Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/b9231f-b3df-4012-96d7-7204b811250f/1/pHzq7DOcU8AvsDCx-UsDqmVhJpc.roa
File:                     pHzq7DOcU8AvsDCx-UsDqmVhJpc.roa (raw, json)
Hash identifier:          eVwzyZ4u7ZwFswZlxQVNrxgISZLGfN6UNIMvgqoEU9Y=
Subject key identifier:   A4:7C:EA:EC:33:9C:53:C0:2F:B0:30:B1:F9:4B:03:AA:65:61:26:97
Certificate issuer:       /CN=7d0b44e492549e1b7da532c80c348850c5a44e80
Certificate serial:       01857227EA53118C5E7B833760D95DF2B7DD
Authority key identifier: 7D:0B:44:E4:92:54:9E:1B:7D:A5:32:C8:0C:34:88:50:C5:A4:4E:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQtE5JJUnht9pTLIDDSIUMWkToA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/b9231f-b3df-4012-96d7-7204b811250f/1/pHzq7DOcU8AvsDCx-UsDqmVhJpc.roa
Signing time:             Mon 02 Jan 2023 11:04:56 +0000
ROA not before:           Mon 02 Jan 2023 11:04:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15830
IP address blocks:        185.83.40.0/22 maxlen: 22
                          2a05:9800::/29 maxlen: 48

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 15:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:27:ea:53:11:8c:5e:7b:83:37:60:d9:5d:f2:b7:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d0b44e492549e1b7da532c80c348850c5a44e80
        Validity
            Not Before: Jan  2 11:04:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a47ceaec339c53c02fb030b1f94b03aa65612697
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c0:7f:73:7d:2d:1e:56:ad:eb:ef:8c:4a:ef:
                    e8:aa:fd:d9:89:13:01:92:58:a1:9c:fe:2a:b7:70:
                    1e:b3:f2:0c:95:6e:d8:d7:9a:29:fc:ae:ac:c8:98:
                    3c:03:da:f7:ba:e1:b8:96:84:12:d3:fb:02:ec:05:
                    26:02:0e:63:48:3a:5d:e5:72:d7:63:31:de:ae:f8:
                    a6:17:0c:6b:0a:0e:e8:7d:4a:95:16:bf:24:43:d8:
                    cb:56:1f:6d:1c:46:0a:ce:ba:24:b3:b8:ae:53:fd:
                    a2:65:ad:fe:13:5d:9d:a0:64:45:6e:b3:c0:d0:f4:
                    36:d2:fb:1a:62:99:3d:1a:fa:ac:bc:ed:ab:48:78:
                    93:5b:e3:6a:46:10:81:8f:1a:4b:5d:12:88:43:7d:
                    d3:fe:96:fb:d5:56:bf:10:aa:bc:90:e7:a0:cf:a0:
                    b4:97:93:63:f4:55:cc:ba:7d:a6:b7:8b:22:19:13:
                    6f:37:5b:75:95:e9:d0:c8:92:6f:5d:6e:5c:64:e6:
                    2f:36:fc:80:18:a5:fc:b9:6d:bc:be:8f:4b:07:99:
                    69:bf:7e:c9:12:ab:1f:1b:3b:95:ea:18:e9:26:e5:
                    80:22:39:bf:41:75:e5:24:fa:3b:fc:f0:e8:3a:b2:
                    90:40:64:17:70:f5:8f:17:ae:79:ab:09:e9:ee:d2:
                    a8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7C:EA:EC:33:9C:53:C0:2F:B0:30:B1:F9:4B:03:AA:65:61:26:97
            X509v3 Authority Key Identifier:
                keyid:7D:0B:44:E4:92:54:9E:1B:7D:A5:32:C8:0C:34:88:50:C5:A4:4E:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQtE5JJUnht9pTLIDDSIUMWkToA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b9231f-b3df-4012-96d7-7204b811250f/1/pHzq7DOcU8AvsDCx-UsDqmVhJpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/b9231f-b3df-4012-96d7-7204b811250f/1/fQtE5JJUnht9pTLIDDSIUMWkToA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.40.0/22
