Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/EH-gj6vWOWmAE9OCvMDx_lD5YZo.roa
File:                     EH-gj6vWOWmAE9OCvMDx_lD5YZo.roa (raw, json)
Hash identifier:          hc3uQx0qtSvMwetS4luZguLaC9Ed92wCmDw7E8T22OI=
Subject key identifier:   10:7F:A0:8F:AB:D6:39:69:80:13:D3:82:BC:C0:F1:FE:50:F9:61:9A
Certificate issuer:       /CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
Certificate serial:       01856CE60DDD9920BF2297685A872CEA4DBD
Authority key identifier: 4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/EH-gj6vWOWmAE9OCvMDx_lD5YZo.roa
Signing time:             Sun 01 Jan 2023 10:34:54 +0000
ROA not before:           Sun 01 Jan 2023 10:34:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     52468
IP address blocks:        185.213.220.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:0d:dd:99:20:bf:22:97:68:5a:87:2c:ea:4d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dd954d3c77c9c4e37eebf753d86f3dcf091d4a9
        Validity
            Not Before: Jan  1 10:34:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=107fa08fabd639698013d382bcc0f1fe50f9619a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e3:dd:e2:21:94:b2:bc:17:59:56:c7:66:a1:
                    de:f3:0c:f9:84:ea:53:df:1f:aa:10:bf:4e:3d:df:
                    97:98:38:4e:1f:f9:8c:3f:69:aa:47:7e:c1:9f:bd:
                    4d:ed:33:ca:9e:33:12:e3:c0:7d:63:6f:a2:08:91:
                    5b:ea:dc:78:06:47:28:0b:84:21:7a:d5:2d:d1:3a:
                    64:7d:65:50:09:d3:d4:95:56:6c:7a:d9:35:be:f4:
                    e5:3a:e6:9e:4e:6c:d0:5f:4c:c8:d7:9c:9b:40:54:
                    a1:c9:3f:97:0e:9d:97:d9:7a:71:20:34:77:47:44:
                    68:02:f7:0d:ee:83:34:24:01:6e:74:70:86:55:29:
                    8d:11:64:b9:b6:71:8d:4e:73:3e:52:cd:1b:b2:94:
                    2a:8a:1d:59:b5:50:31:39:b9:64:80:6b:0a:ee:a6:
                    ea:cf:be:03:bf:ae:7a:a1:f8:78:ba:7c:9e:b2:e6:
                    f7:71:5d:e5:5b:a8:b9:b5:21:31:ec:ab:cf:78:9c:
                    59:15:93:99:1f:a9:cd:88:a8:ca:6e:6f:cc:c3:6e:
                    6a:9c:ee:c7:30:9b:87:84:b3:52:36:e8:ad:d7:27:
                    13:99:a2:f9:25:c1:25:f2:c8:79:c7:69:3b:70:7c:
                    d4:9d:b8:a5:ee:01:29:06:b9:61:65:2f:1d:c1:d4:
                    74:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7F:A0:8F:AB:D6:39:69:80:13:D3:82:BC:C0:F1:FE:50:F9:61:9A
            X509v3 Authority Key Identifier:
                keyid:4D:D9:54:D3:C7:7C:9C:4E:37:EE:BF:75:3D:86:F3:DC:F0:91:D4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TdlU08d8nE437r91PYbz3PCR1Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/EH-gj6vWOWmAE9OCvMDx_lD5YZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/7a2a99-146c-4781-a302-eb7aaa6828be/1/TdlU08d8nE437r91PYbz3PCR1Kk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:7e:32:c7:52:9d:c9:0d:4a:29:2d:38:3a:14:76:6b:c1:e9:
         33:f1:eb:0f:92:f5:91:54:89:3a:cf:0d:56:03:5b:31:d1:40:
         5c:fb:18:24:f8:60:da:7d:f1:cd:be:41:87:19:c8:92:b8:03:
         64:40:a7:12:ea:1b:69:50:de:0a:3b:91:29:55:56:05:c6:c5:
         de:32:50:b2:32:dc:90:17:20:e1:8c:9a:73:ef:c8:7e:73:c5:
         f9:8c:40:d6:b0:6c:4a:12:2e:13:9f:ed:69:ba:28:27:22:19:
         32:ab:ac:30:c2:c3:dc:f1:d7:df:2b:11:9d:75:b4:06:48:40:
         c7:cd:e0:90:1c:6c:f4:1e:90:3b:88:0f:4e:09:3a:2e:01:ee:
         24:3c:11:44:c3:f1:4c:ec:bf:f0:12:b8:83:cd:1e:19:57:68:
         5f:9b:0f:18:d2:bf:93:95:3e:44:e0:71:25:03:42:14:5f:82:
         93:bb:9d:63:c6:70:db:28:bd:88:18:30:72:27:74:c6:ea:d4:
         5c:ed:e7:7b:28:97:1d:9f:03:e5:da:98:67:0e:6e:b0:21:d5:
         07:e1:1a:99:e4:91:e3:eb:85:aa:0b:f2:00:7a:ec:61:17:25:
         a9:c8:f6:d0:59:d2:9c:a3:4c:a0:ef:14:c2:b9:b0:14:45:82:
         c4:f7:44:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVs5g3dmSC/IpdoWocs6k29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZDk1NGQzYzc3YzljNGUzN2VlYmY3NTNkODZmM2RjZjA5
MWQ0YTkwHhcNMjMwMTAxMTAzNDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdmYTA4ZmFiZDYzOTY5ODAxM2QzODJiY2MwZjFmZTUwZjk2MTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+Pd4iGUsrwXWVbHZqHe8wz5hOpT
3x+qEL9OPd+XmDhOH/mMP2mqR37Bn71N7TPKnjMS48B9Y2+iCJFb6tx4BkcoC4Qh
etUt0TpkfWVQCdPUlVZsetk1vvTlOuaeTmzQX0zI15ybQFShyT+XDp2X2XpxIDR3
R0RoAvcN7oM0JAFudHCGVSmNEWS5tnGNTnM+Us0bspQqih1ZtVAxOblkgGsK7qbq
z74Dv656ofh4unyesub3cV3lW6i5tSEx7KvPeJxZFZOZH6nNiKjKbm/Mw25qnO7H
MJuHhLNSNuit1ycTmaL5JcEl8sh5x2k7cHzUnbil7gEpBrlhZS8dwdR0LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBB/oI+r1jlpgBPTgrzA8f5Q+WGaMB8GA1UdIwQY
MBaAFE3ZVNPHfJxON+6/dT2G89zwkdSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDIt
ZWI3YWFhNjgyOGJlLzEvRUgtZ2o2dldPV21BRTlPQ3ZNRHhfbEQ1WVpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC83YTJhOTktMTQ2Yy00NzgxLWEzMDItZWI3YWFhNjgyOGJl
LzEvVGRsVTA4ZDhuRTQzN3I5MVBZYnozUENSMUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBudXcMA0G
CSqGSIb3DQEBCwUAA4IBAQBBfjLHUp3JDUopLTg6FHZrwekz8esPkvWRVIk6zw1W
A1sx0UBc+xgk+GDaffHNvkGHGciSuANkQKcS6htpUN4KO5EpVVYFxsXeMlCyMtyQ
FyDhjJpz78h+c8X5jEDWsGxKEi4Tn+1puignIhkyq6wwwsPc8dffKxGddbQGSEDH
zeCQHGz0HpA7iA9OCTouAe4kPBFEw/FM7L/wEriDzR4ZV2hfmw8Y0r+TlT5E4HEl
A0IUX4KTu51jxnDbKL2IGDByJ3TG6tRc7ed7KJcdnwPl2phnDm6wIdUH4RqZ5JHj
64WqC/IAeuxhFyWpyPbQWdKco0yg7xTCubAURYLE90So
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:12:14 2024 by rpki-client on console-ams.rpki-client.org