Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ugiimjr50NspgKZ7SnTyZbPYKag.roa
File:                     Ugiimjr50NspgKZ7SnTyZbPYKag.roa (raw, json)
Hash identifier:          kErUAyc0iShAye4s7ckiwlRTpr3a+VZo5Ic2feVljhA=
Subject key identifier:   52:08:A2:9A:3A:F9:D0:DB:29:80:A6:7B:4A:74:F2:65:B3:D8:29:A8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       01857103026F4F31FB01DD39DF9697334312
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ugiimjr50NspgKZ7SnTyZbPYKag.roa
Signing time:             Mon 02 Jan 2023 05:45:00 +0000
ROA not before:           Mon 02 Jan 2023 05:45:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29066
IP address blocks:        185.217.119.0/24 maxlen: 24
                          185.198.240.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 02 Feb 2023 12:57:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:03:02:6f:4f:31:fb:01:dd:39:df:96:97:33:43:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 05:45:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5208a29a3af9d0db2980a67b4a74f265b3d829a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:7f:48:b8:81:cf:57:13:c9:96:aa:a9:33:26:
                    9f:b8:33:9c:e7:c9:fe:7c:34:5a:fc:27:a8:55:8e:
                    b6:5b:a6:f2:a6:18:27:b5:38:9c:5d:b2:38:71:dd:
                    71:be:c2:af:1a:c0:e2:e2:7d:3b:9b:c2:cc:c7:07:
                    ed:62:8c:59:3c:29:be:f8:95:ad:12:9e:49:6d:ed:
                    07:0a:03:76:e5:c3:fc:3d:94:4a:7c:c1:a8:74:db:
                    b1:96:94:1a:58:be:73:5c:24:65:8a:3e:fb:02:d2:
                    23:29:f5:a4:94:de:bb:63:b5:7f:0c:17:5b:cc:bb:
                    b0:7b:d6:db:ec:81:05:ce:a9:23:3b:24:7e:b1:78:
                    e4:c6:43:ec:4c:54:b7:a4:22:5f:e6:17:c1:9e:f1:
                    67:71:bf:58:bb:03:4e:91:9d:fd:81:4b:b0:14:ad:
                    64:31:42:cd:c7:43:36:e6:8b:6c:81:ac:71:4e:d7:
                    ca:17:06:71:64:40:e2:40:bb:67:4b:7e:a2:17:e9:
                    e4:43:45:25:bd:e8:32:1f:9a:9a:02:c9:bf:8e:50:
                    a9:84:08:f6:92:d7:2e:4f:e8:be:3d:f7:89:38:b7:
                    d9:91:23:6c:58:1c:04:01:ad:d5:d5:69:aa:53:8d:
                    bf:81:c0:39:0e:d5:fb:19:01:c3:2c:38:db:e1:ec:
                    53:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:08:A2:9A:3A:F9:D0:DB:29:80:A6:7B:4A:74:F2:65:B3:D8:29:A8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Ugiimjr50NspgKZ7SnTyZbPYKag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.198.240.0/24
                  185.217.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c0:c0:b5:a8:46:ac:a0:98:7d:36:c2:cf:b3:0b:f6:1b:97:
         0b:eb:1e:bb:9b:c5:cd:0c:ab:3b:2c:22:53:38:07:66:ab:a9:
         72:c3:e1:0c:70:9a:fe:9e:de:27:60:29:6b:68:5a:5d:a0:d3:
         90:be:1f:b9:6a:98:51:0b:76:d7:9a:06:89:f8:33:63:2c:0c:
         4c:8e:8d:9a:bf:f0:26:8c:77:41:f8:d8:fd:09:8b:14:f0:0e:
         dd:7f:19:bb:6f:34:69:b7:96:10:e6:16:f9:64:84:d4:47:ca:
         08:ed:36:12:2e:90:a0:f5:f7:d7:d1:ab:5d:98:94:c3:a3:30:
         c5:17:a8:19:83:86:29:e1:66:23:f5:05:aa:d5:d3:5a:46:aa:
         26:a2:69:34:62:24:81:dc:a4:d5:14:e6:1c:d3:17:8d:3e:30:
         17:8b:77:d9:e5:d0:e3:4c:9f:f3:85:48:77:eb:1d:54:d7:0a:
         cf:bb:c4:8f:75:c1:64:59:15:76:96:8e:22:6e:73:fb:03:34:
         a9:68:f0:88:b9:1d:c2:bc:ec:35:30:84:4f:48:70:3c:a8:56:
         f4:0e:ab:bd:5f:71:ee:3f:9b:74:ec:f9:d5:53:f2:d7:99:0b:
         9c:03:06:13:3f:c8:72:0d:b2:85:e4:a8:2e:9f:4b:73:4e:64:
         ef:a3:6f:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxAwJvTzH7Ad0535aXM0MSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTAyMDU0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjA4YTI5YTNhZjlkMGRiMjk4MGE2N2I0YTc0ZjI2NWIzZDgyOWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiX9IuIHPVxPJlqqpMyafuDOc58n+
fDRa/CeoVY62W6byphgntTicXbI4cd1xvsKvGsDi4n07m8LMxwftYoxZPCm++JWt
Ep5Jbe0HCgN25cP8PZRKfMGodNuxlpQaWL5zXCRlij77AtIjKfWklN67Y7V/DBdb
zLuwe9bb7IEFzqkjOyR+sXjkxkPsTFS3pCJf5hfBnvFncb9YuwNOkZ39gUuwFK1k
MULNx0M25otsgaxxTtfKFwZxZEDiQLtnS36iF+nkQ0UlvegyH5qaAsm/jlCphAj2
ktcuT+i+PfeJOLfZkSNsWBwEAa3V1WmqU42/gcA5DtX7GQHDLDjb4exTywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFIIopo6+dDbKYCme0p08mWz2CmoMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVWdpaW1qcjUwTnNwZ0taN1NuVHlaYlBZS2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucbwAwQA
udl3MA0GCSqGSIb3DQEBCwUAA4IBAQBxwMC1qEasoJh9NsLPswv2G5cL6x67m8XN
DKs7LCJTOAdmq6lyw+EMcJr+nt4nYClraFpdoNOQvh+5aphRC3bXmgaJ+DNjLAxM
jo2av/AmjHdB+Nj9CYsU8A7dfxm7bzRpt5YQ5hb5ZITUR8oI7TYSLpCg9ffX0atd
mJTDozDFF6gZg4Yp4WYj9QWq1dNaRqomomk0YiSB3KTVFOYc0xeNPjAXi3fZ5dDj
TJ/zhUh36x1U1wrPu8SPdcFkWRV2lo4ibnP7AzSpaPCIuR3CvOw1MIRPSHA8qFb0
Dqu9X3HuP5t07PnVU/LXmQucAwYTP8hyDbKF5Kgun0tzTmTvo2/b
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:46 2024 by rpki-client on console-fra.rpki-client.org