Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/iIlAoGR47QL9UCwchj7diB7a2TY.roa
File:                     iIlAoGR47QL9UCwchj7diB7a2TY.roa (raw, json)
Hash identifier:          v043gwcC19tzDAJnrBIFLLAgBaINHGLjy4IQbZ5EuA8=
Subject key identifier:   88:89:40:A0:64:78:ED:02:FD:50:2C:1C:86:3E:DD:88:1E:DA:D9:36
Certificate issuer:       /CN=53390b13c9ef4afcfd08124111e6f63dc30165aa
Certificate serial:       0185719E6456E51D6477E242DC1F96506862
Authority key identifier: 53:39:0B:13:C9:EF:4A:FC:FD:08:12:41:11:E6:F6:3D:C3:01:65:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UzkLE8nvSvz9CBJBEeb2PcMBZao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/iIlAoGR47QL9UCwchj7diB7a2TY.roa
Signing time:             Mon 02 Jan 2023 08:34:43 +0000
ROA not before:           Mon 02 Jan 2023 08:34:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31655
IP address blocks:        185.9.232.0/22 maxlen: 24
                          2a02:df80::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:9e:64:56:e5:1d:64:77:e2:42:dc:1f:96:50:68:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53390b13c9ef4afcfd08124111e6f63dc30165aa
        Validity
            Not Before: Jan  2 08:34:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=888940a06478ed02fd502c1c863edd881edad936
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:81:41:3d:f8:ed:1d:7b:d5:40:93:13:d8:80:
                    95:b7:1d:18:d4:1c:a9:7a:c8:58:e1:c4:3f:78:b9:
                    61:64:0b:f9:b8:aa:d4:bd:4a:96:72:80:8c:a7:62:
                    96:61:b3:78:27:a3:e4:09:b8:70:18:4d:02:8d:eb:
                    6d:7b:8e:70:3d:6e:13:af:1c:01:20:1c:45:a0:6f:
                    f1:8e:f3:bf:43:a3:12:63:e6:04:c0:64:93:8e:f0:
                    b4:9c:1b:54:0a:b7:44:fe:eb:25:2f:74:93:85:ea:
                    86:08:9d:00:66:39:da:f0:8b:a0:b1:54:1f:c7:6c:
                    a9:18:4a:06:73:0d:43:4c:43:f5:38:71:dd:54:a5:
                    40:a8:9d:c2:db:29:a0:25:ff:cc:bb:8e:10:c6:fe:
                    42:eb:f0:fd:93:01:66:7f:f8:48:f8:5d:45:e3:be:
                    75:c7:9b:63:41:2e:6a:36:90:0d:b3:2e:8b:cb:f8:
                    9f:e1:1f:10:dc:bb:73:95:42:02:d7:c6:dd:f0:9b:
                    b2:9d:70:7e:d4:a8:95:2a:af:16:72:74:af:10:37:
                    dd:99:ca:d4:76:6c:1a:4f:3a:44:40:31:a3:22:92:
                    77:e3:dd:ee:af:fc:67:ec:5d:34:f0:2e:e4:6c:15:
                    65:ee:7c:d4:47:99:9b:2c:78:40:85:77:8c:a7:45:
                    fd:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:89:40:A0:64:78:ED:02:FD:50:2C:1C:86:3E:DD:88:1E:DA:D9:36
            X509v3 Authority Key Identifier:
                keyid:53:39:0B:13:C9:EF:4A:FC:FD:08:12:41:11:E6:F6:3D:C3:01:65:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UzkLE8nvSvz9CBJBEeb2PcMBZao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/iIlAoGR47QL9UCwchj7diB7a2TY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/89c4ab-984b-4f6c-bdd0-33d7ac370979/1/UzkLE8nvSvz9CBJBEeb2PcMBZao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.9.232.0/22
