Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/OFVykGUDlsK77XoL3ijj438-idM.roa
File:                     OFVykGUDlsK77XoL3ijj438-idM.roa (raw, json)
Hash identifier:          wGqRJm45RhXt3vrCyiFzDmOcNk7SyNs9a/ZBJdorWMs=
Subject key identifier:   38:55:72:90:65:03:96:C2:BB:ED:7A:0B:DE:28:E3:E3:7F:3E:89:D3
Certificate issuer:       /CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
Certificate serial:       018C82624040DED9DCDA2618D643266BC518
Authority key identifier: 28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/OFVykGUDlsK77XoL3ijj438-idM.roa
Signing time:             Tue 19 Dec 2023 14:02:06 +0000
ROA not before:           Tue 19 Dec 2023 14:02:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20986
IP address blocks:        185.249.143.0/24 maxlen: 24
                          185.249.140.0/24 maxlen: 24
                          185.249.141.0/24 maxlen: 24
                          185.249.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:82:62:40:40:de:d9:dc:da:26:18:d6:43:26:6b:c5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
        Validity
            Not Before: Dec 19 14:02:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38557290650396c2bbed7a0bde28e3e37f3e89d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e6:56:b4:01:03:5d:3d:89:4d:8d:95:4d:7c:
                    09:cd:8f:56:a9:1c:1f:c8:f5:0a:a2:29:b5:aa:38:
                    3b:34:5e:f5:70:ad:70:77:d4:7a:64:2a:7a:48:92:
                    7e:85:33:34:74:01:2e:e4:f3:fd:fe:72:69:66:78:
                    d9:71:9e:b1:a1:07:4e:b4:19:b2:d8:81:77:c7:bd:
                    14:79:94:49:42:37:d4:cf:9f:b9:ab:f3:ea:0d:e6:
                    29:f4:ea:b8:48:52:5e:e9:2e:60:9b:3a:c1:41:b7:
                    27:bf:a0:7d:0a:f2:8b:da:bf:5f:05:3b:8e:c8:cd:
                    cc:1d:f5:38:36:8f:71:6b:46:7d:3c:ae:e8:d1:00:
                    0a:83:dc:e5:6c:a1:3a:17:aa:85:68:d4:4c:4d:53:
                    87:bb:16:1c:ea:62:40:bd:e9:77:3a:f8:0d:98:c1:
                    dc:c1:15:c8:2a:ad:88:84:21:4e:e1:3a:82:bd:ce:
                    8f:fb:3d:c3:1a:7b:d3:fc:be:c4:73:08:8f:b7:94:
                    bb:23:a7:f6:17:38:72:eb:aa:55:43:86:4f:92:a6:
                    90:f4:2f:33:85:4c:2b:b4:4b:40:43:6f:98:f5:01:
                    9e:0e:e8:e8:98:16:f3:cb:8a:d5:46:de:89:20:6d:
                    72:48:38:46:c5:71:30:ae:2e:25:67:89:6f:a1:1b:
                    ba:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:55:72:90:65:03:96:C2:BB:ED:7A:0B:DE:28:E3:E3:7F:3E:89:D3
            X509v3 Authority Key Identifier:
                keyid:28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/OFVykGUDlsK77XoL3ijj438-idM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:f6:c9:98:8a:13:64:53:e3:e2:9b:8d:03:91:ec:84:85:68:
         da:0e:58:55:ef:62:92:c7:9c:b2:22:ba:c2:08:b2:a5:27:64:
         76:72:76:7d:52:49:78:e4:fa:49:4c:4e:89:5e:99:0e:80:a1:
         66:3d:43:de:f9:b0:44:de:5b:91:a0:6d:3e:61:54:9c:a0:8b:
         8f:67:0c:a9:0b:43:35:fb:d2:be:fb:23:bf:2c:08:6d:ec:e2:
         24:c3:f9:6d:ad:78:13:13:5e:13:ca:eb:a1:d2:86:a8:f4:f8:
         2c:8a:fb:5c:09:52:b6:07:9b:9e:d3:46:57:47:52:6e:db:3c:
         e8:46:4c:5e:07:04:f1:43:3c:e6:c7:d1:53:36:e4:a9:63:29:
         94:fb:bd:e1:7a:e8:61:47:ed:94:b7:61:c3:b4:da:37:14:8d:
         79:dc:3d:18:95:d6:1b:a5:c0:c8:8c:6e:a0:7e:7e:65:94:82:
         84:a9:85:91:a1:79:0d:1f:79:6d:26:dc:56:d0:94:eb:4d:b8:
         f0:35:85:2f:9f:75:3d:3b:29:7b:ea:af:2c:df:66:94:46:c2:
         4c:ca:14:0e:11:f0:da:36:17:35:d8:49:c1:21:fd:ac:74:17:
         80:39:0e:7d:8b:ef:d9:69:22:e0:16:97:59:2c:66:f7:b2:8b:
         a0:72:28:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyCYkBA3tnc2iYY1kMma8UYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmYxZTcyMzIzNzQyYWM0ZDgxMzZhYjZjOGU4NWRmN2Jh
MzdlZWIwHhcNMjMxMjE5MTQwMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU1NzI5MDY1MDM5NmMyYmJlZDdhMGJkZTI4ZTNlMzdmM2U4OWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoOZWtAEDXT2JTY2VTXwJzY9WqRwf
yPUKoim1qjg7NF71cK1wd9R6ZCp6SJJ+hTM0dAEu5PP9/nJpZnjZcZ6xoQdOtBmy
2IF3x70UeZRJQjfUz5+5q/PqDeYp9Oq4SFJe6S5gmzrBQbcnv6B9CvKL2r9fBTuO
yM3MHfU4No9xa0Z9PK7o0QAKg9zlbKE6F6qFaNRMTVOHuxYc6mJAvel3OvgNmMHc
wRXIKq2IhCFO4TqCvc6P+z3DGnvT/L7EcwiPt5S7I6f2Fzhy66pVQ4ZPkqaQ9C8z
hUwrtEtAQ2+Y9QGeDujomBbzy4rVRt6JIG1ySDhGxXEwri4lZ4lvoRu6gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDhVcpBlA5bCu+16C94o4+N/PonTMB8GA1UdIwQY
MBaAFCi/HnIyN0KsTYE2q2yOhd97o37rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEt
MGM0ODFmMGFkMjBlLzEvT0ZWeWtHVURsc0s3N1hvTDNpamo0MzgtaWRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEtMGM0ODFmMGFkMjBl
LzEvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmMMA0G
CSqGSIb3DQEBCwUAA4IBAQCp9smYihNkU+Pim40DkeyEhWjaDlhV72KSx5yyIrrC
CLKlJ2R2cnZ9Ukl45PpJTE6JXpkOgKFmPUPe+bBE3luRoG0+YVScoIuPZwypC0M1
+9K++yO/LAht7OIkw/ltrXgTE14Tyuuh0oao9PgsivtcCVK2B5ue00ZXR1Ju2zzo
RkxeBwTxQzzmx9FTNuSpYymU+73heuhhR+2Ut2HDtNo3FI153D0YldYbpcDIjG6g
fn5llIKEqYWRoXkNH3ltJtxW0JTrTbjwNYUvn3U9Oyl76q8s32aURsJMyhQOEfDa
Nhc12EnBIf2sdBeAOQ59i+/ZaSLgFpdZLGb3sougcijQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:39 2024 by rpki-client on console-ams.rpki-client.org