Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/1XIJG4HW7Q8TpnOtFVyq6N6SZQk.roa
File:                     1XIJG4HW7Q8TpnOtFVyq6N6SZQk.roa (raw, json)
Hash identifier:          7nLErt91dMvMg7u+j4AOb4FT8xcmWYXZ9P+R3E7wobA=
Subject key identifier:   D5:72:09:1B:81:D6:ED:0F:13:A6:73:AD:15:5C:AA:E8:DE:92:65:09
Certificate issuer:       /CN=95571d88b53965a7d081f3b1d8289cbc28775b88
Certificate serial:       01856C010E97B7FD13A5B142B4EDC5EC130B
Authority key identifier: 95:57:1D:88:B5:39:65:A7:D0:81:F3:B1:D8:28:9C:BC:28:77:5B:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lVcdiLU5ZafQgfOx2CicvCh3W4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/1XIJG4HW7Q8TpnOtFVyq6N6SZQk.roa
Signing time:             Sun 01 Jan 2023 06:24:46 +0000
ROA not before:           Sun 01 Jan 2023 06:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202077
IP address blocks:        185.68.136.0/22 maxlen: 24
                          2a03:2b20::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:01:0e:97:b7:fd:13:a5:b1:42:b4:ed:c5:ec:13:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95571d88b53965a7d081f3b1d8289cbc28775b88
        Validity
            Not Before: Jan  1 06:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d572091b81d6ed0f13a673ad155caae8de926509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:ee:4f:35:c6:a5:1b:9c:48:7f:aa:87:e7:3b:
                    78:58:d9:c1:c8:bf:25:2d:e7:78:4f:f9:37:ef:8e:
                    ef:b7:c6:42:ad:f6:aa:7f:31:c6:27:af:39:fb:d7:
                    6c:8f:70:c3:4e:22:e1:02:c0:a4:b0:c9:b9:98:2f:
                    c5:2d:5b:99:af:e7:85:0a:3a:a1:21:b9:b8:25:19:
                    4a:bc:f4:f7:8b:98:ee:4b:e7:fe:ea:81:cf:01:f5:
                    35:73:b0:91:87:2d:82:42:27:2d:f5:9d:a3:94:56:
                    7c:57:b9:c3:a2:e6:12:e1:2d:c9:94:36:b0:31:3e:
                    d5:45:16:04:f6:e3:27:82:d1:80:7b:29:94:ad:9e:
                    ba:c0:36:79:d8:77:86:cd:38:9d:1e:4a:33:e1:b8:
                    14:a6:f9:c5:d9:bc:d8:5f:9e:d8:2b:c4:2a:31:22:
                    5a:9f:ce:7d:93:1a:75:ea:c5:6f:4c:9d:ee:ea:57:
                    c9:03:98:31:ea:29:d1:17:54:5e:d5:b1:89:1e:94:
                    96:0b:6e:18:e2:8c:fa:7c:5e:d8:b2:d5:11:75:d5:
                    22:e1:b9:ae:1d:d1:c6:85:8d:85:03:a3:d8:97:ca:
                    3f:9b:d4:1d:f6:f4:c3:0b:a1:1e:9e:7d:2e:51:f0:
                    8b:25:1b:2e:86:dc:47:98:1b:e8:38:4d:10:a0:a8:
                    ef:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:72:09:1B:81:D6:ED:0F:13:A6:73:AD:15:5C:AA:E8:DE:92:65:09
            X509v3 Authority Key Identifier:
                keyid:95:57:1D:88:B5:39:65:A7:D0:81:F3:B1:D8:28:9C:BC:28:77:5B:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lVcdiLU5ZafQgfOx2CicvCh3W4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/1XIJG4HW7Q8TpnOtFVyq6N6SZQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/b3f993-d03b-4b13-81af-aa6229698461/1/lVcdiLU5ZafQgfOx2CicvCh3W4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.68.136.0/22
