Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/NcU9doD7qWnpYFyeMbn4d8CPnNI.roa
File:                     NcU9doD7qWnpYFyeMbn4d8CPnNI.roa (raw, json)
Hash identifier:          A6moLFi7D438M6ntG1eHFsdqV3Ft8dQ80aot7xsy66s=
Subject key identifier:   35:C5:3D:76:80:FB:A9:69:E9:60:5C:9E:31:B9:F8:77:C0:8F:9C:D2
Certificate issuer:       /CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
Certificate serial:       0188E30E1B2BA338D1D4C9561FFB433D66A6
Authority key identifier: 56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/NcU9doD7qWnpYFyeMbn4d8CPnNI.roa
Signing time:             Thu 22 Jun 2023 12:22:12 +0000
ROA not before:           Thu 22 Jun 2023 12:22:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8697
IP address blocks:        185.98.220.0/22 maxlen: 24
                          217.23.32.0/20 maxlen: 24
                          194.165.128.0/19 maxlen: 24
                          213.186.164.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 25 Jun 2023 05:51:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:e3:0e:1b:2b:a3:38:d1:d4:c9:56:1f:fb:43:3d:66:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56d0e3b28f2be33ec5a9d2ca00ac64155536cbc6
        Validity
            Not Before: Jun 22 12:22:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=35c53d7680fba969e9605c9e31b9f877c08f9cd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:86:2c:19:d9:8a:e9:be:1d:b0:be:97:a9:49:
                    81:5d:fb:e9:d9:ac:19:4c:bb:cf:9c:a1:39:b6:5d:
                    e5:3c:60:2c:85:41:ba:8f:e7:c5:33:1b:11:fd:5d:
                    cf:18:a2:29:02:36:a7:c6:66:90:a6:26:d8:50:14:
                    1c:53:7c:71:a7:73:d9:c4:b7:a1:bf:1d:9a:a2:44:
                    d5:6e:f1:fe:28:b8:d1:40:77:71:b1:c0:3f:25:f7:
                    48:c4:44:df:82:18:94:7b:80:4b:12:08:68:38:4b:
                    2d:55:da:d8:e9:7b:0b:2a:0f:96:10:f0:74:84:09:
                    63:29:c7:b0:cf:ab:76:d6:08:91:7f:67:24:43:5b:
                    47:28:38:fb:1d:86:ef:67:7e:a3:78:6c:97:e1:51:
                    4f:a8:de:c1:1d:59:f8:9b:8f:13:d4:2f:28:34:98:
                    2b:4b:a3:c0:ba:de:01:b8:9b:69:e8:b3:d0:48:99:
                    47:5b:ac:f9:a0:cf:23:bd:6d:b2:39:ed:82:50:ec:
                    54:5e:bc:fe:d1:6a:fd:05:36:c6:ff:69:50:d3:54:
                    df:39:7e:d7:bb:94:5b:a6:cd:90:e2:1a:19:26:c6:
                    2d:ec:2d:a0:da:ee:e6:a8:6b:10:24:10:2f:a4:1c:
                    13:cb:e1:3f:d5:c0:46:ed:ea:9f:d6:a6:c8:1d:c0:
                    65:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:C5:3D:76:80:FB:A9:69:E9:60:5C:9E:31:B9:F8:77:C0:8F:9C:D2
            X509v3 Authority Key Identifier:
                keyid:56:D0:E3:B2:8F:2B:E3:3E:C5:A9:D2:CA:00:AC:64:15:55:36:CB:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VtDjso8r4z7FqdLKAKxkFVU2y8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/NcU9doD7qWnpYFyeMbn4d8CPnNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ffbf6a-72f0-401f-b2c3-8b8d72172090/1/VtDjso8r4z7FqdLKAKxkFVU2y8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.220.0/22
