Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/hA1kaSkD77-TU6UCb0iQuxe6nvA.roa
File:                     hA1kaSkD77-TU6UCb0iQuxe6nvA.roa (raw, json)
Hash identifier:          0Gt3yqMrII4kNS80OEQfyiKT8Ll6Fm0e0HWuqdb1T0g=
Subject key identifier:   84:0D:64:69:29:03:EF:BF:93:53:A5:02:6F:48:90:BB:17:BA:9E:F0
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F29B1EDD607D440B63FBE886EC89
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/hA1kaSkD77-TU6UCb0iQuxe6nvA.roa
Signing time:             Mon 01 Jan 2024 08:30:04 +0000
ROA not before:           Mon 01 Jan 2024 08:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29262
IP address blocks:        185.87.24.0/24 maxlen: 24
                          185.87.27.0/24 maxlen: 24
                          185.87.26.0/24 maxlen: 24
                          185.85.191.0/24 maxlen: 24
                          185.85.190.0/24 maxlen: 24
                          185.85.189.0/24 maxlen: 24
                          185.87.123.0/24 maxlen: 24
                          185.87.122.0/24 maxlen: 24
                          185.87.121.0/24 maxlen: 24
                          185.141.32.0/24 maxlen: 24
                          185.119.83.0/24 maxlen: 24
                          185.119.82.0/24 maxlen: 24
                          185.119.81.0/24 maxlen: 24
                          185.119.80.0/24 maxlen: 24
                          185.85.237.0/24 maxlen: 24
                          185.85.239.0/24 maxlen: 24
                          185.85.238.0/24 maxlen: 24
                          185.86.5.0/24 maxlen: 24
                          185.86.13.0/24 maxlen: 24
                          185.86.154.0/24 maxlen: 24
                          185.86.153.0/24 maxlen: 24
                          185.86.166.0/24 maxlen: 24
                          185.86.165.0/24 maxlen: 24
                          185.86.164.0/24 maxlen: 24
                          185.86.167.0/24 maxlen: 24
                          185.98.60.0/24 maxlen: 24
                          2a0c:67c0::/29 maxlen: 29
                          2a0b:6780::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 10 Oct 2024 11:51:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f2:9b:1e:dd:60:7d:44:0b:63:fb:e8:86:ec:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=840d64692903efbf9353a5026f4890bb17ba9ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:45:bc:73:b3:68:15:50:0f:4b:35:bd:43:5c:
                    20:e2:59:3f:0c:d6:6b:85:85:94:f8:29:9d:d8:df:
                    0d:6f:3b:ef:1c:c9:23:c5:6c:ac:b4:9f:80:8f:bc:
                    de:70:f8:ef:ab:02:28:3d:29:1d:ab:ae:44:29:1a:
                    65:75:4d:64:88:2b:14:8d:b1:49:a4:8c:74:db:0b:
                    0b:dd:f3:1a:8b:27:99:74:a5:40:6f:c6:4b:11:76:
                    a2:7e:8e:9f:06:fd:10:cb:d7:be:4a:f0:0b:e2:88:
                    96:c8:10:70:ed:a5:78:64:65:49:f3:d2:5d:29:83:
                    0d:c4:b6:d8:2a:96:79:71:0d:6a:10:a7:7f:27:79:
                    cf:66:62:47:ab:f8:1e:d0:ec:4e:ff:f1:ea:32:e6:
                    52:f6:ac:cc:1b:a4:1c:e0:e0:c0:bb:74:cc:20:a1:
                    84:bd:f6:74:ba:5d:c6:db:4e:04:38:93:1a:22:6a:
                    10:32:d6:ae:d0:b6:a5:ab:f3:97:cd:73:17:95:0a:
                    1d:ab:db:d7:81:7a:1c:c7:32:8f:3b:ca:42:77:91:
                    30:31:86:7b:1e:8a:49:cb:4b:a1:c2:47:17:77:64:
