Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/ZxXZhe2-70JW97kLwfwSMup3iVs.roa
File:                     ZxXZhe2-70JW97kLwfwSMup3iVs.roa (raw, json)
Hash identifier:          1IpzhBr1kZrUriAPvvI9by44jMvc4CpGNM8SdsZmR/A=
Subject key identifier:   67:15:D9:85:ED:BE:EF:42:56:F7:B9:0B:C1:FC:12:32:EA:77:89:5B
Certificate issuer:       /CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
Certificate serial:       01857139AA5BB5F9053EECC6D7BDD50B6B6C
Authority key identifier: 53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/ZxXZhe2-70JW97kLwfwSMup3iVs.roa
Signing time:             Mon 02 Jan 2023 06:44:42 +0000
ROA not before:           Mon 02 Jan 2023 06:44:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207096
IP address blocks:        185.166.42.0/23 maxlen: 23
                          185.166.40.0/23 maxlen: 23
                          185.176.204.0/23 maxlen: 23
                          185.176.206.0/23 maxlen: 23
                          2a0a:7600::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:39:aa:5b:b5:f9:05:3e:ec:c6:d7:bd:d5:0b:6b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
        Validity
            Not Before: Jan  2 06:44:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6715d985edbeef4256f7b90bc1fc1232ea77895b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:64:3b:a4:8a:e0:28:e9:07:0e:aa:23:33:e3:
                    f5:0c:f4:1e:43:65:ae:50:6a:65:20:f2:f4:85:3b:
                    2a:2e:34:52:9f:83:b9:f2:be:d3:de:90:2e:c9:42:
                    da:34:80:1e:b4:ca:cf:bb:1d:d5:84:50:4a:c2:bd:
                    3a:cb:c0:0c:d1:c1:de:1e:84:b0:0e:3b:ed:4c:3d:
                    be:c1:1f:ef:72:46:2f:d9:c3:6c:66:b1:70:d3:8e:
                    ce:42:02:d7:7e:99:bc:f8:17:bb:e3:7e:eb:d7:0a:
                    34:49:6f:7a:a7:a8:47:26:70:3c:86:24:47:2e:c5:
                    f8:c7:70:ea:b9:21:2b:f2:83:69:ef:b1:f6:34:9c:
                    e0:f1:3a:4e:c3:4c:07:84:df:e0:3e:af:2a:75:21:
                    84:e7:7a:2b:9d:be:0f:c9:6a:1c:5b:5f:27:a5:19:
                    9c:73:4c:4d:a6:62:fc:a1:76:eb:7d:cc:f2:df:90:
                    56:a0:fb:70:a0:45:be:c7:a7:2a:e4:74:2e:8f:99:
                    50:db:a6:a0:8d:9b:48:c7:78:81:66:2c:7c:03:c0:
                    1e:85:3c:c2:5e:1c:cb:20:fd:2b:b1:e7:61:4d:cc:
                    36:df:2c:f7:22:48:49:d6:a9:72:cf:63:07:6f:0f:
                    8e:c4:89:13:6f:04:b3:14:31:a0:5c:b8:94:68:ce:
                    59:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:15:D9:85:ED:BE:EF:42:56:F7:B9:0B:C1:FC:12:32:EA:77:89:5B
            X509v3 Authority Key Identifier:
                keyid:53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/ZxXZhe2-70JW97kLwfwSMup3iVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.40.0/22
