Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/cSQzul6GOmd6Uo_e1KCoz4NmSxk.roa
File:                     cSQzul6GOmd6Uo_e1KCoz4NmSxk.roa (raw, json)
Hash identifier:          lgzm0T3xs4miV7E+aaIvPvnEV0Ovws1FEcohFePsCfQ=
Subject key identifier:   71:24:33:BA:5E:86:3A:67:7A:52:8F:DE:D4:A0:A8:CF:83:66:4B:19
Certificate issuer:       /CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
Certificate serial:       0185E7EDB5A2BFD66F338D18DAA008D7F6D4
Authority key identifier: 3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/cSQzul6GOmd6Uo_e1KCoz4NmSxk.roa
Signing time:             Wed 25 Jan 2023 07:56:33 +0000
ROA not before:           Wed 25 Jan 2023 07:56:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42
IP address blocks:        194.0.47.0/24 maxlen: 24
                          2001:678:78::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:e7:ed:b5:a2:bf:d6:6f:33:8d:18:da:a0:08:d7:f6:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a685cf88a7fc43fe1c7fe34a6ff3ddbb414f0b5
        Validity
            Not Before: Jan 25 07:56:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=712433ba5e863a677a528fded4a0a8cf83664b19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:83:6f:cc:ac:74:9f:39:1a:63:9b:8e:e6:eb:
                    dc:34:0d:d6:ee:59:68:2d:e4:0f:4b:48:85:88:81:
                    76:c4:09:f2:53:27:3c:d2:40:8d:41:4a:91:c7:6d:
                    0a:32:50:38:a8:71:ba:25:f6:0c:ae:5b:4d:78:71:
                    cf:40:1e:8f:6f:91:a3:46:63:97:32:d7:5a:a5:e9:
                    c6:8f:61:5c:40:3c:3b:44:2f:29:19:3a:45:d3:01:
                    db:cf:09:06:fb:b2:8a:b0:1c:7d:86:31:ec:9c:6e:
                    4d:b8:9f:1e:99:88:78:4a:2f:10:5a:4f:91:22:25:
                    68:75:15:ed:9a:d3:8e:3c:9f:8b:64:4f:9b:fd:94:
                    7b:20:e0:e0:11:75:cf:01:d4:19:e2:9b:bd:b7:f0:
                    7e:4e:3a:6d:79:42:fb:26:ae:48:d5:5c:d6:67:42:
                    73:e0:08:dc:c9:41:fa:2f:d8:17:09:35:30:2d:90:
                    31:f5:79:3a:4b:29:2a:15:f1:7f:ea:01:1b:30:86:
                    8e:76:2a:46:ab:f9:30:7f:46:36:18:65:b0:16:b1:
                    66:a8:ae:f0:6b:89:19:97:8c:a8:5f:f1:f3:d7:0b:
                    47:89:eb:6d:2c:8a:12:20:ee:46:f2:b9:8e:7b:98:
                    da:2b:6c:67:27:e1:14:c7:c4:22:9b:39:0b:ba:1b:
                    07:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:24:33:BA:5E:86:3A:67:7A:52:8F:DE:D4:A0:A8:CF:83:66:4B:19
            X509v3 Authority Key Identifier:
                keyid:3A:68:5C:F8:8A:7F:C4:3F:E1:C7:FE:34:A6:FF:3D:DB:B4:14:F0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Omhc-Ip_xD_hx_40pv8927QU8LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/cSQzul6GOmd6Uo_e1KCoz4NmSxk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/e65c27-aef5-486d-b5d7-59d6ca65ccbc/1/Omhc-Ip_xD_hx_40pv8927QU8LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.47.0/24
