Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/kzHXThreP5rZewL_SQjLtSMk23s.roa
File:                     kzHXThreP5rZewL_SQjLtSMk23s.roa (raw, json)
Hash identifier:          n9BUXFTT+JZeKPPiAQwIat8yJhazDfyCxpWVg3P91Eg=
Subject key identifier:   93:31:D7:4E:1A:DE:3F:9A:D9:7B:02:FF:49:08:CB:B5:23:24:DB:7B
Certificate issuer:       /CN=2b967e772cc7298305a11ffa65dd185f6a58910b
Certificate serial:       018CE5B1412F1CE11F368A175DB93262B011
Authority key identifier: 2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/kzHXThreP5rZewL_SQjLtSMk23s.roa
Signing time:             Sun 07 Jan 2024 20:50:48 +0000
ROA not before:           Sun 07 Jan 2024 20:50:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34465
IP address blocks:        185.188.28.0/24 maxlen: 24
                          2a12:8fc6:cd02::/48 maxlen: 48
                          2a12:8fc6:ace2::/48 maxlen: 48
                          2a12:8fc6:a051::/48 maxlen: 48
                          2a12:8fc6:bdee::/48 maxlen: 48
                          2a12:8fc6:efdf::/48 maxlen: 48
                          2a12:8fc6:c31a::/48 maxlen: 48
                          2a12:8fc6:ae44::/48 maxlen: 48
                          2a12:8fc6:cd04::/48 maxlen: 48
                          2a12:8fc6:bab0::/48 maxlen: 48
                          2a12:8fc6:a517::/48 maxlen: 48
                          2a12:8fc6:be01::/48 maxlen: 48
                          2a12:8fc6:ee01::/48 maxlen: 48
                          2a12:8fc6:ace1::/48 maxlen: 48
                          2a12:8fc6:cd01::/48 maxlen: 48
                          2a12:8fc6:cae1::/48 maxlen: 48
                          2a12:8fc6:a1c3::/48 maxlen: 48
                          2a12:8fc6:ace3::/48 maxlen: 48
                          2a12:8fc6:c31e::/48 maxlen: 48
                          2a12:8fc6:dbaa::/48 maxlen: 48
                          2a12:8fc6:eaca::/48 maxlen: 48
                          2a12:8fc6::/32 maxlen: 32
                          2a12:8fc6:dae0::/48 maxlen: 48
                          2a12:8fc6:db00::/48 maxlen: 48
                          2a12:8fc6:cd00::/48 maxlen: 48
                          2a12:8fc6:faa0::/48 maxlen: 48
                          2a12:8fc6:ca00::/48 maxlen: 48
                          2a12:8fc6:caa0::/48 maxlen: 48
                          2a12:8fc6:aa00::/48 maxlen: 48
                          2a12:8fc6:daa0::/48 maxlen: 48
                          2a12:8fc6:ce00::/48 maxlen: 48
                          2a12:8fc6:cc00::/48 maxlen: 48
                          2a12:8fc6:fae0::/48 maxlen: 48
                          2a12:8fc6:ae00::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 10:33:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e5:b1:41:2f:1c:e1:1f:36:8a:17:5d:b9:32:62:b0:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b967e772cc7298305a11ffa65dd185f6a58910b
        Validity
            Not Before: Jan  7 20:50:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9331d74e1ade3f9ad97b02ff4908cbb52324db7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:07:34:1d:ef:34:38:38:96:f3:64:44:cc:76:
                    b3:39:2e:df:72:fe:99:7b:e0:6e:51:2c:d6:75:01:
                    18:96:f2:d6:63:be:58:46:ef:ea:e6:ff:47:ca:95:
                    42:05:74:f8:a0:d4:24:8d:79:72:bc:3d:e9:a8:58:
                    f0:b4:ab:be:9c:c7:33:7e:ef:84:03:59:2b:14:0f:
                    f4:d9:e7:13:f4:e7:de:1d:ae:6b:5b:b3:09:fd:58:
                    45:2b:1f:73:f1:2c:a7:8f:21:20:d5:01:6a:37:47:
                    8f:a3:c9:4b:0f:af:bf:3d:09:e7:20:90:36:97:41:
                    64:ec:cf:7a:e4:40:e0:40:b2:f4:c9:f8:41:a7:6b:
