Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XgO3jkecJzRauDsPE_ECOptEB3M.roa
File:                     XgO3jkecJzRauDsPE_ECOptEB3M.roa (raw, json)
Hash identifier:          U/kM6evKKmgmLshrTmhnysHq1SU7UmSuJ6/k2AAv6hE=
Subject key identifier:   5E:03:B7:8E:47:9C:27:34:5A:B8:3B:0F:13:F1:02:3A:9B:44:07:73
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018C1735F6D40CE2F4FB644BFF166F8C6225
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XgO3jkecJzRauDsPE_ECOptEB3M.roa
Signing time:             Tue 28 Nov 2023 18:34:21 +0000
ROA not before:           Tue 28 Nov 2023 18:34:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52320
IP address blocks:        93.114.195.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 13 Dec 2023 15:12:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:17:35:f6:d4:0c:e2:f4:fb:64:4b:ff:16:6f:8c:62:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Nov 28 18:34:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e03b78e479c27345ab83b0f13f1023a9b440773
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:38:e1:ea:3c:8b:01:eb:b9:67:f2:bb:b5:22:
                    52:bd:3e:a8:17:d7:62:4d:d7:00:47:b4:27:8c:a1:
                    f6:e4:76:88:94:d7:ac:13:5d:ad:36:33:34:94:60:
                    88:e5:12:f1:e4:4c:ff:3a:44:f3:57:db:69:9f:87:
                    45:fc:9f:3d:3f:2d:11:e3:5c:13:dc:b8:e5:e7:02:
                    fe:3b:32:99:f6:3e:84:b4:e1:be:00:76:e1:be:e7:
                    77:a8:59:66:9d:d0:43:97:0f:99:7e:8c:c9:ef:de:
                    04:e4:3a:24:24:11:cf:bc:76:b0:cb:e7:f4:2b:ec:
                    3d:59:82:cb:3a:74:f5:30:e6:3f:d2:f4:b6:c7:09:
                    0c:a6:d8:bd:16:14:23:6a:b6:35:05:3b:6d:c9:9f:
                    a9:07:38:24:02:0d:88:f7:fb:16:2e:20:87:3b:5f:
                    ae:89:c5:95:5e:cf:b5:7d:2c:98:6f:69:03:ed:30:
                    4f:f1:02:6c:2d:9f:86:80:83:8d:83:f8:2f:90:42:
                    2c:e4:64:01:ca:fb:6c:ac:74:25:cc:7c:87:85:8b:
                    f6:e1:0c:11:f3:e7:5c:88:65:d6:97:df:bd:4c:f7:
                    af:c2:3b:9c:26:5e:97:c1:2d:5b:2a:1c:4b:48:e1:
                    33:75:bf:75:9e:b2:bf:11:13:e1:75:31:45:fa:7e:
                    5c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:03:B7:8E:47:9C:27:34:5A:B8:3B:0F:13:F1:02:3A:9B:44:07:73
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/XgO3jkecJzRauDsPE_ECOptEB3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:51:2b:a5:e5:99:d6:03:6d:1a:39:67:8a:3b:b2:65:f2:9d:
         f6:60:b4:02:cc:dc:bd:3d:5f:15:2d:db:85:80:11:1c:63:8f:
         22:9f:ab:dd:55:83:92:cf:df:21:08:9a:05:f1:2e:ee:57:91:
         94:93:a5:b8:f3:dc:2c:0a:10:86:c1:55:81:b1:a4:6f:9a:d9:
         b1:a8:07:a3:0b:e8:88:be:70:1f:29:66:02:1a:46:e9:69:ee:
         4e:ee:07:88:ba:d7:fd:f1:a9:9c:96:88:38:f0:05:89:60:3c:
         ad:17:1a:39:f9:c7:bc:55:37:a7:bb:ca:fd:1e:ff:1f:14:8e:
         68:2b:cb:3b:2d:e1:f9:33:1f:48:8a:1b:a9:10:45:4d:83:87:
         ec:92:c2:19:ce:4b:5d:68:bb:5a:c7:1b:e7:c4:9c:93:28:84:
         aa:6d:af:86:00:4a:1b:4f:92:a1:cc:d4:7d:da:f3:53:60:2e:
         bb:3d:ba:15:60:d8:5a:2b:96:0e:58:d0:5f:eb:3f:32:93:7a:
         92:01:b5:c0:f8:e5:b7:d0:ab:fe:e3:0c:27:d1:22:cf:dc:20:
         aa:4b:1b:f3:78:54:73:7c:09:f2:ee:62:8b:26:db:95:8f:65:
         8b:d1:1f:c8:6a:dc:df:ac:56:23:fe:1a:69:ed:1d:bf:6f:81:
         cc:77:7e:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYwXNfbUDOL0+2RL/xZvjGIlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMTI4MTgzNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTAzYjc4ZTQ3OWMyNzM0NWFiODNiMGYxM2YxMDIzYTliNDQwNzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDjh6jyLAeu5Z/K7tSJSvT6oF9di
TdcAR7QnjKH25HaIlNesE12tNjM0lGCI5RLx5Ez/OkTzV9tpn4dF/J89Py0R41wT
3Ljl5wL+OzKZ9j6EtOG+AHbhvud3qFlmndBDlw+ZfozJ794E5DokJBHPvHawy+f0
K+w9WYLLOnT1MOY/0vS2xwkMpti9FhQjarY1BTttyZ+pBzgkAg2I9/sWLiCHO1+u
icWVXs+1fSyYb2kD7TBP8QJsLZ+GgIONg/gvkEIs5GQByvtsrHQlzHyHhYv24QwR
8+dciGXWl9+9TPevwjucJl6XwS1bKhxLSOEzdb91nrK/ERPhdTFF+n5cpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4Dt45HnCc0Wrg7DxPxAjqbRAdzMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWGdPM2prZWNKelJhdURzUEVfRUNPcHRFQjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXLDMA0G
CSqGSIb3DQEBCwUAA4IBAQA7USul5ZnWA20aOWeKO7Jl8p32YLQCzNy9PV8VLduF
gBEcY48in6vdVYOSz98hCJoF8S7uV5GUk6W489wsChCGwVWBsaRvmtmxqAejC+iI
vnAfKWYCGkbpae5O7geIutf98amclog48AWJYDytFxo5+ce8VTenu8r9Hv8fFI5o
K8s7LeH5Mx9IihupEEVNg4fsksIZzktdaLtaxxvnxJyTKISqba+GAEobT5KhzNR9
2vNTYC67PboVYNhaK5YOWNBf6z8yk3qSAbXA+OW30Kv+4wwn0SLP3CCqSxvzeFRz
fAny7mKLJtuVj2WL0R/IatzfrFYj/hpp7R2/b4HMd37P
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org