Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/I9zbCBBqRLba6MmtJwhoO9Izhig.roa
File:                     I9zbCBBqRLba6MmtJwhoO9Izhig.roa (raw, json)
Hash identifier:          YISzebivKr/Wkb9YYx8N+vHI90UOlBkHRnrc9GS6srY=
Subject key identifier:   23:DC:DB:08:10:6A:44:B6:DA:E8:C9:AD:27:08:68:3B:D2:33:86:28
Certificate issuer:       /CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
Certificate serial:       018CC794BC6E5C8143EE84EF6DB71FAF8C6C
Authority key identifier: A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/I9zbCBBqRLba6MmtJwhoO9Izhig.roa
Signing time:             Tue 02 Jan 2024 00:31:02 +0000
ROA not before:           Tue 02 Jan 2024 00:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.69.118.0/24 maxlen: 24
                          185.69.116.0/24 maxlen: 24
                          194.35.1.0/24 maxlen: 24
                          194.35.8.0/24 maxlen: 24
                          194.35.5.0/24 maxlen: 24
                          194.35.9.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 18 Jul 2024 15:20:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:bc:6e:5c:81:43:ee:84:ef:6d:b7:1f:af:8c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65046d85ecf201fbef51e8bea1c4ed33f95b268
        Validity
            Not Before: Jan  2 00:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23dcdb08106a44b6dae8c9ad2708683bd2338628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9b:fe:25:8a:5d:64:3d:5f:5a:e7:84:77:2e:
                    96:af:a4:4b:49:65:be:94:29:c9:40:6d:08:5c:67:
                    28:c3:30:d2:41:6c:2b:24:3d:e6:16:f8:35:79:c3:
                    6a:a4:d9:94:b6:1e:6d:32:49:06:a0:27:89:9b:0d:
                    1a:8a:73:02:7a:df:ff:d4:74:1b:cd:76:80:ff:df:
                    2d:1f:6c:c0:9f:69:68:ab:7d:3d:9b:2b:cb:09:b6:
                    d0:2a:8e:66:2a:d0:97:4a:3f:64:ec:4a:b0:fa:e8:
                    8d:fc:96:b4:c2:01:6c:6e:65:72:9a:a7:ac:85:cf:
                    fb:b0:a3:fb:97:c8:c4:ef:69:41:ee:78:05:35:a1:
                    d6:1a:1b:55:49:0e:74:65:d7:9d:f0:a4:73:97:6d:
                    94:5d:84:e4:08:9b:73:8b:99:67:73:bf:e1:95:80:
                    49:f5:77:d2:2d:7e:be:50:02:19:ea:b2:ae:3d:6e:
                    d4:e5:0a:21:de:33:1d:18:9d:1a:4b:60:45:a3:a4:
                    1d:5f:d8:b4:c0:63:84:c9:f2:9e:29:e4:d1:ee:d4:
                    db:48:39:f0:43:8b:31:8f:df:9f:79:5f:92:26:c8:
                    b9:78:c0:6e:89:56:43:13:21:55:11:a3:ae:cb:ec:
                    36:14:1b:ae:07:a2:b2:47:61:98:73:b6:e5:b9:1d:
                    f3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DC:DB:08:10:6A:44:B6:DA:E8:C9:AD:27:08:68:3B:D2:33:86:28
            X509v3 Authority Key Identifier:
                keyid:A6:50:46:D8:5E:CF:20:1F:BE:F5:1E:8B:EA:1C:4E:D3:3F:95:B2:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/plBG2F7PIB--9R6L6hxO0z-Vsmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/I9zbCBBqRLba6MmtJwhoO9Izhig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3bd7c1-81fa-4553-8505-bccd32af97fe/1/plBG2F7PIB--9R6L6hxO0z-Vsmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.69.116.0/24
