Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/51a60c-cf63-443d-9e02-04dd56f70fe3/1/3FZiLh0dnFc6ksRV3fZRp1u3q7U.roa
File:                     3FZiLh0dnFc6ksRV3fZRp1u3q7U.roa (raw, json)
Hash identifier:          9LboSRDhLWS1nQKGt44NnsVBnHdxr/gpm4b5elxxA+8=
Subject key identifier:   DC:56:62:2E:1D:1D:9C:57:3A:92:C4:55:DD:F6:51:A7:5B:B7:AB:B5
Certificate issuer:       /CN=39e87ef03cf171a40ba2bec89e688bb9d3825873
Certificate serial:       018C120DC6ACE16CED4B22746473E8F0A7F4
Authority key identifier: 39:E8:7E:F0:3C:F1:71:A4:0B:A2:BE:C8:9E:68:8B:B9:D3:82:58:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oeh-8DzxcaQLor7InmiLudOCWHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/51a60c-cf63-443d-9e02-04dd56f70fe3/1/3FZiLh0dnFc6ksRV3fZRp1u3q7U.roa
Signing time:             Mon 27 Nov 2023 18:32:21 +0000
ROA not before:           Mon 27 Nov 2023 18:32:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202139
IP address blocks:        85.158.8.0/22 maxlen: 24
                          2a05:fa80::/29 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:12:0d:c6:ac:e1:6c:ed:4b:22:74:64:73:e8:f0:a7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39e87ef03cf171a40ba2bec89e688bb9d3825873
        Validity
            Not Before: Nov 27 18:32:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=dc56622e1d1d9c573a92c455ddf651a75bb7abb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:97:b0:21:fe:75:d5:5e:43:f9:9e:22:ea:a1:
                    36:c7:a2:e1:52:b7:e6:b9:ad:31:a6:67:16:a0:7c:
                    e6:e0:d6:37:b2:6b:f1:51:28:43:f2:3b:5f:21:ab:
                    80:e1:bc:e8:82:97:a9:2d:31:5f:bd:0b:1f:17:a6:
                    36:6d:42:fc:4c:0c:8b:6e:0d:b6:75:b2:b7:d8:f2:
                    c3:2c:ed:0f:54:2d:0c:9f:84:f9:d2:a1:c2:f8:9d:
                    25:cf:6c:c5:bf:2b:48:07:8d:fc:35:2d:a6:35:00:
                    68:5a:96:3b:5f:69:00:92:59:c5:9f:7d:f6:c3:77:
                    d8:84:27:e1:b7:1e:a9:86:ac:4f:57:c8:30:ad:a4:
                    29:0c:c0:4e:ce:fc:97:ca:9e:be:b9:cb:3f:c6:64:
                    35:40:4d:2d:48:4f:5a:0c:06:43:a8:f5:02:11:f0:
                    07:ec:46:c3:b0:dd:fe:8b:43:a5:83:f3:e0:12:78:
                    b0:3f:42:83:00:a9:7a:36:77:79:24:c5:46:e5:b1:
                    32:c5:bb:7c:1f:a8:d8:08:5b:be:ea:a7:7e:01:f4:
                    7c:76:69:03:36:9c:24:25:5a:d4:26:7b:cf:b1:8e:
                    03:dd:d9:b6:7a:f2:25:65:5a:0c:20:7e:a1:b6:b6:
                    5e:b4:40:c6:31:91:ce:05:b9:ac:77:ff:e2:98:29:
                    ff:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:56:62:2E:1D:1D:9C:57:3A:92:C4:55:DD:F6:51:A7:5B:B7:AB:B5
            X509v3 Authority Key Identifier:
                keyid:39:E8:7E:F0:3C:F1:71:A4:0B:A2:BE:C8:9E:68:8B:B9:D3:82:58:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oeh-8DzxcaQLor7InmiLudOCWHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/51a60c-cf63-443d-9e02-04dd56f70fe3/1/3FZiLh0dnFc6ksRV3fZRp1u3q7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/51a60c-cf63-443d-9e02-04dd56f70fe3/1/Oeh-8DzxcaQLor7InmiLudOCWHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.158.8.0/22
