Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/KNz8lQD-IyjmW-xSUiBvP06UN58.roa
File:                     KNz8lQD-IyjmW-xSUiBvP06UN58.roa (raw, json)
Hash identifier:          7mDZEWdenK3RQr1UDHQE6JkvD22aZu7QA/WBI/QANZk=
Subject key identifier:   28:DC:FC:95:00:FE:23:28:E6:5B:EC:52:52:20:6F:3F:4E:94:37:9F
Certificate issuer:       /CN=5dd23c7ac6e682fbc53be1a0e9318f6ccae7193d
Certificate serial:       01857142DE8926309B4A462749CC00D7082F
Authority key identifier: 5D:D2:3C:7A:C6:E6:82:FB:C5:3B:E1:A0:E9:31:8F:6C:CA:E7:19:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/KNz8lQD-IyjmW-xSUiBvP06UN58.roa
Signing time:             Mon 02 Jan 2023 06:54:45 +0000
ROA not before:           Mon 02 Jan 2023 06:54:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57860
IP address blocks:        185.129.60.0/22 maxlen: 24
                          2a06:d380::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 03 Nov 2023 15:36:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:42:de:89:26:30:9b:4a:46:27:49:cc:00:d7:08:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd23c7ac6e682fbc53be1a0e9318f6ccae7193d
        Validity
            Not Before: Jan  2 06:54:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=28dcfc9500fe2328e65bec5252206f3f4e94379f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:e0:64:b0:74:46:9a:42:86:c0:8d:b6:0a:5d:
                    cf:af:f8:06:6c:7e:a5:d5:83:a6:90:85:01:b3:8d:
                    b0:3e:70:35:77:0b:82:3b:bb:74:52:bb:69:fc:be:
                    85:b5:49:9b:46:a6:86:25:a1:d4:d6:a1:d5:7a:62:
                    6f:93:45:b9:74:cd:7f:eb:dc:fa:39:c7:26:28:78:
                    d8:55:02:08:da:d8:cd:a2:59:71:ac:df:fd:92:95:
                    91:7b:2b:03:4c:6f:5d:8c:b8:fa:79:bc:76:f2:55:
                    d7:73:62:9a:bb:6d:b2:f2:27:ae:40:17:12:f5:65:
                    11:da:5d:5b:1c:10:54:eb:8f:5f:3b:35:b1:4e:d8:
                    cd:56:95:4e:64:f0:5e:3d:3e:64:e2:3f:5b:67:5f:
                    04:66:86:77:c5:2a:39:ee:f7:4b:c1:bb:fb:b9:de:
                    97:27:07:bd:02:e5:a7:2f:46:d4:e1:7f:d6:9d:4e:
                    de:77:98:54:c1:81:86:62:db:d8:69:60:fa:03:92:
                    bf:48:61:a7:35:49:23:c3:f7:50:2e:02:8e:9e:e8:
                    79:8c:0d:8f:28:d4:35:d5:a8:93:1a:11:1a:60:12:
                    f9:cf:b3:25:df:f9:ec:78:6c:aa:4f:6e:45:c5:1e:
                    27:cb:80:bd:6c:20:03:8c:de:ea:70:e3:fa:e1:98:
                    fb:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:DC:FC:95:00:FE:23:28:E6:5B:EC:52:52:20:6F:3F:4E:94:37:9F
            X509v3 Authority Key Identifier:
                keyid:5D:D2:3C:7A:C6:E6:82:FB:C5:3B:E1:A0:E9:31:8F:6C:CA:E7:19:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdI8esbmgvvFO-Gg6TGPbMrnGT0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/KNz8lQD-IyjmW-xSUiBvP06UN58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a42e9c-d92d-4b20-a5eb-ebe2332caf1c/1/XdI8esbmgvvFO-Gg6TGPbMrnGT0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.60.0/22
