Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/RKLgc24hnGm6DbkRdHCuaKM19sA.roa
File:                     RKLgc24hnGm6DbkRdHCuaKM19sA.roa (raw, json)
Hash identifier:          cQkVvJquat3bVHV+Ckc4wBdkNt+z8c3iwCietsBMs2U=
Subject key identifier:   44:A2:E0:73:6E:21:9C:69:BA:0D:B9:11:74:70:AE:68:A3:35:F6:C0
Certificate issuer:       /CN=7ce68daf5f089456c0e1d02245393531ac5b8fcb
Certificate serial:       018573682BA132D004284D85FAED7E52DD80
Authority key identifier: 7C:E6:8D:AF:5F:08:94:56:C0:E1:D0:22:45:39:35:31:AC:5B:8F:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/RKLgc24hnGm6DbkRdHCuaKM19sA.roa
Signing time:             Mon 02 Jan 2023 16:54:44 +0000
ROA not before:           Mon 02 Jan 2023 16:54:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3598
IP address blocks:        194.69.96.0/19 maxlen: 19
                          194.69.100.0/22 maxlen: 24
                          2a01:110::/32 maxlen: 32
                          2a01:110:8020::/48 maxlen: 48
                          2a01:110:8068::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:73:68:2b:a1:32:d0:04:28:4d:85:fa:ed:7e:52:dd:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ce68daf5f089456c0e1d02245393531ac5b8fcb
        Validity
            Not Before: Jan  2 16:54:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44a2e0736e219c69ba0db9117470ae68a335f6c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:53:9e:9b:ca:cd:a1:60:80:c2:0c:c5:60:2f:
                    c7:36:80:be:7b:c0:99:51:72:1f:3b:ba:c8:22:50:
                    04:a2:fb:02:c7:1e:d6:81:8a:cb:0a:3f:2b:31:0f:
                    3c:77:ed:0a:0a:cb:e1:8b:e1:cf:56:6e:22:73:87:
                    fa:c0:28:2a:38:4b:9e:74:6d:e5:9e:15:52:2c:8f:
                    a7:6b:83:84:65:bf:e4:ba:07:20:25:5e:d8:f2:d0:
                    3b:6e:ad:c0:5e:c2:97:0f:f0:a1:c1:a0:45:d1:0e:
                    ab:47:c9:a4:ca:ac:ba:56:72:a3:32:6d:af:10:45:
                    ba:f4:24:af:1c:bb:f7:51:e0:f8:4b:59:a8:e5:f8:
                    e8:23:f9:ec:e5:7e:b6:98:90:61:4f:41:0a:0a:ef:
                    ba:3f:21:b7:cb:12:54:d4:c6:fe:ee:a6:76:2d:62:
                    21:83:aa:ed:f5:4e:c2:79:57:70:2b:dd:a4:cf:f2:
                    03:7d:01:ab:ea:0c:1b:91:b9:e9:6d:41:57:a0:54:
                    51:95:c9:e5:2b:40:ce:c7:0c:c2:5d:d6:48:c8:b0:
                    61:b3:81:b0:33:87:85:4c:59:ea:3d:f9:65:5c:46:
                    f9:14:c3:98:3f:04:58:0e:e7:7a:e0:70:3f:71:c8:
                    b7:c2:2e:4e:e1:9d:a8:68:8d:d5:d8:d6:ba:1f:34:
                    56:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:A2:E0:73:6E:21:9C:69:BA:0D:B9:11:74:70:AE:68:A3:35:F6:C0
            X509v3 Authority Key Identifier:
                keyid:7C:E6:8D:AF:5F:08:94:56:C0:E1:D0:22:45:39:35:31:AC:5B:8F:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/RKLgc24hnGm6DbkRdHCuaKM19sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.69.96.0/19
