Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/ZkGQxnf81TkF0zq1RJmLh5Ud_KA.roa
File:                     ZkGQxnf81TkF0zq1RJmLh5Ud_KA.roa (raw, json)
Hash identifier:          wb66ljBV9LGr7KlyFN+UN1RRuwCIuBVt46mr8RmukVw=
Subject key identifier:   66:41:90:C6:77:FC:D5:39:05:D3:3A:B5:44:99:8B:87:95:1D:FC:A0
Certificate issuer:       /CN=0502861f923c7ec1132b548f7abb861baca1f406
Certificate serial:       01857230F00F414FE1A1F872E05FE54274F0
Authority key identifier: 05:02:86:1F:92:3C:7E:C1:13:2B:54:8F:7A:BB:86:1B:AC:A1:F4:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BQKGH5I8fsETK1SPeruGG6yh9AY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/ZkGQxnf81TkF0zq1RJmLh5Ud_KA.roa
Signing time:             Mon 02 Jan 2023 11:14:47 +0000
ROA not before:           Mon 02 Jan 2023 11:14:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50673
IP address blocks:        185.104.28.0/22 maxlen: 24
                          2a06:2ec0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:30:f0:0f:41:4f:e1:a1:f8:72:e0:5f:e5:42:74:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0502861f923c7ec1132b548f7abb861baca1f406
        Validity
            Not Before: Jan  2 11:14:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=664190c677fcd53905d33ab544998b87951dfca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:06:3e:bf:14:de:d0:bb:38:01:6f:67:a5:52:
                    bf:9f:cf:42:ba:bc:61:b5:c5:57:43:0b:20:90:87:
                    8f:ed:25:11:19:f6:f0:cf:41:c6:3d:1f:a2:6e:f2:
                    87:79:53:52:cd:6d:a4:7f:e5:0c:42:87:75:05:4b:
                    94:fc:7e:43:ee:11:22:21:cd:71:1b:ee:33:42:97:
                    02:3c:bc:29:39:fd:20:cb:b1:98:7e:8d:45:48:13:
                    86:14:ed:36:19:f8:52:90:22:f0:57:1b:b3:34:e8:
                    f0:16:38:92:10:f3:6a:ce:f6:e5:f4:8d:8d:78:31:
                    04:72:53:5b:fd:7a:db:0c:c5:34:51:8c:61:e1:b2:
                    f8:ac:d3:cc:b9:c5:0e:11:eb:c7:39:74:ec:a8:5e:
                    15:d0:68:f2:b0:d7:ed:b6:d6:df:f2:e7:01:51:ed:
                    e1:f7:b4:d4:29:6c:ff:66:82:20:d7:fc:25:ad:38:
                    aa:18:87:dc:d4:77:77:1a:02:12:64:2e:5a:44:25:
                    02:d3:4f:69:c7:c0:f1:c7:70:19:7a:28:25:25:8d:
                    79:4b:2f:1d:74:7c:41:c4:68:cf:98:76:4a:cd:45:
                    fc:90:d2:b2:d4:32:23:71:84:1e:af:34:59:c1:77:
                    3e:0d:21:ff:6b:94:8e:31:15:d4:08:f2:8b:59:f3:
                    34:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:41:90:C6:77:FC:D5:39:05:D3:3A:B5:44:99:8B:87:95:1D:FC:A0
            X509v3 Authority Key Identifier:
                keyid:05:02:86:1F:92:3C:7E:C1:13:2B:54:8F:7A:BB:86:1B:AC:A1:F4:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BQKGH5I8fsETK1SPeruGG6yh9AY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/ZkGQxnf81TkF0zq1RJmLh5Ud_KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a9276f-e8c1-45d6-a42d-0c64debe9ec4/1/BQKGH5I8fsETK1SPeruGG6yh9AY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.104.28.0/22
