Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/ER5MxAsu0qgcoWepnpNdyVK3fvw.roa
File:                     ER5MxAsu0qgcoWepnpNdyVK3fvw.roa (raw, json)
Hash identifier:          +T5mN0aqW/w756ozDtf/4lqkJlDPxBL2hQ44V2d+Uog=
Subject key identifier:   11:1E:4C:C4:0B:2E:D2:A8:1C:A1:67:A9:9E:93:5D:C9:52:B7:7E:FC
Certificate issuer:       /CN=c42708df93954aac601aef1835bd5d69245fb02f
Certificate serial:       018C1ACE11B7F0497C3B65E98B3A1C4D41E4
Authority key identifier: C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/ER5MxAsu0qgcoWepnpNdyVK3fvw.roa
Signing time:             Wed 29 Nov 2023 11:19:21 +0000
ROA not before:           Wed 29 Nov 2023 11:19:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47692
IP address blocks:        185.211.60.0/22 maxlen: 24
                          185.51.8.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:1a:ce:11:b7:f0:49:7c:3b:65:e9:8b:3a:1c:4d:41:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c42708df93954aac601aef1835bd5d69245fb02f
        Validity
            Not Before: Nov 29 11:19:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=111e4cc40b2ed2a81ca167a99e935dc952b77efc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d8:7f:6b:20:bc:21:88:10:c2:c0:b1:23:c9:
                    13:e3:45:20:3c:b6:76:0b:63:9a:35:eb:e2:66:db:
                    72:1f:f8:a5:4c:2b:07:ef:ef:b4:6e:47:a2:46:d7:
                    92:07:34:99:3a:3a:11:2f:5d:1e:48:88:4f:48:5f:
                    87:56:3d:e8:14:ae:75:39:58:ef:b3:05:c5:4b:a3:
                    be:1f:eb:ca:16:e6:c6:86:a7:20:64:46:f7:4b:31:
                    48:8a:65:8f:34:64:be:0a:1c:64:44:67:c6:bd:1d:
                    76:30:ce:e3:0c:92:15:77:bb:43:f4:d0:d9:ee:81:
                    92:25:80:78:97:09:ec:08:19:6d:20:b8:47:be:ca:
                    be:29:c9:4e:87:73:ff:41:d6:92:bd:4d:97:25:f7:
                    e4:03:5f:22:9b:4a:b8:eb:89:99:a9:99:dd:e2:0b:
                    b9:98:62:59:fd:32:22:9b:6e:54:49:bb:81:f5:82:
                    ca:a0:c6:b8:14:49:16:d0:66:70:60:a3:ac:2c:d8:
                    ad:f5:ea:22:28:38:3c:d6:aa:b7:9e:46:91:32:26:
                    62:02:66:7a:28:bf:8f:bd:61:21:e7:00:72:1b:9e:
                    08:0a:cd:62:b6:8d:ea:bf:47:16:34:75:a2:2f:04:
                    7a:22:c0:3c:78:ff:4d:94:3a:05:60:e4:af:dc:91:
                    41:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1E:4C:C4:0B:2E:D2:A8:1C:A1:67:A9:9E:93:5D:C9:52:B7:7E:FC
            X509v3 Authority Key Identifier:
                keyid:C4:27:08:DF:93:95:4A:AC:60:1A:EF:18:35:BD:5D:69:24:5F:B0:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xCcI35OVSqxgGu8YNb1daSRfsC8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/ER5MxAsu0qgcoWepnpNdyVK3fvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/f617a5-3240-48c4-b716-741c1d8dea2b/1/xCcI35OVSqxgGu8YNb1daSRfsC8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.8.0/22
