Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/b5OOrzDnB9NpkBONDjkuB4JdXjk.roa
File:                     b5OOrzDnB9NpkBONDjkuB4JdXjk.roa (raw, json)
Hash identifier:          NgsbFZ+oyGagVtkUanB8W+uhEPnKgTmbUxt3SCFUsgI=
Subject key identifier:   6F:93:8E:AF:30:E7:07:D3:69:90:13:8D:0E:39:2E:07:82:5D:5E:39
Certificate issuer:       /CN=36319bcd4747ed5b202bb578acb390d16fc411a5
Certificate serial:       01856B93209A9CB45C043B16D220F82D0183
Authority key identifier: 36:31:9B:CD:47:47:ED:5B:20:2B:B5:78:AC:B3:90:D1:6F:C4:11:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/b5OOrzDnB9NpkBONDjkuB4JdXjk.roa
Signing time:             Sun 01 Jan 2023 04:24:42 +0000
ROA not before:           Sun 01 Jan 2023 04:24:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20740
IP address blocks:        194.29.188.0/22 maxlen: 22
                          193.109.4.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:93:20:9a:9c:b4:5c:04:3b:16:d2:20:f8:2d:01:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36319bcd4747ed5b202bb578acb390d16fc411a5
        Validity
            Not Before: Jan  1 04:24:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6f938eaf30e707d36990138d0e392e07825d5e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:db:f8:97:59:c7:e8:c1:7b:ff:5b:8e:8e:c4:
                    25:d4:3b:d3:16:f4:a6:5a:fa:88:12:ac:41:b8:09:
                    e1:af:b7:16:5f:f1:48:ce:a0:cf:ac:f8:fa:6b:5d:
                    4f:a1:09:1d:51:a5:fc:e7:be:d4:a3:48:b9:81:83:
                    c2:0d:c4:96:f2:60:da:0e:08:7a:f6:7e:f2:6a:ee:
                    f5:8c:64:ba:17:a6:5c:9c:6e:59:5d:90:e0:37:82:
                    1a:25:f3:db:75:6a:dd:12:c0:89:7a:8d:83:54:c9:
                    67:b5:d6:79:c7:39:3e:e8:ed:88:93:ad:98:a6:dd:
                    5f:a0:cc:13:ea:fa:e1:3c:06:17:c4:62:90:1e:6f:
                    aa:a2:90:1b:03:43:16:0a:5a:e4:09:b6:7d:1c:d1:
                    1b:c4:d0:71:4b:f2:0c:8e:cc:42:65:ba:5f:84:30:
                    73:ba:75:fc:43:84:2d:27:bd:fe:c4:18:cf:3f:4f:
                    2d:bc:19:63:e2:9b:b1:e8:2a:dc:22:31:f9:98:a3:
                    15:0c:5e:59:70:ae:f8:a3:27:4b:16:c7:75:d7:f5:
                    8c:84:f3:33:5a:09:06:8c:02:3e:f7:01:20:93:3a:
                    fc:53:b7:b4:03:ca:00:da:3b:eb:1e:7f:85:df:84:
                    80:63:9d:de:e7:cf:a2:4b:3d:34:9e:0e:23:35:25:
                    1f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:93:8E:AF:30:E7:07:D3:69:90:13:8D:0E:39:2E:07:82:5D:5E:39
            X509v3 Authority Key Identifier:
                keyid:36:31:9B:CD:47:47:ED:5B:20:2B:B5:78:AC:B3:90:D1:6F:C4:11:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/b5OOrzDnB9NpkBONDjkuB4JdXjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/ba24d8-d484-4e9b-87ba-2455f9f5216f/1/NjGbzUdH7VsgK7V4rLOQ0W_EEaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.109.4.0/22