                    6f:d3:d2:da:bd:4b:cd:e1:ef:4a:7b:b5:71:7b:69:
                    94:46:aa:fe:f2:4e:18:b8:27:04:60:12:00:ef:4e:
                    6c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:0D:64:69:29:03:EF:BF:93:53:A5:02:6F:48:90:BB:17:BA:9E:F0
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/hA1kaSkD77-TU6UCb0iQuxe6nvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.189.0-185.85.191.255
                  185.85.237.0-185.85.239.255
                  185.86.5.0/24
                  185.86.13.0/24
                  185.86.153.0-185.86.154.255
                  185.86.164.0/22
                  185.87.24.0/24
                  185.87.26.0/23
                  185.87.121.0-185.87.123.255
                  185.98.60.0/24
                  185.119.80.0/22
                  185.141.32.0/24
                IPv6:
                  2a0b:6780::/29
                  2a0c:67c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:63:e5:3b:3b:da:53:7d:b2:54:06:c0:ea:42:62:78:e0:5f:
         41:a3:80:b2:fa:19:43:20:bc:25:e3:4a:04:ae:a3:be:6c:9c:
         a9:c3:cc:59:e5:a0:6e:9c:46:af:da:ab:70:83:58:fa:b5:49:
         68:49:d2:38:08:dd:ef:8d:fb:02:ca:82:0a:ea:dc:0a:e2:b2:
         bd:36:fa:b8:cb:17:84:93:af:87:fd:ab:7c:a0:56:50:44:3a:
         a9:98:00:7f:86:05:30:b8:3f:0c:78:58:63:41:f4:bd:2a:9c:
         5c:44:f4:c6:90:4f:2e:41:22:b9:f7:a8:8c:f2:e2:34:c3:82:
         39:37:37:b2:90:ab:fb:a7:a5:f0:7e:1c:6d:f7:75:0b:46:59:
         a0:1d:89:3b:fe:84:3d:d9:7b:f8:cd:93:f1:cd:6a:af:fc:83:
         76:c7:dc:95:3c:4f:e7:86:56:31:c5:d3:67:73:65:d9:d7:27:
         da:89:dd:dc:a1:86:ef:bb:35:1f:6b:42:11:69:6e:21:16:db:
         16:fd:9a:d3:fe:7b:73:ff:f1:1e:e2:ad:1b:88:7e:3d:ad:53:
         cc:14:d2:d7:45:29:f3:50:69:5c:0d:d9:69:46:74:7c:86:ea:
         9f:17:68:ac:5f:28:bb:31:71:c8:1e:f4:06:7f:ba:d8:d9:88:
         69:df:9a:67
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEJPKbHt1gfUQLY/vohuyJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDBkNjQ2OTI5MDNlZmJmOTM1M2E1MDI2ZjQ4OTBiYjE3YmE5ZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0W8c7NoFVAPSzW9Q1wg4lk/DNZr
hYWU+Cmd2N8NbzvvHMkjxWystJ+Aj7zecPjvqwIoPSkdq65EKRpldU1kiCsUjbFJ
pIx02wsL3fMaiyeZdKVAb8ZLEXaifo6fBv0Qy9e+SvAL4oiWyBBw7aV4ZGVJ89Jd
KYMNxLbYKpZ5cQ1qEKd/J3nPZmJHq/ge0OxO//HqMuZS9qzMG6Qc4ODAu3TMIKGE
vfZ0ul3G204EOJMaImoQMtau0Lalq/OXzXMXlQodq9vXgXocxzKPO8pCd5EwMYZ7
HopJy0uhwkcXd2Rv09LavUvN4e9Ke7Vxe2mURqr+8k4YuCcEYBIA705sMwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIQNZGkpA++/k1OlAm9IkLsXup7wMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvaEExa2FTa0Q3Ny1UVTZVQ2IwaVF1eGU2bnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGZBggrBgEFBQcBBwEB/wSBiTCBhjBuBAIAATBoMAwDBAC5
Vb0DBAa5VYAwDAMEALlV7QMEBLlV4AMEALlWBQMEALlWDTAMAwQAuVaZAwQAuVaa
AwQCuVakAwQAuVcYAwQBuVcaMAwDBAC5V3kDBAK5V3gDBAC5YjwDBAK5d1ADBAC5
jSAwFAQCAAIwDgMFAyoLZ4ADBQMqDGfAMA0GCSqGSIb3DQEBCwUAA4IBAQBvY+U7
O9pTfbJUBsDqQmJ44F9Bo4Cy+hlDILwl40oErqO+bJypw8xZ5aBunEav2qtwg1j6
tUloSdI4CN3vjfsCyoIK6twK4rK9Nvq4yxeEk6+H/at8oFZQRDqpmAB/hgUwuD8M
eFhjQfS9KpxcRPTGkE8uQSK596iM8uI0w4I5NzeykKv7p6Xwfhxt93ULRlmgHYk7
/oQ92Xv4zZPxzWqv/IN2x9yVPE/nhlYxxdNnc2XZ1yfaid3coYbvuzUfa0IRaW4h
FtsW/ZrT/ntz//Ee4q0biH49rVPMFNLXRSnzUGlcDdlpRnR8huqfF2isXyi7MXHI
HvQGf7rY2Yhp35pn
-----END CERTIFICATE-----
Generated at Thu Oct 10 18:39:27 2024 by rpki-client on console-ams.rpki-client.org