Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/dH0ycTB4SftZSxwkdrMweUeaWkY.roa
File:                     dH0ycTB4SftZSxwkdrMweUeaWkY.roa (raw, json)
Hash identifier:          o9qxijQC2DnW0dRaIDsfn7GFCHF8VyztsoGXZw4CSpo=
Subject key identifier:   74:7D:32:71:30:78:49:FB:59:4B:1C:24:76:B3:30:79:47:9A:5A:46
Certificate issuer:       /CN=c8d5aa7034250ab1a8789ac86cc0eef3bfc9db5f
Certificate serial:       018571278C8430C571DC69F7D45E1C950B58
Authority key identifier: C8:D5:AA:70:34:25:0A:B1:A8:78:9A:C8:6C:C0:EE:F3:BF:C9:DB:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/dH0ycTB4SftZSxwkdrMweUeaWkY.roa
Signing time:             Mon 02 Jan 2023 06:24:55 +0000
ROA not before:           Mon 02 Jan 2023 06:24:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12301
IP address blocks:        85.119.8.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:27:8c:84:30:c5:71:dc:69:f7:d4:5e:1c:95:0b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8d5aa7034250ab1a8789ac86cc0eef3bfc9db5f
        Validity
            Not Before: Jan  2 06:24:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=747d3271307849fb594b1c2476b33079479a5a46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f9:b5:a6:88:24:d1:cd:97:7a:9d:83:c8:18:
                    fa:5b:93:1f:48:0c:58:de:b0:b5:7a:50:c6:23:4a:
                    63:a2:fb:5e:55:da:29:b9:42:43:ba:c3:5c:6f:b1:
                    82:11:7c:ea:a4:26:b9:70:d7:a0:6d:7d:c6:de:3d:
                    ad:6b:84:64:92:2a:49:32:da:41:77:61:b9:c1:2a:
                    2b:40:0e:c8:33:23:62:b9:66:7a:6a:b9:6e:b6:15:
                    1c:04:d5:b6:fb:40:c9:53:58:b5:cf:95:48:63:38:
                    13:9f:2b:c7:03:9f:2d:f2:ee:10:fa:de:ac:e3:59:
                    98:f2:65:c0:38:16:3b:ce:82:97:24:d0:f4:ca:e5:
                    45:7e:9e:49:34:50:81:5f:12:5d:66:2f:1c:1d:28:
                    b4:85:52:36:0e:50:1b:98:99:7b:b9:1d:8d:1c:b9:
                    41:a9:c3:9c:f6:7b:a3:eb:0a:95:a9:cd:bb:e0:7d:
                    8c:da:cc:de:33:8e:e0:73:16:28:44:a1:cd:3d:36:
                    36:2b:77:87:75:12:ef:44:90:4e:01:32:0e:dd:c6:
                    d2:8d:97:e6:7f:e0:43:8e:f4:a7:b1:01:18:57:b6:
                    80:6b:55:e0:80:d2:73:06:ea:cc:48:a6:60:b4:a0:
                    7c:42:07:be:8c:1f:a9:3c:a6:49:05:ea:7b:99:db:
                    d6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7D:32:71:30:78:49:FB:59:4B:1C:24:76:B3:30:79:47:9A:5A:46
            X509v3 Authority Key Identifier:
                keyid:C8:D5:AA:70:34:25:0A:B1:A8:78:9A:C8:6C:C0:EE:F3:BF:C9:DB:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNWqcDQlCrGoeJrIbMDu87_J218.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/dH0ycTB4SftZSxwkdrMweUeaWkY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/2d490c-6ff8-471d-97d2-2d72f23193db/1/yNWqcDQlCrGoeJrIbMDu87_J218.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6b:22:a5:af:f8:cc:72:cd:53:12:a5:20:11:0b:f8:1e:b0:62:
         89:6d:5b:17:a5:65:26:9a:93:9a:cc:5a:fa:6b:be:11:a2:e3:
         ab:c2:2f:e6:19:4f:9f:4e:91:25:63:a4:3c:68:d4:e3:b1:49:
         33:62:49:91:c9:85:72:65:fc:e4:c0:1b:b8:3f:b1:33:d0:27:
         57:9b:d4:e8:ec:91:fd:06:55:87:a1:10:17:3a:0b:a6:57:fc:
         ef:16:9f:4b:cc:a7:7a:3b:94:9e:71:18:38:47:0f:5d:f6:39:
         a9:1e:9a:13:ef:e1:05:43:57:22:52:f4:81:e8:03:34:09:50:
         0b:d4:b9:4d:0f:93:f3:20:a1:96:05:82:4f:ca:b9:ce:87:77:
         1c:51:17:82:cf:3a:82:a0:a4:aa:fc:a1:e5:fa:1d:81:db:36:
         0a:07:ab:14:11:03:6a:55:0e:a2:b8:89:db:64:b2:66:76:2d:
         b5:d7:3c:a0:f8:b6:e5:9f:2f:0f:e1:3c:40:39:f7:72:22:b5:
         a8:a7:55:16:1b:90:5e:66:d1:14:97:e4:c6:05:a2:2a:2e:f9:
         22:26:bd:ee:0e:5e:f3:c3:11:b1:b4:f2:4c:07:78:9c:13:89:
         27:8a:f9:21:5b:0e:a3:bc:2e:12:e7:aa:38:07:ce:52:0d:7a:
         25:b2:8a:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxJ4yEMMVx3Gn31F4clQtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVhYTcwMzQyNTBhYjFhODc4OWFjODZjYzBlZWYzYmZj
OWRiNWYwHhcNMjMwMTAyMDYyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDdkMzI3MTMwNzg0OWZiNTk0YjFjMjQ3NmIzMzA3OTQ3OWE1YTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvm1pogk0c2Xep2DyBj6W5MfSAxY
3rC1elDGI0pjovteVdopuUJDusNcb7GCEXzqpCa5cNegbX3G3j2ta4RkkipJMtpB
d2G5wSorQA7IMyNiuWZ6arluthUcBNW2+0DJU1i1z5VIYzgTnyvHA58t8u4Q+t6s
41mY8mXAOBY7zoKXJND0yuVFfp5JNFCBXxJdZi8cHSi0hVI2DlAbmJl7uR2NHLlB
qcOc9nuj6wqVqc274H2M2szeM47gcxYoRKHNPTY2K3eHdRLvRJBOATIO3cbSjZfm
f+BDjvSnsQEYV7aAa1XggNJzBurMSKZgtKB8Qge+jB+pPKZJBep7mdvW+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHR9MnEweEn7WUscJHazMHlHmlpGMB8GA1UdIwQY
MBaAFMjVqnA0JQqxqHiayGzA7vO/ydtfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5XcWNEUWxDckdvZUpySWJNRHU4N19KMjE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8yZDQ5MGMtNmZmOC00NzFkLTk3ZDIt
MmQ3MmYyMzE5M2RiLzEvZEgweWNUQjRTZnRaU3h3a2RyTXdlVWVhV2tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8yZDQ5MGMtNmZmOC00NzFkLTk3ZDItMmQ3MmYyMzE5M2Ri
LzEveU5XcWNEUWxDckdvZUpySWJNRHU4N19KMjE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVXcIMA0G
CSqGSIb3DQEBCwUAA4IBAQBrIqWv+MxyzVMSpSARC/gesGKJbVsXpWUmmpOazFr6
a74RouOrwi/mGU+fTpElY6Q8aNTjsUkzYkmRyYVyZfzkwBu4P7Ez0CdXm9To7JH9
BlWHoRAXOgumV/zvFp9LzKd6O5SecRg4Rw9d9jmpHpoT7+EFQ1ciUvSB6AM0CVAL
1LlND5PzIKGWBYJPyrnOh3ccUReCzzqCoKSq/KHl+h2B2zYKB6sUEQNqVQ6iuInb
ZLJmdi211zyg+Lblny8P4TxAOfdyIrWop1UWG5BeZtEUl+TGBaIqLvkiJr3uDl7z
wxGxtPJMB3icE4knivkhWw6jvC4S56o4B85SDXolsoqw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:56 2024 by rpki-client on console-ams.rpki-client.org