Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/7W9CktrC5eXAkPsloVRJ4qwv0xo.roa
File:                     7W9CktrC5eXAkPsloVRJ4qwv0xo.roa (raw, json)
Hash identifier:          dFN9K8ei7bw/jFqmtkH/zp2BjoeEy1V/Wn1BPDly0zk=
Subject key identifier:   ED:6F:42:92:DA:C2:E5:E5:C0:90:FB:25:A1:54:49:E2:AC:2F:D3:1A
Certificate issuer:       /CN=9c67ea34a011a4773871583ec3954e791d8c028d
Certificate serial:       018570704B9424C60E50579E494C077EC90E
Authority key identifier: 9C:67:EA:34:A0:11:A4:77:38:71:58:3E:C3:95:4E:79:1D:8C:02:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/7W9CktrC5eXAkPsloVRJ4qwv0xo.roa
Signing time:             Mon 02 Jan 2023 03:04:45 +0000
ROA not before:           Mon 02 Jan 2023 03:04:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205314
IP address blocks:        185.138.20.0/22 maxlen: 22
                          2a12:ddc0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:70:4b:94:24:c6:0e:50:57:9e:49:4c:07:7e:c9:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c67ea34a011a4773871583ec3954e791d8c028d
        Validity
            Not Before: Jan  2 03:04:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ed6f4292dac2e5e5c090fb25a15449e2ac2fd31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:7b:1d:26:36:46:49:59:c6:5d:dc:e0:3d:53:
                    bd:1b:ec:7d:80:a4:60:82:c5:f8:55:0c:a5:ce:3f:
                    64:bd:90:8d:43:67:58:8c:21:7a:fa:a3:bc:8b:e0:
                    ab:2d:54:9d:16:c6:aa:33:72:b9:2a:1e:7a:06:aa:
                    47:7b:90:96:13:be:1e:ad:0d:ce:eb:0d:af:36:db:
                    1a:c1:5c:f2:da:41:0e:c5:a5:bb:1b:86:5e:3e:90:
                    c9:85:6a:25:30:e2:61:0d:92:cc:e2:50:33:af:96:
                    ed:b0:16:5f:cc:f5:f5:3b:30:69:cb:66:fb:a0:63:
                    de:d7:50:2f:b0:30:28:2d:fc:ff:fe:79:02:79:c5:
                    d3:4f:97:89:66:9e:b8:1b:fd:61:a8:0c:0c:74:1e:
                    c1:b5:d4:a8:cf:37:e6:92:79:67:69:10:71:d2:03:
                    3d:16:ef:05:45:0c:04:0c:d2:4b:bd:58:42:fb:b4:
                    02:1e:0d:de:b6:33:d6:97:17:10:e9:f5:9c:b0:82:
                    d5:32:92:33:6c:44:63:64:f7:3c:9c:90:86:03:25:
                    12:08:11:0f:f6:b6:1c:d7:b5:a0:f3:d6:9c:1d:ee:
                    37:33:ca:1f:a4:df:47:a0:32:c7:74:b8:c9:93:2f:
                    86:0a:92:2b:90:5f:51:3f:95:a9:a8:e4:f2:88:ba:
                    0f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6F:42:92:DA:C2:E5:E5:C0:90:FB:25:A1:54:49:E2:AC:2F:D3:1A
            X509v3 Authority Key Identifier:
                keyid:9C:67:EA:34:A0:11:A4:77:38:71:58:3E:C3:95:4E:79:1D:8C:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/7W9CktrC5eXAkPsloVRJ4qwv0xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/nGfqNKARpHc4cVg-w5VOeR2MAo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.20.0/22