                    6f:d0:18:a6:7c:9c:be:3c:2d:91:77:83:fa:75:c7:
                    73:08:e8:e8:9d:80:93:26:4d:b1:37:f8:e0:6d:f1:
                    d0:5b:a4:fe:e1:a7:95:30:b1:23:41:97:f8:c9:e3:
                    57:f0:41:bd:59:aa:bb:6f:bd:71:0c:dc:59:8f:d0:
                    23:9b:e5:d0:7e:e3:2d:49:02:d4:81:ff:bc:40:7f:
                    92:cb:77:90:ff:35:c3:3a:45:94:94:a9:6f:a3:6a:
                    94:8a:d5:39:f6:2f:33:c0:41:0b:eb:bb:33:8e:5e:
                    20:7b:dc:63:45:dc:13:54:e8:38:f1:a9:0f:b5:86:
                    9f:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:31:D7:4E:1A:DE:3F:9A:D9:7B:02:FF:49:08:CB:B5:23:24:DB:7B
            X509v3 Authority Key Identifier:
                keyid:2B:96:7E:77:2C:C7:29:83:05:A1:1F:FA:65:DD:18:5F:6A:58:91:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/kzHXThreP5rZewL_SQjLtSMk23s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/660e74-a3bc-444b-9c6a-58c96d66f0a1/1/K5Z-dyzHKYMFoR_6Zd0YX2pYkQs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.28.0/24
                IPv6:
                  2a12:8fc6::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:d7:b8:20:9c:7b:c1:78:3a:84:07:3d:97:06:62:97:c3:80:
         91:27:ca:a1:5a:d4:da:73:01:75:95:f7:50:99:c4:c8:42:17:
         99:08:70:0b:d4:9d:fb:ee:49:27:dc:76:d3:72:4d:ae:5a:7b:
         c8:75:49:52:18:6b:30:ad:b2:77:2e:ec:8d:82:ce:c4:3b:1a:
         39:dc:13:bd:84:49:eb:24:87:ea:f2:77:c4:c7:33:d9:5a:10:
         61:1f:a9:8c:eb:86:05:88:f2:80:f1:ad:eb:ae:d8:22:6c:41:
         8a:0c:4e:57:91:df:ae:33:40:f0:44:9b:dd:23:0e:b9:82:c5:
         f3:c9:3d:89:fb:a0:47:37:52:aa:20:f8:7f:b7:2c:3d:69:88:
         59:ee:00:34:f3:4b:53:94:03:a3:a4:47:22:27:ff:ee:d0:a1:
         3e:f2:bc:24:e2:22:54:f6:5a:87:90:55:b6:27:a6:ec:87:14:
         5c:76:23:86:ed:af:bc:2e:1d:79:37:73:6f:c6:25:6b:f2:54:
         3b:6d:69:d6:a6:7a:d5:96:ce:9d:76:81:6b:3b:3c:81:4f:af:
         9d:0e:49:b3:64:d3:49:ba:95:74:e1:2c:7f:20:42:35:e6:13:
         21:ed:07:4c:5d:e3:74:06:d6:02:e4:48:52:5a:0e:5c:c4:7c:
         a0:61:cd:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzlsUEvHOEfNooXXbkyYrARMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiOTY3ZTc3MmNjNzI5ODMwNWExMWZmYTY1ZGQxODVmNmE1
ODkxMGIwHhcNMjQwMTA3MjA1MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzMxZDc0ZTFhZGUzZjlhZDk3YjAyZmY0OTA4Y2JiNTIzMjRkYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAc0He80ODiW82REzHazOS7fcv6Z
e+BuUSzWdQEYlvLWY75YRu/q5v9HypVCBXT4oNQkjXlyvD3pqFjwtKu+nMczfu+E
A1krFA/02ecT9OfeHa5rW7MJ/VhFKx9z8SynjyEg1QFqN0ePo8lLD6+/PQnnIJA2
l0Fk7M965EDgQLL0yfhBp2tv0BimfJy+PC2Rd4P6dcdzCOjonYCTJk2xN/jgbfHQ
W6T+4aeVMLEjQZf4yeNX8EG9Waq7b71xDNxZj9Ajm+XQfuMtSQLUgf+8QH+Sy3eQ
/zXDOkWUlKlvo2qUitU59i8zwEEL67szjl4ge9xjRdwTVOg48akPtYafhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJMx104a3j+a2XsC/0kIy7UjJNt7MB8GA1UdIwQY
MBaAFCuWfncsxymDBaEf+mXdGF9qWJELMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEt
NThjOTZkNjZmMGExLzEva3pIWFRocmVQNXJaZXdMX1NRakx0U01rMjNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82NjBlNzQtYTNiYy00NDRiLTljNmEtNThjOTZkNjZmMGEx
LzEvSzVaLWR5ekhLWU1Gb1JfNlpkMFlYMnBZa1FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAubwcMA0E
AgACMAcDBQAqEo/GMA0GCSqGSIb3DQEBCwUAA4IBAQA017ggnHvBeDqEBz2XBmKX
w4CRJ8qhWtTacwF1lfdQmcTIQheZCHAL1J377kkn3HbTck2uWnvIdUlSGGswrbJ3
LuyNgs7EOxo53BO9hEnrJIfq8nfExzPZWhBhH6mM64YFiPKA8a3rrtgibEGKDE5X
kd+uM0DwRJvdIw65gsXzyT2J+6BHN1KqIPh/tyw9aYhZ7gA080tTlAOjpEciJ//u
0KE+8rwk4iJU9lqHkFW2J6bshxRcdiOG7a+8Lh15N3NvxiVr8lQ7bWnWpnrVls6d
doFrOzyBT6+dDkmzZNNJupV04Sx/IEI15hMh7QdMXeN0BtYC5EhSWg5cxHygYc3D
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:13 2024 by rpki-client on console-fra.rpki-client.org