Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/blnTKeUH7TGwxdemlWr8b5xJuus.roa
File:                     blnTKeUH7TGwxdemlWr8b5xJuus.roa (raw, json)
Hash identifier:          kcmbIsYaIu0DN3hgjgKYFs8E3GQrTlsPTAiP65qs33s=
Subject key identifier:   6E:59:D3:29:E5:07:ED:31:B0:C5:D7:A6:95:6A:FC:6F:9C:49:BA:EB
Certificate issuer:       /CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
Certificate serial:       01857246D27CD2460AC715DF3B4E315F06E8
Authority key identifier: BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/blnTKeUH7TGwxdemlWr8b5xJuus.roa
Signing time:             Mon 02 Jan 2023 11:38:42 +0000
ROA not before:           Mon 02 Jan 2023 11:38:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     11251
IP address blocks:        157.23.224.0/20 maxlen: 24
                          2a0e:bbc0:8000::/40 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:d2:7c:d2:46:0a:c7:15:df:3b:4e:31:5f:06:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba35cf8ab6f3eaa2aebadd9e2373dec0893625e
        Validity
            Not Before: Jan  2 11:38:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6e59d329e507ed31b0c5d7a6956afc6f9c49baeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e3:49:a3:a7:41:5f:cc:8a:bf:f4:8b:10:08:
                    3f:7d:af:fe:87:d9:97:15:73:0d:26:4b:c5:af:9a:
                    dd:25:c5:ae:36:b4:ad:41:e0:a8:91:94:f1:59:6d:
                    da:85:1f:da:5e:d0:a7:09:b7:96:1f:04:43:6b:44:
                    57:bb:d3:cd:d7:2d:77:e0:45:ce:f0:bb:0f:60:a9:
                    f4:2b:1d:44:32:71:56:d8:69:5e:9d:e0:6c:e9:23:
                    0f:9c:83:25:b8:39:b1:4d:b0:18:25:f0:ea:d2:ec:
                    6d:41:39:f0:5f:f5:74:07:07:d2:9e:b0:fa:ba:7a:
                    06:cf:74:ed:ad:5a:13:d9:79:c6:0c:5c:33:75:cc:
                    e6:21:f7:5b:10:04:6a:f3:ff:1b:00:71:21:cf:58:
                    f3:a6:83:35:f8:a3:7c:88:6c:9f:24:cf:07:c9:61:
                    a0:b2:65:55:aa:2b:2a:a9:c3:a7:05:5f:ec:b9:61:
                    6c:57:2e:72:aa:0d:b2:d1:0f:68:c8:bd:b4:5c:bd:
                    fe:79:45:51:67:ab:cf:af:5a:8a:51:8a:11:a6:7d:
                    c2:e4:fb:07:7e:25:8e:6e:65:e7:ff:41:88:08:47:
                    ec:5e:9e:e1:82:0f:4f:63:ef:e3:99:66:c6:4e:ca:
                    ae:c2:86:c2:ae:32:99:e3:47:73:37:6f:cc:6c:d5:
                    20:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:59:D3:29:E5:07:ED:31:B0:C5:D7:A6:95:6A:FC:6F:9C:49:BA:EB
            X509v3 Authority Key Identifier:
                keyid:BB:A3:5C:F8:AB:6F:3E:AA:2A:EB:AD:D9:E2:37:3D:EC:08:93:62:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6Nc-KtvPqoq663Z4jc97AiTYl4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/blnTKeUH7TGwxdemlWr8b5xJuus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/a0e01a-9bbc-44ee-98a3-597b6e2492ab/1/u6Nc-KtvPqoq663Z4jc97AiTYl4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.23.224.0/20
