Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/yWAaVXWtCBT0KKhuImTFS3u4PXs.roa
File:                     yWAaVXWtCBT0KKhuImTFS3u4PXs.roa (raw, json)
Hash identifier:          osprBw9fFGri3LhJih0HLl1QJkWlut13uS64XDmICHM=
Subject key identifier:   C9:60:1A:55:75:AD:08:14:F4:28:A8:6E:22:64:C5:4B:7B:B8:3D:7B
Certificate issuer:       /CN=88d7592f411900c067b5e7a219a345abfdbaa40f
Certificate serial:       01856FD50FCED00B9C36AD35F77DB38C21E1
Authority key identifier: 88:D7:59:2F:41:19:00:C0:67:B5:E7:A2:19:A3:45:AB:FD:BA:A4:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iNdZL0EZAMBnteeiGaNFq_26pA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/yWAaVXWtCBT0KKhuImTFS3u4PXs.roa
Signing time:             Mon 02 Jan 2023 00:15:12 +0000
ROA not before:           Mon 02 Jan 2023 00:15:12 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     47381
IP address blocks:        185.112.156.0/22 maxlen: 22
                          2a02:6080::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:30:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:0f:ce:d0:0b:9c:36:ad:35:f7:7d:b3:8c:21:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88d7592f411900c067b5e7a219a345abfdbaa40f
        Validity
            Not Before: Jan  2 00:15:12 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c9601a5575ad0814f428a86e2264c54b7bb83d7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:23:de:33:f5:85:fa:01:40:1f:db:91:6f:b9:
                    95:79:e1:0f:c4:ed:ff:b6:40:60:15:72:33:4b:3d:
                    aa:6a:7a:07:7d:52:a4:42:7b:51:a8:22:f9:24:aa:
                    c9:a5:79:19:0b:54:7f:c0:44:e2:96:55:74:05:19:
                    02:18:a5:95:cf:f0:0c:23:b1:0d:eb:07:60:7c:63:
                    7a:36:93:4f:76:21:e8:b6:1a:48:90:0a:b1:36:76:
                    43:5d:b4:a0:b0:23:72:b1:e5:e9:1d:56:81:7c:67:
                    ee:43:1f:0d:93:b2:5d:bd:e1:bc:81:d8:52:c8:2c:
                    ec:50:04:67:d5:69:1f:02:11:01:8e:f3:8c:37:57:
                    e1:1f:a8:db:f0:11:7e:69:c1:8d:49:85:01:65:21:
                    49:6b:28:52:07:d3:0f:b4:fa:77:73:95:7c:a7:a5:
                    a3:a9:22:0c:76:03:87:5f:36:8d:f2:1f:d2:e2:93:
                    a2:06:00:18:4e:65:c0:3b:e8:19:a3:c8:c3:84:16:
                    ad:be:9c:93:e3:15:5a:75:69:f0:28:54:96:46:af:
                    2d:75:51:7c:93:40:6f:93:76:48:39:77:bc:19:df:
                    b5:80:db:b9:c7:a7:4f:df:fc:f3:4d:c8:f7:a2:91:
                    30:4c:e6:eb:cd:9a:b2:92:c3:97:04:b0:c2:e3:e1:
                    b5:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:60:1A:55:75:AD:08:14:F4:28:A8:6E:22:64:C5:4B:7B:B8:3D:7B
            X509v3 Authority Key Identifier:
                keyid:88:D7:59:2F:41:19:00:C0:67:B5:E7:A2:19:A3:45:AB:FD:BA:A4:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iNdZL0EZAMBnteeiGaNFq_26pA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/yWAaVXWtCBT0KKhuImTFS3u4PXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/88b5c3-341c-4ea9-a948-6e8e9d52dd48/1/iNdZL0EZAMBnteeiGaNFq_26pA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.112.156.0/22
