Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/ZfsNe7JLF76Ui3P8M_yPoMtt6uU.roa
File:                     ZfsNe7JLF76Ui3P8M_yPoMtt6uU.roa (raw, json)
Hash identifier:          pMJtmhuTjSF/MbPFUfT36/4K87HMCUJidiN1fG07gQc=
Subject key identifier:   65:FB:0D:7B:B2:4B:17:BE:94:8B:73:FC:33:FC:8F:A0:CB:6D:EA:E5
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       01856F14A9DB124A5324385164CA65C8E3BB
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/ZfsNe7JLF76Ui3P8M_yPoMtt6uU.roa
Signing time:             Sun 01 Jan 2023 20:45:03 +0000
ROA not before:           Sun 01 Jan 2023 20:45:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48086
IP address blocks:        91.207.106.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:14:a9:db:12:4a:53:24:38:51:64:ca:65:c8:e3:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  1 20:45:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65fb0d7bb24b17be948b73fc33fc8fa0cb6deae5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f3:45:a6:11:50:64:5a:09:a1:d7:e4:fd:d9:
                    59:44:0b:ff:bf:6b:13:89:18:2e:5c:c7:24:f2:22:
                    b2:0c:81:87:89:d7:1d:c2:ac:1c:a4:3a:e6:7c:3e:
                    a5:41:c8:d0:5c:83:78:28:66:a4:fd:ba:06:3e:58:
                    54:56:40:69:30:f0:a2:6e:96:5a:8b:7c:ac:29:1f:
                    d6:ac:45:20:94:dd:7d:83:cc:0c:81:96:db:16:d9:
                    d2:c9:62:57:18:4b:13:03:4a:be:92:5e:3e:0f:d4:
                    c1:6b:a6:76:0b:5d:7e:93:01:d4:5f:a0:ef:bb:79:
                    54:4a:30:ac:eb:eb:bb:83:82:66:49:1a:bc:0e:0a:
                    cd:10:db:79:56:d7:73:03:1c:7c:5f:a3:00:50:c3:
                    7e:8e:ee:b0:be:e2:64:e4:a1:da:ac:9c:38:e7:22:
                    fe:02:4f:c4:5e:80:d7:fd:9b:f6:fb:c0:85:04:25:
                    94:7b:9a:50:fc:4e:5f:f1:9a:c3:f5:cf:35:7d:e6:
                    3b:ee:8f:3f:61:fa:11:ea:d5:a4:40:8a:2c:a2:56:
                    19:fc:e2:24:bf:ae:a2:c0:01:9f:5c:49:c3:bc:8d:
                    28:a1:fa:cb:ab:e7:0c:e6:0d:23:ba:18:ae:95:a8:
                    f1:86:a2:21:f5:4a:b1:db:ca:51:eb:16:8a:f5:50:
                    8c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:FB:0D:7B:B2:4B:17:BE:94:8B:73:FC:33:FC:8F:A0:CB:6D:EA:E5
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/ZfsNe7JLF76Ui3P8M_yPoMtt6uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:b1:47:ed:8e:16:31:bd:9f:1f:06:d0:1e:0b:b1:1d:b6:ad:
         b8:1f:19:55:79:4f:dd:b5:4c:9a:4d:b6:99:1a:23:f6:15:99:
         5d:53:91:41:19:0a:bd:54:4e:39:00:34:a8:68:29:3f:9e:ef:
         85:e3:43:ff:4a:7d:c7:cf:f5:51:ba:ad:8c:b8:fd:11:a3:a0:
         5c:b4:f3:12:c4:a5:65:c2:23:ff:1b:4e:4b:9f:7b:80:4e:67:
         3e:41:dd:2f:5e:55:a0:ec:c8:19:ad:d6:d0:8b:b9:c6:69:1f:
         0d:f1:f5:da:19:b8:73:77:80:08:cc:7c:08:9c:2b:b9:ef:00:
         46:f7:a5:0a:02:93:8b:01:4f:90:21:81:30:37:d6:1f:e8:e4:
         d4:57:18:b2:ce:e2:05:79:c5:4b:6a:72:cc:8e:ad:10:de:ce:
         bd:bb:1e:29:77:73:e3:67:64:50:c8:4e:31:51:28:79:74:2c:
         55:29:ea:fa:2d:04:98:1c:a8:8c:d8:eb:bb:31:fd:2d:58:1d:
         7b:a9:85:3a:59:99:43:96:9a:81:f4:8b:45:8e:8e:5e:49:94:
         03:98:5d:2d:fe:32:ba:34:b1:6c:e0:82:32:49:cd:14:ea:07:
         86:a6:45:94:91:70:5b:53:6a:4b:b8:80:24:67:99:e0:c2:b3:
         a8:bc:b3:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVvFKnbEkpTJDhRZMplyOO7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjMwMTAxMjA0NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWZiMGQ3YmIyNGIxN2JlOTQ4YjczZmMzM2ZjOGZhMGNiNmRlYWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvNFphFQZFoJodfk/dlZRAv/v2sT
iRguXMck8iKyDIGHidcdwqwcpDrmfD6lQcjQXIN4KGak/boGPlhUVkBpMPCibpZa
i3ysKR/WrEUglN19g8wMgZbbFtnSyWJXGEsTA0q+kl4+D9TBa6Z2C11+kwHUX6Dv
u3lUSjCs6+u7g4JmSRq8DgrNENt5VtdzAxx8X6MAUMN+ju6wvuJk5KHarJw45yL+
Ak/EXoDX/Zv2+8CFBCWUe5pQ/E5f8ZrD9c81feY77o8/YfoR6tWkQIosolYZ/OIk
v66iwAGfXEnDvI0oofrLq+cM5g0juhiulajxhqIh9Uqx28pR6xaK9VCMlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGX7DXuySxe+lItz/DP8j6DLberlMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvWmZzTmU3SkxGNzZVaTNQOE1feVBvTXR0NnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW89qMA0G
CSqGSIb3DQEBCwUAA4IBAQCmsUftjhYxvZ8fBtAeC7Edtq24HxlVeU/dtUyaTbaZ
GiP2FZldU5FBGQq9VE45ADSoaCk/nu+F40P/Sn3Hz/VRuq2MuP0Ro6BctPMSxKVl
wiP/G05Ln3uATmc+Qd0vXlWg7MgZrdbQi7nGaR8N8fXaGbhzd4AIzHwInCu57wBG
96UKApOLAU+QIYEwN9Yf6OTUVxiyzuIFecVLanLMjq0Q3s69ux4pd3PjZ2RQyE4x
USh5dCxVKer6LQSYHKiM2Ou7Mf0tWB17qYU6WZlDlpqB9ItFjo5eSZQDmF0t/jK6
NLFs4IIySc0U6geGpkWUkXBbU2pLuIAkZ5ngwrOovLMN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:53 2024 by rpki-client on console-ams.rpki-client.org