Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/Z3KthyZSZW0sWh4g35aGKUVwZ1o.roa
File:                     Z3KthyZSZW0sWh4g35aGKUVwZ1o.roa (raw, json)
Hash identifier:          TBULL4JdwQy0yLkZfULI8CUCyZt1b/H4weoNeAdHRPE=
Subject key identifier:   67:72:AD:87:26:52:65:6D:2C:5A:1E:20:DF:96:86:29:45:70:67:5A
Certificate issuer:       /CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
Certificate serial:       018C43A4FB6929C3798DF4E7313D5582B75E
Authority key identifier: 28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/Z3KthyZSZW0sWh4g35aGKUVwZ1o.roa
Signing time:             Thu 07 Dec 2023 09:38:54 +0000
ROA not before:           Thu 07 Dec 2023 09:38:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20986
IP address blocks:        185.249.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Dec 2023 14:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:43:a4:fb:69:29:c3:79:8d:f4:e7:31:3d:55:82:b7:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
        Validity
            Not Before: Dec  7 09:38:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6772ad872652656d2c5a1e20df9686294570675a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:3f:2f:0e:ab:c8:c2:2c:df:6f:d3:08:10:5d:
                    3f:60:5a:98:e7:b9:fb:73:0b:f2:e0:bc:90:ee:b3:
                    f7:be:e3:87:33:fa:76:a4:68:7c:f4:7f:ed:74:91:
                    0d:a0:59:c2:64:fa:34:ec:12:10:70:1c:57:70:1b:
                    87:67:6a:aa:6d:a3:b3:05:dd:39:7e:42:47:96:35:
                    25:8a:71:32:65:ea:80:8e:30:75:71:d1:98:b7:b9:
                    c5:82:14:e6:3b:26:c7:77:22:b6:ce:5f:28:b6:39:
                    6f:f1:9f:ed:ee:ec:64:3e:bc:a0:51:c0:4e:fb:d7:
                    1b:25:b4:e4:39:82:4a:e3:b8:95:f1:c6:42:1f:76:
                    28:4c:f2:27:77:60:07:6b:f1:92:46:3e:37:f6:3b:
                    65:f8:2b:ac:a4:d1:db:a4:10:a7:51:dc:55:f9:be:
                    70:3f:23:60:4e:4c:a6:41:ea:da:65:67:9e:7a:80:
                    3d:50:71:a0:f1:ca:6e:1a:4f:4c:e3:79:f2:91:36:
                    73:8f:34:51:28:0f:80:28:0a:53:9b:8e:26:5b:4d:
                    66:01:08:f4:1b:c8:cf:02:74:8c:d1:da:a4:18:1d:
                    ff:3b:f8:f8:f3:71:e8:96:19:c5:72:90:b1:b5:ce:
                    6c:8d:66:3c:9e:19:3d:09:bc:54:66:44:cb:f3:db:
                    1a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:72:AD:87:26:52:65:6D:2C:5A:1E:20:DF:96:86:29:45:70:67:5A
            X509v3 Authority Key Identifier:
                keyid:28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/Z3KthyZSZW0sWh4g35aGKUVwZ1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:96:35:02:f6:d7:e6:5a:eb:3e:b4:ce:86:05:c5:01:df:ec:
         f0:5f:02:d8:1c:5c:18:31:51:bd:3d:04:fc:9d:7e:07:0b:05:
         47:9e:56:2b:f9:14:fe:98:f6:a0:50:ba:52:06:7a:bf:85:0a:
         77:7d:56:a0:4e:8c:d8:48:cb:12:d8:75:d0:fb:95:ae:68:91:
         b1:cf:44:70:3d:13:0b:e6:6a:65:89:59:b3:cc:44:45:6a:40:
         fc:62:d7:fa:9c:dc:25:ea:a5:a4:e5:50:7f:7a:d5:28:e2:ad:
         0d:56:ab:41:f2:85:b0:df:df:f7:47:a6:f8:0d:3b:57:0f:5e:
         42:ff:70:58:b3:c7:44:b8:33:23:f2:21:48:b7:6c:9b:c2:e6:
         75:4f:79:13:6d:4d:76:95:d4:c5:c9:e0:17:92:ce:f6:53:91:
         59:f2:d3:1e:23:10:92:c8:d9:d7:fb:a0:55:79:b7:25:d2:50:
         9f:5c:c8:b1:7e:9b:38:45:82:eb:3c:2c:69:27:5d:43:22:57:
         ae:0b:56:72:42:31:55:5c:af:ab:ae:72:fd:f5:a5:c8:d8:74:
         78:80:09:69:3d:32:ff:0c:99:54:e3:2f:c1:11:07:4e:46:d2:
         4e:86:f8:88:9c:cd:c0:78:8f:0b:ae:53:45:dd:c3:44:be:dd:
         30:1c:cb:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxDpPtpKcN5jfTnMT1VgrdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmYxZTcyMzIzNzQyYWM0ZDgxMzZhYjZjOGU4NWRmN2Jh
MzdlZWIwHhcNMjMxMjA3MDkzODU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzcyYWQ4NzI2NTI2NTZkMmM1YTFlMjBkZjk2ODYyOTQ1NzA2NzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjD8vDqvIwizfb9MIEF0/YFqY57n7
cwvy4LyQ7rP3vuOHM/p2pGh89H/tdJENoFnCZPo07BIQcBxXcBuHZ2qqbaOzBd05
fkJHljUlinEyZeqAjjB1cdGYt7nFghTmOybHdyK2zl8otjlv8Z/t7uxkPrygUcBO
+9cbJbTkOYJK47iV8cZCH3YoTPInd2AHa/GSRj439jtl+CuspNHbpBCnUdxV+b5w
PyNgTkymQeraZWeeeoA9UHGg8cpuGk9M43nykTZzjzRRKA+AKApTm44mW01mAQj0
G8jPAnSM0dqkGB3/O/j483HolhnFcpCxtc5sjWY8nhk9CbxUZkTL89sagwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdyrYcmUmVtLFoeIN+WhilFcGdaMB8GA1UdIwQY
MBaAFCi/HnIyN0KsTYE2q2yOhd97o37rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEt
MGM0ODFmMGFkMjBlLzEvWjNLdGh5WlNaVzBzV2g0ZzM1YUdLVVZ3WjFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEtMGM0ODFmMGFkMjBl
LzEvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufmOMA0G
CSqGSIb3DQEBCwUAA4IBAQBNljUC9tfmWus+tM6GBcUB3+zwXwLYHFwYMVG9PQT8
nX4HCwVHnlYr+RT+mPagULpSBnq/hQp3fVagTozYSMsS2HXQ+5WuaJGxz0RwPRML
5mpliVmzzERFakD8Ytf6nNwl6qWk5VB/etUo4q0NVqtB8oWw39/3R6b4DTtXD15C
/3BYs8dEuDMj8iFIt2ybwuZ1T3kTbU12ldTFyeAXks72U5FZ8tMeIxCSyNnX+6BV
ebcl0lCfXMixfps4RYLrPCxpJ11DIleuC1ZyQjFVXK+rrnL99aXI2HR4gAlpPTL/
DJlU4y/BEQdORtJOhviInM3AeI8LrlNF3cNEvt0wHMsM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:43 2024 by rpki-client on console-fra.rpki-client.org