Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/2_k_LiXqQhs5pLXrgtzO0Z1-7OY.roa
File:                     2_k_LiXqQhs5pLXrgtzO0Z1-7OY.roa (raw, json)
Hash identifier:          sdafA7IJEETX8fnqU23RDlpR2802oC7zCwen1Sbejd8=
Subject key identifier:   DB:F9:3F:2E:25:EA:42:1B:39:A4:B5:EB:82:DC:CE:D1:9D:7E:EC:E6
Certificate issuer:       /CN=134bc7e6fdfbf738d23fc5ee5e5acb52befbc051
Certificate serial:       01856B37A9844B669232DB0FB6244693CD3F
Authority key identifier: 13:4B:C7:E6:FD:FB:F7:38:D2:3F:C5:EE:5E:5A:CB:52:BE:FB:C0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E0vH5v379zjSP8XuXlrLUr77wFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/2_k_LiXqQhs5pLXrgtzO0Z1-7OY.roa
Signing time:             Sun 01 Jan 2023 02:44:48 +0000
ROA not before:           Sun 01 Jan 2023 02:44:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35368
IP address blocks:        185.36.136.0/22 maxlen: 22
                          2a04:6440::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:37:a9:84:4b:66:92:32:db:0f:b6:24:46:93:cd:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=134bc7e6fdfbf738d23fc5ee5e5acb52befbc051
        Validity
            Not Before: Jan  1 02:44:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dbf93f2e25ea421b39a4b5eb82dcced19d7eece6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:ff:a2:d0:9d:1d:d4:0b:b5:90:88:65:77:
                    a4:65:b4:10:46:4d:f0:dc:c6:70:b6:47:09:6d:07:
                    cf:48:47:80:53:57:d7:11:59:19:64:a1:bd:61:94:
                    0f:a9:f0:3e:56:f3:28:2d:de:a1:8a:d9:29:1b:ec:
                    be:77:12:b1:dd:4d:4e:2d:ce:b0:f9:4f:69:ec:f8:
                    47:07:42:84:a0:0b:fc:03:7a:f1:0a:83:64:0b:cb:
                    a8:7f:38:b2:bd:9a:74:c8:14:59:57:57:27:be:af:
                    ad:a3:b8:78:4e:dc:ee:f4:90:31:0f:24:33:f8:39:
                    4c:ea:77:1e:16:da:63:98:a0:1f:d8:e9:0e:55:b2:
                    8c:d9:06:b7:58:ac:5f:de:61:be:dc:b7:ee:7d:2e:
                    91:cc:6c:43:13:a6:79:48:f4:96:2a:a1:e7:95:8d:
                    6f:a8:56:2b:e6:6c:57:57:f7:13:d7:eb:d6:c3:05:
                    90:bc:c2:a5:c2:2d:d3:28:84:ec:1c:34:dd:0c:be:
                    56:6f:49:fc:ec:d4:5e:92:9b:31:5d:92:9e:a0:a3:
                    b1:0b:50:93:f1:f8:e9:b1:7f:dc:ea:24:21:13:bf:
                    b0:4f:6a:9c:61:ff:18:37:48:03:60:cb:10:0f:df:
                    ee:bd:96:83:6e:29:0b:bc:72:1e:40:7e:33:a8:db:
                    ef:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F9:3F:2E:25:EA:42:1B:39:A4:B5:EB:82:DC:CE:D1:9D:7E:EC:E6
            X509v3 Authority Key Identifier:
                keyid:13:4B:C7:E6:FD:FB:F7:38:D2:3F:C5:EE:5E:5A:CB:52:BE:FB:C0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E0vH5v379zjSP8XuXlrLUr77wFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/2_k_LiXqQhs5pLXrgtzO0Z1-7OY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/8020d8-0684-44f6-84d1-d1d0f96cad1e/1/E0vH5v379zjSP8XuXlrLUr77wFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.36.136.0/22
