Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/b72806-49e8-4112-a235-1c1e8532d5b0/1/S5Y-N1GvV235SBR-79wiZavSNCY.roa
File:                     S5Y-N1GvV235SBR-79wiZavSNCY.roa (raw, json)
Hash identifier:          FPXrS2xQP07rZygaoNYUczT41DTMMCRKaEtOXCdLXMM=
Subject key identifier:   4B:96:3E:37:51:AF:57:6D:F9:48:14:7E:EF:DC:22:65:AB:D2:34:26
Certificate issuer:       /CN=8ec33b8e1356fccfc83466eed8a865512a7d00f1
Certificate serial:       01856D0A8ADEA1FF6122F96EB6BF1D3505E8
Authority key identifier: 8E:C3:3B:8E:13:56:FC:CF:C8:34:66:EE:D8:A8:65:51:2A:7D:00:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jsM7jhNW_M_INGbu2KhlUSp9APE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/b72806-49e8-4112-a235-1c1e8532d5b0/1/S5Y-N1GvV235SBR-79wiZavSNCY.roa
Signing time:             Sun 01 Jan 2023 11:14:45 +0000
ROA not before:           Sun 01 Jan 2023 11:14:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203739
IP address blocks:        185.255.69.0/24 maxlen: 24
                          185.255.70.0/24 maxlen: 24
                          185.255.71.0/24 maxlen: 24
                          185.255.68.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:0a:8a:de:a1:ff:61:22:f9:6e:b6:bf:1d:35:05:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ec33b8e1356fccfc83466eed8a865512a7d00f1
        Validity
            Not Before: Jan  1 11:14:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b963e3751af576df948147eefdc2265abd23426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:36:45:47:53:73:cb:7a:17:ae:94:27:33:31:
                    c1:d1:24:60:5e:04:4a:19:41:05:92:54:8e:95:e0:
                    ac:ae:2c:72:1e:8c:9a:00:38:d7:49:bb:2e:17:d9:
                    1b:39:e7:ed:9c:ce:e7:29:ec:f8:31:48:44:16:40:
                    33:70:11:70:e0:c8:3d:e4:c3:db:d8:cf:94:db:9f:
                    b5:b2:6f:20:d6:aa:45:14:ee:41:ef:6c:06:41:4e:
                    93:94:03:93:e7:d8:4f:b6:95:f8:97:d9:63:c0:3a:
                    12:eb:d4:84:be:c9:dc:eb:c4:b4:87:d2:87:b2:34:
                    b6:d6:a1:06:dd:d6:97:74:86:49:10:b6:51:86:ca:
                    e5:1a:c4:47:92:f6:f4:66:68:31:04:f3:66:ff:0f:
                    f4:93:19:13:d6:1a:bf:0a:e7:d4:8b:44:24:f8:d2:
                    80:d9:bc:c0:3d:a7:72:b8:da:10:c2:b7:09:8b:95:
                    48:01:f8:50:fc:d8:ca:53:6c:e2:8d:17:05:17:c2:
                    6b:d1:5c:e4:40:03:74:a3:d3:19:34:15:56:42:17:
                    b6:5b:b4:78:51:d4:e1:35:5a:0b:db:c4:88:97:b5:
                    4d:b2:45:8e:de:54:de:86:7f:ab:95:a3:34:50:89:
                    0f:fe:d7:5a:b8:82:08:7b:6f:57:d6:d5:e9:5a:74:
                    79:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:96:3E:37:51:AF:57:6D:F9:48:14:7E:EF:DC:22:65:AB:D2:34:26
            X509v3 Authority Key Identifier:
                keyid:8E:C3:3B:8E:13:56:FC:CF:C8:34:66:EE:D8:A8:65:51:2A:7D:00:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jsM7jhNW_M_INGbu2KhlUSp9APE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/b72806-49e8-4112-a235-1c1e8532d5b0/1/S5Y-N1GvV235SBR-79wiZavSNCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/b72806-49e8-4112-a235-1c1e8532d5b0/1/jsM7jhNW_M_INGbu2KhlUSp9APE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:61:4b:5e:85:85:43:a6:90:7b:81:b8:cc:47:cc:4d:6c:19:
         04:49:b6:68:91:df:9d:f1:e8:bc:9e:4a:7d:cd:0d:9e:6b:c3:
         5d:bd:3b:1a:16:d8:7b:2c:be:57:3d:6f:89:d9:f4:e7:25:e8:
         08:e0:53:e2:33:b6:c5:45:3d:78:62:69:0b:62:74:3e:96:99:
         41:ea:65:af:9a:c7:9c:95:c7:13:7c:ee:cb:14:52:f8:2e:e7:
         77:9f:c6:fe:e1:13:c8:00:72:89:05:ef:d9:e6:5d:df:1a:94:
         d1:a8:2f:bd:2b:64:e9:03:67:df:26:3a:92:b8:3c:3d:cd:87:
         fd:11:a4:db:a1:f7:57:de:f0:7c:68:19:e7:df:5c:dc:23:fa:
         ef:eb:67:58:47:6a:e3:5b:de:d1:3b:66:88:b1:81:13:57:90:
         c8:dd:77:e2:f4:ab:53:af:43:8a:c5:63:de:e9:5d:73:6a:47:
         a0:aa:49:bf:a9:8f:63:ca:33:ff:76:9f:5d:10:ba:49:83:9f:
         8a:09:e1:5c:3d:ac:d1:44:e0:67:a3:7f:e0:48:66:2e:32:1b:
         e6:96:4e:c5:94:70:55:d8:a5:40:4e:1c:a1:7e:b2:19:26:7d:
         6b:f8:cf:f6:1b:17:d9:0a:62:d7:c0:e8:12:54:1d:ec:87:85:
         04:35:e6:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVtCoreof9hIvlutr8dNQXoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYzMzYjhlMTM1NmZjY2ZjODM0NjZlZWQ4YTg2NTUxMmE3
ZDAwZjEwHhcNMjMwMTAxMTExNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjk2M2UzNzUxYWY1NzZkZjk0ODE0N2VlZmRjMjI2NWFiZDIzNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzZFR1Nzy3oXrpQnMzHB0SRgXgRK
GUEFklSOleCsrixyHoyaADjXSbsuF9kbOeftnM7nKez4MUhEFkAzcBFw4Mg95MPb
2M+U25+1sm8g1qpFFO5B72wGQU6TlAOT59hPtpX4l9ljwDoS69SEvsnc68S0h9KH
sjS21qEG3daXdIZJELZRhsrlGsRHkvb0ZmgxBPNm/w/0kxkT1hq/CufUi0Qk+NKA
2bzAPadyuNoQwrcJi5VIAfhQ/NjKU2zijRcFF8Jr0VzkQAN0o9MZNBVWQhe2W7R4
UdThNVoL28SIl7VNskWO3lTehn+rlaM0UIkP/tdauIIIe29X1tXpWnR5bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEuWPjdRr1dt+UgUfu/cImWr0jQmMB8GA1UdIwQY
MBaAFI7DO44TVvzPyDRm7tioZVEqfQDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanNNN2poTldfTV9JTkdidTJLaGxVU3A5QVBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi9iNzI4MDYtNDllOC00MTEyLWEyMzUt
MWMxZTg1MzJkNWIwLzEvUzVZLU4xR3ZWMjM1U0JSLTc5d2laYXZTTkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi9iNzI4MDYtNDllOC00MTEyLWEyMzUtMWMxZTg1MzJkNWIw
LzEvanNNN2poTldfTV9JTkdidTJLaGxVU3A5QVBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf9EMA0G
CSqGSIb3DQEBCwUAA4IBAQB6YUtehYVDppB7gbjMR8xNbBkESbZokd+d8ei8nkp9
zQ2ea8NdvTsaFth7LL5XPW+J2fTnJegI4FPiM7bFRT14YmkLYnQ+lplB6mWvmsec
lccTfO7LFFL4Lud3n8b+4RPIAHKJBe/Z5l3fGpTRqC+9K2TpA2ffJjqSuDw9zYf9
EaTbofdX3vB8aBnn31zcI/rv62dYR2rjW97RO2aIsYETV5DI3Xfi9KtTr0OKxWPe
6V1zakegqkm/qY9jyjP/dp9dELpJg5+KCeFcPazRROBno3/gSGYuMhvmlk7FlHBV
2KVAThyhfrIZJn1r+M/2GxfZCmLXwOgSVB3sh4UENeYJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:58 2024 by rpki-client on console-ams.rpki-client.org