                IPv6:
                  2a0e:bbc0:8000::/40

    Signature Algorithm: sha256WithRSAEncryption
         16:14:a5:21:a6:64:f7:60:af:4d:b2:61:08:b1:0f:2f:c2:aa:
         c7:cb:1e:13:f0:cc:ac:f0:73:eb:b6:31:c7:49:6a:1c:9a:b1:
         06:d1:0d:77:39:c6:93:46:6a:7d:f3:56:49:65:01:2f:19:7c:
         f2:f1:a6:03:b9:25:7f:57:5a:33:40:d6:cc:fa:27:52:00:47:
         bf:32:42:cf:60:d3:76:4d:74:e1:ef:55:a6:e9:7b:88:8f:93:
         a1:ff:ca:ed:d2:7d:76:c8:c5:c3:2d:e2:db:3b:6a:35:0d:2a:
         65:b0:1c:42:d2:1a:2a:91:b1:bd:48:56:9b:80:24:81:30:e9:
         53:d3:c7:90:d4:ff:ae:37:e7:1e:a1:e1:83:10:61:00:e3:b3:
         5c:9a:7d:db:e2:1f:33:aa:2f:fa:87:df:29:65:90:62:5a:10:
         1b:4d:9b:85:05:7a:ea:3c:1d:58:2d:f6:d7:12:37:74:35:71:
         a1:b9:f6:63:db:8d:13:ea:e0:1f:16:14:25:5d:af:0a:7e:21:
         59:99:ea:c5:dd:da:9e:dc:32:7e:1f:5e:b5:2e:10:1e:10:96:
         c3:d3:88:8a:d4:46:a2:04:7e:db:0b:ed:3d:b9:26:a5:8d:ed:
         55:45:20:ba:ca:96:69:ab:2d:8b:e9:47:06:ef:bc:16:10:a2:
         d5:91:51:dd
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYVyRtJ80kYKxxXfO04xXwboMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTM1Y2Y4YWI2ZjNlYWEyYWViYWRkOWUyMzczZGVjMDg5
MzYyNWUwHhcNMjMwMTAyMTEzODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTU5ZDMyOWU1MDdlZDMxYjBjNWQ3YTY5NTZhZmM2ZjljNDliYWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+NJo6dBX8yKv/SLEAg/fa/+h9mX
FXMNJkvFr5rdJcWuNrStQeCokZTxWW3ahR/aXtCnCbeWHwRDa0RXu9PN1y134EXO
8LsPYKn0Kx1EMnFW2GleneBs6SMPnIMluDmxTbAYJfDq0uxtQTnwX/V0BwfSnrD6
unoGz3TtrVoT2XnGDFwzdczmIfdbEARq8/8bAHEhz1jzpoM1+KN8iGyfJM8HyWGg
smVVqisqqcOnBV/suWFsVy5yqg2y0Q9oyL20XL3+eUVRZ6vPr1qKUYoRpn3C5PsH
fiWObmXn/0GICEfsXp7hgg9PY+/jmWbGTsquwobCrjKZ40dzN2/MbNUg5wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFG5Z0ynlB+0xsMXXppVq/G+cSbrrMB8GA1UdIwQY
MBaAFLujXPirbz6qKuut2eI3PewIk2JeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMt
NTk3YjZlMjQ5MmFiLzEvYmxuVEtlVUg3VEd3eGRlbWxXcjhiNXhKdXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9hMGUwMWEtOWJiYy00NGVlLTk4YTMtNTk3YjZlMjQ5MmFi
LzEvdTZOYy1LdHZQcW9xNjYzWjRqYzk3QWlUWWw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQEnRfgMA4E
AgACMAgDBgAqDrvAgDANBgkqhkiG9w0BAQsFAAOCAQEAFhSlIaZk92CvTbJhCLEP
L8Kqx8seE/DMrPBz67Yxx0lqHJqxBtENdznGk0ZqffNWSWUBLxl88vGmA7klf1da
M0DWzPonUgBHvzJCz2DTdk104e9Vpul7iI+Tof/K7dJ9dsjFwy3i2ztqNQ0qZbAc
QtIaKpGxvUhWm4AkgTDpU9PHkNT/rjfnHqHhgxBhAOOzXJp92+IfM6ov+offKWWQ
YloQG02bhQV66jwdWC321xI3dDVxobn2Y9uNE+rgHxYUJV2vCn4hWZnqxd3antwy
fh9etS4QHhCWw9OIitRGogR+2wvtPbkmpY3tVUUgusqWaasti+lHBu+8FhCi1ZFR
3Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:51 2024 by rpki-client on console-ams.rpki-client.org