                IPv6:
                  2a04:6440::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:49:27:a9:85:74:f5:d8:87:17:b8:1a:c7:5c:09:1e:59:9c:
         e7:ab:24:d4:a6:49:17:33:85:20:01:0e:68:c6:4a:d4:66:85:
         db:c9:ab:4e:06:01:d0:01:99:1a:d5:59:cc:93:c0:49:85:e9:
         8c:da:e2:3a:f7:7f:83:e2:2e:30:9e:e5:4c:47:ac:9d:15:8d:
         d8:65:8e:71:ef:ac:eb:3e:02:d1:dd:f2:9a:21:57:ec:2f:5a:
         7c:22:8a:8f:a5:5e:21:3b:4c:64:5b:b4:81:97:ec:d8:f1:6e:
         a6:52:4d:c3:b0:5f:68:f7:1d:f8:dc:54:08:3a:18:b9:99:9e:
         48:0c:49:1d:95:b1:54:62:d7:4d:b2:f3:1e:ba:d3:7b:29:72:
         a2:e0:28:fd:07:d4:47:c3:eb:78:54:80:e0:a1:73:ca:34:07:
         fe:05:e1:87:c0:f3:a8:db:3f:c0:7d:40:65:49:6d:c6:aa:a2:
         4b:14:aa:79:1f:2d:60:26:cc:fb:c2:6b:d5:3e:22:fe:53:7b:
         cf:1a:7e:c9:39:66:cf:30:4a:1f:af:a2:81:cc:a7:85:75:0a:
         f8:0f:e7:29:42:36:31:69:86:7f:02:6c:05:c4:fb:87:ac:e9:
         7a:24:8a:cd:dc:04:40:44:12:bf:17:a9:65:93:26:0e:e4:6c:
         44:e1:de:d1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVrN6mES2aSMtsPtiRGk80/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNGJjN2U2ZmRmYmY3MzhkMjNmYzVlZTVlNWFjYjUyYmVm
YmMwNTEwHhcNMjMwMTAxMDI0NDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmY5M2YyZTI1ZWE0MjFiMzlhNGI1ZWI4MmRjY2VkMTlkN2VlY2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5X/otCdHdQLtZCIZXekZbQQRk3w
3MZwtkcJbQfPSEeAU1fXEVkZZKG9YZQPqfA+VvMoLd6hitkpG+y+dxKx3U1OLc6w
+U9p7PhHB0KEoAv8A3rxCoNkC8uofziyvZp0yBRZV1cnvq+to7h4Ttzu9JAxDyQz
+DlM6nceFtpjmKAf2OkOVbKM2Qa3WKxf3mG+3LfufS6RzGxDE6Z5SPSWKqHnlY1v
qFYr5mxXV/cT1+vWwwWQvMKlwi3TKITsHDTdDL5Wb0n87NRekpsxXZKeoKOxC1CT
8fjpsX/c6iQhE7+wT2qcYf8YN0gDYMsQD9/uvZaDbikLvHIeQH4zqNvvaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNv5Py4l6kIbOaS164LcztGdfuzmMB8GA1UdIwQY
MBaAFBNLx+b9+/c40j/F7l5ay1K++8BRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTB2SDV2Mzc5empTUDhYdVhsckxVcjc3d0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MDIwZDgtMDY4NC00NGY2LTg0ZDEt
ZDFkMGY5NmNhZDFlLzEvMl9rX0xpWHFRaHM1cExYcmd0ek8wWjEtN09ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MDIwZDgtMDY4NC00NGY2LTg0ZDEtZDFkMGY5NmNhZDFl
LzEvRTB2SDV2Mzc5empTUDhYdVhsckxVcjc3d0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuSSIMA0E
AgACMAcDBQMqBGRAMA0GCSqGSIb3DQEBCwUAA4IBAQA4SSephXT12IcXuBrHXAke
WZznqyTUpkkXM4UgAQ5oxkrUZoXbyatOBgHQAZka1VnMk8BJhemM2uI693+D4i4w
nuVMR6ydFY3YZY5x76zrPgLR3fKaIVfsL1p8IoqPpV4hO0xkW7SBl+zY8W6mUk3D
sF9o9x343FQIOhi5mZ5IDEkdlbFUYtdNsvMeutN7KXKi4Cj9B9RHw+t4VIDgoXPK
NAf+BeGHwPOo2z/AfUBlSW3GqqJLFKp5Hy1gJsz7wmvVPiL+U3vPGn7JOWbPMEof
r6KBzKeFdQr4D+cpQjYxaYZ/AmwFxPuHrOl6JIrN3ARARBK/F6llkyYO5GxE4d7R
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:25 2024 by rpki-client on console-fra.rpki-client.org