Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/LW-gsxuH-fLd5me11gekX--6anY.roa
File:                     LW-gsxuH-fLd5me11gekX--6anY.roa (raw, json)
Hash identifier:          NXTqMas/72kyZ6tChl2usmgAMFOUbiXAyAWOpNSd1rc=
Subject key identifier:   2D:6F:A0:B3:1B:87:F9:F2:DD:E6:67:B5:D6:07:A4:5F:EF:BA:6A:76
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       0188309819476DF9A34BD07D5A22A260BD6F
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/LW-gsxuH-fLd5me11gekX--6anY.roa
Signing time:             Thu 18 May 2023 20:40:54 +0000
ROA not before:           Thu 18 May 2023 20:40:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14445
IP address blocks:        109.72.121.0/24 maxlen: 24

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:30:98:19:47:6d:f9:a3:4b:d0:7d:5a:22:a2:60:bd:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: May 18 20:40:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2d6fa0b31b87f9f2dde667b5d607a45fefba6a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c8:b9:e8:dd:d5:80:49:38:ae:51:ea:45:b1:
                    5b:b7:36:a7:db:1b:d9:a3:73:31:10:7a:23:75:74:
                    62:d7:9f:8c:44:18:c7:09:62:ca:58:39:01:71:85:
                    93:1f:9d:9b:10:fe:bc:98:25:09:23:33:b3:57:0d:
                    e7:04:fe:53:50:60:1e:38:30:c4:3d:8c:ac:32:db:
                    82:c5:14:64:1c:ce:c5:cb:89:60:36:a0:9f:ef:ec:
                    55:f9:60:c4:7c:01:79:3a:ca:5e:38:dd:ff:2e:fd:
                    43:db:d7:3c:fd:f9:3c:b6:3d:f3:8f:65:bb:ac:93:
                    e3:15:f7:b0:35:aa:7c:7b:0d:11:f7:aa:e1:6b:62:
                    cf:c5:c2:ac:e8:6e:bf:5a:b0:30:57:fe:6c:8c:b0:
                    5f:0a:a9:5f:0f:17:77:a9:b0:fa:73:3e:7b:e8:ae:
                    6a:25:9e:d9:53:21:ef:a6:8d:52:80:fc:d9:60:68:
                    33:2e:92:a4:ce:70:0e:6c:f6:47:ae:45:80:89:84:
                    a3:2f:ec:20:ae:02:54:17:21:65:21:c9:43:59:60:
                    bc:48:89:f9:e1:30:70:e9:c5:ea:04:c8:4c:2c:24:
                    c3:77:5e:3d:a7:7d:cc:26:04:1a:d8:45:f0:50:7c:
                    3d:2e:28:42:f2:bd:74:07:dd:3b:e5:ec:ff:0e:a3:
                    a4:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:6F:A0:B3:1B:87:F9:F2:DD:E6:67:B5:D6:07:A4:5F:EF:BA:6A:76
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/LW-gsxuH-fLd5me11gekX--6anY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.72.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:cc:5d:d9:0a:d1:d3:e4:0d:5c:2e:cb:d6:58:58:66:43:b0:
         34:9e:cc:86:95:0d:e3:dc:1e:32:5c:e1:4f:49:d0:9a:54:f2:
         e1:27:aa:92:48:88:19:8a:c8:9d:ac:dc:5b:ab:7e:1d:17:c0:
         21:1f:7c:e9:fb:9d:9a:9c:da:24:c5:af:bb:83:1b:c8:4e:df:
         60:71:44:2b:1d:a9:4b:39:a0:cf:68:da:ba:64:15:1d:b3:35:
         81:bd:ca:5e:0c:f1:00:1b:09:18:4f:94:04:30:31:fb:0a:89:
         a4:82:0d:fb:cc:64:f0:cb:6b:3b:1c:9a:2e:ad:1c:ad:a3:f6:
         87:f0:06:47:23:44:bf:1f:6e:f3:1f:7e:48:92:56:92:b6:c1:
         24:f2:43:c7:e1:d9:a5:a1:bb:67:a4:9e:ce:c7:28:2d:22:f2:
         9f:18:cd:ba:b0:15:fb:e1:2e:ab:f1:6a:fd:bf:19:b1:19:18:
         d9:42:65:1b:7f:18:ae:15:d9:48:5f:59:df:02:39:9e:2c:13:
         97:9f:8a:20:19:63:e5:17:43:e5:02:09:e2:98:b6:d9:a9:6d:
         e9:f3:77:70:b1:26:9b:d9:b3:77:08:7e:7b:95:c0:a3:c1:85:
         07:fc:da:8e:b1:85:01:12:6a:b0:a5:34:3b:e4:9f:58:fd:f8:
         a5:29:c3:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYgwmBlHbfmjS9B9WiKiYL1vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjMwNTE4MjA0MDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDZmYTBiMzFiODdmOWYyZGRlNjY3YjVkNjA3YTQ1ZmVmYmE2YTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMi56N3VgEk4rlHqRbFbtzan2xvZ
o3MxEHojdXRi15+MRBjHCWLKWDkBcYWTH52bEP68mCUJIzOzVw3nBP5TUGAeODDE
PYysMtuCxRRkHM7Fy4lgNqCf7+xV+WDEfAF5OspeON3/Lv1D29c8/fk8tj3zj2W7
rJPjFfewNap8ew0R96rha2LPxcKs6G6/WrAwV/5sjLBfCqlfDxd3qbD6cz576K5q
JZ7ZUyHvpo1SgPzZYGgzLpKkznAObPZHrkWAiYSjL+wgrgJUFyFlIclDWWC8SIn5
4TBw6cXqBMhMLCTDd149p33MJgQa2EXwUHw9LihC8r10B9075ez/DqOkkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1voLMbh/ny3eZntdYHpF/vump2MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvTFctZ3N4dUgtZkxkNW1lMTFnZWtYLS02YW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUh5MA0G
CSqGSIb3DQEBCwUAA4IBAQAdzF3ZCtHT5A1cLsvWWFhmQ7A0nsyGlQ3j3B4yXOFP
SdCaVPLhJ6qSSIgZisidrNxbq34dF8AhH3zp+52anNokxa+7gxvITt9gcUQrHalL
OaDPaNq6ZBUdszWBvcpeDPEAGwkYT5QEMDH7Comkgg37zGTwy2s7HJourRyto/aH
8AZHI0S/H27zH35IklaStsEk8kPH4dmlobtnpJ7OxygtIvKfGM26sBX74S6r8Wr9
vxmxGRjZQmUbfxiuFdlIX1nfAjmeLBOXn4ogGWPlF0PlAgnimLbZqW3p83dwsSab
2bN3CH57lcCjwYUH/NqOsYUBEmqwpTQ75J9Y/filKcPC
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:28:18 2024 by rpki-client on console-fra.rpki-client.org