Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/KL9_s_CD3f1cojDcathHCHLjiBI.roa
File:                     KL9_s_CD3f1cojDcathHCHLjiBI.roa (raw, json)
Hash identifier:          DwulBbLshC2TrmLCWeYs4oayRssjGHxaUeogUkzdyw4=
Subject key identifier:   28:BF:7F:B3:F0:83:DD:FD:5C:A2:30:DC:6A:D8:47:08:72:E3:88:12
Certificate issuer:       /CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
Certificate serial:       01856F1DA579B1F63B4A747C85A1367238E5
Authority key identifier: 3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/KL9_s_CD3f1cojDcathHCHLjiBI.roa
Signing time:             Sun 01 Jan 2023 20:54:51 +0000
ROA not before:           Sun 01 Jan 2023 20:54:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61287
IP address blocks:        185.12.128.0/23 maxlen: 23
                          185.12.128.0/22 maxlen: 22
                          185.12.130.0/23 maxlen: 23
                          2a03:8d40::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:29:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:a5:79:b1:f6:3b:4a:74:7c:85:a1:36:72:38:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9436d2135c084897b74c6ad36da1700a7a98d
        Validity
            Not Before: Jan  1 20:54:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28bf7fb3f083ddfd5ca230dc6ad8470872e38812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:9c:2d:e6:8e:b2:24:ba:9b:56:f6:9b:ee:0d:
                    4b:32:91:d0:c0:be:b2:2f:c8:b4:4e:14:b3:9f:39:
                    07:00:13:83:dd:09:c4:ad:fd:17:bb:e9:1f:c5:44:
                    3d:a6:2e:42:14:21:5c:e3:b1:b6:6d:2d:b9:0d:13:
                    fa:24:52:75:d6:ca:38:fb:d2:a9:ab:ff:eb:7c:62:
                    ca:1d:3e:12:0c:ce:c0:30:5c:2b:5f:ee:86:25:b6:
                    9d:dd:bf:8a:f2:2e:f9:7f:08:da:3f:79:b0:81:23:
                    9f:fe:32:f7:72:e5:43:95:da:56:3e:42:b6:30:d9:
                    c3:cd:2d:66:45:92:70:6a:d0:35:31:6b:10:56:6e:
                    7d:11:58:0f:6a:84:9b:9e:08:f7:44:8c:43:f4:42:
                    69:85:36:65:76:c6:27:ab:04:94:01:89:3d:64:2c:
                    2c:a9:c9:25:9a:b0:27:f5:b0:06:4a:79:ef:8b:94:
                    22:47:a4:e7:8a:89:6e:9f:60:8a:96:6d:0f:d9:1b:
                    29:47:01:16:7e:f8:61:0a:d0:4a:7f:d3:a0:13:52:
                    9f:6c:3f:37:2b:4a:e3:68:96:0f:30:17:6e:38:ce:
                    d6:cd:4a:a9:f8:2f:95:24:4a:b1:3c:51:e7:2b:da:
                    e6:20:b8:35:71:01:e7:33:a5:52:4a:39:3b:8f:de:
                    42:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BF:7F:B3:F0:83:DD:FD:5C:A2:30:DC:6A:D8:47:08:72:E3:88:12
            X509v3 Authority Key Identifier:
                keyid:3B:D9:43:6D:21:35:C0:84:89:7B:74:C6:AD:36:DA:17:00:A7:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9lDbSE1wISJe3TGrTbaFwCnqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/KL9_s_CD3f1cojDcathHCHLjiBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/c53c3e-aa2d-41ab-a312-2637d13338f1/1/O9lDbSE1wISJe3TGrTbaFwCnqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.128.0/22
                IPv6:
                  2a03:8d40::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:d9:37:43:e9:f8:c1:43:ef:94:54:e1:dc:56:b1:58:5b:be:
         05:43:f7:62:29:0d:89:49:a1:b9:6b:d6:0a:ed:3a:1a:94:b0:
         e2:3c:e0:e6:07:93:e3:66:5f:0f:60:21:df:17:40:de:6a:45:
         a0:f9:ce:9b:45:58:65:74:2c:a2:c2:63:bc:58:e1:fb:36:5a:
         80:bf:ed:fc:18:8b:38:77:80:51:a7:b3:82:75:5c:2d:6f:87:
         8c:37:8b:38:b9:b8:f1:67:9d:a9:74:c2:fb:77:b2:35:8b:30:
         ba:18:00:6e:96:dc:76:6d:3d:ab:40:8a:64:c2:6b:98:ce:0c:
         a6:b7:70:8e:aa:7d:e9:29:60:69:c8:a9:4f:d3:32:41:11:f4:
         3b:01:32:26:be:40:da:23:b6:20:05:d8:ca:2e:66:ea:1c:ff:
         81:fa:b5:0c:e9:0f:a7:f7:ba:f3:82:58:e3:90:d9:33:b5:26:
         7b:21:e1:42:e8:3e:c9:1d:36:ed:dc:c6:c9:cb:a1:59:b7:83:
         e3:31:3e:60:2f:f3:ef:ac:0e:c6:1a:d9:04:a6:32:e6:74:74:
         70:31:d0:7b:d6:fb:db:f8:04:47:d5:dc:23:e6:2d:05:64:26:
         94:71:4d:41:d9:b9:06:a0:54:78:3e:87:1e:9c:a3:46:2f:35:
         1b:80:52:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVvHaV5sfY7SnR8haE2cjjlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDk0MzZkMjEzNWMwODQ4OTdiNzRjNmFkMzZkYTE3MDBh
N2E5OGQwHhcNMjMwMTAxMjA1NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJmN2ZiM2YwODNkZGZkNWNhMjMwZGM2YWQ4NDcwODcyZTM4ODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpwt5o6yJLqbVvab7g1LMpHQwL6y
L8i0ThSznzkHABOD3QnErf0Xu+kfxUQ9pi5CFCFc47G2bS25DRP6JFJ11so4+9Kp
q//rfGLKHT4SDM7AMFwrX+6GJbad3b+K8i75fwjaP3mwgSOf/jL3cuVDldpWPkK2
MNnDzS1mRZJwatA1MWsQVm59EVgPaoSbngj3RIxD9EJphTZldsYnqwSUAYk9ZCws
qcklmrAn9bAGSnnvi5QiR6Tniolun2CKlm0P2RspRwEWfvhhCtBKf9OgE1KfbD83
K0rjaJYPMBduOM7WzUqp+C+VJEqxPFHnK9rmILg1cQHnM6VSSjk7j95CWwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCi/f7Pwg939XKIw3GrYRwhy44gSMB8GA1UdIwQY
MBaAFDvZQ20hNcCEiXt0xq022hcAp6mNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTIt
MjYzN2QxMzMzOGYxLzEvS0w5X3NfQ0QzZjFjb2pEY2F0aEhDSExqaUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jNTNjM2UtYWEyZC00MWFiLWEzMTItMjYzN2QxMzMzOGYx
LzEvTzlsRGJTRTF3SVNKZTNUR3JUYmFGd0NucVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuQyAMA0E
AgACMAcDBQAqA41AMA0GCSqGSIb3DQEBCwUAA4IBAQBF2TdD6fjBQ++UVOHcVrFY
W74FQ/diKQ2JSaG5a9YK7ToalLDiPODmB5PjZl8PYCHfF0DeakWg+c6bRVhldCyi
wmO8WOH7NlqAv+38GIs4d4BRp7OCdVwtb4eMN4s4ubjxZ52pdML7d7I1izC6GABu
ltx2bT2rQIpkwmuYzgymt3COqn3pKWBpyKlP0zJBEfQ7ATImvkDaI7YgBdjKLmbq
HP+B+rUM6Q+n97rzgljjkNkztSZ7IeFC6D7JHTbt3MbJy6FZt4PjMT5gL/PvrA7G
GtkEpjLmdHRwMdB71vvb+ARH1dwj5i0FZCaUcU1B2bkGoFR4PocenKNGLzUbgFK4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:41 2024 by rpki-client on console-fra.rpki-client.org