Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/537267-b243-4657-99ff-94b514433c11/1/cfA-TdC3LvCBFdUoxNi72lusYiA.roa
File:                     cfA-TdC3LvCBFdUoxNi72lusYiA.roa (raw, json)
Hash identifier:          W84npB5b2BtVDSl/p+x2MFRb1BbqFRodUVwY7WePulw=
Subject key identifier:   71:F0:3E:4D:D0:B7:2E:F0:81:15:D5:28:C4:D8:BB:DA:5B:AC:62:20
Certificate issuer:       /CN=f278acbcc46f133efd393f51160fdbb7607e1e16
Certificate serial:       018CAFBDC31D62F65C866FEE055F1EDDEB69
Authority key identifier: F2:78:AC:BC:C4:6F:13:3E:FD:39:3F:51:16:0F:DB:B7:60:7E:1E:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8nisvMRvEz79OT9RFg_bt2B-HhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/537267-b243-4657-99ff-94b514433c11/1/cfA-TdC3LvCBFdUoxNi72lusYiA.roa
Signing time:             Thu 28 Dec 2023 09:24:58 +0000
ROA not before:           Thu 28 Dec 2023 09:24:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208596
IP address blocks:        185.191.250.0/23 maxlen: 23
                          185.191.248.0/22 maxlen: 22
                          185.191.248.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:af:bd:c3:1d:62:f6:5c:86:6f:ee:05:5f:1e:dd:eb:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f278acbcc46f133efd393f51160fdbb7607e1e16
        Validity
            Not Before: Dec 28 09:24:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=71f03e4dd0b72ef08115d528c4d8bbda5bac6220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c4:47:96:27:41:6e:a5:8a:1b:d7:61:c4:c6:
                    4f:63:22:7d:f5:6c:04:f5:8a:76:07:99:a8:a8:bc:
                    b9:8e:96:02:26:85:14:59:f7:21:6b:fe:81:7f:c1:
                    02:72:ce:70:0d:e3:0a:fc:11:df:96:f7:ed:ab:74:
                    cc:b9:1d:bf:ee:01:9a:1e:32:a5:d1:51:aa:a9:17:
                    71:e6:e0:97:72:6b:5d:06:8f:96:24:f2:d9:57:66:
                    e5:8a:55:a1:8a:98:aa:94:76:b3:2a:4a:d4:72:1e:
                    77:68:49:bb:90:17:41:d3:c4:ef:85:75:35:6a:d8:
                    e1:1e:89:6e:07:b8:57:65:02:3d:f4:39:a4:24:8e:
                    40:d3:ab:ac:fe:83:d4:1b:43:d7:4a:f7:92:60:c6:
                    d4:b7:ee:bf:3c:ec:78:95:72:bb:6c:4b:1a:77:c9:
                    8e:cd:18:ad:85:f9:aa:7c:16:f9:18:64:c9:11:2e:
                    b6:0a:42:94:3e:af:03:a0:de:dc:dc:26:2e:d5:ae:
                    70:02:09:bd:c2:5c:a6:3a:c2:09:94:48:73:fc:99:
                    3e:9d:cc:2b:22:e6:42:24:d7:e9:8c:ff:3f:e2:9a:
                    e5:51:c7:9b:19:cf:bd:2d:de:49:bf:87:9b:6f:9e:
                    f3:78:8e:f0:03:83:ab:aa:c0:7f:80:e1:a3:53:f4:
                    3c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F0:3E:4D:D0:B7:2E:F0:81:15:D5:28:C4:D8:BB:DA:5B:AC:62:20
            X509v3 Authority Key Identifier:
                keyid:F2:78:AC:BC:C4:6F:13:3E:FD:39:3F:51:16:0F:DB:B7:60:7E:1E:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8nisvMRvEz79OT9RFg_bt2B-HhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/537267-b243-4657-99ff-94b514433c11/1/cfA-TdC3LvCBFdUoxNi72lusYiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/537267-b243-4657-99ff-94b514433c11/1/8nisvMRvEz79OT9RFg_bt2B-HhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:b1:63:a7:69:bb:c5:e4:b0:75:9d:f3:8e:d2:91:a2:01:6c:
         b0:9f:d7:0e:d7:12:e1:4e:45:6a:e2:1b:fd:7c:62:4f:ec:7d:
         7f:84:4b:10:0c:af:c7:32:3f:71:bd:ee:08:f8:40:20:64:21:
         35:1e:bc:fe:13:44:eb:4a:46:f8:e9:80:53:92:74:51:82:17:
         01:a2:d7:32:d2:1a:16:92:21:3f:59:b4:91:63:4a:43:ef:ba:
         ac:c1:17:a9:ce:7c:f1:3b:89:bc:e1:ff:db:2e:ae:a8:20:d3:
         e3:df:64:23:b5:2e:41:34:14:ad:8d:9b:d6:41:25:3b:5a:43:
         4b:16:a3:ae:32:42:5a:c2:eb:2c:6e:96:a2:29:77:74:d7:d1:
         35:cd:3f:d0:92:3f:00:5f:74:bc:d2:75:01:d4:26:0f:1f:06:
         8b:9d:a3:b8:03:2b:e4:03:a9:11:bc:3e:dd:4d:56:d6:82:a4:
         09:f2:24:4b:d0:90:5a:94:f3:ed:1d:4b:2b:ea:8c:da:5b:b0:
         22:68:e2:f3:f5:bd:63:0e:83:05:03:65:c8:4b:8b:63:ee:71:
         5e:42:b0:d0:38:f8:a0:f6:2d:99:39:0f:21:bb:4d:b8:e6:72:
         10:47:3b:bd:9f:97:b1:a2:36:85:e7:6e:50:f9:f8:c0:c5:c6:
         63:6b:3b:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyvvcMdYvZchm/uBV8e3etpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyNzhhY2JjYzQ2ZjEzM2VmZDM5M2Y1MTE2MGZkYmI3NjA3
ZTFlMTYwHhcNMjMxMjI4MDkyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWYwM2U0ZGQwYjcyZWYwODExNWQ1MjhjNGQ4YmJkYTViYWM2MjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsRHlidBbqWKG9dhxMZPYyJ99WwE
9Yp2B5moqLy5jpYCJoUUWfcha/6Bf8ECcs5wDeMK/BHflvftq3TMuR2/7gGaHjKl
0VGqqRdx5uCXcmtdBo+WJPLZV2blilWhipiqlHazKkrUch53aEm7kBdB08TvhXU1
atjhHoluB7hXZQI99DmkJI5A06us/oPUG0PXSveSYMbUt+6/POx4lXK7bEsad8mO
zRithfmqfBb5GGTJES62CkKUPq8DoN7c3CYu1a5wAgm9wlymOsIJlEhz/Jk+ncwr
IuZCJNfpjP8/4prlUcebGc+9Ld5Jv4ebb57zeI7wA4OrqsB/gOGjU/Q8zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHwPk3Qty7wgRXVKMTYu9pbrGIgMB8GA1UdIwQY
MBaAFPJ4rLzEbxM+/Tk/URYP27dgfh4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOG5pc3ZNUnZFejc5T1Q5UkZnX2J0MkItSGhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS81MzcyNjctYjI0My00NjU3LTk5ZmYt
OTRiNTE0NDMzYzExLzEvY2ZBLVRkQzNMdkNCRmRVb3hOaTcybHVzWWlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS81MzcyNjctYjI0My00NjU3LTk5ZmYtOTRiNTE0NDMzYzEx
LzEvOG5pc3ZNUnZFejc5T1Q5UkZnX2J0MkItSGhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCub/4MA0G
CSqGSIb3DQEBCwUAA4IBAQBosWOnabvF5LB1nfOO0pGiAWywn9cO1xLhTkVq4hv9
fGJP7H1/hEsQDK/HMj9xve4I+EAgZCE1Hrz+E0TrSkb46YBTknRRghcBotcy0hoW
kiE/WbSRY0pD77qswRepznzxO4m84f/bLq6oINPj32QjtS5BNBStjZvWQSU7WkNL
FqOuMkJawussbpaiKXd019E1zT/Qkj8AX3S80nUB1CYPHwaLnaO4AyvkA6kRvD7d
TVbWgqQJ8iRL0JBalPPtHUsr6ozaW7AiaOLz9b1jDoMFA2XIS4tj7nFeQrDQOPig
9i2ZOQ8hu0245nIQRzu9n5exojaF525Q+fjAxcZjaztT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:38 2024 by rpki-client on console-ams.rpki-client.org