                IPv6:
                  2a12:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:22:cf:9f:36:56:f0:82:b5:09:77:82:18:7b:8e:30:fb:92:
         a2:ae:27:69:58:6c:ba:c5:5c:1a:8a:9b:ac:d2:64:6d:14:57:
         06:57:34:91:45:2d:b9:de:ca:fb:60:6a:89:24:06:8d:a6:55:
         4b:38:bb:b9:95:14:64:1c:4f:21:ae:b4:9d:53:e4:05:53:9c:
         1d:05:61:7c:06:9d:0f:0c:6b:60:55:c3:3d:29:fb:ed:e0:66:
         ce:5a:96:b7:98:a8:3a:0c:c8:0c:40:87:90:77:e0:55:a9:1c:
         51:56:3c:4a:6b:43:37:96:86:9b:8c:ec:04:24:ce:5b:74:d6:
         67:59:69:e4:b2:54:37:03:04:e7:ea:cf:75:9a:75:ba:d4:12:
         42:c8:f3:75:7d:85:56:2f:c2:d2:a2:13:0e:76:c5:2d:07:68:
         99:09:4d:b9:1e:b9:57:1e:50:86:41:3f:2a:95:0b:87:3a:50:
         19:cf:ee:4a:10:31:02:a1:13:d2:ea:ab:99:dd:4c:31:92:01:
         51:66:67:16:c7:f3:6f:51:77:64:39:72:cc:a0:11:35:30:e1:
         a8:03:a0:48:4f:5a:94:1e:15:2c:89:7a:f3:e1:c7:1a:f4:df:
         52:99:e0:3b:c6:e7:11:fe:33:55:2e:4f:57:be:3a:91:cd:f5:
         62:37:32:ac
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVwcEuUJMYOUFeeSUwHfskOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNjdlYTM0YTAxMWE0NzczODcxNTgzZWMzOTU0ZTc5MWQ4
YzAyOGQwHhcNMjMwMTAyMDMwNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDZmNDI5MmRhYzJlNWU1YzA5MGZiMjVhMTU0NDllMmFjMmZkMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHsdJjZGSVnGXdzgPVO9G+x9gKRg
gsX4VQylzj9kvZCNQ2dYjCF6+qO8i+CrLVSdFsaqM3K5Kh56BqpHe5CWE74erQ3O
6w2vNtsawVzy2kEOxaW7G4ZePpDJhWolMOJhDZLM4lAzr5btsBZfzPX1OzBpy2b7
oGPe11AvsDAoLfz//nkCecXTT5eJZp64G/1hqAwMdB7BtdSozzfmknlnaRBx0gM9
Fu8FRQwEDNJLvVhC+7QCHg3etjPWlxcQ6fWcsILVMpIzbERjZPc8nJCGAyUSCBEP
9rYc17Wg89acHe43M8ofpN9HoDLHdLjJky+GCpIrkF9RP5WpqOTyiLoPvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO1vQpLawuXlwJD7JaFUSeKsL9MaMB8GA1UdIwQY
MBaAFJxn6jSgEaR3OHFYPsOVTnkdjAKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkdmcU5LQVJwSGM0Y1ZnLXc1Vk9lUjJNQW8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84NjY5ZDMtNzZjZC00Y2IwLTgyNzgt
ODJjNjdjNjllOTIzLzEvN1c5Q2t0ckM1ZVhBa1BzbG9WUko0cXd2MHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84NjY5ZDMtNzZjZC00Y2IwLTgyNzgtODJjNjdjNjllOTIz
LzEvbkdmcU5LQVJwSGM0Y1ZnLXc1Vk9lUjJNQW8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYoUMA0E
AgACMAcDBQMqEt3AMA0GCSqGSIb3DQEBCwUAA4IBAQB8Is+fNlbwgrUJd4IYe44w
+5KiridpWGy6xVwaipus0mRtFFcGVzSRRS253sr7YGqJJAaNplVLOLu5lRRkHE8h
rrSdU+QFU5wdBWF8Bp0PDGtgVcM9Kfvt4GbOWpa3mKg6DMgMQIeQd+BVqRxRVjxK
a0M3loabjOwEJM5bdNZnWWnkslQ3AwTn6s91mnW61BJCyPN1fYVWL8LSohMOdsUt
B2iZCU25HrlXHlCGQT8qlQuHOlAZz+5KEDECoRPS6quZ3UwxkgFRZmcWx/NvUXdk
OXLMoBE1MOGoA6BIT1qUHhUsiXrz4cca9N9SmeA7xucR/jNVLk9XvjqRzfViNzKs
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:55 2024 by rpki-client on console-fra.rpki-client.org