Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/mxX7ISPRikzbfG6XHtQTCsB26UI.roa
File:                     mxX7ISPRikzbfG6XHtQTCsB26UI.roa (raw, json)
Hash identifier:          6cyw3AynFswcEuJgGo0G+s83pNytFwRINU7SjOjEV6s=
Subject key identifier:   9B:15:FB:21:23:D1:8A:4C:DB:7C:6E:97:1E:D4:13:0A:C0:76:E9:42
Certificate issuer:       /CN=1d4404c8392e82d4b7029b69cb6ee290b9b42c00
Certificate serial:       018CC726F46332AAC44F2D600A4E7DA29DF9
Authority key identifier: 1D:44:04:C8:39:2E:82:D4:B7:02:9B:69:CB:6E:E2:90:B9:B4:2C:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/mxX7ISPRikzbfG6XHtQTCsB26UI.roa
Signing time:             Mon 01 Jan 2024 22:31:08 +0000
ROA not before:           Mon 01 Jan 2024 22:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201453
IP address blocks:        185.112.78.0/24 maxlen: 24
                          185.112.76.0/22 maxlen: 22
                          185.112.76.0/24 maxlen: 24
                          185.112.79.0/24 maxlen: 24
                          2a06:6382::/32 maxlen: 32
                          2a06:6386::/32 maxlen: 32
                          2a06:6387::/32 maxlen: 32
                          2a06:6381::/32 maxlen: 32
                          2a06:6384::/32 maxlen: 32
                          2a06:6380::/32 maxlen: 32
                          2a06:6383::/32 maxlen: 32
                          2a06:6385::/32 maxlen: 32
                          2a06:6380::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 16 Jul 2024 13:16:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f4:63:32:aa:c4:4f:2d:60:0a:4e:7d:a2:9d:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d4404c8392e82d4b7029b69cb6ee290b9b42c00
        Validity
            Not Before: Jan  1 22:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9b15fb2123d18a4cdb7c6e971ed4130ac076e942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:65:11:6b:2f:b5:63:16:35:f7:b5:62:0f:a0:
                    30:10:b1:d8:6a:27:0d:93:e7:77:41:8a:cf:d9:31:
                    29:9f:63:d0:ed:bc:50:52:57:0c:bb:0a:63:7e:23:
                    18:b4:a1:40:7f:96:8c:4b:89:fb:63:fa:45:62:ea:
                    52:b1:fc:88:ba:f4:8a:3a:78:c8:91:b8:82:fe:50:
                    a7:10:e7:2b:08:21:6b:66:7c:35:83:4f:b3:9a:45:
                    f7:61:56:96:0e:5f:20:23:7a:16:54:df:db:d5:e0:
                    57:e7:87:8e:5a:09:e1:05:a0:ff:72:10:62:f4:32:
                    a6:cd:06:7b:f5:78:c6:32:d0:a6:32:21:7a:16:53:
                    21:3c:f5:cd:16:9f:5f:03:59:d6:91:f6:7c:fd:6e:
                    f8:d1:ed:64:dd:91:8b:81:a4:9f:3e:87:64:3b:7a:
                    3d:96:e8:be:10:cb:6f:fb:c5:99:19:f4:ef:5c:a6:
                    d4:f1:98:56:16:58:d8:5e:92:a4:ab:2c:8d:22:cb:
                    8c:2e:76:58:24:2e:09:50:1a:90:a6:c7:72:ce:36:
                    eb:34:9a:75:78:dc:0b:c0:22:c5:b8:bc:90:38:b6:
                    12:13:ad:52:c0:76:6a:9d:a3:cd:db:6c:55:a9:0b:
                    c2:7e:5f:21:fe:3e:ab:07:83:af:59:88:58:5f:55:
                    fc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:15:FB:21:23:D1:8A:4C:DB:7C:6E:97:1E:D4:13:0A:C0:76:E9:42
            X509v3 Authority Key Identifier:
