7b:77:76:3b:e2:27:0e:99:16:14:16:17:69:49:46:
         fc:52:9d:9f:bf:5f:33:c6:69:d9:83:b6:3b:bf:86:74:2a:9f:
         db:78:fd:00:ea:a0:31:6a:c9:f1:19:db:cb:cb:2f:5d:55:b7:
         d2:3c:4c:05:68:c7:5c:12:68:30:b2:0d:4e:7a:66:a5:7e:d1:
         a0:2f:91:0c:41:d5:c3:1b:5b:fe:44:82:e0:44:fb:01:f7:eb:
         18:f9:7d:07:7d:13:96:df:3d:d7:6b:cc:d2:4c:8b:58:7d:42:
         77:8b:d6:3d:35:d5:4a:94:6f:55:01:f8:42:c4:63:2a:92:e3:
         06:dd:e5:ba:66:33:49:21:e2:ef:e4:03:2c:80:5b:34:a8:84:
         9c:46:28:a9:94:e5:10:d2:7c:07:64:8e:89:f4:6c:0f:dc:11:
         fe:3e:5e:34:4d:54:93:fd:eb:a5:35:29:2c:1a:78:77:46:84:
         fe:a1:0b:18:26:b8:b2:38:e2:5e:fb:ec:10:d4:82:65:5a:2a:
         45:ea:ff:98:30:a3:47:0c:6f:00:a8:46:ca:56:cf:2a:ee:1d:
         79:1e:47:94:0f:e8:dc:5b:c4:30:8b:f4:62:ae:ca:d3:e1:96:
         14:61:a7:ca:16:90:a5:8a:b7:40:d1:ed:b1:d6:61:12:e6:b3:
         26:20:c1:39
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVx15trl8krtSBFDYt9Q41oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiNGJiZDMzNDU4MWRkY2RkOTM1YmNlZjQ3ZDlhMDRjYmNl
NWZkZWQwHhcNMjMwMTAyMDkzNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQwYzliNmYyZDRmZGEwYTRkZmQ5MTYyZTk2NjY3MWM2YzNjMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTtFYXe3jlLnJDF8KISlxqoYdtPS
V/cdvNiuAwAoHRxgJLU+Cs3Nx9Jt28WZo2q0UFWi3e3X2JHdYo55e9+I1vGerLPE
iSlBdBHloqeT4IcDZFE3Qvbdmmqm8NRBu3PLaIEz4z9bZI1k6XTAMG7qPqw6W1GO
qse4weYbTEC/gO7K8d4dhRclEWzaBIgCG2HBoaomJs9TjxbnRjisi+/zjL5r3R6w
vFxi3oZz0x1dapemvSWgjhAwbTgrhwDmpprRehzrpAK3trziCSR/1IYpykdx8JAz
Bd27NFB9cXmXosKewcQkYTJ394SqpdCe6XRHr78JOQvhNcKuteReav7kDQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKJAybby1P2gpN/ZFi6WZnHGw8EBMB8GA1UdIwQY
MBaAFLtLvTNFgd3N2TW870fZoEy85f3tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTB1OU0wV0IzYzNaTmJ6dlI5bWdUTHpsX2UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC83YTdjZTYtMDZhNi00MWQzLWI1ZmEt
OTcxNzRhOTZlODE1LzEvb2tESnR2TFVfYUNrMzlrV0xwWm1jY2JEd1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC83YTdjZTYtMDZhNi00MWQzLWI1ZmEtOTcxNzRhOTZlODE1
LzEvdTB1OU0wV0IzYzNaTmJ6dlI5bWdUTHpsX2UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW8MAAwQC
uQ6oMA0EAgACMAcDBQAqA67AMA0GCSqGSIb3DQEBCwUAA4IBAQAogDp7d3Y74icO
mRYUFhdpSUb8Up2fv18zxmnZg7Y7v4Z0Kp/beP0A6qAxasnxGdvLyy9dVbfSPEwF
aMdcEmgwsg1OemalftGgL5EMQdXDG1v+RILgRPsB9+sY+X0HfROW3z3Xa8zSTItY
fUJ3i9Y9NdVKlG9VAfhCxGMqkuMG3eW6ZjNJIeLv5AMsgFs0qIScRiiplOUQ0nwH
ZI6J9GwP3BH+Pl40TVST/eulNSksGnh3RoT+oQsYJriyOOJe++wQ1IJlWipF6v+Y
MKNHDG8AqEbKVs8q7h15HkeUD+jcW8Qwi/RirsrT4ZYUYafKFpClirdA0e2x1mES
5rMmIME5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:06 2024 by rpki-client on console-ams.rpki-client.org