Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/riRasMizr6DN6OcCuumpoO7mnQY.roa
File:                     riRasMizr6DN6OcCuumpoO7mnQY.roa (raw, json)
Hash identifier:          n7tGRMg5kjbkOtRGliHqAumvarH0TAamm60dT5c5ulU=
Subject key identifier:   AE:24:5A:B0:C8:B3:AF:A0:CD:E8:E7:02:BA:E9:A9:A0:EE:E6:9D:06
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018D20450A8681BED510C19BB8C4B5465483
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/riRasMizr6DN6OcCuumpoO7mnQY.roa
Signing time:             Fri 19 Jan 2024 05:50:12 +0000
ROA not before:           Fri 19 Jan 2024 05:50:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        203.0.8.0/24 maxlen: 24
                          203.0.9.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 12:50:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:20:45:0a:86:81:be:d5:10:c1:9b:b8:c4:b5:46:54:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan 19 05:50:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae245ab0c8b3afa0cde8e702bae9a9a0eee69d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:19:47:bf:9e:8d:2d:ba:6a:df:97:f3:52:ce:
                    7b:fb:1d:08:05:5a:2b:c5:74:8a:4f:8e:d4:f8:20:
                    fb:67:52:8f:48:52:8e:9f:85:60:fe:cc:80:b5:b9:
                    71:94:14:a8:ec:10:b5:c7:08:18:93:7d:0a:ac:aa:
                    4e:59:ca:7f:11:0f:37:a0:d9:42:b6:ec:c5:79:99:
                    30:b2:9c:4c:47:76:2d:9d:8b:e7:44:b5:86:b3:aa:
                    ff:34:b3:2a:e4:4b:bb:c9:ef:94:03:d8:76:d6:8a:
                    ce:70:a3:14:42:c6:ec:e3:62:08:d4:ac:48:54:56:
                    e2:33:7d:4f:2b:a2:61:b3:37:58:48:65:06:e4:54:
                    4e:17:97:70:68:6e:93:ca:ee:2f:04:15:9d:86:97:
                    ca:cc:c4:ea:bf:28:18:d6:d5:06:3a:0e:82:e7:d8:
                    0c:ec:81:62:58:eb:d4:02:e3:91:ad:fc:62:72:1a:
                    02:8a:58:44:ec:33:91:4d:dd:23:f1:18:7b:ce:bf:
                    91:22:86:05:dc:b1:8b:ee:4c:e8:97:91:6a:a0:a0:
                    5a:86:09:6c:70:20:09:cc:e0:95:7a:cc:8a:0e:b4:
                    11:72:3e:24:24:e8:97:c0:f8:cf:bb:9f:03:b4:dc:
                    78:bb:3f:4d:31:e2:3d:5c:03:df:b8:87:5f:71:f2:
                    b3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:24:5A:B0:C8:B3:AF:A0:CD:E8:E7:02:BA:E9:A9:A0:EE:E6:9D:06
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/riRasMizr6DN6OcCuumpoO7mnQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.0.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:ef:9f:c2:99:83:91:48:90:4e:3c:31:38:5b:de:60:74:28:
         fb:e5:09:d9:26:7c:c5:47:ac:57:6f:95:e5:5f:ba:b2:3a:6e:
         d8:2c:fa:b5:ad:70:20:3d:74:90:eb:21:be:52:f6:7d:7f:17:
         dd:a7:22:aa:53:80:15:3c:ce:cc:25:1a:3b:03:47:b0:20:b5:
         da:ed:f8:32:5f:ce:3d:b6:53:68:ed:1a:aa:da:e0:58:17:4b:
         81:1f:1a:f8:00:51:6e:f0:9e:a0:41:b4:75:c9:64:78:2c:d7:
         af:f0:b9:ee:ef:78:c4:9f:ab:4e:4f:7a:d5:8e:39:e7:53:bc:
         cc:9d:0c:54:a7:4d:e1:21:29:d8:86:76:5f:27:48:36:67:d4:
         18:91:29:5c:21:1a:f8:d4:88:51:d6:a0:80:c9:bd:51:d2:9b:
         f0:13:9d:c7:ca:c4:23:ff:1b:e3:69:46:28:53:40:b9:59:c2:
         83:bf:5f:a3:68:1e:32:1f:e3:41:92:64:8a:3a:e9:0b:40:25:
         00:fd:24:f2:85:a1:f7:20:97:28:7f:91:6f:e1:2c:90:b3:43:
         13:1a:3d:aa:af:00:9d:12:35:1c:14:c8:eb:d9:3f:de:5b:71:
         1f:d1:05:95:ad:18:02:ba:9f:15:b3:fd:bc:54:d9:c5:02:40:
         e8:0a:1e:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0gRQqGgb7VEMGbuMS1RlSDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTE5MDU1MDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTI0NWFiMGM4YjNhZmEwY2RlOGU3MDJiYWU5YTlhMGVlZTY5ZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hlHv56NLbpq35fzUs57+x0IBVor
xXSKT47U+CD7Z1KPSFKOn4Vg/syAtblxlBSo7BC1xwgYk30KrKpOWcp/EQ83oNlC
tuzFeZkwspxMR3YtnYvnRLWGs6r/NLMq5Eu7ye+UA9h21orOcKMUQsbs42II1KxI
VFbiM31PK6JhszdYSGUG5FROF5dwaG6Tyu4vBBWdhpfKzMTqvygY1tUGOg6C59gM
7IFiWOvUAuORrfxichoCilhE7DORTd0j8Rh7zr+RIoYF3LGL7kzol5FqoKBahgls
cCAJzOCVesyKDrQRcj4kJOiXwPjPu58DtNx4uz9NMeI9XAPfuIdfcfKzQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK4kWrDIs6+gzejnArrpqaDu5p0GMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvcmlSYXNNaXpyNkRONk9jQ3V1bXBvTzdtblFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBywAIMA0G
CSqGSIb3DQEBCwUAA4IBAQCN75/CmYORSJBOPDE4W95gdCj75QnZJnzFR6xXb5Xl
X7qyOm7YLPq1rXAgPXSQ6yG+UvZ9fxfdpyKqU4AVPM7MJRo7A0ewILXa7fgyX849
tlNo7Rqq2uBYF0uBHxr4AFFu8J6gQbR1yWR4LNev8Lnu73jEn6tOT3rVjjnnU7zM
nQxUp03hISnYhnZfJ0g2Z9QYkSlcIRr41IhR1qCAyb1R0pvwE53HysQj/xvjaUYo
U0C5WcKDv1+jaB4yH+NBkmSKOukLQCUA/STyhaH3IJcof5Fv4SyQs0MTGj2qrwCd
EjUcFMjr2T/eW3Ef0QWVrRgCup8Vs/28VNnFAkDoCh6z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:48 2024 by rpki-client on console-fra.rpki-client.org