Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/gEm89esn8JP9akEQLhAz3IRUu5M.roa
File:                     gEm89esn8JP9akEQLhAz3IRUu5M.roa (raw, json)
Hash identifier:          YxZ52YlRL9bNT98TR+lYukVMzB3jRTmOWnIAIAdBzd0=
Subject key identifier:   80:49:BC:F5:EB:27:F0:93:FD:6A:41:10:2E:10:33:DC:84:54:BB:93
Certificate issuer:       /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial:       01856FD538EC3743279035360DE642872EE5
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/gEm89esn8JP9akEQLhAz3IRUu5M.roa
Signing time:             Mon 02 Jan 2023 00:15:22 +0000
ROA not before:           Mon 02 Jan 2023 00:15:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        185.158.248.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 Mar 2023 23:56:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:38:ec:37:43:27:90:35:36:0d:e6:42:87:2e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
        Validity
            Not Before: Jan  2 00:15:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8049bcf5eb27f093fd6a41102e1033dc8454bb93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:60:08:ec:bb:c4:f9:6b:f7:4c:22:74:2a:2f:
                    c9:3b:cc:27:81:e9:3d:20:28:87:03:fe:21:8a:d5:
                    e4:95:20:64:99:15:5a:4e:53:a4:d0:77:2a:5d:3a:
                    96:76:94:75:f6:ce:e7:7a:3b:d4:49:fb:19:2a:f9:
                    16:43:36:b4:72:52:d8:1a:28:8c:06:ff:ac:5d:28:
                    6d:fc:d2:40:66:87:3b:15:e3:a4:9f:f2:4f:59:ab:
                    b6:cc:10:81:21:31:02:6a:03:38:d4:d7:8d:3c:7c:
                    47:ee:0d:20:2f:15:f6:58:36:1f:68:46:7d:37:47:
                    33:65:b5:96:d3:4b:91:cb:ca:e6:04:16:a1:bd:96:
                    21:38:51:d8:ab:47:c7:93:be:c2:d0:8f:dc:2a:eb:
                    7b:b2:8e:5c:54:93:cf:e6:e5:90:b2:55:4a:a6:f0:
                    5b:2b:37:84:8e:72:3e:80:ff:bf:52:1b:35:96:18:
                    05:15:38:7a:63:c4:df:7e:00:86:10:74:56:44:74:
                    4f:72:37:b2:37:ad:bd:27:e6:c5:ef:55:18:f6:04:
                    5c:58:c0:bf:3a:56:c0:fb:5f:19:13:fa:35:f7:b6:
                    2e:d0:74:a9:6d:7d:a9:d3:57:0a:ae:cc:08:a4:6f:
                    1a:85:ff:9a:24:bc:75:e8:3a:e1:17:f3:91:75:cb:
                    8a:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:49:BC:F5:EB:27:F0:93:FD:6A:41:10:2E:10:33:DC:84:54:BB:93
            X509v3 Authority Key Identifier:
                keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/gEm89esn8JP9akEQLhAz3IRUu5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:84:a6:f2:f0:22:01:e3:1c:d4:e7:e7:d6:a6:b3:3a:71:42:
         f5:48:2a:d4:16:26:fb:f4:c1:13:10:42:63:ae:98:f7:47:1f:
         4f:e7:af:44:67:67:4f:d1:7c:de:2f:fe:ca:5e:05:e4:5e:46:
         8b:94:fd:81:c2:48:ac:9e:e1:7f:71:7e:82:85:40:5e:f1:2c:
         ea:39:44:46:17:a0:2c:7d:33:dd:86:61:03:71:fc:3a:49:b5:
         10:de:44:13:6b:61:b2:7f:74:70:36:fb:af:06:f4:12:59:94:
         1d:0f:36:39:03:32:67:6b:38:5b:73:9b:d5:1b:af:f3:b6:38:
         fd:7e:db:69:2d:82:de:9e:c5:e3:e0:71:ac:26:eb:b4:11:a2:
         93:da:7d:72:4f:45:b5:b0:76:3f:fc:b5:b3:f7:cb:46:c9:0b:
         e2:48:89:c7:2c:de:05:12:fd:27:b2:98:9d:16:d7:5a:a0:99:
         f9:68:be:ec:78:ba:e1:87:4a:ea:f8:79:fc:df:d4:de:33:d2:
         48:06:e1:98:78:d8:4e:13:86:95:2d:8e:91:4f:51:d0:5a:43:
         7e:3a:4f:5e:38:c2:2c:40:70:c0:4d:27:c7:55:1d:19:96:35:
         9e:d9:5d:5e:ce:2d:bc:44:29:a8:ab:56:40:ca:58:7a:d8:04:
         99:ec:ca:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVv1TjsN0MnkDU2DeZChy7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwMTAyMDAxNTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDQ5YmNmNWViMjdmMDkzZmQ2YTQxMTAyZTEwMzNkYzg0NTRiYjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmAI7LvE+Wv3TCJ0Ki/JO8wngek9
ICiHA/4hitXklSBkmRVaTlOk0HcqXTqWdpR19s7nejvUSfsZKvkWQza0clLYGiiM
Bv+sXSht/NJAZoc7FeOkn/JPWau2zBCBITECagM41NeNPHxH7g0gLxX2WDYfaEZ9
N0czZbWW00uRy8rmBBahvZYhOFHYq0fHk77C0I/cKut7so5cVJPP5uWQslVKpvBb
KzeEjnI+gP+/Uhs1lhgFFTh6Y8TffgCGEHRWRHRPcjeyN629J+bF71UY9gRcWMC/
OlbA+18ZE/o197Yu0HSpbX2p01cKrswIpG8ahf+aJLx16DrhF/ORdcuKWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBJvPXrJ/CT/WpBEC4QM9yEVLuTMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvZ0VtODllc244SlA5YWtFUUxoQXozSVJVdTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ74MA0G
CSqGSIb3DQEBCwUAA4IBAQCYhKby8CIB4xzU5+fWprM6cUL1SCrUFib79METEEJj
rpj3Rx9P569EZ2dP0XzeL/7KXgXkXkaLlP2BwkisnuF/cX6ChUBe8SzqOURGF6As
fTPdhmEDcfw6SbUQ3kQTa2Gyf3RwNvuvBvQSWZQdDzY5AzJnazhbc5vVG6/ztjj9
fttpLYLensXj4HGsJuu0EaKT2n1yT0W1sHY//LWz98tGyQviSInHLN4FEv0nspid
FtdaoJn5aL7seLrhh0rq+Hn839TeM9JIBuGYeNhOE4aVLY6RT1HQWkN+Ok9eOMIs
QHDATSfHVR0ZljWe2V1ezi28RCmoq1ZAylh62ASZ7Mpn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org