Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/mWvp0rX4qOrnhBjbncgsIte7TFQ.roa
File:                     mWvp0rX4qOrnhBjbncgsIte7TFQ.roa (raw, json)
Hash identifier:          7tiTUBqBCAzS2hL6ZTekc0f/aBWW4fiwT1UGTXw7jcA=
Subject key identifier:   99:6B:E9:D2:B5:F8:A8:EA:E7:84:18:DB:9D:C8:2C:22:D7:BB:4C:54
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       0185708CE8A4ACCC2CCEBB4DC7F3854523EC
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/mWvp0rX4qOrnhBjbncgsIte7TFQ.roa
Signing time:             Mon 02 Jan 2023 03:36:00 +0000
ROA not before:           Mon 02 Jan 2023 03:36:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205220
IP address blocks:        91.186.220.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 16 Feb 2023 22:06:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:8c:e8:a4:ac:cc:2c:ce:bb:4d:c7:f3:85:45:23:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 03:36:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=996be9d2b5f8a8eae78418db9dc82c22d7bb4c54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1b:ef:36:77:f2:57:25:f3:7a:7a:d9:09:0b:
                    1a:d8:79:c0:73:a0:6e:ea:c9:f4:a0:0e:a6:a0:d1:
                    3b:b5:af:ec:c1:a1:ab:42:7e:79:b9:fd:fe:63:ff:
                    fe:e3:bd:df:88:71:be:fd:0c:be:2f:c0:89:c0:05:
                    85:7b:85:3a:7b:48:82:7a:93:93:4c:a6:a1:73:19:
                    fb:83:da:dc:fe:09:e9:90:43:d1:be:56:f3:4b:c6:
                    49:c6:19:41:b0:61:23:c0:e3:b2:e6:64:2b:2f:8d:
                    1c:dd:d1:10:48:d7:00:70:e6:56:bd:eb:ec:d8:7b:
                    4a:a6:3b:cf:a4:b8:7c:ec:8d:74:9d:7f:71:9c:14:
                    69:9b:cc:bb:9e:11:d5:2e:96:2d:17:5e:2f:76:6e:
                    07:33:5e:95:73:df:c9:c9:c8:69:33:74:5b:15:d8:
                    7c:24:99:64:0d:04:fe:85:b5:c3:ab:2d:cc:f3:cc:
                    8d:24:11:85:90:a0:55:f3:d1:8e:27:c4:37:af:53:
                    c3:38:4f:ff:ca:c4:0e:ff:a0:e9:94:79:bb:95:33:
                    c2:83:ae:82:db:10:b8:53:6b:7b:d1:d8:5c:8d:f1:
                    0e:d2:ff:a9:88:f8:59:c0:c6:d8:a0:17:db:00:34:
                    f2:82:80:0e:81:9e:03:19:94:52:4b:b7:8f:30:2b:
                    27:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:6B:E9:D2:B5:F8:A8:EA:E7:84:18:DB:9D:C8:2C:22:D7:BB:4C:54
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/mWvp0rX4qOrnhBjbncgsIte7TFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:80:38:85:4f:e8:a4:2d:2b:f7:a4:f5:34:c1:53:d7:5c:b7:
         7c:17:b2:03:5a:54:7b:59:83:17:47:e4:65:bf:20:38:2a:67:
         71:81:ea:5d:77:19:90:d4:55:7b:85:77:f2:f4:e0:2e:df:7f:
         34:9d:fb:2c:16:e8:0e:54:5d:16:d0:44:dd:92:41:25:2f:1a:
         d0:8f:79:4b:37:d2:2a:09:fd:85:16:0a:1a:f2:05:3c:20:ce:
         d0:bd:2a:e6:c5:94:1f:01:52:43:cd:e5:a0:d9:c9:36:ba:8e:
         c7:db:2b:d8:1b:22:65:48:23:43:38:6d:35:91:8d:ec:3f:33:
         ef:0b:7a:a0:05:6c:b4:b3:58:74:ce:34:a7:67:10:b7:10:5c:
         bb:67:72:09:da:9f:89:76:c6:35:5e:7a:2b:d7:27:c5:aa:c8:
         9f:b1:9e:fc:4d:b7:b1:3b:7e:2a:87:16:6a:65:1c:7c:bf:84:
         72:98:20:16:78:2d:06:ba:0b:03:4d:f2:bd:a4:83:c4:ef:f2:
         ba:6a:5a:1c:be:1e:87:11:5e:d6:5a:51:ec:18:ea:88:72:ff:
         f4:59:df:2c:02:b1:60:72:17:b0:8e:e6:9d:98:fc:24:4b:73:
         b7:20:bb:67:7e:d0:a2:0c:01:35:f5:e5:1d:36:a9:4e:4a:0f:
         bd:20:03:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwjOikrMwszrtNx/OFRSPsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjMwMTAyMDMzNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTZiZTlkMmI1ZjhhOGVhZTc4NDE4ZGI5ZGM4MmMyMmQ3YmI0YzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRvvNnfyVyXzenrZCQsa2HnAc6Bu
6sn0oA6moNE7ta/swaGrQn55uf3+Y//+473fiHG+/Qy+L8CJwAWFe4U6e0iCepOT
TKahcxn7g9rc/gnpkEPRvlbzS8ZJxhlBsGEjwOOy5mQrL40c3dEQSNcAcOZWvevs
2HtKpjvPpLh87I10nX9xnBRpm8y7nhHVLpYtF14vdm4HM16Vc9/JychpM3RbFdh8
JJlkDQT+hbXDqy3M88yNJBGFkKBV89GOJ8Q3r1PDOE//ysQO/6DplHm7lTPCg66C
2xC4U2t70dhcjfEO0v+piPhZwMbYoBfbADTygoAOgZ4DGZRSS7ePMCsn3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJlr6dK1+Kjq54QY253ILCLXu0xUMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvbVd2cDByWDRxT3JuaEJqYm5jZ3NJdGU3VEZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rcMA0G
CSqGSIb3DQEBCwUAA4IBAQBUgDiFT+ikLSv3pPU0wVPXXLd8F7IDWlR7WYMXR+Rl
vyA4KmdxgepddxmQ1FV7hXfy9OAu3380nfssFugOVF0W0ETdkkElLxrQj3lLN9Iq
Cf2FFgoa8gU8IM7QvSrmxZQfAVJDzeWg2ck2uo7H2yvYGyJlSCNDOG01kY3sPzPv
C3qgBWy0s1h0zjSnZxC3EFy7Z3IJ2p+JdsY1Xnor1yfFqsifsZ78TbexO34qhxZq
ZRx8v4RymCAWeC0GugsDTfK9pIPE7/K6alocvh6HEV7WWlHsGOqIcv/0Wd8sArFg
chewjuadmPwkS3O3ILtnftCiDAE19eUdNqlOSg+9IANH
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:19 2024 by rpki-client on console-ams.rpki-client.org