Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/qKI5LOwmlZebxIvEZpGmQfGvNZY.roa
File:                     qKI5LOwmlZebxIvEZpGmQfGvNZY.roa (raw, json)
Hash identifier:          9mkTzTTEMtwxI6GNxxQNr+rDPG+ZR+X826D5pS28PJE=
Subject key identifier:   A8:A2:39:2C:EC:26:95:97:9B:C4:8B:C4:66:91:A6:41:F1:AF:35:96
Certificate issuer:       /CN=61ba0be7cce380e6bb74e3c5fcea081e9799ae54
Certificate serial:       01856DCB0A4FEE5B80C6C0DE6079548A1C17
Authority key identifier: 61:BA:0B:E7:CC:E3:80:E6:BB:74:E3:C5:FC:EA:08:1E:97:99:AE:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/qKI5LOwmlZebxIvEZpGmQfGvNZY.roa
Signing time:             Sun 01 Jan 2023 14:45:00 +0000
ROA not before:           Sun 01 Jan 2023 14:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51431
IP address blocks:        185.137.24.0/24 maxlen: 24
                          185.137.25.0/24 maxlen: 24
                          185.137.27.0/24 maxlen: 24
                          185.191.77.0/24 maxlen: 24
                          185.191.76.0/22 maxlen: 24
                          185.191.76.0/24 maxlen: 24
                          185.191.78.0/24 maxlen: 24
                          185.191.79.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 01 Feb 2023 10:44:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:cb:0a:4f:ee:5b:80:c6:c0:de:60:79:54:8a:1c:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61ba0be7cce380e6bb74e3c5fcea081e9799ae54
        Validity
            Not Before: Jan  1 14:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a8a2392cec2695979bc48bc46691a641f1af3596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:9b:ff:b5:ad:48:39:79:8d:55:0f:0c:3a:09:
                    42:f4:17:5f:48:b9:54:c4:b6:41:87:e1:f3:dc:f4:
                    4a:7f:99:51:f9:ac:fc:b8:78:d1:66:c1:47:4e:86:
                    62:b1:8c:5d:a3:02:54:07:a4:7f:8b:5e:d2:13:b1:
                    e3:5d:27:c4:21:b5:68:71:ee:3c:ba:e9:8b:74:58:
                    cd:a0:65:d1:33:1e:47:fd:22:87:a1:64:56:04:3b:
                    6e:80:d7:d4:75:1a:ad:d6:d2:18:b5:5f:62:7b:68:
                    46:fe:6c:56:84:29:a5:66:e0:9a:5d:16:20:fb:8d:
                    c0:73:2a:b3:1e:60:d5:b9:ae:b7:32:6c:ee:03:49:
                    1c:82:de:f2:91:e8:2c:b1:3d:71:f5:2d:3a:35:c4:
                    e1:b9:31:dc:c7:01:c3:bd:74:d0:8b:72:45:01:91:
                    c3:2e:91:e6:d9:4b:93:5a:9d:b8:78:cc:ba:87:27:
                    ec:b8:e9:3a:f2:25:11:c4:15:12:94:cd:4a:3b:7e:
                    4b:ea:2f:67:96:94:a2:07:04:36:a2:63:de:02:8a:
                    93:6e:3f:ed:2d:57:5d:36:aa:cb:05:6a:88:80:59:
                    37:14:da:c1:a1:4b:41:db:e2:7d:51:3d:ba:0c:d3:
                    f3:d0:86:91:cd:b3:ab:08:8e:80:2f:b6:96:a4:d1:
                    72:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:A2:39:2C:EC:26:95:97:9B:C4:8B:C4:66:91:A6:41:F1:AF:35:96
            X509v3 Authority Key Identifier:
                keyid:61:BA:0B:E7:CC:E3:80:E6:BB:74:E3:C5:FC:EA:08:1E:97:99:AE:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YboL58zjgOa7dOPF_OoIHpeZrlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/qKI5LOwmlZebxIvEZpGmQfGvNZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/a2e37d-4ba5-4165-9fd2-210d482a4b93/1/YboL58zjgOa7dOPF_OoIHpeZrlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.137.24.0/23
                  185.137.27.0/24
                  185.191.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:5f:92:d6:42:1b:68:df:cb:22:4b:3c:cd:ef:82:2e:11:85:
         56:1e:7a:40:15:77:f7:95:e7:bf:b7:df:00:03:1c:a4:bc:ad:
         e8:cb:11:f1:2e:14:35:93:85:24:63:0a:2d:40:8e:46:58:7b:
         32:9a:05:2c:5a:d7:f2:1d:82:43:db:f0:96:54:19:76:92:0b:
         99:31:56:e1:06:05:77:fe:b9:6f:ce:46:ac:04:c8:1a:e1:b1:
         9a:56:2a:5b:b5:11:82:c9:3c:38:e0:fc:ee:9c:11:80:1d:9d:
         c8:26:81:b6:7f:44:39:d1:bb:f3:ce:60:06:75:42:47:33:7a:
         36:d8:87:dc:a8:6d:de:af:54:af:cc:c5:0d:1d:01:44:54:16:
         c3:98:65:ab:0e:3c:7b:e1:23:0d:6f:a1:00:8f:49:ec:f6:36:
         e8:d2:a8:6a:f2:b9:e4:24:11:67:07:c5:48:9f:a7:74:56:e5:
         ca:8a:c6:68:6c:3d:c6:69:22:c9:c2:dd:18:20:a8:33:05:c4:
         53:f4:89:95:89:e9:f3:07:ac:4d:68:2c:d1:a7:d3:64:93:cb:
         99:94:b3:83:2b:44:03:57:b3:01:8e:50:69:77:cd:b7:e7:c4:
         ae:0f:2b:f2:3e:f9:70:92:f0:7c:43:c7:49:52:23:f6:a6:41:
         1b:3f:a8:a4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVtywpP7luAxsDeYHlUihwXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYmEwYmU3Y2NlMzgwZTZiYjc0ZTNjNWZjZWEwODFlOTc5
OWFlNTQwHhcNMjMwMTAxMTQ0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGEyMzkyY2VjMjY5NTk3OWJjNDhiYzQ2NjkxYTY0MWYxYWYzNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5v/ta1IOXmNVQ8MOglC9BdfSLlU
xLZBh+Hz3PRKf5lR+az8uHjRZsFHToZisYxdowJUB6R/i17SE7HjXSfEIbVoce48
uumLdFjNoGXRMx5H/SKHoWRWBDtugNfUdRqt1tIYtV9ie2hG/mxWhCmlZuCaXRYg
+43AcyqzHmDVua63MmzuA0kcgt7ykegssT1x9S06NcThuTHcxwHDvXTQi3JFAZHD
LpHm2UuTWp24eMy6hyfsuOk68iURxBUSlM1KO35L6i9nlpSiBwQ2omPeAoqTbj/t
LVddNqrLBWqIgFk3FNrBoUtB2+J9UT26DNPz0IaRzbOrCI6AL7aWpNFyiwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKiiOSzsJpWXm8SLxGaRpkHxrzWWMB8GA1UdIwQY
MBaAFGG6C+fM44Dmu3TjxfzqCB6Xma5UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWJvTDU4empnT2E3ZE9QRl9Pb0lIcGVacmxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9hMmUzN2QtNGJhNS00MTY1LTlmZDIt
MjEwZDQ4MmE0YjkzLzEvcUtJNUxPd21sWmVieEl2RVpwR21RZkd2TlpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9hMmUzN2QtNGJhNS00MTY1LTlmZDItMjEwZDQ4MmE0Yjkz
LzEvWWJvTDU4empnT2E3ZE9QRl9Pb0lIcGVacmxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuYkYAwQA
uYkbAwQCub9MMA0GCSqGSIb3DQEBCwUAA4IBAQC3X5LWQhto38siSzzN74IuEYVW
HnpAFXf3lee/t98AAxykvK3oyxHxLhQ1k4UkYwotQI5GWHsymgUsWtfyHYJD2/CW
VBl2kguZMVbhBgV3/rlvzkasBMga4bGaVipbtRGCyTw44PzunBGAHZ3IJoG2f0Q5
0bvzzmAGdUJHM3o22IfcqG3er1SvzMUNHQFEVBbDmGWrDjx74SMNb6EAj0ns9jbo
0qhq8rnkJBFnB8VIn6d0VuXKisZobD3GaSLJwt0YIKgzBcRT9ImVienzB6xNaCzR
p9Nkk8uZlLODK0QDV7MBjlBpd82358SuDyvyPvlwkvB8Q8dJUiP2pkEbP6ik
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:49 2024 by rpki-client on console-fra.rpki-client.org