                  185.211.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:c9:73:8c:5e:92:e9:11:f4:1b:93:b9:59:c4:ce:a5:c9:05:
         9c:0d:9c:df:f1:4b:57:d9:65:55:79:4b:9f:8b:33:fb:00:0d:
         a2:4c:88:66:71:0e:3a:31:3e:c9:31:4f:05:18:e9:83:f9:85:
         77:76:43:0f:d9:a7:2b:55:4e:a4:20:f0:df:ac:65:a2:53:b0:
         13:7d:4a:5e:a6:88:0c:09:88:7f:ba:51:13:a3:7e:5f:df:c5:
         37:6e:d9:af:f4:94:64:02:a2:ba:79:99:f1:68:08:c8:5d:21:
         18:d4:57:e8:3e:66:42:b5:87:be:1e:8b:44:ac:ee:e4:26:20:
         6a:19:aa:7c:cb:3c:d6:46:5e:9c:49:91:b9:46:8e:68:91:3c:
         24:33:a0:03:86:0c:45:f9:52:d3:e9:7d:6d:08:54:a9:d7:1d:
         f1:a8:bc:79:c8:d1:2b:77:27:a5:af:15:6b:0d:a9:f8:9d:2d:
         06:5a:d4:d2:4e:83:fd:4d:8f:02:42:42:20:fe:d3:ef:0d:ed:
         ac:60:17:4d:8d:a5:55:42:65:30:60:47:fa:a5:dd:12:ef:86:
         23:6b:1e:11:75:65:ce:dc:67:5b:50:1d:9a:4c:bd:df:15:c3:
         7c:48:fc:9f:9d:ad:ec:06:e8:15:bb:1a:d1:82:97:80:2a:22:
         b4:84:dc:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYwazhG38El8O2XpizocTUHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MjcwOGRmOTM5NTRhYWM2MDFhZWYxODM1YmQ1ZDY5MjQ1
ZmIwMmYwHhcNMjMxMTI5MTExOTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFlNGNjNDBiMmVkMmE4MWNhMTY3YTk5ZTkzNWRjOTUyYjc3ZWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNh/ayC8IYgQwsCxI8kT40UgPLZ2
C2OaNeviZttyH/ilTCsH7++0bkeiRteSBzSZOjoRL10eSIhPSF+HVj3oFK51OVjv
swXFS6O+H+vKFubGhqcgZEb3SzFIimWPNGS+ChxkRGfGvR12MM7jDJIVd7tD9NDZ
7oGSJYB4lwnsCBltILhHvsq+KclOh3P/QdaSvU2XJffkA18im0q464mZqZnd4gu5
mGJZ/TIim25USbuB9YLKoMa4FEkW0GZwYKOsLNit9eoiKDg81qq3nkaRMiZiAmZ6
KL+PvWEh5wByG54ICs1ito3qv0cWNHWiLwR6IsA8eP9NlDoFYOSv3JFBjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBEeTMQLLtKoHKFnqZ6TXclSt378MB8GA1UdIwQY
MBaAFMQnCN+TlUqsYBrvGDW9XWkkX7AvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYt
NzQxYzFkOGRlYTJiLzEvRVI1TXhBc3UwcWdjb1dlcG5wTmR5VkszZnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mNjE3YTUtMzI0MC00OGM0LWI3MTYtNzQxYzFkOGRlYTJi
LzEveENjSTM1T1ZTcXhnR3U4WU5iMWRhU1Jmc0M4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuTMIAwQC
udM8MA0GCSqGSIb3DQEBCwUAA4IBAQAdyXOMXpLpEfQbk7lZxM6lyQWcDZzf8UtX
2WVVeUufizP7AA2iTIhmcQ46MT7JMU8FGOmD+YV3dkMP2acrVU6kIPDfrGWiU7AT
fUpepogMCYh/ulETo35f38U3btmv9JRkAqK6eZnxaAjIXSEY1FfoPmZCtYe+HotE
rO7kJiBqGap8yzzWRl6cSZG5Ro5okTwkM6ADhgxF+VLT6X1tCFSp1x3xqLx5yNEr
dyelrxVrDan4nS0GWtTSToP9TY8CQkIg/tPvDe2sYBdNjaVVQmUwYEf6pd0S74Yj
ax4RdWXO3GdbUB2aTL3fFcN8SPyfna3sBugVuxrRgpeAKiK0hNxm
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:44 2024 by rpki-client on console-ams.rpki-client.org