Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/JWfnmwxGq5E3Tljzo_JxIqHjn4g.roa
File:                     JWfnmwxGq5E3Tljzo_JxIqHjn4g.roa (raw, json)
Hash identifier:          //CBgfYBaBRW2nfSR6r9A4VMaQVc/4li5glxKhcCw0E=
Subject key identifier:   25:67:E7:9B:0C:46:AB:91:37:4E:58:F3:A3:F2:71:22:A1:E3:9F:88
Certificate issuer:       /CN=348566061e368caff1881be2bac6737dfd3c1dba
Certificate serial:       018570304A6DA75B067E2D2F587536295B87
Authority key identifier: 34:85:66:06:1E:36:8C:AF:F1:88:1B:E2:BA:C6:73:7D:FD:3C:1D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/JWfnmwxGq5E3Tljzo_JxIqHjn4g.roa
Signing time:             Mon 02 Jan 2023 01:54:50 +0000
ROA not before:           Mon 02 Jan 2023 01:54:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206521
IP address blocks:        185.140.157.0/24 maxlen: 24
                          185.140.156.0/24 maxlen: 24
                          185.140.156.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:4a:6d:a7:5b:06:7e:2d:2f:58:75:36:29:5b:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=348566061e368caff1881be2bac6737dfd3c1dba
        Validity
            Not Before: Jan  2 01:54:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2567e79b0c46ab91374e58f3a3f27122a1e39f88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:92:30:fd:72:6b:15:17:e3:b7:45:c7:69:26:
                    0c:90:09:97:41:09:b2:3e:59:54:c9:46:3f:bf:35:
                    04:e9:11:bb:e1:cc:23:9c:02:8d:98:6b:f2:c1:55:
                    0d:2b:d6:57:ef:4a:7b:c2:5d:77:80:e1:7c:fc:e7:
                    f8:2b:49:33:30:8e:8a:90:07:89:2f:05:4d:f6:d1:
                    47:ac:0b:ff:5e:8f:c2:b6:02:b6:63:e4:96:45:9f:
                    33:55:f1:fa:b7:03:de:c6:7e:61:a1:69:d1:4f:1c:
                    19:17:10:06:f0:10:65:67:6f:a6:ab:34:bf:30:62:
                    d3:71:4b:8f:60:ef:a6:28:37:c9:ab:d2:9f:a4:dc:
                    76:a4:5a:8b:d1:2d:f2:4b:a2:1d:64:2a:49:bc:1b:
                    17:42:b4:21:ed:cb:fc:08:ed:b6:e2:56:7c:c4:5b:
                    af:28:34:96:9c:b0:ac:bd:bc:c3:a3:8c:27:3e:45:
                    00:09:20:a7:44:e7:65:73:52:83:6e:e8:9e:7f:a8:
                    31:d8:f2:00:fa:be:f2:d7:62:39:16:ec:f1:fd:38:
                    bc:b2:bd:af:b7:05:c0:42:95:7f:e5:81:80:09:bf:
                    08:52:48:cf:f1:61:53:fe:5e:dd:7c:55:ad:cc:d3:
                    78:ee:09:98:ea:68:e7:d2:20:4d:15:e3:8b:27:33:
                    91:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:67:E7:9B:0C:46:AB:91:37:4E:58:F3:A3:F2:71:22:A1:E3:9F:88
            X509v3 Authority Key Identifier:
                keyid:34:85:66:06:1E:36:8C:AF:F1:88:1B:E2:BA:C6:73:7D:FD:3C:1D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIVmBh42jK_xiBviusZzff08Hbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/JWfnmwxGq5E3Tljzo_JxIqHjn4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/affaa1-0e7b-401e-a7c5-06270ea82154/1/NIVmBh42jK_xiBviusZzff08Hbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:92:0f:53:8e:62:4c:13:08:10:5c:56:75:5b:d6:c3:c7:4e:
         1c:77:97:1c:f9:75:b4:cb:98:6b:49:2b:09:ff:f0:55:67:80:
         b7:59:9b:4d:3e:6c:7a:f3:fa:ef:97:e3:f4:7f:b8:81:a4:4a:
         42:12:a1:c1:b7:50:d5:7a:46:98:35:35:50:a6:0e:8f:59:6d:
         4b:5f:84:6d:59:a9:51:65:2a:04:bc:8b:a7:0c:cc:23:7f:26:
         0a:21:df:20:67:d4:b7:9c:b1:39:76:58:93:25:6a:a9:89:40:
         88:7b:5a:46:11:50:3a:13:2c:37:44:dc:93:e8:8e:1b:f2:11:
         ae:70:9e:c2:52:92:fa:08:d5:7c:82:c1:e4:43:25:93:2f:87:
         43:2d:36:cb:4f:4f:c9:b4:f9:fb:59:9d:a6:ac:f8:23:d2:1b:
         b3:2c:a0:c4:2a:04:b9:a6:e6:0c:86:0c:88:e4:c6:84:36:c9:
         24:5c:77:9c:ba:f3:ff:fc:cb:77:e3:bb:72:25:5a:b7:2b:94:
         31:c8:81:84:6c:09:37:4d:10:71:ee:aa:eb:18:2e:60:f4:59:
         63:62:34:30:e3:51:5a:dd:8d:b4:2a:bc:9b:6f:ce:c1:3f:60:
         1e:6b:ff:0c:c4:f6:ac:b6:5f:ea:c8:78:9f:e8:df:9e:59:2f:
         55:83:b9:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwMEptp1sGfi0vWHU2KVuHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODU2NjA2MWUzNjhjYWZmMTg4MWJlMmJhYzY3MzdkZmQz
YzFkYmEwHhcNMjMwMTAyMDE1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTY3ZTc5YjBjNDZhYjkxMzc0ZTU4ZjNhM2YyNzEyMmExZTM5Zjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZIw/XJrFRfjt0XHaSYMkAmXQQmy
PllUyUY/vzUE6RG74cwjnAKNmGvywVUNK9ZX70p7wl13gOF8/Of4K0kzMI6KkAeJ
LwVN9tFHrAv/Xo/CtgK2Y+SWRZ8zVfH6twPexn5hoWnRTxwZFxAG8BBlZ2+mqzS/
MGLTcUuPYO+mKDfJq9KfpNx2pFqL0S3yS6IdZCpJvBsXQrQh7cv8CO224lZ8xFuv
KDSWnLCsvbzDo4wnPkUACSCnROdlc1KDbuief6gx2PIA+r7y12I5Fuzx/Ti8sr2v
twXAQpV/5YGACb8IUkjP8WFT/l7dfFWtzNN47gmY6mjn0iBNFeOLJzOR+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCVn55sMRquRN05Y86PycSKh45+IMB8GA1UdIwQY
MBaAFDSFZgYeNoyv8Ygb4rrGc339PB26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklWbUJoNDJqS194aUJ2aXVzWnpmZjA4SGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hZmZhYTEtMGU3Yi00MDFlLWE3YzUt
MDYyNzBlYTgyMTU0LzEvSldmbm13eEdxNUUzVGxqem9fSnhJcUhqbjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hZmZhYTEtMGU3Yi00MDFlLWE3YzUtMDYyNzBlYTgyMTU0
LzEvTklWbUJoNDJqS194aUJ2aXVzWnpmZjA4SGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYycMA0G
CSqGSIb3DQEBCwUAA4IBAQArkg9TjmJMEwgQXFZ1W9bDx04cd5cc+XW0y5hrSSsJ
//BVZ4C3WZtNPmx68/rvl+P0f7iBpEpCEqHBt1DVekaYNTVQpg6PWW1LX4RtWalR
ZSoEvIunDMwjfyYKId8gZ9S3nLE5dliTJWqpiUCIe1pGEVA6Eyw3RNyT6I4b8hGu
cJ7CUpL6CNV8gsHkQyWTL4dDLTbLT0/JtPn7WZ2mrPgj0huzLKDEKgS5puYMhgyI
5MaENskkXHecuvP//Mt347tyJVq3K5QxyIGEbAk3TRBx7qrrGC5g9FljYjQw41Fa
3Y20Krybb87BP2Aea/8MxPastl/qyHif6N+eWS9Vg7lL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:56 2024 by rpki-client on console-fra.rpki-client.org