Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/oklumpzPDSEoy6sLvPsXzknYNFo.roa
File:                     oklumpzPDSEoy6sLvPsXzknYNFo.roa (raw, json)
Hash identifier:          OE/oL44SfW3NW/CW7hCFpHkNgCtHsqxApme3+IxRCnA=
Subject key identifier:   A2:49:6E:9A:9C:CF:0D:21:28:CB:AB:0B:BC:FB:17:CE:49:D8:34:5A
Certificate issuer:       /CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
Certificate serial:       0185729EFA06E897B2123DAEAA34AB773B2C
Authority key identifier: 28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/oklumpzPDSEoy6sLvPsXzknYNFo.roa
Signing time:             Mon 02 Jan 2023 13:14:59 +0000
ROA not before:           Mon 02 Jan 2023 13:14:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202140
IP address blocks:        185.249.143.0/24 maxlen: 24
                          185.249.140.0/24 maxlen: 24
                          185.249.140.0/22 maxlen: 22
                          185.249.141.0/24 maxlen: 24
                          185.249.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:9e:fa:06:e8:97:b2:12:3d:ae:aa:34:ab:77:3b:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28bf1e72323742ac4d8136ab6c8e85df7ba37eeb
        Validity
            Not Before: Jan  2 13:14:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a2496e9a9ccf0d2128cbab0bbcfb17ce49d8345a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d2:f7:d1:6a:29:3e:fe:4e:ae:3d:77:76:05:
                    6e:13:a2:44:49:f2:11:6d:02:a3:42:97:d9:af:24:
                    ee:96:43:c9:ad:4c:dc:2f:7d:a8:72:44:42:75:db:
                    a4:22:ad:d9:82:e5:55:0c:96:7c:74:99:91:bc:b2:
                    9c:76:20:37:96:2f:a4:8c:d9:f2:25:49:6e:b8:ec:
                    e6:13:9a:25:80:82:a3:76:8a:61:9a:63:f4:77:ed:
                    75:86:4b:bb:e9:d0:bf:e7:c9:f2:f2:95:2f:18:f5:
                    59:36:8f:06:1c:31:e8:7f:cb:16:68:aa:cd:80:81:
                    4c:22:e0:54:b1:58:83:cd:22:dd:03:12:64:ce:56:
                    33:51:f3:6c:24:f4:fc:9a:f9:bb:3c:78:15:b4:53:
                    93:2b:9a:57:29:10:bb:87:39:cb:65:04:fe:ef:5f:
                    b4:64:d0:08:c4:af:7f:12:32:1d:03:35:73:ab:9d:
                    e1:72:56:ef:07:28:d5:6a:61:e2:d6:dd:78:51:eb:
                    1e:49:38:21:d9:bc:20:d6:57:e3:2f:0b:92:11:1b:
                    27:ca:50:5a:77:d9:46:f7:40:af:50:ce:e2:8c:18:
                    5c:e5:52:cb:51:f3:5c:28:d8:7f:91:36:af:83:49:
                    2c:79:fb:0c:78:9f:76:95:0b:0f:3f:9f:57:e3:02:
                    ad:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:49:6E:9A:9C:CF:0D:21:28:CB:AB:0B:BC:FB:17:CE:49:D8:34:5A
            X509v3 Authority Key Identifier:
                keyid:28:BF:1E:72:32:37:42:AC:4D:81:36:AB:6C:8E:85:DF:7B:A3:7E:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KL8ecjI3QqxNgTarbI6F33ujfus.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/oklumpzPDSEoy6sLvPsXzknYNFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/ba6df7-f325-4184-a54a-0c481f0ad20e/1/KL8ecjI3QqxNgTarbI6F33ujfus.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:50:d1:41:92:78:7c:34:1e:76:7a:8f:9e:1d:14:59:d9:fb:
         b5:0f:f6:95:f2:a6:bb:70:fb:88:ef:b4:25:12:65:65:3f:ac:
         49:ec:a1:d3:d9:f3:a9:76:47:32:f8:f6:91:ac:f1:d0:87:07:
         f4:57:eb:06:14:c7:1f:3c:f5:5d:0e:3d:11:94:f7:05:6b:fb:
         ba:6d:a3:c0:7a:6c:6b:41:fc:f9:fc:94:24:25:30:33:45:2b:
         ec:59:96:f2:a1:7e:60:33:80:d1:a3:f7:19:6c:70:c4:fe:91:
         37:5d:35:26:d7:d9:16:1c:db:bf:b0:6a:0f:cc:ff:dd:0c:af:
         ea:d0:1a:04:b6:a7:2c:ac:cf:d8:d4:3e:bc:a6:b2:86:11:9b:
         2b:0e:48:30:0d:78:16:39:dd:0f:98:0f:e0:dd:0a:96:87:13:
         d8:49:e8:35:23:02:bd:fb:32:1c:51:67:5f:74:0a:52:3b:ba:
         e7:08:23:cf:a2:e7:c2:c3:cd:88:00:e4:97:55:c5:e8:6f:28:
         71:4f:97:da:38:24:46:79:cc:96:5e:17:d5:58:30:c0:c1:3c:
         de:03:2f:1d:5d:43:4e:fd:c8:41:63:ac:9b:0f:ef:7f:cd:43:
         a5:c8:60:95:f5:16:25:ea:ac:0f:a7:6d:c0:34:88:0f:eb:80:
         dc:56:0d:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVynvoG6JeyEj2uqjSrdzssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YmYxZTcyMzIzNzQyYWM0ZDgxMzZhYjZjOGU4NWRmN2Jh
MzdlZWIwHhcNMjMwMTAyMTMxNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjQ5NmU5YTljY2YwZDIxMjhjYmFiMGJiY2ZiMTdjZTQ5ZDgzNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdL30WopPv5Orj13dgVuE6JESfIR
bQKjQpfZryTulkPJrUzcL32ockRCddukIq3ZguVVDJZ8dJmRvLKcdiA3li+kjNny
JUluuOzmE5olgIKjdophmmP0d+11hku76dC/58ny8pUvGPVZNo8GHDHof8sWaKrN
gIFMIuBUsViDzSLdAxJkzlYzUfNsJPT8mvm7PHgVtFOTK5pXKRC7hznLZQT+71+0
ZNAIxK9/EjIdAzVzq53hclbvByjVamHi1t14UeseSTgh2bwg1lfjLwuSERsnylBa
d9lG90CvUM7ijBhc5VLLUfNcKNh/kTavg0ksefsMeJ92lQsPP59X4wKtjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJJbpqczw0hKMurC7z7F85J2DRaMB8GA1UdIwQY
MBaAFCi/HnIyN0KsTYE2q2yOhd97o37rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEt
MGM0ODFmMGFkMjBlLzEvb2tsdW1welBEU0VveTZzTHZQc1h6a25ZTkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iYTZkZjctZjMyNS00MTg0LWE1NGEtMGM0ODFmMGFkMjBl
LzEvS0w4ZWNqSTNRcXhOZ1RhcmJJNkYzM3VqZnVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufmMMA0G
CSqGSIb3DQEBCwUAA4IBAQBuUNFBknh8NB52eo+eHRRZ2fu1D/aV8qa7cPuI77Ql
EmVlP6xJ7KHT2fOpdkcy+PaRrPHQhwf0V+sGFMcfPPVdDj0RlPcFa/u6baPAemxr
Qfz5/JQkJTAzRSvsWZbyoX5gM4DRo/cZbHDE/pE3XTUm19kWHNu/sGoPzP/dDK/q
0BoEtqcsrM/Y1D68prKGEZsrDkgwDXgWOd0PmA/g3QqWhxPYSeg1IwK9+zIcUWdf
dApSO7rnCCPPoufCw82IAOSXVcXobyhxT5faOCRGecyWXhfVWDDAwTzeAy8dXUNO
/chBY6ybD+9/zUOlyGCV9RYl6qwPp23ANIgP64DcVg0K
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:39 2024 by rpki-client on console-ams.rpki-client.org