Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9118e3-13da-4d48-9c38-711fc1a2d0a0/1/NSnZNIyyCn8PrD9uTAPYNU9Aq9I.roa
File:                     NSnZNIyyCn8PrD9uTAPYNU9Aq9I.roa (raw, json)
Hash identifier:          QBmW1EufHqmEjx3swEcy1dtAls6DFKEXKglDBnbqas0=
Subject key identifier:   35:29:D9:34:8C:B2:0A:7F:0F:AC:3F:6E:4C:03:D8:35:4F:40:AB:D2
Certificate issuer:       /CN=3a66869dd1a997164ba4fa23e0fd41fb3acb10be
Certificate serial:       01856E78F6B3AD064A9F7FAED98E8986FCD9
Authority key identifier: 3A:66:86:9D:D1:A9:97:16:4B:A4:FA:23:E0:FD:41:FB:3A:CB:10:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OmaGndGplxZLpPoj4P1B-zrLEL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9118e3-13da-4d48-9c38-711fc1a2d0a0/1/NSnZNIyyCn8PrD9uTAPYNU9Aq9I.roa
Signing time:             Sun 01 Jan 2023 17:54:59 +0000
ROA not before:           Sun 01 Jan 2023 17:54:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202956
IP address blocks:        185.149.76.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:32:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:78:f6:b3:ad:06:4a:9f:7f:ae:d9:8e:89:86:fc:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a66869dd1a997164ba4fa23e0fd41fb3acb10be
        Validity
            Not Before: Jan  1 17:54:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3529d9348cb20a7f0fac3f6e4c03d8354f40abd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:30:f1:f8:86:1b:e6:c8:12:ff:3e:ff:00:c5:
                    0e:df:ba:f5:ed:84:db:a7:1f:08:ed:f9:74:53:e2:
                    cc:6b:87:65:7a:65:41:d6:af:da:8d:60:f1:86:23:
                    d4:3f:c1:51:cd:e1:94:de:35:53:01:00:e6:90:24:
                    44:b1:7d:b3:c8:7c:f2:55:7f:7c:e7:88:b6:89:05:
                    2c:61:6c:07:f5:82:f3:c0:7f:4f:ee:cb:e4:e3:a4:
                    7a:32:c2:ee:b6:9b:82:16:2b:09:7c:f0:71:ba:60:
                    b5:db:87:2b:ed:a3:3e:93:1c:ef:30:1b:8c:e1:f2:
                    3c:2c:37:5e:bc:e0:ac:6c:9a:63:88:8e:31:a3:b6:
                    55:31:52:58:99:3d:59:62:3e:5f:47:2b:0d:c2:64:
                    d7:4c:61:a8:a1:b3:49:5a:66:f2:78:f9:d0:0a:b7:
                    fe:dc:4b:1c:a1:35:1a:83:7b:a7:47:07:47:45:d2:
                    c0:14:fa:0f:4f:ca:47:22:63:c9:22:9f:70:68:e9:
                    8b:a9:61:d1:21:38:34:d8:57:bb:e4:c6:1e:7b:e0:
                    31:90:1d:41:b6:f3:e1:49:9e:d5:55:93:18:dd:59:
                    e4:be:80:65:1f:f1:78:1e:59:bf:59:30:3f:bc:68:
                    29:35:2c:f8:c9:44:c6:aa:c5:2e:52:8a:c0:71:24:
                    83:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:29:D9:34:8C:B2:0A:7F:0F:AC:3F:6E:4C:03:D8:35:4F:40:AB:D2
            X509v3 Authority Key Identifier:
                keyid:3A:66:86:9D:D1:A9:97:16:4B:A4:FA:23:E0:FD:41:FB:3A:CB:10:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OmaGndGplxZLpPoj4P1B-zrLEL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9118e3-13da-4d48-9c38-711fc1a2d0a0/1/NSnZNIyyCn8PrD9uTAPYNU9Aq9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9118e3-13da-4d48-9c38-711fc1a2d0a0/1/OmaGndGplxZLpPoj4P1B-zrLEL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         dd:ab:34:2c:80:50:ac:9a:df:87:0e:0f:fc:c6:e0:fe:a1:70:
         ee:6b:56:63:29:e0:ab:dd:56:23:d5:fb:f6:27:9f:7f:2a:5c:
         5f:b4:59:5d:77:bf:2b:15:c3:c9:d0:c4:67:d1:a0:f6:dc:4d:
         68:37:b1:4d:3c:95:a4:18:a6:54:cc:9a:b0:d8:f3:a2:fd:7c:
         ce:cb:d0:46:6e:6d:a7:ba:5c:80:89:12:e1:ba:44:a4:99:65:
         80:68:72:40:77:ca:f4:0c:11:82:e3:a4:a4:eb:f5:28:a9:84:
         38:93:6b:94:58:4c:c7:ce:22:93:d4:c2:43:26:d4:8f:24:73:
         a9:8a:aa:42:ae:fb:60:3f:a4:9d:8a:34:7a:55:85:b9:32:54:
         10:ae:be:0d:dc:03:ac:60:bb:5e:e3:99:e1:9f:76:06:ff:5d:
         a0:c1:08:37:ce:21:71:09:9c:3e:69:26:b7:2b:4c:bc:28:4b:
         01:5f:db:83:ad:77:8b:cf:08:5e:cd:6c:15:5c:53:1c:28:ee:
         fd:9e:68:42:a4:c7:b8:bf:66:23:2c:bc:82:c8:a1:8d:c8:be:
         04:8c:4f:79:2c:62:91:f5:a8:df:dd:e8:02:bf:47:cb:a8:53:
         7a:2e:c6:12:b8:8f:47:40:0f:cd:22:05:88:f7:f9:61:f5:0c:
         5a:1d:13:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVuePazrQZKn3+u2Y6JhvzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhNjY4NjlkZDFhOTk3MTY0YmE0ZmEyM2UwZmQ0MWZiM2Fj
YjEwYmUwHhcNMjMwMTAxMTc1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTI5ZDkzNDhjYjIwYTdmMGZhYzNmNmU0YzAzZDgzNTRmNDBhYmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDDx+IYb5sgS/z7/AMUO37r17YTb
px8I7fl0U+LMa4dlemVB1q/ajWDxhiPUP8FRzeGU3jVTAQDmkCREsX2zyHzyVX98
54i2iQUsYWwH9YLzwH9P7svk46R6MsLutpuCFisJfPBxumC124cr7aM+kxzvMBuM
4fI8LDdevOCsbJpjiI4xo7ZVMVJYmT1ZYj5fRysNwmTXTGGoobNJWmbyePnQCrf+
3EscoTUag3unRwdHRdLAFPoPT8pHImPJIp9waOmLqWHRITg02Fe75MYee+AxkB1B
tvPhSZ7VVZMY3VnkvoBlH/F4Hlm/WTA/vGgpNSz4yUTGqsUuUorAcSSDSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDUp2TSMsgp/D6w/bkwD2DVPQKvSMB8GA1UdIwQY
MBaAFDpmhp3RqZcWS6T6I+D9Qfs6yxC+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT21hR25kR3BseFpMcFBvajRQMUItenJMRUw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85MTE4ZTMtMTNkYS00ZDQ4LTljMzgt
NzExZmMxYTJkMGEwLzEvTlNuWk5JeXlDbjhQckQ5dVRBUFlOVTlBcTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85MTE4ZTMtMTNkYS00ZDQ4LTljMzgtNzExZmMxYTJkMGEw
LzEvT21hR25kR3BseFpMcFBvajRQMUItenJMRUw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZVMMA0G
CSqGSIb3DQEBCwUAA4IBAQDdqzQsgFCsmt+HDg/8xuD+oXDua1ZjKeCr3VYj1fv2
J59/KlxftFldd78rFcPJ0MRn0aD23E1oN7FNPJWkGKZUzJqw2POi/XzOy9BGbm2n
ulyAiRLhukSkmWWAaHJAd8r0DBGC46Sk6/UoqYQ4k2uUWEzHziKT1MJDJtSPJHOp
iqpCrvtgP6SdijR6VYW5MlQQrr4N3AOsYLte45nhn3YG/12gwQg3ziFxCZw+aSa3
K0y8KEsBX9uDrXeLzwhezWwVXFMcKO79nmhCpMe4v2YjLLyCyKGNyL4EjE95LGKR
9ajf3egCv0fLqFN6LsYSuI9HQA/NIgWI9/lh9QxaHRM2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:34 2024 by rpki-client on console-ams.rpki-client.org