                IPv6:
                  2a03:2b20::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:9f:99:59:8d:94:8f:02:12:f9:9f:53:97:9e:8c:82:bd:5e:
         f8:f3:97:88:1d:9d:c6:97:dd:28:ff:ca:26:55:91:ab:2d:71:
         a5:31:1c:23:c2:b1:92:76:72:bf:d0:76:85:b2:7a:db:45:58:
         e1:27:f2:30:25:71:f0:38:0a:22:df:16:60:7d:62:56:b3:f4:
         97:1e:85:db:81:c6:bd:8f:48:38:e2:5d:e0:a7:ef:90:9f:bf:
         25:61:57:16:c3:c4:ad:bc:9d:e9:86:cc:c9:98:0a:78:30:23:
         87:bc:be:33:c5:fe:46:70:a2:c2:2a:26:ad:4b:81:fb:83:f3:
         bc:16:bf:fe:16:5d:db:bc:70:36:5e:bc:22:60:95:c0:ed:26:
         3f:81:46:9e:d2:22:a4:c3:b5:5d:4c:5d:ca:23:a9:0b:e3:14:
         7e:1d:8f:51:75:e9:20:10:07:1d:7d:1a:c1:1f:06:37:31:3a:
         9f:95:ff:82:94:1b:52:60:2d:a1:6d:13:a9:c9:67:1e:6a:33:
         f5:69:09:9f:7e:d0:38:e0:0c:e5:64:18:ff:eb:d7:d9:e1:43:
         59:37:1b:59:f1:96:97:e2:28:6a:5e:f9:06:88:9f:8a:89:35:
         47:c0:6c:05:06:cc:c7:8a:8f:41:c3:2a:f7:e4:4b:fb:05:c0:
         49:26:09:fa
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVsAQ6Xt/0TpbFCtO3F7BMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NTcxZDg4YjUzOTY1YTdkMDgxZjNiMWQ4Mjg5Y2JjMjg3
NzViODgwHhcNMjMwMTAxMDYyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTcyMDkxYjgxZDZlZDBmMTNhNjczYWQxNTVjYWFlOGRlOTI2NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgO5PNcalG5xIf6qH5zt4WNnByL8l
Led4T/k3747vt8ZCrfaqfzHGJ685+9dsj3DDTiLhAsCksMm5mC/FLVuZr+eFCjqh
Ibm4JRlKvPT3i5juS+f+6oHPAfU1c7CRhy2CQict9Z2jlFZ8V7nDouYS4S3JlDaw
MT7VRRYE9uMngtGAeymUrZ66wDZ52HeGzTidHkoz4bgUpvnF2bzYX57YK8QqMSJa
n859kxp16sVvTJ3u6lfJA5gx6inRF1Re1bGJHpSWC24Y4oz6fF7YstURddUi4bmu
HdHGhY2FA6PYl8o/m9Qd9vTDC6Eenn0uUfCLJRsuhtxHmBvoOE0QoKjvnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNVyCRuB1u0PE6ZzrRVcqujekmUJMB8GA1UdIwQY
MBaAFJVXHYi1OWWn0IHzsdgonLwod1uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFZjZGlMVTVaYWZRZ2ZPeDJDaWN2Q2gzVzRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9iM2Y5OTMtZDAzYi00YjEzLTgxYWYt
YWE2MjI5Njk4NDYxLzEvMVhJSkc0SFc3UThUcG5PdEZWeXE2TjZTWlFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9iM2Y5OTMtZDAzYi00YjEzLTgxYWYtYWE2MjI5Njk4NDYx
LzEvbFZjZGlMVTVaYWZRZ2ZPeDJDaWN2Q2gzVzRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUSIMA0E
AgACMAcDBQAqAysgMA0GCSqGSIb3DQEBCwUAA4IBAQCKn5lZjZSPAhL5n1OXnoyC
vV7485eIHZ3Gl90o/8omVZGrLXGlMRwjwrGSdnK/0HaFsnrbRVjhJ/IwJXHwOAoi
3xZgfWJWs/SXHoXbgca9j0g44l3gp++Qn78lYVcWw8StvJ3phszJmAp4MCOHvL4z
xf5GcKLCKiatS4H7g/O8Fr/+Fl3bvHA2XrwiYJXA7SY/gUae0iKkw7VdTF3KI6kL
4xR+HY9RdekgEAcdfRrBHwY3MTqflf+ClBtSYC2hbROpyWceajP1aQmfftA44Azl
ZBj/69fZ4UNZNxtZ8ZaX4ihqXvkGiJ+KiTVHwGwFBszHio9Bwyr35Ev7BcBJJgn6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:13 2024 by rpki-client on console-fra.rpki-client.org