                  185.176.204.0/22
                IPv6:
                  2a0a:7600::/29

    Signature Algorithm: sha256WithRSAEncryption
         8f:44:46:68:d5:12:ed:2f:fd:98:3f:1f:e4:44:ec:65:58:02:
         02:8e:7f:80:fa:6f:b0:b5:99:3e:13:73:3d:62:4f:d2:ef:d7:
         43:b0:bc:69:75:75:6e:e8:82:0c:ec:c8:2f:6b:c1:d3:36:8d:
         22:b1:99:ee:58:30:47:97:30:43:24:f0:21:6b:30:60:e8:69:
         79:71:7a:39:bd:da:b9:1f:c0:1f:e6:94:7b:d1:5d:1b:7e:e1:
         27:a6:3e:68:32:e6:66:6a:e4:9f:36:89:ca:cb:b0:23:8e:9e:
         76:1b:3e:1f:f5:41:e1:ad:7e:46:3d:ad:e3:05:41:ad:90:52:
         9f:2a:9e:59:87:13:aa:82:87:b9:4a:9f:1f:b7:d5:e4:3a:1a:
         ed:b4:66:3c:94:a1:82:b6:86:a0:d8:8a:a8:ea:43:ec:d3:b6:
         65:61:fa:f7:fe:71:58:20:8a:72:9e:7e:53:ae:60:34:27:30:
         d6:43:c2:31:23:1f:b3:c9:f5:ef:67:1f:34:dc:fb:15:9a:fd:
         c6:78:a1:4a:8e:17:1c:4c:44:03:07:3a:be:e3:d0:36:61:8c:
         ac:36:b4:58:ce:15:8f:31:09:40:41:60:3b:44:ca:fe:63:57:
         6b:1c:55:ab:19:45:5f:c5:b7:81:b2:ab:16:9b:90:45:ac:92:
         5f:50:42:1c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVxOapbtfkFPuzG173VC2tsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZDAzNTlmOWY4YjIwODE1Y2U0ZDk4OGUxMDliZjgyMzA2
ZTRjNzQwHhcNMjMwMTAyMDY0NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE1ZDk4NWVkYmVlZjQyNTZmN2I5MGJjMWZjMTIzMmVhNzc4OTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2Q7pIrgKOkHDqojM+P1DPQeQ2Wu
UGplIPL0hTsqLjRSn4O58r7T3pAuyULaNIAetMrPux3VhFBKwr06y8AM0cHeHoSw
DjvtTD2+wR/vckYv2cNsZrFw047OQgLXfpm8+Be7437r1wo0SW96p6hHJnA8hiRH
LsX4x3DquSEr8oNp77H2NJzg8TpOw0wHhN/gPq8qdSGE53ornb4PyWocW18npRmc
c0xNpmL8oXbrfczy35BWoPtwoEW+x6cq5HQuj5lQ26agjZtIx3iBZix8A8AehTzC
XhzLIP0rsedhTcw23yz3IkhJ1qlyz2MHbw+OxIkTbwSzFDGgXLiUaM5ZLQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGcV2YXtvu9CVve5C8H8EjLqd4lbMB8GA1UdIwQY
MBaAFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTkt
YTZjNDljZTkwNzU2LzEvWnhYWmhlMi03MEpXOTdrTHdmd1NNdXAzaVZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC80OTM1NzEtMjEwZS00ZDFhLTg4MTktYTZjNDljZTkwNzU2
LzEvVTlBMW41LUxJSUZjNU5tSTRRbV9nakJ1VEhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuaYoAwQC
ubDMMA0EAgACMAcDBQMqCnYAMA0GCSqGSIb3DQEBCwUAA4IBAQCPREZo1RLtL/2Y
Px/kROxlWAICjn+A+m+wtZk+E3M9Yk/S79dDsLxpdXVu6IIM7Mgva8HTNo0isZnu
WDBHlzBDJPAhazBg6Gl5cXo5vdq5H8Af5pR70V0bfuEnpj5oMuZmauSfNonKy7Aj
jp52Gz4f9UHhrX5GPa3jBUGtkFKfKp5ZhxOqgoe5Sp8ft9XkOhrttGY8lKGCtoag
2Iqo6kPs07ZlYfr3/nFYIIpynn5TrmA0JzDWQ8IxIx+zyfXvZx803PsVmv3GeKFK
jhccTEQDBzq+49A2YYysNrRYzhWPMQlAQWA7RMr+Y1drHFWrGUVfxbeBsqsWm5BF
rJJfUEIc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:17 2024 by rpki-client on console-ams.rpki-client.org