                keyid:1D:44:04:C8:39:2E:82:D4:B7:02:9B:69:CB:6E:E2:90:B9:B4:2C:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUQEyDkugtS3Aptpy27ikLm0LAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/mxX7ISPRikzbfG6XHtQTCsB26UI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/d4b835-f5b5-4704-ae97-c26328561030/1/HUQEyDkugtS3Aptpy27ikLm0LAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.76.0/22
                IPv6:
                  2a06:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:ac:2f:bd:1a:77:dd:9e:e0:6b:12:82:9d:a6:ae:db:34:b5:
         9a:25:0f:b4:cc:23:e5:13:75:9f:b4:d9:f4:76:92:7b:cd:59:
         28:32:3f:7c:c5:39:49:6a:57:df:e1:2f:c1:12:28:82:70:04:
         c9:5a:63:3f:4a:31:23:26:c2:30:f0:93:a6:b4:12:a9:13:c0:
         e7:15:38:fe:2f:f7:65:7f:aa:6f:2f:a8:90:94:20:35:cb:91:
         67:7d:da:7b:d4:fa:1b:19:84:4d:cd:82:16:4d:e6:b1:23:78:
         da:03:28:4c:b0:13:cf:ac:81:f7:56:ab:2b:90:29:b6:a0:f3:
         23:16:68:8f:c1:f7:cf:b7:b9:3c:5e:5c:ae:2b:9d:32:0a:ff:
         18:e8:8a:75:17:71:66:61:9b:4c:6f:c5:5e:2c:be:c5:1b:59:
         ff:63:e1:4d:55:bd:a0:49:ae:dd:17:d0:62:ef:3b:73:e1:82:
         24:89:dc:92:e5:87:4d:2f:a9:b2:17:7d:d9:8b:ed:66:79:7a:
         1a:49:8c:a8:b8:ef:d0:af:fc:4b:7d:db:32:ef:9c:4d:1d:fd:
         93:96:55:e4:f2:d4:cb:2a:41:e9:55:a0:8a:4e:b1:a9:d5:3b:
         e2:75:1a:7a:bb:5c:b4:21:55:d0:53:d7:12:77:cc:e2:18:a2:
         43:0d:d3:96
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJvRjMqrETy1gCk59op35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDQwNGM4MzkyZTgyZDRiNzAyOWI2OWNiNmVlMjkwYjli
NDJjMDAwHhcNMjQwMTAxMjIzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjE1ZmIyMTIzZDE4YTRjZGI3YzZlOTcxZWQ0MTMwYWMwNzZlOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAimURay+1YxY197ViD6AwELHYaicN
k+d3QYrP2TEpn2PQ7bxQUlcMuwpjfiMYtKFAf5aMS4n7Y/pFYupSsfyIuvSKOnjI
kbiC/lCnEOcrCCFrZnw1g0+zmkX3YVaWDl8gI3oWVN/b1eBX54eOWgnhBaD/chBi
9DKmzQZ79XjGMtCmMiF6FlMhPPXNFp9fA1nWkfZ8/W740e1k3ZGLgaSfPodkO3o9
lui+EMtv+8WZGfTvXKbU8ZhWFljYXpKkqyyNIsuMLnZYJC4JUBqQpsdyzjbrNJp1
eNwLwCLFuLyQOLYSE61SwHZqnaPN22xVqQvCfl8h/j6rB4OvWYhYX1X8qwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJsV+yEj0YpM23xulx7UEwrAdulCMB8GA1UdIwQY
MBaAFB1EBMg5LoLUtwKbactu4pC5tCwAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVRRXlEa3VndFMzQXB0cHkyN2lrTG0wTEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9kNGI4MzUtZjViNS00NzA0LWFlOTct
YzI2MzI4NTYxMDMwLzEvbXhYN0lTUFJpa3piZkc2WEh0UVRDc0IyNlVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9kNGI4MzUtZjViNS00NzA0LWFlOTctYzI2MzI4NTYxMDMw
LzEvSFVRRXlEa3VndFMzQXB0cHkyN2lrTG0wTEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXBMMA0E
AgACMAcDBQMqBmOAMA0GCSqGSIb3DQEBCwUAA4IBAQAerC+9GnfdnuBrEoKdpq7b
NLWaJQ+0zCPlE3WftNn0dpJ7zVkoMj98xTlJalff4S/BEiiCcATJWmM/SjEjJsIw
8JOmtBKpE8DnFTj+L/dlf6pvL6iQlCA1y5Fnfdp71PobGYRNzYIWTeaxI3jaAyhM
sBPPrIH3VqsrkCm2oPMjFmiPwffPt7k8XlyuK50yCv8Y6Ip1F3FmYZtMb8VeLL7F
G1n/Y+FNVb2gSa7dF9Bi7ztz4YIkidyS5YdNL6myF33Zi+1meXoaSYyouO/Qr/xL
fdsy75xNHf2TllXk8tTLKkHpVaCKTrGp1TvidRp6u1y0IVXQU9cSd8ziGKJDDdOW
-----END CERTIFICATE-----
Generated at Tue Jul 16 15:47:31 2024 by rpki-client on console-ams.rpki-client.org