Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/kS-csEF87UsW2llqHNmX6QL25-g.roa
File:                     kS-csEF87UsW2llqHNmX6QL25-g.roa (raw, json)
Hash identifier:          L5T/Dpx4DNLibntcccaIW0+s98TnxIyHfDQgpdrgZs0=
Subject key identifier:   91:2F:9C:B0:41:7C:ED:4B:16:DA:59:6A:1C:D9:97:E9:02:F6:E7:E8
Certificate issuer:       /CN=f7aa039b886b226578bdb6a42781bf59044bb138
Certificate serial:       01856E5D4CD3496195D983DFAF5AE54EC1F7
Authority key identifier: F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/kS-csEF87UsW2llqHNmX6QL25-g.roa
Signing time:             Sun 01 Jan 2023 17:24:46 +0000
ROA not before:           Sun 01 Jan 2023 17:24:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35000
IP address blocks:        185.7.147.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:5d:4c:d3:49:61:95:d9:83:df:af:5a:e5:4e:c1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7aa039b886b226578bdb6a42781bf59044bb138
        Validity
            Not Before: Jan  1 17:24:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=912f9cb0417ced4b16da596a1cd997e902f6e7e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c7:fa:73:dc:78:b7:67:fe:1e:6f:77:bd:3f:
                    24:0d:ef:54:ec:1a:b8:8c:e0:bd:81:a3:f9:e8:fd:
                    8f:21:b4:9c:a4:40:cd:a1:55:33:b9:d8:d0:a7:20:
                    3f:78:1f:d3:89:dd:84:dd:96:4f:a9:19:ed:32:e4:
                    b2:0e:ab:32:53:db:bd:84:5c:68:9a:21:b2:81:3e:
                    60:ca:1b:39:ad:fa:df:a8:1f:39:d1:f5:82:5d:e3:
                    06:c4:2b:be:94:ff:53:93:db:96:54:48:6c:74:8b:
                    44:77:cc:dd:5c:16:b7:b6:b4:d4:d0:b7:4c:8a:0e:
                    af:09:23:c2:ec:81:3f:47:fb:b5:39:58:8b:07:fb:
                    19:96:fd:e5:7e:3e:a4:22:1e:5c:13:ab:6a:33:b7:
                    64:6c:75:70:09:15:b2:34:6f:53:cc:cc:75:50:73:
                    24:46:4d:67:a0:fc:4e:08:c6:0f:c1:83:10:cb:d3:
                    9a:ba:95:66:95:c3:bb:0a:fa:83:38:f2:00:e9:98:
                    1c:be:4c:12:55:61:4c:37:46:37:1b:29:33:cf:f0:
                    d5:00:8f:bc:58:19:4b:4d:63:68:a7:64:36:e4:37:
                    2a:9b:a2:16:3e:4c:c0:5e:37:78:ea:d6:d7:df:ce:
                    2c:3b:16:2f:17:fe:77:2a:27:48:59:d9:ea:8a:ce:
                    3d:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:2F:9C:B0:41:7C:ED:4B:16:DA:59:6A:1C:D9:97:E9:02:F6:E7:E8
            X509v3 Authority Key Identifier:
                keyid:F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/kS-csEF87UsW2llqHNmX6QL25-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:42:2c:b2:f8:0a:b9:a0:16:7b:a8:56:5a:fa:c4:bc:50:b6:
         f9:a0:68:ea:32:c1:90:6f:ef:28:22:99:9e:79:1e:2f:6c:a0:
         ee:21:39:e4:0f:fe:ad:3f:b0:44:8c:8e:79:ad:98:4e:3e:3d:
         ae:c7:47:2a:cd:83:33:53:a4:2d:74:b2:66:39:e8:15:e6:18:
         02:ad:b0:11:e8:4b:0b:03:db:40:b1:b1:95:12:0a:d6:50:ee:
         b3:67:23:b8:94:7d:e8:9d:3c:99:c8:8f:a3:e0:7a:c5:f3:a9:
         28:2b:8d:04:b2:58:d2:60:b0:ec:c7:1f:0b:2f:11:bc:ec:68:
         3c:c9:fc:1a:de:8c:3a:5e:a0:16:c6:c5:ac:35:52:13:46:00:
         ce:47:72:71:d5:24:b7:59:ff:70:d2:cf:f8:7b:c6:8f:aa:08:
         b0:c2:2b:06:ed:48:6d:22:10:1f:05:eb:c7:79:b1:b6:bf:43:
         2d:d0:f5:0a:06:ca:b1:c7:83:19:c3:41:d6:bb:9b:2a:d5:c2:
         6c:47:bb:5e:ac:f8:35:20:c0:0b:e1:02:05:57:9c:b9:e2:0f:
         94:99:9a:c9:73:81:ab:47:72:2e:7f:2e:d5:f1:1a:b2:64:ec:
         15:3a:06:2c:41:08:01:7f:8a:2c:95:6c:5a:d0:fe:ca:92:d2:
         2f:78:bd:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuXUzTSWGV2YPfr1rlTsH3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWEwMzliODg2YjIyNjU3OGJkYjZhNDI3ODFiZjU5MDQ0
YmIxMzgwHhcNMjMwMTAxMTcyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTJmOWNiMDQxN2NlZDRiMTZkYTU5NmExY2Q5OTdlOTAyZjZlN2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMf6c9x4t2f+Hm93vT8kDe9U7Bq4
jOC9gaP56P2PIbScpEDNoVUzudjQpyA/eB/Tid2E3ZZPqRntMuSyDqsyU9u9hFxo
miGygT5gyhs5rfrfqB850fWCXeMGxCu+lP9Tk9uWVEhsdItEd8zdXBa3trTU0LdM
ig6vCSPC7IE/R/u1OViLB/sZlv3lfj6kIh5cE6tqM7dkbHVwCRWyNG9TzMx1UHMk
Rk1noPxOCMYPwYMQy9OaupVmlcO7CvqDOPIA6ZgcvkwSVWFMN0Y3Gykzz/DVAI+8
WBlLTWNop2Q25Dcqm6IWPkzAXjd46tbX384sOxYvF/53KidIWdnqis49BQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJEvnLBBfO1LFtpZahzZl+kC9ufoMB8GA1UdIwQY
MBaAFPeqA5uIayJleL22pCeBv1kES7E4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWIt
NmY2MjFkNzM2YWZmLzEva1MtY3NFRjg3VXNXMmxscUhObVg2UUwyNS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWItNmY2MjFkNzM2YWZm
LzEvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQeTMA0G
CSqGSIb3DQEBCwUAA4IBAQCFQiyy+Aq5oBZ7qFZa+sS8ULb5oGjqMsGQb+8oIpme
eR4vbKDuITnkD/6tP7BEjI55rZhOPj2ux0cqzYMzU6QtdLJmOegV5hgCrbAR6EsL
A9tAsbGVEgrWUO6zZyO4lH3onTyZyI+j4HrF86koK40EsljSYLDsxx8LLxG87Gg8
yfwa3ow6XqAWxsWsNVITRgDOR3Jx1SS3Wf9w0s/4e8aPqgiwwisG7UhtIhAfBevH
ebG2v0Mt0PUKBsqxx4MZw0HWu5sq1cJsR7terPg1IMAL4QIFV5y54g+UmZrJc4Gr
R3Iufy7V8RqyZOwVOgYsQQgBf4oslWxa0P7KktIveL25
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:23 2024 by rpki-client on console-fra.rpki-client.org