                IPv6:
                  2a05:fa80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a0:df:ae:95:90:44:7d:db:9d:4c:33:08:c2:a2:a5:e6:78:86:
         36:b0:f0:3f:fb:c6:8e:32:b1:5e:5b:53:26:80:35:01:80:26:
         a4:0a:15:ee:f7:fa:f6:b9:71:42:89:74:91:e2:02:65:1c:8a:
         aa:17:6a:9f:5b:ac:c8:05:e6:b1:e4:59:9d:80:05:9f:88:f8:
         50:e2:e0:2e:30:54:33:ca:50:66:3a:4e:c2:b9:b9:bb:c8:3f:
         ee:d9:ab:ea:7e:b0:1c:a6:e6:ba:1f:97:e5:1c:c2:68:b5:52:
         c5:34:90:a6:cc:18:be:ba:4d:a4:e9:d5:fa:3d:41:e6:06:3a:
         31:bc:db:63:54:0c:f1:00:6c:08:95:67:25:e5:e1:76:c1:1a:
         83:a3:c4:cf:cd:6e:0f:f2:c9:38:64:c4:9d:6e:7f:d3:38:b6:
         6a:e3:aa:3a:79:4c:18:a1:9c:ab:dc:26:24:8b:8e:36:88:1e:
         ac:51:e7:fe:d1:db:b7:26:79:09:e4:94:7d:7a:46:f7:86:d7:
         0a:de:a5:12:5e:58:fb:90:0a:ce:26:51:48:c7:41:ab:ac:7b:
         80:d6:b9:43:d8:15:10:62:25:91:de:48:f3:bf:19:52:80:fd:
         da:00:32:6a:ec:1b:fb:bb:d4:13:2b:38:3f:14:ab:77:e6:ac:
         20:6d:b7:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYwSDcas4WztSyJ0ZHPo8Kf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZTg3ZWYwM2NmMTcxYTQwYmEyYmVjODllNjg4YmI5ZDM4
MjU4NzMwHhcNMjMxMTI3MTgzMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzU2NjIyZTFkMWQ5YzU3M2E5MmM0NTVkZGY2NTFhNzViYjdhYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpewIf511V5D+Z4i6qE2x6LhUrfm
ua0xpmcWoHzm4NY3smvxUShD8jtfIauA4bzogpepLTFfvQsfF6Y2bUL8TAyLbg22
dbK32PLDLO0PVC0Mn4T50qHC+J0lz2zFvytIB438NS2mNQBoWpY7X2kAklnFn332
w3fYhCfhtx6phqxPV8gwraQpDMBOzvyXyp6+ucs/xmQ1QE0tSE9aDAZDqPUCEfAH
7EbDsN3+i0Olg/PgEniwP0KDAKl6Nnd5JMVG5bEyxbt8H6jYCFu+6qd+AfR8dmkD
NpwkJVrUJnvPsY4D3dm2evIlZVoMIH6htrZetEDGMZHOBbmsd//imCn/gwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNxWYi4dHZxXOpLEVd32Uadbt6u1MB8GA1UdIwQY
MBaAFDnofvA88XGkC6K+yJ5oi7nTglhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2VoLThEenhjYVFMb3I3SW5taUx1ZE9DV0hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy81MWE2MGMtY2Y2My00NDNkLTllMDIt
MDRkZDU2ZjcwZmUzLzEvM0ZaaUxoMGRuRmM2a3NSVjNmWlJwMXUzcTdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy81MWE2MGMtY2Y2My00NDNkLTllMDItMDRkZDU2ZjcwZmUz
LzEvT2VoLThEenhjYVFMb3I3SW5taUx1ZE9DV0hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVZ4IMA0E
AgACMAcDBQMqBfqAMA0GCSqGSIb3DQEBCwUAA4IBAQCg366VkER9251MMwjCoqXm
eIY2sPA/+8aOMrFeW1MmgDUBgCakChXu9/r2uXFCiXSR4gJlHIqqF2qfW6zIBeax
5FmdgAWfiPhQ4uAuMFQzylBmOk7Cubm7yD/u2avqfrAcpua6H5flHMJotVLFNJCm
zBi+uk2k6dX6PUHmBjoxvNtjVAzxAGwIlWcl5eF2wRqDo8TPzW4P8sk4ZMSdbn/T
OLZq46o6eUwYoZyr3CYki442iB6sUef+0du3JnkJ5JR9ekb3htcK3qUSXlj7kArO
JlFIx0GrrHuA1rlD2BUQYiWR3kjzvxlSgP3aADJq7Bv7u9QTKzg/FKt35qwgbbc0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:30 2024 by rpki-client on console-ams.rpki-client.org