                  194.165.128.0/19
                  213.186.164.0/24
                  217.23.32.0/20

    Signature Algorithm: sha256WithRSAEncryption
         58:8b:7e:27:e1:b9:af:75:2c:fd:9d:c8:e4:7e:ef:47:9f:00:
         ef:ba:28:10:e3:1d:7b:51:7a:d3:e6:d7:bd:02:f2:5e:13:c1:
         0e:5b:c8:85:61:17:58:6e:bd:c2:7d:d1:0a:0f:16:07:9f:b3:
         b6:23:42:39:5a:5d:84:ae:77:3a:a8:68:22:db:df:5d:37:4d:
         82:c1:8e:44:b8:80:34:55:c3:a2:1e:06:76:b7:d7:d9:fe:87:
         b1:59:6a:3a:47:dc:33:c1:5c:d1:e4:ee:ce:86:1b:61:c1:a1:
         de:50:57:15:63:1d:92:10:d9:f3:2e:36:2e:5d:03:6c:0b:52:
         6c:ee:4b:72:d7:f2:d0:8f:b6:1a:ae:49:7d:fc:55:44:2b:3c:
         2c:0f:26:1a:75:44:f9:25:26:57:cc:ac:5d:fb:34:c6:15:11:
         ea:ef:bd:95:75:bf:a5:5f:8b:9c:ab:a7:b5:85:b0:b0:35:be:
         c4:a4:07:41:60:a4:9c:05:a7:93:dd:0f:b6:c4:fd:e7:35:30:
         a6:e1:4a:5b:a9:06:d2:c3:e4:65:94:a9:a8:88:70:f8:b2:1e:
         53:c0:6a:b1:dc:53:f0:96:8b:02:15:95:d1:54:25:b0:d1:46:
         c9:14:77:2e:cb:28:2a:a1:73:89:66:bf:cc:9e:ed:94:e7:bc:
         ac:f4:4b:73
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYjjDhsrozjR1MlWH/tDPWamMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2ZDBlM2IyOGYyYmUzM2VjNWE5ZDJjYTAwYWM2NDE1NTUz
NmNiYzYwHhcNMjMwNjIyMTIyMjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWM1M2Q3NjgwZmJhOTY5ZTk2MDVjOWUzMWI5Zjg3N2MwOGY5Y2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIYsGdmK6b4dsL6XqUmBXfvp2awZ
TLvPnKE5tl3lPGAshUG6j+fFMxsR/V3PGKIpAjanxmaQpibYUBQcU3xxp3PZxLeh
vx2aokTVbvH+KLjRQHdxscA/JfdIxETfghiUe4BLEghoOEstVdrY6XsLKg+WEPB0
hAljKcewz6t21giRf2ckQ1tHKDj7HYbvZ36jeGyX4VFPqN7BHVn4m48T1C8oNJgr
S6PAut4BuJtp6LPQSJlHW6z5oM8jvW2yOe2CUOxUXrz+0Wr9BTbG/2lQ01TfOX7X
u5Rbps2Q4hoZJsYt7C2g2u7mqGsQJBAvpBwTy+E/1cBG7eqf1qbIHcBlzQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDXFPXaA+6lp6WBcnjG5+HfAj5zSMB8GA1UdIwQY
MBaAFFbQ47KPK+M+xanSygCsZBVVNsvGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMt
OGI4ZDcyMTcyMDkwLzEvTmNVOWRvRDdxV25wWUZ5ZU1ibjRkOENQbk5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9mZmJmNmEtNzJmMC00MDFmLWIyYzMtOGI4ZDcyMTcyMDkw
LzEvVnREanNvOHI0ejdGcWRMS0FLeGtGVlUyeThZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCuWLcAwQF
wqWAAwQA1bqkAwQE2RcgMA0GCSqGSIb3DQEBCwUAA4IBAQBYi34n4bmvdSz9ncjk
fu9HnwDvuigQ4x17UXrT5te9AvJeE8EOW8iFYRdYbr3CfdEKDxYHn7O2I0I5Wl2E
rnc6qGgi299dN02CwY5EuIA0VcOiHgZ2t9fZ/oexWWo6R9wzwVzR5O7OhhthwaHe
UFcVYx2SENnzLjYuXQNsC1Js7kty1/LQj7Yarkl9/FVEKzwsDyYadUT5JSZXzKxd
+zTGFRHq772Vdb+lX4ucq6e1hbCwNb7EpAdBYKScBaeT3Q+2xP3nNTCm4UpbqQbS
w+RllKmoiHD4sh5TwGqx3FPwlosCFZXRVCWw0UbJFHcuyygqoXOJZr/Mnu2U57ys
9Etz
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:08 2024 by rpki-client on console-fra.rpki-client.org