Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/R-uinQ_EJvrk4PMP1ksAx2z9pWw.roa
File:                     R-uinQ_EJvrk4PMP1ksAx2z9pWw.roa (raw, json)
Hash identifier:          kMuvHgM22cdKlPbykwS3S5975b89JR8HShXRpRcJpsU=
Subject key identifier:   47:EB:A2:9D:0F:C4:26:FA:E4:E0:F3:0F:D6:4B:00:C7:6C:FD:A5:6C
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       01856F14B0C17C477B90BBEFAB6B6A509660
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/R-uinQ_EJvrk4PMP1ksAx2z9pWw.roa
Signing time:             Sun 01 Jan 2023 20:45:05 +0000
ROA not before:           Sun 01 Jan 2023 20:45:05 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210525
IP address blocks:        91.242.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:14:b0:c1:7c:47:7b:90:bb:ef:ab:6b:6a:50:96:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  1 20:45:05 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=47eba29d0fc426fae4e0f30fd64b00c76cfda56c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e1:6b:94:25:2f:97:02:8a:82:4c:6e:d3:b3:
                    98:2d:09:fa:1c:73:17:55:38:56:54:69:1d:67:b4:
                    38:41:2d:4b:45:c1:f4:d9:ef:85:a1:b9:cd:4d:be:
                    23:26:b0:b9:4c:05:6f:53:3d:d3:7d:6c:68:7a:40:
                    c4:27:67:d5:02:54:d8:59:8c:de:44:7e:a1:c2:e8:
                    5c:75:2e:39:e7:a4:75:3f:5a:74:65:bc:ea:24:e5:
                    79:41:ad:d8:eb:e7:a3:24:01:5a:4d:20:51:0f:e4:
                    39:49:32:8a:18:da:86:59:55:86:9a:4c:6f:e0:8e:
                    03:ba:59:a4:73:97:8f:db:03:f2:d9:13:dc:b5:43:
                    c6:74:05:7f:60:57:23:20:d6:83:32:3e:bd:9a:8d:
                    55:9a:77:7a:ba:5d:c0:0d:e4:9a:27:16:a9:16:cf:
                    08:75:b1:32:9d:f7:a2:3b:3f:36:5f:2f:7e:c1:bc:
                    6f:20:cc:34:d6:aa:e9:14:d2:23:33:13:17:1f:45:
                    dd:0d:34:b0:93:a9:25:db:41:89:4e:78:b2:d0:f0:
                    dd:7b:48:76:df:2a:fc:53:c5:69:fc:0b:25:29:d0:
                    60:b9:ab:f3:be:2c:fe:6e:11:47:88:a8:d9:1b:6d:
                    7a:0e:a4:08:45:64:2d:04:b0:50:86:fc:20:ce:01:
                    e8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:EB:A2:9D:0F:C4:26:FA:E4:E0:F3:0F:D6:4B:00:C7:6C:FD:A5:6C
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/R-uinQ_EJvrk4PMP1ksAx2z9pWw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:43:b2:8a:95:d2:b8:34:2a:db:c0:a3:5c:7d:74:a3:20:1d:
         b9:3a:ee:f9:79:09:24:dc:7b:b6:e9:78:71:38:9f:8f:a4:27:
         7c:11:b0:7b:25:85:c4:03:92:dc:68:fa:61:b5:bd:19:3c:3f:
         fb:2b:df:4c:b6:33:4f:7b:b7:a8:2a:83:d8:cd:5e:8a:a6:97:
         42:c0:5b:34:14:d7:d4:00:d6:99:ff:fe:3f:a5:39:16:76:ef:
         a7:4e:77:aa:ba:3c:d7:15:96:e6:27:f0:4d:fa:f0:2f:5b:d7:
         57:dc:b8:69:e0:47:b0:7b:f0:56:ca:9a:80:1d:c4:34:aa:4a:
         06:53:ec:de:b9:37:e8:5e:44:84:ca:52:37:40:b9:55:49:4e:
         9c:05:4e:01:7a:3d:24:7f:78:1b:80:8b:ce:15:22:33:67:52:
         f7:4e:16:0d:f6:df:d6:10:26:98:40:38:0e:5f:bb:38:6f:2a:
         ff:cf:57:c0:4d:ef:f5:a6:d2:63:b0:e2:68:e4:40:55:31:b9:
         e0:a6:48:ee:3c:17:d3:32:b6:3f:d0:e1:b9:95:11:12:68:fc:
         36:d3:3c:cd:6d:dd:29:64:a6:b6:ce:11:83:31:94:1d:f4:53:
         ea:87:53:05:2b:ea:89:84:9f:07:e5:58:60:64:f1:fb:ee:cd:
         48:d8:ba:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvFLDBfEd7kLvvq2tqUJZgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjMwMTAxMjA0NTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2ViYTI5ZDBmYzQyNmZhZTRlMGYzMGZkNjRiMDBjNzZjZmRhNTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOFrlCUvlwKKgkxu07OYLQn6HHMX
VThWVGkdZ7Q4QS1LRcH02e+FobnNTb4jJrC5TAVvUz3TfWxoekDEJ2fVAlTYWYze
RH6hwuhcdS4556R1P1p0ZbzqJOV5Qa3Y6+ejJAFaTSBRD+Q5STKKGNqGWVWGmkxv
4I4Dulmkc5eP2wPy2RPctUPGdAV/YFcjINaDMj69mo1Vmnd6ul3ADeSaJxapFs8I
dbEynfeiOz82Xy9+wbxvIMw01qrpFNIjMxMXH0XdDTSwk6kl20GJTniy0PDde0h2
3yr8U8Vp/AslKdBguavzviz+bhFHiKjZG216DqQIRWQtBLBQhvwgzgHoMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfrop0PxCb65ODzD9ZLAMds/aVsMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvUi11aW5RX0VKdnJrNFBNUDFrc0F4Mno5cFd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/L/MA0G
CSqGSIb3DQEBCwUAA4IBAQBaQ7KKldK4NCrbwKNcfXSjIB25Ou75eQkk3Hu26Xhx
OJ+PpCd8EbB7JYXEA5LcaPphtb0ZPD/7K99MtjNPe7eoKoPYzV6KppdCwFs0FNfU
ANaZ//4/pTkWdu+nTnequjzXFZbmJ/BN+vAvW9dX3Lhp4Eewe/BWypqAHcQ0qkoG
U+zeuTfoXkSEylI3QLlVSU6cBU4Bej0kf3gbgIvOFSIzZ1L3ThYN9t/WECaYQDgO
X7s4byr/z1fATe/1ptJjsOJo5EBVMbngpkjuPBfTMrY/0OG5lRESaPw20zzNbd0p
ZKa2zhGDMZQd9FPqh1MFK+qJhJ8H5VhgZPH77s1I2Lpu
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:53 2024 by rpki-client on console-ams.rpki-client.org