                IPv6:
                  2a06:d380::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:2e:89:3d:b2:c8:3e:6f:b1:6b:f7:46:8c:ca:5d:39:92:fe:
         5f:d3:a8:e3:a4:99:b5:c1:a1:44:76:9c:5a:2f:53:ab:5e:b9:
         7e:93:37:0b:9a:70:51:43:d6:89:83:24:46:b4:f7:e9:e0:a6:
         86:bc:b7:ac:79:f8:4c:02:1b:3f:ad:73:ac:a3:ef:8a:b3:b0:
         a9:ae:d4:8f:0f:f6:90:72:c4:76:4b:99:e5:11:36:8b:59:b9:
         a3:76:01:65:b9:f1:69:bc:42:0d:c5:3e:ac:e1:0c:f4:20:f2:
         d8:d0:a3:95:5b:58:12:8c:96:1d:b9:99:40:10:08:5d:63:a1:
         aa:5b:bc:cb:3e:e7:c3:af:5e:95:c1:41:8b:4f:99:06:12:42:
         7f:55:76:0a:99:f8:6d:c2:f6:b8:57:ee:26:e9:b2:f3:97:7f:
         f1:05:ee:ad:ee:0e:ab:29:41:77:4c:32:45:f6:7b:29:d2:2d:
         cf:e9:ed:d6:19:8f:3b:29:86:ec:ae:0c:b8:90:0e:1c:77:3e:
         ee:79:78:cb:a0:77:ac:02:90:8d:3b:10:34:17:46:a4:f1:82:
         6f:ef:54:14:1f:d2:9e:d3:f7:51:11:fa:b0:ed:eb:f0:de:5f:
         5d:5d:11:bf:a5:7c:cc:8f:2f:43:d1:06:c6:75:87:ef:b7:4e:
         31:55:69:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxQt6JJjCbSkYnScwA1wgvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDIzYzdhYzZlNjgyZmJjNTNiZTFhMGU5MzE4ZjZjY2Fl
NzE5M2QwHhcNMjMwMTAyMDY1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGRjZmM5NTAwZmUyMzI4ZTY1YmVjNTI1MjIwNmYzZjRlOTQzNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+BksHRGmkKGwI22Cl3Pr/gGbH6l
1YOmkIUBs42wPnA1dwuCO7t0Urtp/L6FtUmbRqaGJaHU1qHVemJvk0W5dM1/69z6
OccmKHjYVQII2tjNollxrN/9kpWReysDTG9djLj6ebx28lXXc2Kau22y8ieuQBcS
9WUR2l1bHBBU649fOzWxTtjNVpVOZPBePT5k4j9bZ18EZoZ3xSo57vdLwbv7ud6X
Jwe9AuWnL0bU4X/WnU7ed5hUwYGGYtvYaWD6A5K/SGGnNUkjw/dQLgKOnuh5jA2P
KNQ11aiTGhEaYBL5z7Ml3/nseGyqT25FxR4ny4C9bCADjN7qcOP64Zj7OQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCjc/JUA/iMo5lvsUlIgbz9OlDefMB8GA1UdIwQY
MBaAFF3SPHrG5oL7xTvhoOkxj2zK5xk9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRJOGVzYm1ndnZGTy1HZzZUR1BiTXJuR1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hNDJlOWMtZDkyZC00YjIwLWE1ZWIt
ZWJlMjMzMmNhZjFjLzEvS056OGxRRC1JeWptVy14U1VpQnZQMDZVTjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hNDJlOWMtZDkyZC00YjIwLWE1ZWItZWJlMjMzMmNhZjFj
LzEvWGRJOGVzYm1ndnZGTy1HZzZUR1BiTXJuR1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuYE8MA0E
AgACMAcDBQMqBtOAMA0GCSqGSIb3DQEBCwUAA4IBAQADLok9ssg+b7Fr90aMyl05
kv5f06jjpJm1waFEdpxaL1OrXrl+kzcLmnBRQ9aJgyRGtPfp4KaGvLesefhMAhs/
rXOso++Ks7CprtSPD/aQcsR2S5nlETaLWbmjdgFlufFpvEINxT6s4Qz0IPLY0KOV
W1gSjJYduZlAEAhdY6GqW7zLPufDr16VwUGLT5kGEkJ/VXYKmfhtwva4V+4m6bLz
l3/xBe6t7g6rKUF3TDJF9nsp0i3P6e3WGY87KYbsrgy4kA4cdz7ueXjLoHesApCN
OxA0F0ak8YJv71QUH9Ke0/dREfqw7evw3l9dXRG/pXzMjy9D0QbGdYfvt04xVWne
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:31 2024 by rpki-client on console-ams.rpki-client.org