                IPv6:
                  2a01:110::/32

    Signature Algorithm: sha256WithRSAEncryption
         d7:29:9a:f1:4f:07:96:34:e7:ea:5e:a5:20:2b:eb:3a:a9:d1:
         f0:8e:ed:6c:3d:f9:5a:82:db:b7:72:21:c2:a9:34:4f:93:5e:
         6c:a5:0a:42:0b:c8:8e:ea:ab:7d:c3:e5:dc:f9:d8:98:00:5b:
         4e:0e:c0:1a:48:02:c4:75:be:71:72:6c:9d:01:c8:b4:c9:3a:
         e0:b0:93:46:5b:94:d9:fd:63:9c:f8:55:6b:9c:eb:8c:4a:64:
         79:6d:24:31:fc:7f:ef:c0:96:3d:22:ed:6a:c6:2a:35:d6:2a:
         fe:9d:be:82:e9:03:b8:10:4c:0f:1c:cf:2e:a4:70:e2:f6:83:
         b1:bc:c3:f2:b5:e7:6c:df:57:28:06:12:c5:e9:d5:a9:98:54:
         63:0c:81:79:09:19:e1:0c:75:a7:9c:5f:7c:79:96:3c:03:37:
         87:1a:03:39:9a:99:a3:52:98:36:e0:3a:3e:b9:cd:4e:6c:f1:
         2b:4d:73:47:2b:d5:e4:7e:11:32:ae:9f:9c:93:84:bf:01:b7:
         64:d3:63:9a:7b:23:d4:3c:b1:72:c8:51:e8:da:71:d7:09:7d:
         0f:9a:cc:05:bc:b5:45:97:8b:38:12:dc:b2:a7:fd:b1:9d:1e:
         a4:c2:3a:d5:5c:16:ac:bc:bc:bb:8a:27:e9:e1:e0:c6:98:73:
         b3:00:48:e0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVzaCuhMtAEKE2F+u1+Ut2AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZTY4ZGFmNWYwODk0NTZjMGUxZDAyMjQ1MzkzNTMxYWM1
YjhmY2IwHhcNMjMwMTAyMTY1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGEyZTA3MzZlMjE5YzY5YmEwZGI5MTE3NDcwYWU2OGEzMzVmNmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFOem8rNoWCAwgzFYC/HNoC+e8CZ
UXIfO7rIIlAEovsCxx7WgYrLCj8rMQ88d+0KCsvhi+HPVm4ic4f6wCgqOEuedG3l
nhVSLI+na4OEZb/kugcgJV7Y8tA7bq3AXsKXD/ChwaBF0Q6rR8mkyqy6VnKjMm2v
EEW69CSvHLv3UeD4S1mo5fjoI/ns5X62mJBhT0EKCu+6PyG3yxJU1Mb+7qZ2LWIh
g6rt9U7CeVdwK92kz/IDfQGr6gwbkbnpbUFXoFRRlcnlK0DOxwzCXdZIyLBhs4Gw
M4eFTFnqPfllXEb5FMOYPwRYDud64HA/cci3wi5O4Z2oaI3V2Na6HzRW9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFESi4HNuIZxpug25EXRwrmijNfbAMB8GA1UdIwQY
MBaAFHzmja9fCJRWwOHQIkU5NTGsW4/LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk9hTnIxOElsRmJBNGRBaVJUazFNYXhiajhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lYzBiODktMWU2OC00NWEwLThiOTMt
MTNhMDZhMjY5YWE4LzEvUktMZ2MyNGhuR202RGJrUmRIQ3VhS00xOXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lYzBiODktMWU2OC00NWEwLThiOTMtMTNhMDZhMjY5YWE4
LzEvZk9hTnIxOElsRmJBNGRBaVJUazFNYXhiajhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFwkVgMA0E
AgACMAcDBQAqAQEQMA0GCSqGSIb3DQEBCwUAA4IBAQDXKZrxTweWNOfqXqUgK+s6
qdHwju1sPflagtu3ciHCqTRPk15spQpCC8iO6qt9w+Xc+diYAFtODsAaSALEdb5x
cmydAci0yTrgsJNGW5TZ/WOc+FVrnOuMSmR5bSQx/H/vwJY9Iu1qxio11ir+nb6C
6QO4EEwPHM8upHDi9oOxvMPyteds31coBhLF6dWpmFRjDIF5CRnhDHWnnF98eZY8
AzeHGgM5mpmjUpg24Do+uc1ObPErTXNHK9XkfhEyrp+ck4S/Abdk02OaeyPUPLFy
yFHo2nHXCX0PmswFvLVFl4s4Etyyp/2xnR6kwjrVXBasvLy7iifp4eDGmHOzAEjg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:00 2024 by rpki-client on console-ams.rpki-client.org