Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/SX63pryk0Pti6DOOP6Hv5fmhssk.roa
File:                     SX63pryk0Pti6DOOP6Hv5fmhssk.roa (raw, json)
Hash identifier:          HXVFk1VILXkXxAiD/KuLjqJRH3yS/nG+BjfbzUIpkAI=
Subject key identifier:   49:7E:B7:A6:BC:A4:D0:FB:62:E8:33:8E:3F:A1:EF:E5:F9:A1:B2:C9
Certificate issuer:       /CN=39247f77a3ae0af71eac03256449f5d292cffd74
Certificate serial:       018BD464CA77265AD252B1076D7D5BD2406E
Authority key identifier: 39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/SX63pryk0Pti6DOOP6Hv5fmhssk.roa
Signing time:             Wed 15 Nov 2023 19:10:57 +0000
ROA not before:           Wed 15 Nov 2023 19:10:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     265833
IP address blocks:        109.70.132.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Thu 21 Dec 2023 18:40:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d4:64:ca:77:26:5a:d2:52:b1:07:6d:7d:5b:d2:40:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39247f77a3ae0af71eac03256449f5d292cffd74
        Validity
            Not Before: Nov 15 19:10:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=497eb7a6bca4d0fb62e8338e3fa1efe5f9a1b2c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:7b:09:bd:08:cb:d0:b2:1e:21:bd:42:f0:93:
                    df:a3:cc:55:fa:d8:88:d6:96:f4:52:da:08:83:a1:
                    ae:ca:31:30:1d:33:0d:7b:43:ba:1a:9d:c7:0f:c2:
                    98:0f:57:ee:20:2f:da:55:93:a7:00:56:e3:10:d9:
                    29:20:45:24:ac:19:bf:a9:96:9d:67:15:e9:66:f2:
                    51:c2:13:f4:d8:ce:75:06:d4:48:04:e6:69:3c:c9:
                    23:33:b7:89:18:2a:82:ff:b9:2e:b7:ee:d6:ea:40:
                    f8:28:e5:20:53:51:ce:72:06:1e:a5:32:a2:1c:e0:
                    07:c5:1f:71:13:f6:85:d7:15:f2:2f:00:a5:04:28:
                    07:7e:50:39:86:4b:17:26:d3:a2:65:7f:7c:88:eb:
                    79:40:b1:82:c8:66:85:c7:fc:af:3c:bd:6a:fd:96:
                    16:ae:7c:61:d6:da:a6:ab:8e:d6:65:90:51:66:1b:
                    2d:cd:55:f1:d9:6b:45:61:a5:e0:f8:95:e0:6b:f6:
                    f5:5f:9d:d3:26:22:f8:c6:83:95:5f:3a:df:f3:1d:
                    d1:d9:28:d5:2a:e7:b6:39:79:3e:9c:0e:52:0e:0f:
                    48:5a:bb:75:1d:d0:08:f7:d3:4d:d8:98:06:c6:c6:
                    e1:09:6c:2a:ba:29:a5:15:54:38:06:1c:bd:74:ab:
                    c0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:7E:B7:A6:BC:A4:D0:FB:62:E8:33:8E:3F:A1:EF:E5:F9:A1:B2:C9
            X509v3 Authority Key Identifier:
                keyid:39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/SX63pryk0Pti6DOOP6Hv5fmhssk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:9e:9b:0b:f1:fa:a6:4f:ff:30:23:9e:08:8c:fc:23:27:f8:
         4c:5b:9a:55:89:03:c8:f2:c1:70:d3:c4:34:fe:17:a3:e3:af:
         fb:57:30:e3:8c:6b:2d:d6:97:9c:2c:05:94:34:13:a8:cb:5e:
         74:27:9c:79:96:d1:bf:25:ce:a7:68:d2:56:bd:f2:39:da:62:
         ec:33:96:83:6a:ca:28:87:ec:c3:5a:7b:e6:3c:75:6a:b9:64:
         1a:99:24:ac:f0:66:fd:62:11:1f:4c:68:cf:59:32:18:85:29:
         85:c2:7a:08:43:40:1b:4a:c2:fe:cf:1b:0c:06:75:7d:cd:93:
         de:ca:a5:1d:f4:0b:3c:36:66:0f:19:c2:2b:9a:6b:2a:18:fb:
         91:8d:53:ed:e9:ff:4a:fd:e0:24:46:cb:67:4d:05:0d:47:9a:
         df:8c:e6:cc:75:65:08:ba:c1:0c:47:e6:b2:63:54:f1:d4:a3:
         67:e1:4e:3f:06:72:5a:1f:78:8f:b0:a3:d7:6e:9d:11:c3:08:
         2c:8c:31:7b:dc:86:a9:a8:8e:48:d3:47:f5:9b:7e:54:b7:a0:
         02:f6:4a:90:bc:17:6b:dd:82:95:0a:0e:eb:49:f4:38:4b:65:
         4d:c2:28:2c:25:e4:38:2d:38:15:a2:e0:44:dc:f7:f9:b0:c5:
         11:5a:90:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYvUZMp3JlrSUrEHbX1b0kBuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjQ3Zjc3YTNhZTBhZjcxZWFjMDMyNTY0NDlmNWQyOTJj
ZmZkNzQwHhcNMjMxMTE1MTkxMDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTdlYjdhNmJjYTRkMGZiNjJlODMzOGUzZmExZWZlNWY5YTFiMmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHsJvQjL0LIeIb1C8JPfo8xV+tiI
1pb0UtoIg6GuyjEwHTMNe0O6Gp3HD8KYD1fuIC/aVZOnAFbjENkpIEUkrBm/qZad
ZxXpZvJRwhP02M51BtRIBOZpPMkjM7eJGCqC/7kut+7W6kD4KOUgU1HOcgYepTKi
HOAHxR9xE/aF1xXyLwClBCgHflA5hksXJtOiZX98iOt5QLGCyGaFx/yvPL1q/ZYW
rnxh1tqmq47WZZBRZhstzVXx2WtFYaXg+JXga/b1X53TJiL4xoOVXzrf8x3R2SjV
Kue2OXk+nA5SDg9IWrt1HdAI99NN2JgGxsbhCWwquimlFVQ4Bhy9dKvANQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEl+t6a8pND7Yugzjj+h7+X5obLJMB8GA1UdIwQY
MBaAFDkkf3ejrgr3HqwDJWRJ9dKSz/10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYt
Y2Q2NmFkNTM0ODEyLzEvU1g2M3ByeWswUHRpNkRPT1A2SHY1Zm1oc3NrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYtY2Q2NmFkNTM0ODEy
LzEvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbUaEMA0G
CSqGSIb3DQEBCwUAA4IBAQBVnpsL8fqmT/8wI54IjPwjJ/hMW5pViQPI8sFw08Q0
/hej46/7VzDjjGst1pecLAWUNBOoy150J5x5ltG/Jc6naNJWvfI52mLsM5aDasoo
h+zDWnvmPHVquWQamSSs8Gb9YhEfTGjPWTIYhSmFwnoIQ0AbSsL+zxsMBnV9zZPe
yqUd9As8NmYPGcIrmmsqGPuRjVPt6f9K/eAkRstnTQUNR5rfjObMdWUIusEMR+ay
Y1Tx1KNn4U4/BnJaH3iPsKPXbp0RwwgsjDF73IapqI5I00f1m35Ut6AC9kqQvBdr
3YKVCg7rSfQ4S2VNwigsJeQ4LTgVouBE3Pf5sMURWpBu
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:15 2024 by rpki-client on console-fra.rpki-client.org