                IPv6:
                  2a06:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6b:62:c0:17:fa:13:77:ec:76:b2:2b:0d:0e:ed:13:6f:67:ce:
         cc:a3:fa:f6:87:e9:be:ea:b6:be:ab:91:5b:22:4c:46:b0:14:
         1e:2d:6f:e4:da:0e:ea:5c:3e:18:87:d3:0e:76:4f:4f:9c:b6:
         ed:4b:da:4a:94:1a:09:00:cd:7f:4b:00:c5:a3:ff:f1:50:5d:
         f0:24:1f:30:e3:62:e9:f4:98:f3:c5:8d:41:6d:47:68:be:6f:
         4e:b2:61:87:1e:6a:4f:f1:20:1c:1c:98:02:65:cc:af:48:2c:
         b8:71:0c:ec:7c:f8:f9:e8:a4:2d:97:ed:88:b8:00:5f:44:ad:
         e2:02:b2:ad:01:92:6b:80:76:eb:bb:7f:b1:20:c3:dc:e5:5a:
         17:a9:d5:98:2f:0d:58:14:a6:53:42:f0:96:7c:a5:79:d3:cc:
         73:4f:af:6e:e7:1b:54:dc:1e:27:0b:ba:7d:33:66:1d:c3:08:
         11:85:50:e7:e3:00:96:12:c8:b7:dd:9a:b9:60:97:1e:59:d1:
         f9:12:85:eb:6e:75:d3:2e:d7:c6:7f:0e:91:4d:a0:a7:f5:62:
         49:85:ff:fe:c0:ef:db:d9:82:9f:df:e9:14:50:36:e9:09:12:
         df:2d:12:9f:7a:aa:c9:51:ee:88:ab:7f:61:4a:61:6e:73:76:
         66:60:9f:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyMPAPQU/hofhy4F/lQnTwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MDI4NjFmOTIzYzdlYzExMzJiNTQ4ZjdhYmI4NjFiYWNh
MWY0MDYwHhcNMjMwMTAyMTExNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQxOTBjNjc3ZmNkNTM5MDVkMzNhYjU0NDk5OGI4Nzk1MWRmY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgY+vxTe0Ls4AW9npVK/n89Curxh
tcVXQwsgkIeP7SURGfbwz0HGPR+ibvKHeVNSzW2kf+UMQod1BUuU/H5D7hEiIc1x
G+4zQpcCPLwpOf0gy7GYfo1FSBOGFO02GfhSkCLwVxuzNOjwFjiSEPNqzvbl9I2N
eDEEclNb/XrbDMU0UYxh4bL4rNPMucUOEevHOXTsqF4V0GjysNftttbf8ucBUe3h
97TUKWz/ZoIg1/wlrTiqGIfc1Hd3GgISZC5aRCUC009px8Dxx3AZeiglJY15Sy8d
dHxBxGjPmHZKzUX8kNKy1DIjcYQerzRZwXc+DSH/a5SOMRXUCPKLWfM0VQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGZBkMZ3/NU5BdM6tUSZi4eVHfygMB8GA1UdIwQY
MBaAFAUChh+SPH7BEytUj3q7hhusofQGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlFLR0g1SThmc0VUSzFTUGVydUdHNnloOUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9hOTI3NmYtZThjMS00NWQ2LWE0MmQt
MGM2NGRlYmU5ZWM0LzEvWmtHUXhuZjgxVGtGMHpxMVJKbUxoNVVkX0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9hOTI3NmYtZThjMS00NWQ2LWE0MmQtMGM2NGRlYmU5ZWM0
LzEvQlFLR0g1SThmc0VUSzFTUGVydUdHNnloOUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWgcMA0E
AgACMAcDBQMqBi7AMA0GCSqGSIb3DQEBCwUAA4IBAQBrYsAX+hN37HayKw0O7RNv
Z87Mo/r2h+m+6ra+q5FbIkxGsBQeLW/k2g7qXD4Yh9MOdk9PnLbtS9pKlBoJAM1/
SwDFo//xUF3wJB8w42Lp9JjzxY1BbUdovm9OsmGHHmpP8SAcHJgCZcyvSCy4cQzs
fPj56KQtl+2IuABfRK3iArKtAZJrgHbru3+xIMPc5VoXqdWYLw1YFKZTQvCWfKV5
08xzT69u5xtU3B4nC7p9M2YdwwgRhVDn4wCWEsi33Zq5YJceWdH5EoXrbnXTLtfG
fw6RTaCn9WJJhf/+wO/b2YKf3+kUUDbpCRLfLRKfeqrJUe6Iq39hSmFuc3ZmYJ+p
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:23:22 2024 by rpki-client on console-ams.rpki-client.org