Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/VS3jetdasBNyXlC5jP37Wj1Zgqo.roa
File:                     VS3jetdasBNyXlC5jP37Wj1Zgqo.roa (raw, json)
Hash identifier:          Iq9Cg47HMD0Vqv2OMw/o3zYwWiiCXLLW7mF+FFbNfIU=
Subject key identifier:   55:2D:E3:7A:D7:5A:B0:13:72:5E:50:B9:8C:FD:FB:5A:3D:59:82:AA
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       0186968DDF9EC914985C16FF26F29301ABB8
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/VS3jetdasBNyXlC5jP37Wj1Zgqo.roa
Signing time:             Tue 28 Feb 2023 05:45:25 +0000
ROA not before:           Tue 28 Feb 2023 05:45:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     398343
IP address blocks:        91.149.219.0/24 maxlen: 24
                          91.149.221.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 27 Mar 2023 15:42:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:96:8d:df:9e:c9:14:98:5c:16:ff:26:f2:93:01:ab:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Feb 28 05:45:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=552de37ad75ab013725e50b98cfdfb5a3d5982aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:49:f1:00:4d:30:0b:d2:a2:95:cc:f9:c4:a6:
                    10:e1:23:1a:af:21:db:30:86:5c:20:49:34:f0:f6:
                    e5:70:4c:86:59:83:39:2e:8c:27:dc:af:6f:9a:36:
                    69:a6:88:6f:3d:c2:12:da:71:a0:cb:e1:93:c0:df:
                    0e:61:d0:00:d3:4c:2d:cc:98:10:28:a2:07:56:92:
                    86:e0:7b:de:0e:30:1e:af:7d:05:c8:cb:c3:fb:3f:
                    01:1c:e6:12:87:28:5b:fb:8b:f1:65:66:45:01:59:
                    0e:ae:37:c6:71:60:f6:c3:5f:b3:de:88:81:04:f1:
                    6c:a1:3e:ef:22:b6:54:87:8e:51:14:a5:21:a2:ea:
                    89:21:7e:bd:dc:25:39:9a:fe:7b:01:0e:ca:2b:50:
                    dd:96:ea:ab:a8:22:cd:66:8b:cd:38:3d:86:fa:a0:
                    cb:63:62:84:02:af:8a:0e:85:c4:20:c4:57:0f:f8:
                    f1:e8:fd:d0:1f:1f:eb:40:87:2c:b4:2a:75:5f:f6:
                    85:12:9f:ad:6a:b0:a2:e9:5c:5b:25:04:1d:d7:f1:
                    64:9d:9c:8b:a2:9c:c2:cf:e7:44:bb:d8:b2:75:b8:
                    4a:0a:fc:0e:36:b4:b5:77:a1:fd:3c:05:f6:b7:a8:
                    d4:b3:1b:99:fa:6a:a5:93:17:ca:b8:42:18:54:fa:
                    3d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:2D:E3:7A:D7:5A:B0:13:72:5E:50:B9:8C:FD:FB:5A:3D:59:82:AA
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/VS3jetdasBNyXlC5jP37Wj1Zgqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.219.0/24
                  91.149.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:f1:59:ab:83:94:6d:e6:ea:5f:42:23:b9:78:bb:e5:c6:9a:
         78:35:e9:5b:32:2c:e1:96:c3:ba:62:4c:0f:34:50:39:1c:2f:
         a6:18:f8:fe:75:8a:f1:b9:2f:89:a6:82:80:d3:1c:94:c4:fc:
         23:69:75:b8:9c:fd:3c:d4:c8:b1:19:7d:77:bc:e1:0a:f4:0b:
         3d:4d:81:a9:8d:03:19:bf:19:a5:53:23:ac:05:de:1e:2e:ca:
         fe:24:ae:8d:75:7a:51:ac:51:b6:2b:e9:b5:eb:67:14:04:7f:
         b4:cb:8f:ec:4e:bd:79:22:bd:44:59:85:8f:b8:d1:c4:97:df:
         1a:b0:87:9b:0b:eb:46:8c:46:e2:87:bc:31:bd:c1:3a:90:b7:
         9c:b9:1e:ae:40:ff:6a:11:46:49:d5:fd:05:5d:39:6b:71:e4:
         f9:07:c8:12:a8:ae:63:c5:12:8a:e5:ec:fd:e7:d1:8a:82:91:
         d9:b5:ce:8e:c8:c2:37:f7:15:c8:64:a7:c6:52:95:13:5d:55:
         e2:15:9c:42:86:6b:58:1b:1a:53:b7:60:d0:02:3f:2f:33:b7:
         39:f7:da:a6:88:b2:d2:3b:5d:e8:63:e8:f3:f4:93:95:80:7b:
         0a:27:be:a4:d8:1f:25:38:ad:aa:f2:0d:2c:14:3c:1f:97:f7:
         a9:97:30:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYaWjd+eyRSYXBb/JvKTAau4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjMwMjI4MDU0NTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTJkZTM3YWQ3NWFiMDEzNzI1ZTUwYjk4Y2ZkZmI1YTNkNTk4MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EnxAE0wC9Kilcz5xKYQ4SMaryHb
MIZcIEk08PblcEyGWYM5Lown3K9vmjZppohvPcIS2nGgy+GTwN8OYdAA00wtzJgQ
KKIHVpKG4HveDjAer30FyMvD+z8BHOYShyhb+4vxZWZFAVkOrjfGcWD2w1+z3oiB
BPFsoT7vIrZUh45RFKUhouqJIX693CU5mv57AQ7KK1DdluqrqCLNZovNOD2G+qDL
Y2KEAq+KDoXEIMRXD/jx6P3QHx/rQIcstCp1X/aFEp+tarCi6VxbJQQd1/FknZyL
opzCz+dEu9iydbhKCvwONrS1d6H9PAX2t6jUsxuZ+mqlkxfKuEIYVPo9+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFUt43rXWrATcl5QuYz9+1o9WYKqMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvVlMzamV0ZGFzQk55WGxDNWpQMzdXajFaZ3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW5XbAwQA
W5XdMA0GCSqGSIb3DQEBCwUAA4IBAQBM8Vmrg5Rt5upfQiO5eLvlxpp4NelbMizh
lsO6YkwPNFA5HC+mGPj+dYrxuS+JpoKA0xyUxPwjaXW4nP081MixGX13vOEK9As9
TYGpjQMZvxmlUyOsBd4eLsr+JK6NdXpRrFG2K+m162cUBH+0y4/sTr15Ir1EWYWP
uNHEl98asIebC+tGjEbih7wxvcE6kLecuR6uQP9qEUZJ1f0FXTlrceT5B8gSqK5j
xRKK5ez959GKgpHZtc6OyMI39xXIZKfGUpUTXVXiFZxChmtYGxpTt2DQAj8vM7c5
99qmiLLSO13oY+jz9JOVgHsKJ76k2B8lOK2q8g0sFDwfl/eplzA+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:21 2024 by rpki-client on console-fra.rpki-client.org