Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/vK7zI94LpIT765sb_Ue9nKwsXoA.roa
File:                     vK7zI94LpIT765sb_Ue9nKwsXoA.roa (raw, json)
Hash identifier:          b9/tgQmXq7payOIYkg3wjCD4Z3KQb1bXp7o1aw/1C7o=
Subject key identifier:   BC:AE:F3:23:DE:0B:A4:84:FB:EB:9B:1B:FD:47:BD:9C:AC:2C:5E:80
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       018570708586EAF69FA42CB4EA47CBA2ACC3
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/vK7zI94LpIT765sb_Ue9nKwsXoA.roa
Signing time:             Mon 02 Jan 2023 03:05:00 +0000
ROA not before:           Mon 02 Jan 2023 03:05:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30925
IP address blocks:        185.142.248.0/22 maxlen: 24
                          109.109.96.0/19 maxlen: 24
                          83.98.224.0/19 maxlen: 24
                          185.34.156.0/22 maxlen: 24
                          185.26.56.0/22 maxlen: 24
                          185.34.168.0/22 maxlen: 24
                          2a02:988::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:30:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:70:85:86:ea:f6:9f:a4:2c:b4:ea:47:cb:a2:ac:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Jan  2 03:05:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bcaef323de0ba484fbeb9b1bfd47bd9cac2c5e80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:38:0e:ee:e9:92:7c:e4:06:16:d5:7c:2a:e1:
                    93:a9:0c:e1:4a:0c:23:4d:2e:08:26:6e:3c:d8:e0:
                    22:5c:9b:e3:d2:22:3f:31:0e:6d:89:81:25:89:cc:
                    6b:24:03:08:8b:3e:b4:ae:a6:a8:fb:56:e6:b4:a1:
                    d0:5b:b1:84:b6:c2:df:7c:27:05:0e:46:38:d8:c8:
                    a3:d5:10:1c:b7:db:0a:3c:7b:24:4c:96:e2:72:23:
                    0a:a4:1e:a1:30:d0:97:7d:f7:1e:98:4a:80:dc:e1:
                    5d:d9:19:ac:b6:6f:bf:ef:d3:f2:6a:91:f0:ba:18:
                    7f:20:e4:57:20:07:d1:5a:48:0d:d8:c4:44:16:7d:
                    e9:66:22:5d:13:30:0e:9d:8b:18:b8:1b:3b:31:c8:
                    f5:e9:b8:ea:b6:20:64:bd:96:e0:92:3c:b2:6a:5d:
                    f2:86:f4:14:8b:79:89:4b:74:e6:9f:d7:73:a0:f9:
                    5d:83:65:8a:16:a3:63:91:62:3a:29:66:1c:94:b0:
                    16:ca:07:92:8f:8f:90:6e:98:a7:5e:56:81:f0:85:
                    fd:80:76:63:97:a9:64:f4:b2:f5:c2:82:98:4f:40:
                    63:b3:2f:0d:ca:81:27:ed:3d:64:0f:00:2a:01:23:
                    09:34:46:1f:70:75:47:b8:fd:80:2f:63:ed:d0:52:
                    b9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:AE:F3:23:DE:0B:A4:84:FB:EB:9B:1B:FD:47:BD:9C:AC:2C:5E:80
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/vK7zI94LpIT765sb_Ue9nKwsXoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.98.224.0/19
                  109.109.96.0/19
                  185.26.56.0/22
                  185.34.156.0/22
                  185.34.168.0/22
                  185.142.248.0/22
                IPv6:
                  2a02:988::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:c3:50:a1:7d:51:29:43:2a:48:1a:27:7c:90:c9:26:a4:8a:
         1e:fb:90:07:6e:e5:de:5d:5c:5d:f0:40:6e:68:1e:ef:b2:32:
         54:1e:88:8a:77:00:6c:2d:57:59:8e:03:f4:5a:1e:4f:8b:2b:
         aa:b5:c3:db:d4:5d:62:93:78:b3:cd:c4:4e:a9:92:b1:7d:18:
         56:3e:7d:19:d3:bd:6f:2e:3b:96:ee:a6:bb:8a:90:2e:28:da:
         c0:c5:62:52:ac:c9:c8:d8:34:f6:94:f9:86:5e:92:30:db:56:
         1d:e2:74:e2:f9:30:c5:92:fc:87:81:6a:3d:bf:72:96:4d:78:
         6d:49:6f:9a:92:72:d0:26:5c:60:d6:13:18:b6:50:f7:ea:5f:
         f9:e5:d3:7c:68:45:5b:c4:1a:bf:2b:1c:6f:9d:bb:81:49:3f:
         2d:54:dd:c3:16:13:df:72:1e:f4:81:d1:ef:6c:b4:dc:74:31:
         39:69:e2:36:9b:26:ff:e8:64:5f:7b:32:50:f2:dd:30:66:68:
         f1:38:8a:8b:b9:41:bb:b4:c5:8b:37:c8:98:66:3b:3a:d3:86:
         7f:47:98:9c:2a:bd:c5:be:e5:24:ce:24:fe:2f:c4:b9:81:a9:
         d5:ea:e0:72:98:c7:d4:89:72:c4:7e:15:1a:9a:e0:c6:7d:4e:
         ed:c1:2c:35
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVwcIWG6vafpCy06kfLoqzDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjMwMTAyMDMwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2FlZjMyM2RlMGJhNDg0ZmJlYjliMWJmZDQ3YmQ5Y2FjMmM1ZTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjgO7umSfOQGFtV8KuGTqQzhSgwj
TS4IJm482OAiXJvj0iI/MQ5tiYElicxrJAMIiz60rqao+1bmtKHQW7GEtsLffCcF
DkY42Mij1RAct9sKPHskTJbiciMKpB6hMNCXffcemEqA3OFd2Rmstm+/79PyapHw
uhh/IORXIAfRWkgN2MREFn3pZiJdEzAOnYsYuBs7Mcj16bjqtiBkvZbgkjyyal3y
hvQUi3mJS3Tmn9dzoPldg2WKFqNjkWI6KWYclLAWygeSj4+QbpinXlaB8IX9gHZj
l6lk9LL1woKYT0Bjsy8NyoEn7T1kDwAqASMJNEYfcHVHuP2AL2Pt0FK5gQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFLyu8yPeC6SE++ubG/1HvZysLF6AMB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvdks3ekk5NExwSVQ3NjVzYl9VZTluS3dzWG9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFU2LgAwQF
bW1gAwQCuRo4AwQCuSKcAwQCuSKoAwQCuY74MA0EAgACMAcDBQAqAgmIMA0GCSqG
SIb3DQEBCwUAA4IBAQBlw1ChfVEpQypIGid8kMkmpIoe+5AHbuXeXVxd8EBuaB7v
sjJUHoiKdwBsLVdZjgP0Wh5PiyuqtcPb1F1ik3izzcROqZKxfRhWPn0Z071vLjuW
7qa7ipAuKNrAxWJSrMnI2DT2lPmGXpIw21Yd4nTi+TDFkvyHgWo9v3KWTXhtSW+a
knLQJlxg1hMYtlD36l/55dN8aEVbxBq/KxxvnbuBST8tVN3DFhPfch70gdHvbLTc
dDE5aeI2myb/6GRfezJQ8t0wZmjxOIqLuUG7tMWLN8iYZjs604Z/R5icKr3FvuUk
ziT+L8S5ganV6uBymMfUiXLEfhUamuDGfU7twSw1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:21 2024 by rpki-client on console-fra.rpki-client.org