Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/971f08-e57c-408a-b776-f7da3b8732bf/1/bNdtid8vPjA4a9WwNoWzm42qa-4.roa
File:                     bNdtid8vPjA4a9WwNoWzm42qa-4.roa (raw, json)
Hash identifier:          4TGcem2mj8Cc/K/x1QRC9ccHSXyibRs+tjDDdUQYGiE=
Subject key identifier:   6C:D7:6D:89:DF:2F:3E:30:38:6B:D5:B0:36:85:B3:9B:8D:AA:6B:EE
Certificate issuer:       /CN=3b0cd44ebbe3d0d6a072e75103f231606995f6ab
Certificate serial:       01856E5D6029150A5FF5A95BB3005152EAAE
Authority key identifier: 3B:0C:D4:4E:BB:E3:D0:D6:A0:72:E7:51:03:F2:31:60:69:95:F6:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwzUTrvj0NagcudRA_IxYGmV9qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/971f08-e57c-408a-b776-f7da3b8732bf/1/bNdtid8vPjA4a9WwNoWzm42qa-4.roa
Signing time:             Sun 01 Jan 2023 17:24:51 +0000
ROA not before:           Sun 01 Jan 2023 17:24:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206350
IP address blocks:        185.186.206.0/24 maxlen: 24
                          185.186.207.0/24 maxlen: 24
                          2a0b:d580:1::/48 maxlen: 48
                          2a0b:d580:0:16::/64 maxlen: 64
                          2a0b:d580::/32 maxlen: 32
                          2a0b:d580:2060::/44 maxlen: 44
                          2a0b:d580:2020::/44 maxlen: 44

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:5d:60:29:15:0a:5f:f5:a9:5b:b3:00:51:52:ea:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b0cd44ebbe3d0d6a072e75103f231606995f6ab
        Validity
            Not Before: Jan  1 17:24:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6cd76d89df2f3e30386bd5b03685b39b8daa6bee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:71:59:19:3a:28:65:33:b3:e1:b5:f1:ee:c9:
                    5d:ff:b3:80:07:b2:b7:4b:1d:1d:57:ae:ca:91:12:
                    58:d4:87:cd:04:76:e6:4f:6d:e2:a6:67:73:86:c5:
                    d8:7d:19:4f:a4:da:3d:7d:b8:55:bc:81:ef:e3:9f:
                    49:21:64:b8:13:7a:f0:d6:c0:16:d8:04:5f:98:ba:
                    d9:4a:0f:ca:a9:d3:3c:0a:ee:c1:4e:5c:7b:96:4f:
                    12:09:8f:fa:6d:4f:52:e1:6a:e0:6e:8f:31:c0:98:
                    0e:64:e6:4f:e8:04:78:86:2e:43:82:b2:13:3e:6d:
                    d0:c4:d3:ab:73:37:7e:2e:ca:64:2a:90:1b:c0:45:
                    ca:a3:e3:93:24:b2:d0:08:22:e3:52:6a:6d:23:d1:
                    1e:a2:4d:c9:ba:fe:5b:ac:96:93:b6:c0:e5:ca:5f:
                    bb:2b:d5:fd:4a:b1:1e:f3:d3:61:b7:85:d8:26:a6:
                    6b:2e:c0:be:95:64:12:59:64:99:dd:07:a6:45:eb:
                    3b:ca:83:97:10:9d:20:2a:2b:ae:37:23:b8:8c:59:
                    da:08:87:6b:fe:9e:91:3d:ef:5c:e3:09:13:f3:4d:
                    10:22:01:22:80:d0:ae:e6:f4:44:b2:41:36:40:0f:
                    a3:b9:01:f2:7f:55:a0:fe:eb:ee:e4:e0:31:81:61:
                    f8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:D7:6D:89:DF:2F:3E:30:38:6B:D5:B0:36:85:B3:9B:8D:AA:6B:EE
            X509v3 Authority Key Identifier:
                keyid:3B:0C:D4:4E:BB:E3:D0:D6:A0:72:E7:51:03:F2:31:60:69:95:F6:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwzUTrvj0NagcudRA_IxYGmV9qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/971f08-e57c-408a-b776-f7da3b8732bf/1/bNdtid8vPjA4a9WwNoWzm42qa-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/971f08-e57c-408a-b776-f7da3b8732bf/1/OwzUTrvj0NagcudRA_IxYGmV9qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.206.0/23
                IPv6:
                  2a0b:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:f0:90:32:c9:28:23:14:c3:b0:87:a4:e4:6c:8a:04:66:d9:
         88:4b:d0:79:a0:e0:53:ea:00:92:a0:90:28:eb:00:b1:dc:6f:
         77:4a:43:98:4e:c0:4c:92:40:a7:a6:7e:78:e6:56:34:4b:4b:
         e2:c7:fb:6e:32:68:e4:5e:79:dd:e3:42:e6:b8:f7:c8:1f:01:
         c8:23:9c:26:22:66:20:0a:b9:2a:79:98:90:fe:da:92:e4:8b:
         9e:bc:85:33:3a:ec:f9:a0:33:38:56:6a:52:2e:9e:b9:b8:04:
         e5:94:cc:50:06:22:3d:ac:01:cb:ec:70:3e:7a:49:39:c0:a7:
         f5:ec:75:4b:ce:d6:d7:f0:17:31:66:0d:10:0e:94:42:99:9a:
         65:28:3b:db:07:1b:50:85:d6:e9:54:4c:77:51:1c:fb:a4:6c:
         28:67:6c:92:3f:9b:90:02:1f:65:95:6c:a1:d4:47:c2:d8:80:
         3e:86:54:04:1c:14:1d:eb:ca:a9:e1:57:22:d3:a9:d1:a4:f0:
         ff:ce:98:6a:ae:95:08:58:ad:03:b6:c4:38:16:9c:a6:67:29:
         f1:b4:4c:48:bd:43:4c:a3:1f:d7:b2:dc:34:52:2d:a9:4d:a9:
         22:6e:93:04:2b:b6:a4:2c:01:5b:2f:ca:ee:07:7d:1b:51:fd:
         2a:e4:5d:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVuXWApFQpf9albswBRUuquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMGNkNDRlYmJlM2QwZDZhMDcyZTc1MTAzZjIzMTYwNjk5
NWY2YWIwHhcNMjMwMTAxMTcyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2Q3NmQ4OWRmMmYzZTMwMzg2YmQ1YjAzNjg1YjM5YjhkYWE2YmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhHFZGTooZTOz4bXx7sld/7OAB7K3
Sx0dV67KkRJY1IfNBHbmT23ipmdzhsXYfRlPpNo9fbhVvIHv459JIWS4E3rw1sAW
2ARfmLrZSg/KqdM8Cu7BTlx7lk8SCY/6bU9S4Wrgbo8xwJgOZOZP6AR4hi5DgrIT
Pm3QxNOrczd+LspkKpAbwEXKo+OTJLLQCCLjUmptI9Eeok3Juv5brJaTtsDlyl+7
K9X9SrEe89Nht4XYJqZrLsC+lWQSWWSZ3QemRes7yoOXEJ0gKiuuNyO4jFnaCIdr
/p6RPe9c4wkT800QIgEigNCu5vREskE2QA+juQHyf1Wg/uvu5OAxgWH4ZQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGzXbYnfLz4wOGvVsDaFs5uNqmvuMB8GA1UdIwQY
MBaAFDsM1E6749DWoHLnUQPyMWBplfarMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3d6VVRydmowTmFnY3VkUkFfSXhZR21WOXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy85NzFmMDgtZTU3Yy00MDhhLWI3NzYt
ZjdkYTNiODczMmJmLzEvYk5kdGlkOHZQakE0YTlXd05vV3ptNDJxYS00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy85NzFmMDgtZTU3Yy00MDhhLWI3NzYtZjdkYTNiODczMmJm
LzEvT3d6VVRydmowTmFnY3VkUkFfSXhZR21WOXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBubrOMA0E
AgACMAcDBQAqC9WAMA0GCSqGSIb3DQEBCwUAA4IBAQAI8JAyySgjFMOwh6TkbIoE
ZtmIS9B5oOBT6gCSoJAo6wCx3G93SkOYTsBMkkCnpn545lY0S0vix/tuMmjkXnnd
40LmuPfIHwHII5wmImYgCrkqeZiQ/tqS5IuevIUzOuz5oDM4VmpSLp65uATllMxQ
BiI9rAHL7HA+ekk5wKf17HVLztbX8BcxZg0QDpRCmZplKDvbBxtQhdbpVEx3URz7
pGwoZ2ySP5uQAh9llWyh1EfC2IA+hlQEHBQd68qp4Vci06nRpPD/zphqrpUIWK0D
tsQ4FpymZynxtExIvUNMox/Xstw0Ui2pTakibpMEK7akLAFbL8ruB30bUf0q5F2n
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:12:04 2024 by rpki-client on console-ams.rpki-client.org