                IPv6:
                  2a05:9800::/29

    Signature Algorithm: sha256WithRSAEncryption
         d1:c5:42:63:b0:9c:a4:88:27:25:8b:e1:7c:13:0a:06:c1:4f:
         b1:9f:02:de:55:39:a6:da:9a:18:e9:86:46:0c:d4:58:be:4f:
         bd:50:36:7e:5c:72:0c:de:0e:58:80:c2:a0:18:39:44:3e:d4:
         ed:10:a7:44:e6:91:65:59:fb:9a:dd:a9:42:9e:70:f3:61:c4:
         f2:88:ce:b3:e5:d8:d1:1e:2c:d2:6c:8b:03:ec:d5:5f:bc:ad:
         c0:1c:dd:a9:a7:82:2d:4d:36:77:a3:47:12:98:0b:19:53:16:
         90:96:42:e0:fd:9b:ba:e1:b3:ea:8b:4e:3a:4c:29:7c:e1:52:
         6a:b9:19:22:79:08:d6:10:ac:c5:8d:55:49:71:48:10:8e:02:
         3e:ed:e7:87:af:eb:60:5e:1a:2a:a7:0c:a5:a9:6e:29:6d:94:
         8c:43:e7:16:c2:fb:b8:25:d0:9d:51:6d:c9:90:7c:ad:81:94:
         3f:46:88:de:05:96:6b:b0:b3:79:97:9c:d8:0e:f9:7e:d7:92:
         e4:4f:1e:14:ba:cf:5c:40:68:a3:c3:47:b6:b9:7c:36:82:4c:
         34:a5:7a:77:2a:04:3a:dd:ba:e1:2d:dc:b5:82:8e:15:b9:d9:
         6e:c4:66:2e:4a:26:04:ba:5c:f0:c9:21:f0:8f:7d:53:82:e5:
         7d:8d:e6:13
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyJ+pTEYxee4M3YNld8rfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMGI0NGU0OTI1NDllMWI3ZGE1MzJjODBjMzQ4ODUwYzVh
NDRlODAwHhcNMjMwMTAyMTEwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDdjZWFlYzMzOWM1M2MwMmZiMDMwYjFmOTRiMDNhYTY1NjEyNjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8B/c30tHlat6++MSu/oqv3ZiRMB
klihnP4qt3Aes/IMlW7Y15op/K6syJg8A9r3uuG4loQS0/sC7AUmAg5jSDpd5XLX
YzHervimFwxrCg7ofUqVFr8kQ9jLVh9tHEYKzroks7iuU/2iZa3+E12doGRFbrPA
0PQ20vsaYpk9GvqsvO2rSHiTW+NqRhCBjxpLXRKIQ33T/pb71Va/EKq8kOegz6C0
l5Nj9FXMun2mt4siGRNvN1t1lenQyJJvXW5cZOYvNvyAGKX8uW28vo9LB5lpv37J
EqsfGzuV6hjpJuWAIjm/QXXlJPo7/PDoOrKQQGQXcPWPF655qwnp7tKonwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKR86uwznFPAL7AwsflLA6plYSaXMB8GA1UdIwQY
MBaAFH0LROSSVJ4bfaUyyAw0iFDFpE6AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlF0RTVKSlVuaHQ5cFRMSUREU0lVTVdrVG9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9iOTIzMWYtYjNkZi00MDEyLTk2ZDct
NzIwNGI4MTEyNTBmLzEvcEh6cTdET2NVOEF2c0RDeC1Vc0RxbVZoSnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9iOTIzMWYtYjNkZi00MDEyLTk2ZDctNzIwNGI4MTEyNTBm
LzEvZlF0RTVKSlVuaHQ5cFRMSUREU0lVTVdrVG9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuVMoMA0E
AgACMAcDBQMqBZgAMA0GCSqGSIb3DQEBCwUAA4IBAQDRxUJjsJykiCcli+F8EwoG
wU+xnwLeVTmm2poY6YZGDNRYvk+9UDZ+XHIM3g5YgMKgGDlEPtTtEKdE5pFlWfua
3alCnnDzYcTyiM6z5djRHizSbIsD7NVfvK3AHN2pp4ItTTZ3o0cSmAsZUxaQlkLg
/Zu64bPqi046TCl84VJquRkieQjWEKzFjVVJcUgQjgI+7eeHr+tgXhoqpwylqW4p
bZSMQ+cWwvu4JdCdUW3JkHytgZQ/RojeBZZrsLN5l5zYDvl+15LkTx4Uus9cQGij
w0e2uXw2gkw0pXp3KgQ63brhLdy1go4VudluxGYuSiYEulzwySHwj31TguV9jeYT
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:31 2024 by rpki-client on console-fra.rpki-client.org