                  185.69.118.0/24
                  194.35.1.0/24
                  194.35.5.0/24
                  194.35.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:94:2a:b4:41:0d:5c:b8:22:0b:7c:89:c8:18:5e:14:88:64:
         38:35:29:a7:ea:4a:9c:09:e3:59:65:9a:ae:da:c2:57:7b:7c:
         23:e3:cd:a4:53:b0:c8:cb:94:54:2a:47:e8:c8:e9:ff:f2:99:
         28:6d:24:72:06:5f:92:4a:ec:cd:c0:83:2d:85:75:56:d0:3e:
         c5:76:37:37:4f:36:8f:fb:24:ab:ea:33:93:89:7b:8c:39:b5:
         06:55:0a:f3:f2:69:a0:04:c3:55:c8:ad:96:28:63:12:4a:0b:
         20:27:3e:31:23:7e:be:cc:e2:66:91:d6:ab:15:89:ef:58:a0:
         f8:ac:97:c1:ad:ff:de:7f:17:24:94:80:ce:16:e1:c4:f1:b5:
         07:67:07:d8:a7:9b:7e:84:e7:a4:fd:f7:23:db:c0:e7:9a:50:
         0b:25:ce:10:3a:44:86:e0:73:a7:be:f2:75:22:4b:72:eb:08:
         a1:7c:55:da:08:b1:9a:3e:d8:5a:c8:ef:46:fb:df:b7:da:95:
         cb:b1:b3:1f:0f:5b:e9:e3:56:91:fe:08:46:3e:1c:8b:07:4f:
         32:22:b6:85:3d:cf:f8:3a:0e:e6:94:1f:9e:0f:9f:5f:b7:7c:
         15:75:d3:20:be:cd:09:42:ed:fe:65:54:20:f3:29:1f:cf:cb:
         a3:1c:9d:ae
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzHlLxuXIFD7oTvbbcfr4xsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NTA0NmQ4NWVjZjIwMWZiZWY1MWU4YmVhMWM0ZWQzM2Y5
NWIyNjgwHhcNMjQwMTAyMDAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2RjZGIwODEwNmE0NGI2ZGFlOGM5YWQyNzA4NjgzYmQyMzM4NjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZv+JYpdZD1fWueEdy6Wr6RLSWW+
lCnJQG0IXGcowzDSQWwrJD3mFvg1ecNqpNmUth5tMkkGoCeJmw0ainMCet//1HQb
zXaA/98tH2zAn2loq309myvLCbbQKo5mKtCXSj9k7Eqw+uiN/Ja0wgFsbmVymqes
hc/7sKP7l8jE72lB7ngFNaHWGhtVSQ50Zded8KRzl22UXYTkCJtzi5lnc7/hlYBJ
9XfSLX6+UAIZ6rKuPW7U5Qoh3jMdGJ0aS2BFo6QdX9i0wGOEyfKeKeTR7tTbSDnw
Q4sxj9+feV+SJsi5eMBuiVZDEyFVEaOuy+w2FBuuB6KyR2GYc7bluR3zGwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCPc2wgQakS22ujJrScIaDvSM4YoMB8GA1UdIwQY
MBaAFKZQRthezyAfvvUei+ocTtM/lbJoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUt
YmNjZDMyYWY5N2ZlLzEvSTl6YkNCQnFSTGJhNk1tdEp3aG9POUl6aGlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zYmQ3YzEtODFmYS00NTUzLTg1MDUtYmNjZDMyYWY5N2Zl
LzEvcGxCRzJGN1BJQi0tOVI2TDZoeE8wei1Wc21nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAuUV0AwQA
uUV2AwQAwiMBAwQAwiMFAwQBwiMIMA0GCSqGSIb3DQEBCwUAA4IBAQAdlCq0QQ1c
uCILfInIGF4UiGQ4NSmn6kqcCeNZZZqu2sJXe3wj482kU7DIy5RUKkfoyOn/8pko
bSRyBl+SSuzNwIMthXVW0D7Fdjc3TzaP+ySr6jOTiXuMObUGVQrz8mmgBMNVyK2W
KGMSSgsgJz4xI36+zOJmkdarFYnvWKD4rJfBrf/efxcklIDOFuHE8bUHZwfYp5t+
hOek/fcj28DnmlALJc4QOkSG4HOnvvJ1Ikty6wihfFXaCLGaPthayO9G+9+32pXL
sbMfD1vp41aR/ghGPhyLB08yIraFPc/4Og7mlB+eD59ft3wVddMgvs0JQu3+ZVQg
8ykfz8ujHJ2u
-----END CERTIFICATE-----
Generated at Thu Jul 18 19:05:00 2024 by rpki-client on console-ams.rpki-client.org