                IPv6:
                  2a02:df80::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:e0:dc:1e:00:b7:8c:2b:38:08:d7:e3:e7:5c:01:e4:b2:a9:
         1a:e7:86:93:32:04:15:8d:41:c3:4c:5a:88:a5:fd:13:8d:79:
         d3:dd:36:71:26:ee:8e:80:41:95:60:8a:5f:ad:3f:9c:6d:38:
         b1:ca:4b:59:8e:5c:a5:d5:1d:3d:b0:64:d5:21:c4:58:0c:6a:
         27:bf:e2:d4:1e:00:eb:62:62:01:23:7a:4c:5b:02:65:c8:74:
         45:03:41:bb:fb:d3:30:16:4d:c3:79:29:1f:0d:03:e2:f6:15:
         7e:68:6c:b7:dd:06:28:77:d5:08:90:1d:69:31:01:d2:1c:b3:
         41:34:f3:5d:ad:fd:e1:e7:de:6d:47:18:36:56:04:9f:cb:bb:
         dd:04:78:c3:a7:57:24:ef:69:67:18:44:24:08:15:3d:45:b5:
         55:4f:1f:54:d0:d9:0a:61:a7:06:fb:52:d7:fd:2a:24:2a:54:
         39:0c:0d:11:6c:b7:5b:6b:4a:70:94:3e:9b:fc:59:b3:5f:e4:
         5b:f3:e4:c5:5d:02:2e:a6:9c:5f:0a:3a:2e:45:6b:7b:73:c0:
         eb:4d:0b:79:8d:51:d1:b3:2b:71:48:b1:8f:17:19:00:aa:60:
         3c:51:6c:b4:ef:dc:45:10:b3:01:2e:e3:1d:bd:a3:1b:04:fb:
         25:47:a7:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxnmRW5R1kd+JC3B+WUGhiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMzkwYjEzYzllZjRhZmNmZDA4MTI0MTExZTZmNjNkYzMw
MTY1YWEwHhcNMjMwMTAyMDgzNDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg5NDBhMDY0NzhlZDAyZmQ1MDJjMWM4NjNlZGQ4ODFlZGFkOTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoFBPfjtHXvVQJMT2ICVtx0Y1Byp
eshY4cQ/eLlhZAv5uKrUvUqWcoCMp2KWYbN4J6PkCbhwGE0Cjette45wPW4TrxwB
IBxFoG/xjvO/Q6MSY+YEwGSTjvC0nBtUCrdE/uslL3STheqGCJ0AZjna8IugsVQf
x2ypGEoGcw1DTEP1OHHdVKVAqJ3C2ymgJf/Mu44Qxv5C6/D9kwFmf/hI+F1F4751
x5tjQS5qNpANsy6Ly/if4R8Q3LtzlUIC18bd8JuynXB+1KiVKq8WcnSvEDfdmcrU
dmwaTzpEQDGjIpJ3493ur/xn7F008C7kbBVl7nzUR5mbLHhAhXeMp0X9iwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIiJQKBkeO0C/VAsHIY+3Yge2tk2MB8GA1UdIwQY
MBaAFFM5CxPJ70r8/QgSQRHm9j3DAWWqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXprTEU4bnZTdno5Q0JKQkVlYjJQY01CWmFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi84OWM0YWItOTg0Yi00ZjZjLWJkZDAt
MzNkN2FjMzcwOTc5LzEvaUlsQW9HUjQ3UUw5VUN3Y2hqN2RpQjdhMlRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi84OWM0YWItOTg0Yi00ZjZjLWJkZDAtMzNkN2FjMzcwOTc5
LzEvVXprTEU4bnZTdno5Q0JKQkVlYjJQY01CWmFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQnoMA0E
AgACMAcDBQMqAt+AMA0GCSqGSIb3DQEBCwUAA4IBAQAI4NweALeMKzgI1+PnXAHk
sqka54aTMgQVjUHDTFqIpf0TjXnT3TZxJu6OgEGVYIpfrT+cbTixyktZjlyl1R09
sGTVIcRYDGonv+LUHgDrYmIBI3pMWwJlyHRFA0G7+9MwFk3DeSkfDQPi9hV+aGy3
3QYod9UIkB1pMQHSHLNBNPNdrf3h595tRxg2VgSfy7vdBHjDp1ck72lnGEQkCBU9
RbVVTx9U0NkKYacG+1LX/SokKlQ5DA0RbLdba0pwlD6b/FmzX+Rb8+TFXQIuppxf
CjouRWt7c8DrTQt5jVHRsytxSLGPFxkAqmA8UWy079xFELMBLuMdvaMbBPslR6eZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:32 2024 by rpki-client on console-fra.rpki-client.org