Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/kVYgZHKjpCpHxqsMVuLNN8gq0A8.roa
File:                     kVYgZHKjpCpHxqsMVuLNN8gq0A8.roa (raw, json)
Hash identifier:          BMafH4hIlonRktgL4mnNiRiqrRbSDPlmIFc0lTmA0PA=
Subject key identifier:   91:56:20:64:72:A3:A4:2A:47:C6:AB:0C:56:E2:CD:37:C8:2A:D0:0F
Certificate issuer:       /CN=e168e36ba577ed47e6928729691991e4e7f235da
Certificate serial:       01856CEF4839260AA75E1898E3316574CB02
Authority key identifier: E1:68:E3:6B:A5:77:ED:47:E6:92:87:29:69:19:91:E4:E7:F2:35:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/kVYgZHKjpCpHxqsMVuLNN8gq0A8.roa
Signing time:             Sun 01 Jan 2023 10:44:58 +0000
ROA not before:           Sun 01 Jan 2023 10:44:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     206150
IP address blocks:        185.211.10.0/24 maxlen: 24
                          185.211.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 Nov 2023 13:58:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:ef:48:39:26:0a:a7:5e:18:98:e3:31:65:74:cb:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e168e36ba577ed47e6928729691991e4e7f235da
        Validity
            Not Before: Jan  1 10:44:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9156206472a3a42a47c6ab0c56e2cd37c82ad00f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:f0:a9:be:88:a2:86:4e:9b:1b:2d:a1:43:69:
                    a5:ec:f7:1d:2a:97:1b:8e:5f:f0:01:35:14:49:d8:
                    3e:f7:ec:bd:de:02:8a:33:55:4b:26:a9:74:33:bd:
                    a2:2d:88:e3:02:8b:d6:33:c9:54:30:51:22:08:30:
                    c2:1c:06:79:4f:89:75:3b:67:8e:8a:5e:b6:f9:42:
                    61:d8:1b:5f:70:ae:69:75:dc:f1:de:1a:e0:cc:88:
                    d0:5d:d8:2b:35:ce:23:f3:7b:61:07:50:03:c2:3b:
                    1d:ba:2f:a5:93:5d:e8:b1:98:86:fa:c0:8a:a4:60:
                    69:96:7f:47:b0:22:63:f4:a4:7f:a7:cd:03:63:64:
                    b7:9a:be:27:47:53:43:94:ef:58:32:6d:32:c4:3b:
                    14:1c:ae:ec:88:f7:dd:ce:d6:89:0c:bf:9a:d7:23:
                    55:7d:df:aa:bc:52:12:d8:7e:5c:52:58:00:ce:04:
                    83:8a:89:9a:71:7e:a3:ca:cd:6e:40:f0:88:e4:2c:
                    b7:4b:57:9c:b1:11:cc:14:56:87:8b:c2:1f:9c:d5:
                    82:9e:3c:48:fe:e4:e7:e7:60:14:64:aa:06:64:11:
                    4c:df:3f:06:16:2c:a4:b7:e5:b5:dc:c1:03:7e:6c:
                    28:58:b5:b2:92:4b:98:09:7b:20:fa:91:1d:c9:40:
                    ac:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:56:20:64:72:A3:A4:2A:47:C6:AB:0C:56:E2:CD:37:C8:2A:D0:0F
            X509v3 Authority Key Identifier:
                keyid:E1:68:E3:6B:A5:77:ED:47:E6:92:87:29:69:19:91:E4:E7:F2:35:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Wjja6V37UfmkocpaRmR5OfyNdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/kVYgZHKjpCpHxqsMVuLNN8gq0A8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/9a297d-cee5-4c93-b258-cb4babe9dc8f/1/4Wjja6V37UfmkocpaRmR5OfyNdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.8.0/24