                IPv6:
                  2001:678:78::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:b5:7e:2c:3e:23:94:0b:bf:32:e2:7f:0f:32:ff:6f:71:ba:
         70:62:bc:8e:75:42:8a:4f:b5:28:a8:e3:fa:89:07:34:a5:04:
         f6:84:57:17:18:a2:a6:5a:2f:78:f1:cc:4f:6e:6f:d3:1e:f0:
         76:b5:13:e4:be:cf:19:98:a0:7e:46:01:31:11:2e:4b:7c:51:
         2d:c9:68:00:73:b2:16:22:2d:25:f1:bc:cb:2e:17:84:0f:31:
         7f:16:aa:db:a5:f3:50:74:a0:b0:90:68:8b:f1:9e:15:47:b5:
         f8:f1:c1:f0:2b:59:34:c2:bb:ea:ed:60:85:78:60:ab:a8:be:
         b9:43:25:ee:1c:3e:d5:ac:15:2d:a7:56:93:c6:f7:33:a0:7f:
         62:38:dc:e7:78:7e:f6:b6:7d:82:71:2d:4b:51:36:7c:32:6d:
         29:6b:36:68:b8:0a:91:1f:18:9b:37:7b:08:08:65:e2:c6:5d:
         82:01:ec:45:fe:f4:43:22:c1:aa:9d:3d:8a:1d:d6:85:ff:63:
         5d:57:24:03:d9:e8:0c:a2:d0:07:c3:ed:9d:ec:9d:12:4f:a8:
         de:2d:9a:12:14:76:12:c4:56:f7:b2:ea:a2:50:90:19:93:eb:
         e3:90:1a:a6:a7:26:39:77:7b:f2:ea:9e:34:22:42:f5:18:71:
         60:ef:12:4b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYXn7bWiv9ZvM40Y2qAI1/bUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNjg1Y2Y4OGE3ZmM0M2ZlMWM3ZmUzNGE2ZmYzZGRiYjQx
NGYwYjUwHhcNMjMwMTI1MDc1NjMzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTI0MzNiYTVlODYzYTY3N2E1MjhmZGVkNGEwYThjZjgzNjY0YjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoNvzKx0nzkaY5uO5uvcNA3W7llo
LeQPS0iFiIF2xAnyUyc80kCNQUqRx20KMlA4qHG6JfYMrltNeHHPQB6Pb5GjRmOX
MtdapenGj2FcQDw7RC8pGTpF0wHbzwkG+7KKsBx9hjHsnG5NuJ8emYh4Si8QWk+R
IiVodRXtmtOOPJ+LZE+b/ZR7IODgEXXPAdQZ4pu9t/B+TjpteUL7Jq5I1VzWZ0Jz
4AjcyUH6L9gXCTUwLZAx9Xk6SykqFfF/6gEbMIaOdipGq/kwf0Y2GGWwFrFmqK7w
a4kZl4yoX/Hz1wtHiettLIoSIO5G8rmOe5jaK2xnJ+EUx8QimzkLuhsHiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHEkM7pehjpnelKP3tSgqM+DZksZMB8GA1UdIwQY
MBaAFDpoXPiKf8Q/4cf+NKb/Pdu0FPC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDct
NTlkNmNhNjVjY2JjLzEvY1NRenVsNkdPbWQ2VW9fZTFLQ296NE5tU3hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9lNjVjMjctYWVmNS00ODZkLWI1ZDctNTlkNmNhNjVjY2Jj
LzEvT21oYy1JcF94RF9oeF80MHB2ODkyN1FVOExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAvMA8E
AgACMAkDBwAgAQZ4AHgwDQYJKoZIhvcNAQELBQADggEBAH+1fiw+I5QLvzLifw8y
/29xunBivI51QopPtSio4/qJBzSlBPaEVxcYoqZaL3jxzE9ub9Me8Ha1E+S+zxmY
oH5GATERLkt8US3JaABzshYiLSXxvMsuF4QPMX8Wqtul81B0oLCQaIvxnhVHtfjx
wfArWTTCu+rtYIV4YKuovrlDJe4cPtWsFS2nVpPG9zOgf2I43Od4fva2fYJxLUtR
NnwybSlrNmi4CpEfGJs3ewgIZeLGXYIB7EX+9EMiwaqdPYod1oX/Y11XJAPZ6Ayi
0AfD7Z3snRJPqN4tmhIUdhLEVvey6qJQkBmT6+OQGqanJjl3e/LqnjQiQvUYcWDv
Eks=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:54 2024 by rpki-client on console-ams.rpki-client.org