Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/23BC9OYdmqxjDcyW4BVFLZG_zjg.roa
File:                     23BC9OYdmqxjDcyW4BVFLZG_zjg.roa (raw, json)
Hash identifier:          8hFuJxlDSB9ZenI126hdnjqWToegEc8HlDAeAQlqqYM=
Subject key identifier:   DB:70:42:F4:E6:1D:9A:AC:63:0D:CC:96:E0:15:45:2D:91:BF:CE:38
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CCE823CFCE6F15A71F75D2829241B04EC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/23BC9OYdmqxjDcyW4BVFLZG_zjg.roa
Signing time:             Wed 03 Jan 2024 08:48:10 +0000
ROA not before:           Wed 03 Jan 2024 08:48:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        203.0.9.0/24 maxlen: 24
                          203.0.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 13:05:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:82:3c:fc:e6:f1:5a:71:f7:5d:28:29:24:1b:04:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  3 08:48:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db7042f4e61d9aac630dcc96e015452d91bfce38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:93:b0:54:d9:52:e6:fc:14:47:a8:33:aa:23:
                    42:f0:b5:08:eb:56:6c:fd:08:a6:fa:d5:07:66:fa:
                    9b:ef:ad:b4:72:de:2f:58:f0:37:df:72:bf:0e:6e:
                    a7:18:48:27:64:52:94:1b:31:3c:56:64:a7:67:42:
                    1b:d6:77:af:67:b4:c8:d3:a7:d6:6f:ab:09:8a:87:
                    10:89:81:34:a4:9e:cc:08:36:73:9b:b9:57:2c:b5:
                    bd:5c:7e:8a:a0:f1:20:a1:bc:a4:82:6c:bd:56:d7:
                    c7:87:54:56:72:0b:0d:05:e6:33:1d:50:0d:38:7b:
                    9d:86:85:1a:b7:f0:70:98:29:b6:b3:06:95:dd:1e:
                    52:75:0c:09:4b:4a:96:d3:38:2a:cf:b9:4f:f7:94:
                    36:e7:c7:64:87:bd:f6:94:be:6e:ed:ea:ec:87:03:
                    89:ce:e4:a7:96:b6:17:58:0f:73:f8:9c:ea:d7:1f:
                    ae:35:d7:c6:15:89:11:b8:f9:89:2f:27:09:a7:9b:
                    d2:cc:ac:06:a8:bd:8c:81:c1:7c:1b:13:9e:92:79:
                    99:1c:f3:0e:31:28:88:f3:9c:07:54:9c:bb:d6:3f:
                    c1:6b:da:37:d5:99:4e:9a:84:85:14:f9:61:c7:cc:
                    16:d3:69:85:2c:05:5d:64:b9:4c:a8:ca:3d:1f:e0:
                    c5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:70:42:F4:E6:1D:9A:AC:63:0D:CC:96:E0:15:45:2D:91:BF:CE:38
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/23BC9OYdmqxjDcyW4BVFLZG_zjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.0.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:3d:f6:00:84:ba:be:e3:b0:0a:63:55:48:65:80:9c:77:85:
         44:7a:db:79:23:9c:47:ef:e1:c2:1a:9f:d7:8e:83:9e:ea:37:
         81:74:89:ef:61:0e:38:b1:39:13:bf:56:fc:68:f0:ae:36:34:
         07:ec:1f:29:af:78:73:d0:70:4d:b7:20:d9:31:37:1e:77:fc:
         0d:b1:5a:0f:e6:c6:17:6d:dd:9f:49:44:1d:11:bf:f3:ba:cf:
         65:e7:7c:5b:60:2e:9d:f8:38:2e:04:b5:77:ae:81:14:c6:54:
         6c:70:33:9a:fd:21:8b:43:e5:6a:19:59:69:90:c3:a4:fa:4c:
         96:05:7d:64:50:63:bf:cd:e5:87:67:eb:8c:3b:8a:cd:10:6b:
         48:0c:91:6d:db:c2:b2:f3:77:a7:f2:67:46:e0:92:17:a5:5a:
         6e:8d:25:b2:20:d8:2a:42:07:cf:85:ca:b7:e9:f6:a6:73:44:
         6b:15:3f:80:10:14:2d:28:d7:6b:b7:2e:25:ba:21:be:74:b6:
         f7:9b:fa:3b:24:28:39:19:d3:40:f3:2f:db:83:31:fe:5e:3b:
         09:dd:90:0e:ae:b5:d0:1c:3b:87:4f:8a:64:81:34:16:9c:5d:
         a7:fb:0d:c3:81:0f:3d:45:e8:10:71:11:b9:87:4e:e6:b4:45:
         b0:3a:04:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzOgjz85vFacfddKCkkGwTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAzMDg0ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjcwNDJmNGU2MWQ5YWFjNjMwZGNjOTZlMDE1NDUyZDkxYmZjZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJOwVNlS5vwUR6gzqiNC8LUI61Zs
/Qim+tUHZvqb7620ct4vWPA333K/Dm6nGEgnZFKUGzE8VmSnZ0Ib1nevZ7TI06fW
b6sJiocQiYE0pJ7MCDZzm7lXLLW9XH6KoPEgobykgmy9VtfHh1RWcgsNBeYzHVAN
OHudhoUat/BwmCm2swaV3R5SdQwJS0qW0zgqz7lP95Q258dkh732lL5u7ershwOJ
zuSnlrYXWA9z+Jzq1x+uNdfGFYkRuPmJLycJp5vSzKwGqL2MgcF8GxOeknmZHPMO
MSiI85wHVJy71j/Ba9o31ZlOmoSFFPlhx8wW02mFLAVdZLlMqMo9H+DFHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtwQvTmHZqsYw3MluAVRS2Rv844MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMjNCQzlPWWRtcXhqRGN5VzRCVkZMWkdfempnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBywAIMA0G
CSqGSIb3DQEBCwUAA4IBAQABPfYAhLq+47AKY1VIZYCcd4VEett5I5xH7+HCGp/X
joOe6jeBdInvYQ44sTkTv1b8aPCuNjQH7B8pr3hz0HBNtyDZMTced/wNsVoP5sYX
bd2fSUQdEb/zus9l53xbYC6d+DguBLV3roEUxlRscDOa/SGLQ+VqGVlpkMOk+kyW
BX1kUGO/zeWHZ+uMO4rNEGtIDJFt28Ky83en8mdG4JIXpVpujSWyINgqQgfPhcq3
6famc0RrFT+AEBQtKNdrty4luiG+dLb3m/o7JCg5GdNA8y/bgzH+XjsJ3ZAOrrXQ
HDuHT4pkgTQWnF2n+w3DgQ89RegQcRG5h07mtEWwOgQ/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org