Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/KtJjG9lBC1uOWDQaVkynUaB1lrE.roa
File:                     KtJjG9lBC1uOWDQaVkynUaB1lrE.roa (raw, json)
Hash identifier:          13EL0/I0Kx9iBAXq2HRu2NTMNbvmnElagsBNHv4/bO4=
Subject key identifier:   2A:D2:63:1B:D9:41:0B:5B:8E:58:34:1A:56:4C:A7:51:A0:75:96:B1
Certificate issuer:       /CN=163d2572180f4b784fb4f2a5ed50e9fe5e6be6a7
Certificate serial:       01856C0129EC8AA356E242D685A08FE7C954
Authority key identifier: 16:3D:25:72:18:0F:4B:78:4F:B4:F2:A5:ED:50:E9:FE:5E:6B:E6:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/KtJjG9lBC1uOWDQaVkynUaB1lrE.roa
Signing time:             Sun 01 Jan 2023 06:24:53 +0000
ROA not before:           Sun 01 Jan 2023 06:24:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48637
IP address blocks:        91.209.214.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:30:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:01:29:ec:8a:a3:56:e2:42:d6:85:a0:8f:e7:c9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=163d2572180f4b784fb4f2a5ed50e9fe5e6be6a7
        Validity
            Not Before: Jan  1 06:24:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ad2631bd9410b5b8e58341a564ca751a07596b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8f:2e:2d:98:aa:f4:c7:ae:35:df:a8:17:ea:
                    10:e8:22:bc:9b:37:fa:d9:b3:40:2b:25:64:bd:e3:
                    64:f7:06:8c:83:25:c1:f9:27:2a:08:58:c9:fc:d6:
                    5d:42:fa:0a:17:46:4e:da:cf:d2:15:d1:3e:7b:87:
                    79:04:99:62:b5:ba:7e:8c:67:7c:de:48:3f:e3:42:
                    82:4e:12:6b:a8:d0:25:4f:db:61:4d:b0:f6:3c:53:
                    71:30:2d:26:33:6e:e8:3a:0e:82:76:02:66:62:65:
                    1a:d5:65:66:ea:28:83:57:2a:48:d4:42:85:e5:28:
                    de:3d:a6:0c:5f:d0:f3:f6:b7:80:41:9b:2c:07:51:
                    b0:8b:31:51:9b:78:82:f1:a9:74:b1:8f:75:f3:4f:
                    ad:66:02:cf:b5:ca:18:b2:ea:13:05:d5:ab:a4:56:
                    07:92:32:8c:9f:f0:a7:5c:31:63:7a:be:40:a3:e7:
                    56:4c:60:23:5a:99:bf:75:26:b9:f7:e6:1a:1f:d4:
                    98:9f:11:dd:f1:ff:9e:ee:89:8b:c2:c7:ae:b6:8d:
                    18:a7:ab:d0:80:b2:db:cc:a2:2f:98:07:f9:ac:e9:
                    c0:ab:19:bf:6b:a0:27:53:ba:93:0d:57:11:cd:2e:
                    5c:68:a2:d3:a5:ba:90:62:54:62:4e:e1:c9:e2:da:
                    8b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D2:63:1B:D9:41:0B:5B:8E:58:34:1A:56:4C:A7:51:A0:75:96:B1
            X509v3 Authority Key Identifier:
                keyid:16:3D:25:72:18:0F:4B:78:4F:B4:F2:A5:ED:50:E9:FE:5E:6B:E6:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fj0lchgPS3hPtPKl7VDp_l5r5qc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/KtJjG9lBC1uOWDQaVkynUaB1lrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/e9a0a1-1135-495c-869a-70bbc7c0a9a5/1/Fj0lchgPS3hPtPKl7VDp_l5r5qc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:ba:b7:f2:0e:3f:ec:0b:34:c3:fe:0a:21:07:5b:94:c4:9f:
         03:37:99:5b:f0:f3:db:ee:23:af:70:6f:a5:e2:9b:9e:41:a8:
         4c:c4:52:f9:ae:da:c9:2b:fc:11:9c:12:de:8b:e6:42:d3:6a:
         b0:3a:b3:fb:eb:c6:f6:85:6e:93:af:bf:7f:1a:87:5a:dc:1c:
         95:ce:23:93:f9:24:55:75:cf:71:62:6e:a6:bd:59:87:2c:a0:
         4a:81:fb:c8:2e:ff:39:aa:76:cc:8a:07:07:52:56:c7:6a:2f:
         4f:15:9a:6a:45:c2:8f:a9:ba:21:23:78:bc:c0:d7:b8:f0:68:
         1a:18:cb:fa:63:df:15:38:df:74:4d:7c:de:e0:1d:dd:42:fa:
         33:ad:12:e5:0c:52:58:4c:17:e7:d0:4e:82:e0:a1:49:e8:24:
         c4:1e:3f:cb:0c:bd:59:a8:7c:5a:d5:7c:a4:64:e3:29:fa:0a:
         df:10:a0:99:46:60:bb:63:24:65:08:41:63:d1:b5:e2:31:b4:
         3d:33:93:8b:f0:9e:f5:3b:6e:00:29:02:fd:c0:1a:54:00:65:
         2a:ad:e8:ce:28:ba:2c:9b:0e:87:d4:7b:e5:76:83:cb:8c:24:
         55:ff:dd:dd:f8:27:6e:6f:1a:95:d0:9a:e9:b9:f7:f3:7f:1a:
         a6:36:97:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsASnsiqNW4kLWhaCP58lUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2M2QyNTcyMTgwZjRiNzg0ZmI0ZjJhNWVkNTBlOWZlNWU2
YmU2YTcwHhcNMjMwMTAxMDYyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQyNjMxYmQ5NDEwYjViOGU1ODM0MWE1NjRjYTc1MWEwNzU5NmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl48uLZiq9MeuNd+oF+oQ6CK8mzf6
2bNAKyVkveNk9waMgyXB+ScqCFjJ/NZdQvoKF0ZO2s/SFdE+e4d5BJlitbp+jGd8
3kg/40KCThJrqNAlT9thTbD2PFNxMC0mM27oOg6CdgJmYmUa1WVm6iiDVypI1EKF
5SjePaYMX9Dz9reAQZssB1GwizFRm3iC8al0sY9180+tZgLPtcoYsuoTBdWrpFYH
kjKMn/CnXDFjer5Ao+dWTGAjWpm/dSa59+YaH9SYnxHd8f+e7omLwseuto0Yp6vQ
gLLbzKIvmAf5rOnAqxm/a6AnU7qTDVcRzS5caKLTpbqQYlRiTuHJ4tqLKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrSYxvZQQtbjlg0GlZMp1GgdZaxMB8GA1UdIwQY
MBaAFBY9JXIYD0t4T7Type1Q6f5ea+anMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmowbGNoZ1BTM2hQdFBLbDdWRHBfbDVyNXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS9lOWEwYTEtMTEzNS00OTVjLTg2OWEt
NzBiYmM3YzBhOWE1LzEvS3RKakc5bEJDMXVPV0RRYVZreW5VYUIxbHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS9lOWEwYTEtMTEzNS00OTVjLTg2OWEtNzBiYmM3YzBhOWE1
LzEvRmowbGNoZ1BTM2hQdFBLbDdWRHBfbDVyNXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9HWMA0G
CSqGSIb3DQEBCwUAA4IBAQCZurfyDj/sCzTD/gohB1uUxJ8DN5lb8PPb7iOvcG+l
4pueQahMxFL5rtrJK/wRnBLei+ZC02qwOrP768b2hW6Tr79/Goda3ByVziOT+SRV
dc9xYm6mvVmHLKBKgfvILv85qnbMigcHUlbHai9PFZpqRcKPqbohI3i8wNe48Gga
GMv6Y98VON90TXze4B3dQvozrRLlDFJYTBfn0E6C4KFJ6CTEHj/LDL1ZqHxa1Xyk
ZOMp+grfEKCZRmC7YyRlCEFj0bXiMbQ9M5OL8J71O24AKQL9wBpUAGUqrejOKLos
mw6H1HvldoPLjCRV/93d+CdubxqV0JrpuffzfxqmNpfo
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:02 2024 by rpki-client on console-ams.rpki-client.org