                IPv6:
                  2a02:6080::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:16:17:c5:ea:59:b5:43:fe:49:a1:74:91:ab:16:6e:8e:c8:
         b2:6a:de:1e:c6:01:5f:e2:11:9e:39:13:39:64:18:3e:8d:40:
         81:1e:63:b1:5f:77:4d:0a:92:d0:46:c1:31:3f:b9:21:70:a8:
         30:95:4b:88:1a:60:f0:c1:f2:9d:c8:c0:38:42:9a:ac:92:dd:
         6c:88:69:e8:3f:4d:2f:94:d9:a2:aa:98:32:ed:6f:ab:da:4a:
         3a:75:66:69:68:b9:ad:c9:99:88:f3:73:86:cb:61:65:a6:1e:
         3d:bd:24:0b:d2:f6:91:b6:61:e5:fc:4e:09:03:88:0c:44:8e:
         b3:52:84:b5:6e:58:cd:f5:f7:0c:4b:71:6a:9d:b9:82:b2:cc:
         ae:21:8c:8c:ae:2a:af:79:c9:64:bb:f0:90:f1:e6:15:b9:82:
         a4:3c:b8:cc:cd:36:af:fc:36:f2:95:5c:37:06:2f:53:75:64:
         83:c8:a9:b0:13:c6:e6:fd:e8:ca:b6:90:e5:c5:11:6d:a8:2a:
         6d:3d:df:d7:b0:ca:e7:2b:5b:9a:47:86:5b:9a:59:a2:67:47:
         f7:01:8e:06:1a:17:4e:32:85:41:60:5d:cb:38:29:74:96:ae:
         60:e4:2d:f6:3a:1a:78:dd:61:3e:db:ed:72:ed:6d:79:1a:c5:
         c8:a6:3e:b9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVv1Q/O0AucNq01932zjCHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4ZDc1OTJmNDExOTAwYzA2N2I1ZTdhMjE5YTM0NWFiZmRi
YWE0MGYwHhcNMjMwMTAyMDAxNTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTYwMWE1NTc1YWQwODE0ZjQyOGE4NmUyMjY0YzU0YjdiYjgzZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCPeM/WF+gFAH9uRb7mVeeEPxO3/
tkBgFXIzSz2qanoHfVKkQntRqCL5JKrJpXkZC1R/wETillV0BRkCGKWVz/AMI7EN
6wdgfGN6NpNPdiHothpIkAqxNnZDXbSgsCNyseXpHVaBfGfuQx8Nk7JdveG8gdhS
yCzsUARn1WkfAhEBjvOMN1fhH6jb8BF+acGNSYUBZSFJayhSB9MPtPp3c5V8p6Wj
qSIMdgOHXzaN8h/S4pOiBgAYTmXAO+gZo8jDhBatvpyT4xVadWnwKFSWRq8tdVF8
k0Bvk3ZIOXe8Gd+1gNu5x6dP3/zzTcj3opEwTObrzZqyksOXBLDC4+G1xQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMlgGlV1rQgU9CiobiJkxUt7uD17MB8GA1UdIwQY
MBaAFIjXWS9BGQDAZ7XnohmjRav9uqQPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaU5kWkwwRVpBTUJudGVlaUdhTkZxXzI2cEE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi84OGI1YzMtMzQxYy00ZWE5LWE5NDgt
NmU4ZTlkNTJkZDQ4LzEveVdBYVZYV3RDQlQwS0todUltVEZTM3U0UFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi84OGI1YzMtMzQxYy00ZWE5LWE5NDgtNmU4ZTlkNTJkZDQ4
LzEvaU5kWkwwRVpBTUJudGVlaUdhTkZxXzI2cEE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXCcMA0E
AgACMAcDBQAqAmCAMA0GCSqGSIb3DQEBCwUAA4IBAQBGFhfF6lm1Q/5JoXSRqxZu
jsiyat4exgFf4hGeORM5ZBg+jUCBHmOxX3dNCpLQRsExP7khcKgwlUuIGmDwwfKd
yMA4Qpqskt1siGnoP00vlNmiqpgy7W+r2ko6dWZpaLmtyZmI83OGy2Flph49vSQL
0vaRtmHl/E4JA4gMRI6zUoS1bljN9fcMS3FqnbmCssyuIYyMriqveclku/CQ8eYV
uYKkPLjMzTav/DbylVw3Bi9TdWSDyKmwE8bm/ejKtpDlxRFtqCptPd/XsMrnK1ua
R4ZbmlmiZ0f3AY4GGhdOMoVBYF3LOCl0lq5g5C32Ohp43WE+2+1y7W15GsXIpj65
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:12 2024 by rpki-client on console-fra.rpki-client.org