Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/IBF60QV0IXd2BTro6OaaakdSygk.roa
File:                     IBF60QV0IXd2BTro6OaaakdSygk.roa (raw, json)
Hash identifier:          snXIiVxFyey6Xeof29kdCIx7DHuuRbmMHzPbUMG4j6g=
Subject key identifier:   20:11:7A:D1:05:74:21:77:76:05:3A:E8:E8:E6:9A:6A:47:52:CA:09
Certificate issuer:       /CN=33c342c06aacc359d39439ff58defa8ea1875748
Certificate serial:       01856F0B60342166B53DA7A6374E44DE22A2
Authority key identifier: 33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/IBF60QV0IXd2BTro6OaaakdSygk.roa
Signing time:             Sun 01 Jan 2023 20:34:54 +0000
ROA not before:           Sun 01 Jan 2023 20:34:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     41706
IP address blocks:        185.216.103.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:0b:60:34:21:66:b5:3d:a7:a6:37:4e:44:de:22:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c342c06aacc359d39439ff58defa8ea1875748
        Validity
            Not Before: Jan  1 20:34:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20117ad10574217776053ae8e8e69a6a4752ca09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:13:f4:27:d4:3b:02:81:53:cc:72:b3:7d:a2:
                    d0:49:e2:2d:c0:24:49:af:33:ce:fd:e4:64:60:3a:
                    6f:ef:fd:48:83:2f:a0:cc:63:ba:cc:fe:c5:39:b7:
                    f2:f1:48:95:0e:b0:32:92:1f:a3:4e:b5:74:9a:85:
                    90:a5:d7:79:61:c1:07:7a:02:5d:4e:47:5d:b6:6b:
                    84:45:2a:1e:75:51:52:5f:8f:bb:14:66:2f:e9:c9:
                    8a:df:83:43:48:88:f5:35:d1:9c:9e:42:b4:86:5c:
                    24:f4:22:e1:e4:25:ba:4c:6c:fc:91:d9:0e:f2:b9:
                    44:ca:50:6d:31:f7:0d:e3:59:9c:cf:b5:42:93:af:
                    5d:78:6f:5b:2d:b8:1f:54:9e:a6:43:87:bc:4b:1f:
                    c8:69:c7:00:31:fa:01:2f:19:12:12:33:f0:8a:ac:
                    e1:e2:73:19:73:73:6d:96:7f:92:9f:1d:e8:47:9a:
                    fe:dd:0b:bd:42:f6:a0:8e:eb:c2:22:90:d5:bf:65:
                    56:c5:3a:88:92:3f:e8:9f:3e:4f:48:aa:3f:e0:5d:
                    50:5a:82:31:74:fe:7c:75:d4:83:84:37:80:59:bb:
                    45:85:8d:a7:c0:e1:d8:68:68:51:09:d8:d3:09:82:
                    bf:68:a0:92:13:7d:1e:3f:c6:02:14:52:6f:85:62:
                    9f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:11:7A:D1:05:74:21:77:76:05:3A:E8:E8:E6:9A:6A:47:52:CA:09
            X509v3 Authority Key Identifier:
                keyid:33:C3:42:C0:6A:AC:C3:59:D3:94:39:FF:58:DE:FA:8E:A1:87:57:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8NCwGqsw1nTlDn_WN76jqGHV0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/IBF60QV0IXd2BTro6OaaakdSygk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/c55fdf-a68a-4aa0-b8c5-7f2333604997/1/M8NCwGqsw1nTlDn_WN76jqGHV0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:b0:37:23:c5:d6:4e:02:d3:f2:2c:90:46:32:19:42:18:f9:
         3d:67:53:1c:86:02:51:df:03:30:9f:27:2e:08:3e:fd:1e:ea:
         6e:2c:7e:6e:62:28:32:83:3a:b1:d9:ca:23:36:4d:e1:42:4c:
         06:82:15:40:31:34:87:ac:1d:b9:38:79:92:b1:b3:a5:a2:92:
         e2:74:bb:79:33:aa:dc:15:b9:e1:72:2f:5f:03:4a:ff:c4:24:
         7b:b9:c2:cb:75:b8:f5:e6:a1:b7:cb:46:d5:63:5b:2d:81:53:
         f4:ec:ef:78:bc:d9:bd:a1:6d:01:da:14:3f:96:79:e0:85:6b:
         47:c7:2c:3b:e8:2c:02:75:e8:46:38:f3:19:93:3b:c3:16:9b:
         b1:32:14:0d:d8:0b:86:a1:a1:ef:6a:d2:40:46:31:24:4f:48:
         78:30:38:42:61:8e:60:78:4e:30:10:3d:4f:0a:65:28:93:46:
         19:8b:5f:ca:f0:4e:d4:2a:04:86:16:84:2f:65:5c:b2:77:aa:
         7f:30:46:6d:4f:45:90:69:2b:38:6d:9c:8c:2f:ce:d2:aa:23:
         52:3b:b7:80:2a:45:74:0d:42:18:d6:1a:bc:dd:1f:5a:bf:a5:
         7b:cd:a7:fa:4b:1d:52:b7:f7:b3:56:ee:24:28:02:2c:40:b7:
         2d:97:2f:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvC2A0IWa1PaemN05E3iKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzM0MmMwNmFhY2MzNTlkMzk0MzlmZjU4ZGVmYThlYTE4
NzU3NDgwHhcNMjMwMTAxMjAzNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDExN2FkMTA1NzQyMTc3NzYwNTNhZThlOGU2OWE2YTQ3NTJjYTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBP0J9Q7AoFTzHKzfaLQSeItwCRJ
rzPO/eRkYDpv7/1Igy+gzGO6zP7FObfy8UiVDrAykh+jTrV0moWQpdd5YcEHegJd
TkddtmuERSoedVFSX4+7FGYv6cmK34NDSIj1NdGcnkK0hlwk9CLh5CW6TGz8kdkO
8rlEylBtMfcN41mcz7VCk69deG9bLbgfVJ6mQ4e8Sx/IaccAMfoBLxkSEjPwiqzh
4nMZc3Ntln+Snx3oR5r+3Qu9QvagjuvCIpDVv2VWxTqIkj/onz5PSKo/4F1QWoIx
dP58ddSDhDeAWbtFhY2nwOHYaGhRCdjTCYK/aKCSE30eP8YCFFJvhWKfNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCARetEFdCF3dgU66OjmmmpHUsoJMB8GA1UdIwQY
MBaAFDPDQsBqrMNZ05Q5/1je+o6hh1dIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUt
N2YyMzMzNjA0OTk3LzEvSUJGNjBRVjBJWGQyQlRybzZPYWFha2RTeWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9jNTVmZGYtYTY4YS00YWEwLWI4YzUtN2YyMzMzNjA0OTk3
LzEvTThOQ3dHcXN3MW5UbERuX1dONzZqcUdIVjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudhnMA0G
CSqGSIb3DQEBCwUAA4IBAQCwsDcjxdZOAtPyLJBGMhlCGPk9Z1MchgJR3wMwnycu
CD79HupuLH5uYigygzqx2cojNk3hQkwGghVAMTSHrB25OHmSsbOlopLidLt5M6rc
Fbnhci9fA0r/xCR7ucLLdbj15qG3y0bVY1stgVP07O94vNm9oW0B2hQ/lnnghWtH
xyw76CwCdehGOPMZkzvDFpuxMhQN2AuGoaHvatJARjEkT0h4MDhCYY5geE4wED1P
CmUok0YZi1/K8E7UKgSGFoQvZVyyd6p/MEZtT0WQaSs4bZyML87SqiNSO7eAKkV0
DUIY1hq83R9av6V7zaf6Sx1St/ezVu4kKAIsQLctly+l
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:54 2024 by rpki-client on console-fra.rpki-client.org