                  194.29.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a0:bd:04:4d:a3:07:c2:f6:98:f7:6f:48:7f:e6:1b:14:ba:79:
         08:cc:b3:05:e5:e7:e8:db:7e:03:fb:74:93:2d:d7:45:82:37:
         42:80:d2:f9:d1:4c:ed:f2:f6:c0:ca:0a:0d:a0:49:54:fc:87:
         ec:ad:ed:7a:1a:3a:ed:3a:68:6f:b2:0d:e7:46:34:de:24:74:
         73:3b:48:84:b3:69:10:b4:af:f5:f2:86:19:7f:51:92:08:f9:
         37:7b:a7:fd:66:7d:cd:47:f1:0a:8e:3f:5b:5a:88:3a:78:a2:
         86:35:2e:6b:c9:fd:74:69:f2:2f:1d:b1:fb:3b:52:d1:a1:a3:
         ca:ab:4f:39:8f:e1:5d:40:37:3b:ef:f4:ec:42:46:05:e0:40:
         3d:7c:3e:58:dd:49:4c:94:91:89:cb:a9:d9:dc:ec:c7:81:c0:
         6f:e3:14:5e:c4:06:97:2f:9e:ca:90:7a:40:f1:9f:14:27:a9:
         5e:ce:f1:86:1d:57:95:f7:20:ba:ca:e8:4b:e4:87:91:9b:dc:
         9e:50:c2:41:49:46:d7:8b:0d:a7:d1:12:ee:15:0e:36:14:ec:
         50:4c:eb:b4:31:77:5b:52:06:7e:ab:b8:88:6d:d1:4b:db:4e:
         1a:5b:cd:93:8f:9d:94:88:3c:51:98:d7:a9:e3:a6:f6:f1:7e:
         e9:0d:34:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVrkyCanLRcBDsW0iD4LQGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MzE5YmNkNDc0N2VkNWIyMDJiYjU3OGFjYjM5MGQxNmZj
NDExYTUwHhcNMjMwMTAxMDQyNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjkzOGVhZjMwZTcwN2QzNjk5MDEzOGQwZTM5MmUwNzgyNWQ1ZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdv4l1nH6MF7/1uOjsQl1DvTFvSm
WvqIEqxBuAnhr7cWX/FIzqDPrPj6a11PoQkdUaX8577Uo0i5gYPCDcSW8mDaDgh6
9n7yau71jGS6F6ZcnG5ZXZDgN4IaJfPbdWrdEsCJeo2DVMlntdZ5xzk+6O2Ik62Y
pt1foMwT6vrhPAYXxGKQHm+qopAbA0MWClrkCbZ9HNEbxNBxS/IMjsxCZbpfhDBz
unX8Q4QtJ73+xBjPP08tvBlj4pux6CrcIjH5mKMVDF5ZcK74oydLFsd11/WMhPMz
WgkGjAI+9wEgkzr8U7e0A8oA2jvrHn+F34SAY53e58+iSz00ng4jNSUfMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG+Tjq8w5wfTaZATjQ45LgeCXV45MB8GA1UdIwQY
MBaAFDYxm81HR+1bICu1eKyzkNFvxBGlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmpHYnpVZEg3VnNnSzdWNHJMT1EwV19FRWFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iYTI0ZDgtZDQ4NC00ZTliLTg3YmEt
MjQ1NWY5ZjUyMTZmLzEvYjVPT3J6RG5COU5wa0JPTkRqa3VCNEpkWGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iYTI0ZDgtZDQ4NC00ZTliLTg3YmEtMjQ1NWY5ZjUyMTZm
LzEvTmpHYnpVZEg3VnNnSzdWNHJMT1EwV19FRWFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwW0EAwQC
wh28MA0GCSqGSIb3DQEBCwUAA4IBAQCgvQRNowfC9pj3b0h/5hsUunkIzLMF5efo
234D+3STLddFgjdCgNL50Uzt8vbAygoNoElU/Ifsre16GjrtOmhvsg3nRjTeJHRz
O0iEs2kQtK/18oYZf1GSCPk3e6f9Zn3NR/EKjj9bWog6eKKGNS5ryf10afIvHbH7
O1LRoaPKq085j+FdQDc77/TsQkYF4EA9fD5Y3UlMlJGJy6nZ3OzHgcBv4xRexAaX
L57KkHpA8Z8UJ6lezvGGHVeV9yC6yuhL5IeRm9yeUMJBSUbXiw2n0RLuFQ42FOxQ
TOu0MXdbUgZ+q7iIbdFL204aW82Tj52UiDxRmNep46b28X7pDTQC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:52 2024 by rpki-client on console-ams.rpki-client.org