Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/s3bjUbrJf842lRbnAqBnVtPmnAg.roa
File:                     s3bjUbrJf842lRbnAqBnVtPmnAg.roa (raw, json)
Hash identifier:          n++KTN7o4UD3GeNncwm4fRqUkdHn9piYgMzdcQVGFr4=
Subject key identifier:   B3:76:E3:51:BA:C9:7F:CE:36:95:16:E7:02:A0:67:56:D3:E6:9C:08
Certificate issuer:       /CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
Certificate serial:       018CC94E490861CE299E31C723FBE16C3325
Authority key identifier: 52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/s3bjUbrJf842lRbnAqBnVtPmnAg.roa
Signing time:             Tue 02 Jan 2024 08:33:20 +0000
ROA not before:           Tue 02 Jan 2024 08:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210352
IP address blocks:        185.143.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 25 Jul 2024 19:38:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:49:08:61:ce:29:9e:31:c7:23:fb:e1:6c:33:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a165dc3aafbe2c62e265ff104327a3e675f89f
        Validity
            Not Before: Jan  2 08:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b376e351bac97fce369516e702a06756d3e69c08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:ac:f4:98:58:c5:62:1b:13:60:4b:c3:eb:a2:
                    fa:ac:5e:6b:3f:bd:64:a1:bf:38:cd:dc:1d:8d:39:
                    74:9b:f9:19:06:48:83:ac:53:b5:db:32:37:b5:7c:
                    b7:6c:b1:53:a3:2a:23:96:12:5f:77:11:bb:15:c4:
                    10:fa:51:5c:e8:41:02:1f:4b:d1:28:c0:4f:81:d9:
                    70:28:6b:dc:b0:2d:2e:8a:81:0d:73:d1:80:e8:03:
                    fd:2b:43:44:57:7c:89:47:ff:5f:24:e6:e8:ef:9f:
                    08:44:0c:c5:fb:53:1b:39:5c:8d:b3:af:ec:17:07:
                    cf:50:9c:ea:73:e8:7a:37:89:7e:e5:b1:31:d3:1d:
                    fb:d3:0e:1e:7c:ae:a4:47:bb:a4:d3:09:c6:21:23:
                    81:ec:2c:5e:29:a9:6a:60:fb:c1:5b:14:89:9a:05:
                    db:32:04:fe:50:c8:52:b6:f0:05:8c:c8:b1:5a:42:
                    de:8e:86:bb:fc:99:37:3f:6b:8e:fe:a0:da:cd:65:
                    95:87:ec:af:a7:99:83:c5:f8:b0:1e:e6:d8:59:2a:
                    be:15:a3:1c:ce:d6:d7:80:96:ee:db:d9:f9:73:7f:
                    6d:03:22:7f:e8:58:e2:18:fe:40:67:57:c3:d3:7a:
                    d3:ac:93:f7:8d:f4:3b:91:3c:9e:cb:1a:9e:66:f8:
                    57:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:76:E3:51:BA:C9:7F:CE:36:95:16:E7:02:A0:67:56:D3:E6:9C:08
            X509v3 Authority Key Identifier:
                keyid:52:A1:65:DC:3A:AF:BE:2C:62:E2:65:FF:10:43:27:A3:E6:75:F8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqFl3Dqvvixi4mX_EEMno-Z1-J8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/s3bjUbrJf842lRbnAqBnVtPmnAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/80aceb-50e2-40c0-a852-e298b41b6c81/1/UqFl3Dqvvixi4mX_EEMno-Z1-J8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:89:b1:5c:da:d3:8e:bd:7b:5e:2d:8f:48:52:ef:ad:a3:f5:
         15:17:a6:95:ee:53:e4:21:77:2f:14:da:2d:3d:9e:20:9b:90:
         cf:d1:07:ac:7d:3a:80:7d:fc:08:8b:37:11:d0:94:58:f6:59:
         bc:16:f6:a4:37:cd:80:dd:94:43:f7:4f:ad:c0:98:04:82:a9:
         07:9a:5d:3d:53:46:c0:91:36:8a:81:82:cf:21:81:3e:0d:9c:
         18:a3:5e:4e:df:d5:89:b1:72:19:39:c2:e4:a4:06:9c:48:73:
         53:a9:5c:c8:88:b6:be:d8:dc:b3:6b:dd:ba:95:ae:17:4c:e5:
         c0:74:c7:0e:23:bf:03:24:e3:bf:21:b1:4e:bb:20:52:68:bb:
         06:79:41:27:e8:0c:28:92:e1:c7:98:34:4a:47:89:b1:aa:2b:
         66:cf:a9:ca:d6:88:bb:4a:a0:ee:7f:f6:f5:cf:b7:ad:b2:74:
         33:dd:72:1f:30:43:bd:cf:3a:85:de:f9:eb:1a:12:5e:5d:3a:
         be:31:38:e7:b8:aa:1a:d7:a0:9e:de:f9:e1:39:86:70:d1:8d:
         0b:60:59:08:22:56:4f:53:13:ff:5d:20:5e:10:57:13:cd:af:
         6c:67:10:77:2a:dc:6d:fe:f0:d1:c2:29:57:31:cf:8c:21:89:
         7e:88:8f:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkkIYc4pnjHHI/vhbDMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTE2NWRjM2FhZmJlMmM2MmUyNjVmZjEwNDMyN2EzZTY3
NWY4OWYwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzc2ZTM1MWJhYzk3ZmNlMzY5NTE2ZTcwMmEwNjc1NmQzZTY5YzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqz0mFjFYhsTYEvD66L6rF5rP71k
ob84zdwdjTl0m/kZBkiDrFO12zI3tXy3bLFToyojlhJfdxG7FcQQ+lFc6EECH0vR
KMBPgdlwKGvcsC0uioENc9GA6AP9K0NEV3yJR/9fJObo758IRAzF+1MbOVyNs6/s
FwfPUJzqc+h6N4l+5bEx0x370w4efK6kR7uk0wnGISOB7CxeKalqYPvBWxSJmgXb
MgT+UMhStvAFjMixWkLejoa7/Jk3P2uO/qDazWWVh+yvp5mDxfiwHubYWSq+FaMc
ztbXgJbu29n5c39tAyJ/6FjiGP5AZ1fD03rTrJP3jfQ7kTyeyxqeZvhXtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLN241G6yX/ONpUW5wKgZ1bT5pwIMB8GA1UdIwQY
MBaAFFKhZdw6r74sYuJl/xBDJ6PmdfifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTIt
ZTI5OGI0MWI2YzgxLzEvczNialVickpmODQybFJibkFxQm5WdFBtbkFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy84MGFjZWItNTBlMi00MGMwLWE4NTItZTI5OGI0MWI2Yzgx
LzEvVXFGbDNEcXZ2aXhpNG1YX0VFTW5vLVoxLUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY/fMA0G
CSqGSIb3DQEBCwUAA4IBAQDGibFc2tOOvXteLY9IUu+to/UVF6aV7lPkIXcvFNot
PZ4gm5DP0QesfTqAffwIizcR0JRY9lm8FvakN82A3ZRD90+twJgEgqkHml09U0bA
kTaKgYLPIYE+DZwYo15O39WJsXIZOcLkpAacSHNTqVzIiLa+2Nyza926la4XTOXA
dMcOI78DJOO/IbFOuyBSaLsGeUEn6AwokuHHmDRKR4mxqitmz6nK1oi7SqDuf/b1
z7etsnQz3XIfMEO9zzqF3vnrGhJeXTq+MTjnuKoa16Ce3vnhOYZw0Y0LYFkIIlZP
UxP/XSBeEFcTza9sZxB3Ktxt/vDRwilXMc+MIYl+iI9F
-----END CERTIFICATE-----
Generated at Thu Jul 25 21:44:49 2024 by rpki-client on console-fra.rpki-client.org