                  185.211.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:15:49:63:c5:c8:08:ba:e2:8c:b2:d9:85:0f:65:10:28:1a:
         71:48:14:4d:49:5c:73:04:f1:b2:2d:b6:87:a2:da:03:4c:6e:
         10:2b:3f:d3:8c:30:4a:6b:eb:31:ec:a8:bb:5f:df:87:2a:5e:
         e5:a9:19:85:64:06:42:91:6d:63:49:ea:ac:d8:d3:3b:0b:1c:
         2d:68:1c:a7:2c:5c:b5:9d:e0:ce:63:ca:b6:24:e5:52:c9:c5:
         c3:36:99:43:23:ee:07:49:63:0b:67:86:59:0a:45:12:6d:c4:
         a0:bb:27:ca:df:48:99:31:97:9d:5f:12:69:5b:9a:ee:8d:ca:
         b8:e9:c8:5c:3f:78:30:c8:cb:75:d3:6a:dd:59:3e:4c:a8:a1:
         d1:02:ab:cd:3e:03:91:1e:4a:76:5f:6a:7f:08:2c:56:ac:67:
         27:9b:a2:24:fa:f4:18:77:94:6e:69:f8:06:60:5d:52:89:eb:
         5d:8b:e3:67:a9:47:6a:65:1f:6d:3a:0e:73:32:b1:cc:15:09:
         95:e2:d3:39:df:ba:3e:2f:54:86:1f:88:d0:90:94:a8:58:b5:
         8c:56:c0:db:c9:a9:93:72:34:33:e8:ce:2f:48:66:9b:dc:0b:
         3a:6e:9a:30:1d:a2:2d:93:32:89:f5:c0:9c:d7:c7:3e:85:2c:
         3a:53:1a:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVs70g5JgqnXhiY4zFldMsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNjhlMzZiYTU3N2VkNDdlNjkyODcyOTY5MTk5MWU0ZTdm
MjM1ZGEwHhcNMjMwMTAxMTA0NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU2MjA2NDcyYTNhNDJhNDdjNmFiMGM1NmUyY2QzN2M4MmFkMDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlfCpvoiihk6bGy2hQ2ml7PcdKpcb
jl/wATUUSdg+9+y93gKKM1VLJql0M72iLYjjAovWM8lUMFEiCDDCHAZ5T4l1O2eO
il62+UJh2BtfcK5pddzx3hrgzIjQXdgrNc4j83thB1ADwjsdui+lk13osZiG+sCK
pGBpln9HsCJj9KR/p80DY2S3mr4nR1NDlO9YMm0yxDsUHK7siPfdztaJDL+a1yNV
fd+qvFIS2H5cUlgAzgSDiomacX6jys1uQPCI5Cy3S1ecsRHMFFaHi8IfnNWCnjxI
/uTn52AUZKoGZBFM3z8GFiykt+W13MEDfmwoWLWykkuYCXsg+pEdyUCsHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJFWIGRyo6QqR8arDFbizTfIKtAPMB8GA1UdIwQY
MBaAFOFo42uld+1H5pKHKWkZkeTn8jXaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFdqamE2VjM3VWZta29jcGFSbVI1T2Z5TmRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny85YTI5N2QtY2VlNS00YzkzLWIyNTgt
Y2I0YmFiZTlkYzhmLzEva1ZZZ1pIS2pwQ3BIeHFzTVZ1TE5OOGdxMEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny85YTI5N2QtY2VlNS00YzkzLWIyNTgtY2I0YmFiZTlkYzhm
LzEvNFdqamE2VjM3VWZta29jcGFSbVI1T2Z5TmRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAudMIAwQA
udMKMA0GCSqGSIb3DQEBCwUAA4IBAQC5FUljxcgIuuKMstmFD2UQKBpxSBRNSVxz
BPGyLbaHotoDTG4QKz/TjDBKa+sx7Ki7X9+HKl7lqRmFZAZCkW1jSeqs2NM7Cxwt
aBynLFy1neDOY8q2JOVSycXDNplDI+4HSWMLZ4ZZCkUSbcSguyfK30iZMZedXxJp
W5rujcq46chcP3gwyMt102rdWT5MqKHRAqvNPgORHkp2X2p/CCxWrGcnm6Ik+vQY
d5RuafgGYF1Sietdi+NnqUdqZR9tOg5zMrHMFQmV4tM537o+L1SGH4jQkJSoWLWM
VsDbyamTcjQz6M4vSGab3As6bpowHaItkzKJ9cCc18c+hSw6UxrQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:20 2024 by rpki-client on console-fra.rpki-client.org