Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/71d52f-7e07-49d1-b99b-f70d5ef875c3/1/ONlGbHilAEeSMzbZWjwx_SIeCKk.roa
File:                     ONlGbHilAEeSMzbZWjwx_SIeCKk.roa (raw, json)
Hash identifier:          brDufPGRnylw1ackaVifvNUEcb0X/RiLHal4ZPo+L0E=
Subject key identifier:   38:D9:46:6C:78:A5:00:47:92:33:36:D9:5A:3C:31:FD:22:1E:08:A9
Certificate issuer:       /CN=745b6c3c9abdedb96eb1ef3f7f7fa70057522c7f
Certificate serial:       01856CF85733FE566B64C340A8EA40B20BE1
Authority key identifier: 74:5B:6C:3C:9A:BD:ED:B9:6E:B1:EF:3F:7F:7F:A7:00:57:52:2C:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dFtsPJq97bluse8_f3-nAFdSLH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/71d52f-7e07-49d1-b99b-f70d5ef875c3/1/ONlGbHilAEeSMzbZWjwx_SIeCKk.roa
Signing time:             Sun 01 Jan 2023 10:54:52 +0000
ROA not before:           Sun 01 Jan 2023 10:54:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62217
IP address blocks:        185.184.156.0/24 maxlen: 24
                          185.184.157.0/24 maxlen: 24
                          185.184.158.0/24 maxlen: 24
                          185.184.156.0/22 maxlen: 22
                          185.184.159.0/24 maxlen: 24
                          2a0b:3880::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:f8:57:33:fe:56:6b:64:c3:40:a8:ea:40:b2:0b:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=745b6c3c9abdedb96eb1ef3f7f7fa70057522c7f
        Validity
            Not Before: Jan  1 10:54:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38d9466c78a50047923336d95a3c31fd221e08a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ca:f4:c6:43:3a:db:59:81:13:79:a9:a8:7f:
                    f8:ab:2b:9b:cf:a7:4e:58:4a:0e:b3:73:0b:ee:2b:
                    a5:f6:84:44:86:62:53:7f:3d:ce:cd:c2:fb:df:a0:
                    1e:12:59:e3:f1:a4:8e:42:14:a9:4e:a5:55:2b:d6:
                    9e:3a:cd:64:71:09:00:e7:0b:5f:fd:14:ef:09:cc:
                    a5:2b:e1:d6:b3:fe:24:22:5a:a3:9a:01:54:aa:16:
                    68:bf:73:d1:fb:5f:df:fc:7d:26:d2:04:98:1b:f1:
                    94:7b:9a:b8:a6:a8:fd:14:bb:87:6a:c5:76:0d:45:
                    0b:8e:21:69:5a:94:6a:00:86:d2:42:54:4a:36:4f:
                    d8:27:57:9c:7c:5c:b4:85:b5:21:05:70:8e:25:a2:
                    4c:48:7b:1e:e4:c1:4e:a9:7b:b3:cb:6e:54:c2:df:
                    c6:99:e7:27:d7:4e:8f:a5:cb:5d:af:d5:41:43:f4:
                    25:8b:6f:62:92:bc:cd:0e:98:73:ba:47:92:fb:66:
                    b4:69:73:e8:5d:6a:b9:5f:7a:b7:f2:aa:cb:f1:11:
                    ba:a4:bf:62:6f:67:c7:a9:84:1c:e9:23:cd:fc:6e:
                    28:3f:0a:98:03:df:48:97:5c:2c:2b:96:50:a6:c0:
                    67:0b:ee:0d:65:63:83:9c:6a:19:c9:09:ea:f9:85:
                    3c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:D9:46:6C:78:A5:00:47:92:33:36:D9:5A:3C:31:FD:22:1E:08:A9
            X509v3 Authority Key Identifier:
                keyid:74:5B:6C:3C:9A:BD:ED:B9:6E:B1:EF:3F:7F:7F:A7:00:57:52:2C:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dFtsPJq97bluse8_f3-nAFdSLH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/71d52f-7e07-49d1-b99b-f70d5ef875c3/1/ONlGbHilAEeSMzbZWjwx_SIeCKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/71d52f-7e07-49d1-b99b-f70d5ef875c3/1/dFtsPJq97bluse8_f3-nAFdSLH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.156.0/22
                IPv6:
                  2a0b:3880::/32

    Signature Algorithm: sha256WithRSAEncryption
         5d:c9:13:d3:e2:81:c8:23:59:84:5e:87:27:5b:d9:0b:a6:07:
         75:ef:14:3c:12:a6:4b:7f:28:08:f6:be:c9:0a:32:ee:b6:07:
         f0:6f:23:9b:9d:15:53:aa:1e:ac:14:b3:e3:21:a1:a4:6f:bc:
         2a:22:4a:df:6c:9f:bc:18:6f:27:45:d2:95:87:26:1f:c8:ef:
         13:c0:ca:c3:6a:5a:1f:36:18:7b:75:4d:a9:c1:9a:ed:a7:01:
         38:f0:20:4e:e3:f7:79:49:63:36:1a:68:c5:a9:d7:9c:82:be:
         0f:57:07:0a:88:e2:16:9c:2b:c3:81:ef:e4:25:11:b6:40:9f:
         5b:c4:5b:a8:9b:6d:38:5f:3d:e1:75:19:dc:53:62:06:92:58:
         57:f1:1d:bf:02:47:4f:41:9d:8c:28:8a:af:75:53:f5:b5:d0:
         04:4e:2c:06:46:7f:a9:72:5e:bc:fe:78:1f:05:0a:1c:a3:0b:
         d4:ca:24:34:7a:81:ce:fd:f1:35:55:f3:bb:13:06:2d:13:08:
         bc:4a:c4:79:f7:b3:7f:4a:b2:0a:45:ad:3c:ee:95:b2:82:84:
         32:1b:f9:2f:4b:bd:01:94:e5:b6:70:3d:09:16:9a:36:c3:9c:
         81:d2:72:17:7e:21:06:7c:83:05:80:46:22:b9:98:82:36:91:
         74:a7:6b:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVs+Fcz/lZrZMNAqOpAsgvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NWI2YzNjOWFiZGVkYjk2ZWIxZWYzZjdmN2ZhNzAwNTc1
MjJjN2YwHhcNMjMwMTAxMTA1NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ5NDY2Yzc4YTUwMDQ3OTIzMzM2ZDk1YTNjMzFmZDIyMWUwOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksr0xkM621mBE3mpqH/4qyubz6dO
WEoOs3ML7iul9oREhmJTfz3OzcL736AeElnj8aSOQhSpTqVVK9aeOs1kcQkA5wtf
/RTvCcylK+HWs/4kIlqjmgFUqhZov3PR+1/f/H0m0gSYG/GUe5q4pqj9FLuHasV2
DUULjiFpWpRqAIbSQlRKNk/YJ1ecfFy0hbUhBXCOJaJMSHse5MFOqXuzy25Uwt/G
mecn106Ppctdr9VBQ/Qli29ikrzNDphzukeS+2a0aXPoXWq5X3q38qrL8RG6pL9i
b2fHqYQc6SPN/G4oPwqYA99Il1wsK5ZQpsBnC+4NZWODnGoZyQnq+YU88wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDjZRmx4pQBHkjM22Vo8Mf0iHgipMB8GA1UdIwQY
MBaAFHRbbDyave25brHvP39/pwBXUix/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEZ0c1BKcTk3Ymx1c2U4X2YzLW5BRmRTTEg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC83MWQ1MmYtN2UwNy00OWQxLWI5OWIt
ZjcwZDVlZjg3NWMzLzEvT05sR2JIaWxBRWVTTXpiWldqd3hfU0llQ0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC83MWQ1MmYtN2UwNy00OWQxLWI5OWItZjcwZDVlZjg3NWMz
LzEvZEZ0c1BKcTk3Ymx1c2U4X2YzLW5BRmRTTEg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubicMA0E
AgACMAcDBQAqCziAMA0GCSqGSIb3DQEBCwUAA4IBAQBdyRPT4oHII1mEXocnW9kL
pgd17xQ8EqZLfygI9r7JCjLutgfwbyObnRVTqh6sFLPjIaGkb7wqIkrfbJ+8GG8n
RdKVhyYfyO8TwMrDalofNhh7dU2pwZrtpwE48CBO4/d5SWM2GmjFqdecgr4PVwcK
iOIWnCvDge/kJRG2QJ9bxFuom204Xz3hdRncU2IGklhX8R2/AkdPQZ2MKIqvdVP1
tdAETiwGRn+pcl68/ngfBQocowvUyiQ0eoHO/fE1VfO7EwYtEwi8SsR597N/SrIK
Ra087pWygoQyG/kvS70BlOW2cD0JFpo2w5yB0nIXfiEGfIMFgEYiuZiCNpF0p2u6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:10 2024 by rpki-client on console-fra.rpki-client.org