Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/MkJfDqUkob1xA9M-atBqStbnH8k.roa
File:                     MkJfDqUkob1xA9M-atBqStbnH8k.roa (raw, json)
Hash identifier:          nR11ux2ZwIPAhzlJr83CfPGmhdyfDzkUvc+3FwkzXE0=
Subject key identifier:   32:42:5F:0E:A5:24:A1:BD:71:03:D3:3E:6A:D0:6A:4A:D6:E7:1F:C9
Certificate issuer:       /CN=4650c6c02a9bde4e17187f05b0eca950483bf92d
Certificate serial:       01856D38628388F57AC2010670969F80764E
Authority key identifier: 46:50:C6:C0:2A:9B:DE:4E:17:18:7F:05:B0:EC:A9:50:48:3B:F9:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RlDGwCqb3k4XGH8FsOypUEg7-S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/MkJfDqUkob1xA9M-atBqStbnH8k.roa
Signing time:             Sun 01 Jan 2023 12:04:49 +0000
ROA not before:           Sun 01 Jan 2023 12:04:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202743
IP address blocks:        185.155.20.0/22 maxlen: 22
                          185.155.20.0/23 maxlen: 23
                          185.155.22.0/23 maxlen: 23
                          188.211.28.0/23 maxlen: 24
                          2a0a:b081::/32 maxlen: 32
                          2a0a:b080::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 19 Jan 2023 09:51:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:38:62:83:88:f5:7a:c2:01:06:70:96:9f:80:76:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4650c6c02a9bde4e17187f05b0eca950483bf92d
        Validity
            Not Before: Jan  1 12:04:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=32425f0ea524a1bd7103d33e6ad06a4ad6e71fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6e:8a:e2:87:9b:fb:3b:5e:a4:8e:00:b4:dd:
                    fc:0f:e3:59:97:49:11:6c:2d:cb:e5:4a:a4:06:b9:
                    a4:4d:86:a3:b9:9d:f2:53:35:e6:b2:df:e2:fc:ac:
                    3d:5f:37:dc:87:f1:85:c1:95:e9:cd:f8:24:78:6e:
                    b6:c5:2d:55:9b:3c:90:86:ce:73:ed:a0:ba:04:86:
                    6c:62:0f:a7:a1:24:17:23:fe:ff:c9:55:92:be:1b:
                    6c:e9:81:c0:69:27:34:f8:07:79:5a:3e:e1:83:96:
                    4a:58:e0:35:ed:37:05:0b:49:6b:5c:87:c4:52:0d:
                    ba:e1:9c:0d:fb:6d:12:c0:5a:e5:ae:6a:1b:9a:7b:
                    23:cd:6f:8d:1a:26:29:31:51:a0:12:c5:f5:77:87:
                    14:f3:5a:23:aa:c2:54:65:88:67:dc:1b:8a:64:f5:
                    33:0a:0a:dc:9b:b4:d4:a0:db:04:06:04:bf:2c:4f:
                    0a:9a:13:f8:d3:b6:da:92:46:99:d0:d0:52:13:ed:
                    73:e2:99:f6:c9:d7:f3:4d:d1:44:d1:68:72:bd:56:
                    24:2c:9a:7e:40:ae:cc:3f:56:eb:ea:5b:65:fa:a7:
                    62:6e:8f:99:26:3e:24:72:ab:89:39:4e:84:c6:8d:
                    ec:3d:93:b4:94:4d:b3:90:f7:0d:39:cc:2d:bc:40:
                    76:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:42:5F:0E:A5:24:A1:BD:71:03:D3:3E:6A:D0:6A:4A:D6:E7:1F:C9
            X509v3 Authority Key Identifier:
                keyid:46:50:C6:C0:2A:9B:DE:4E:17:18:7F:05:B0:EC:A9:50:48:3B:F9:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RlDGwCqb3k4XGH8FsOypUEg7-S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/MkJfDqUkob1xA9M-atBqStbnH8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/373414-9ce4-46f5-940e-49c24292e9bd/1/RlDGwCqb3k4XGH8FsOypUEg7-S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.20.0/22
                  188.211.28.0/23
                IPv6:
                  2a0a:b080::/29

    Signature Algorithm: sha256WithRSAEncryption
         3b:b0:ce:65:27:48:a9:05:f7:0a:08:3c:be:6f:e9:79:ef:51:
         a6:72:fc:8b:f5:bd:90:ee:6a:35:b2:86:7e:22:a0:8c:32:ce:
         44:fc:68:a4:e5:2c:52:50:51:62:04:5b:9c:c7:ca:aa:25:d6:
         e8:07:51:42:b7:ea:61:22:f3:97:58:0e:57:99:d3:8b:00:90:
         38:ee:d6:2f:d6:01:c3:f7:f1:88:09:cc:9a:e1:4f:64:28:b9:
         63:59:62:fc:b6:4b:5e:2a:96:93:78:23:61:da:f7:c4:02:e1:
         a1:83:d0:1c:f2:3f:eb:f7:32:79:8b:df:25:35:67:ad:4b:05:
         8e:02:11:93:fe:40:ba:be:df:72:18:fb:8d:9e:5c:4d:31:bd:
         a2:be:71:6c:8c:9a:fa:72:a5:b9:e4:e8:4e:81:03:b2:58:c2:
         63:af:26:a8:5f:9b:94:6a:f8:51:10:d6:66:11:eb:2b:7e:09:
         d5:d3:16:e9:6c:35:e5:7b:1d:ff:4e:46:b9:98:fc:1e:00:4a:
         ad:d0:d0:99:e5:e1:07:93:38:52:39:64:42:2c:1e:e0:25:90:
         7a:a3:40:04:d4:57:b8:7a:77:d6:f0:df:d7:bd:ff:81:d5:46:
         13:0e:4f:ea:33:e7:da:00:fd:5c:67:5b:fa:55:52:3f:83:7c:
         d8:73:2d:47
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtOGKDiPV6wgEGcJafgHZOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NTBjNmMwMmE5YmRlNGUxNzE4N2YwNWIwZWNhOTUwNDgz
YmY5MmQwHhcNMjMwMTAxMTIwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQyNWYwZWE1MjRhMWJkNzEwM2QzM2U2YWQwNmE0YWQ2ZTcxZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW6K4oeb+ztepI4AtN38D+NZl0kR
bC3L5UqkBrmkTYajuZ3yUzXmst/i/Kw9Xzfch/GFwZXpzfgkeG62xS1VmzyQhs5z
7aC6BIZsYg+noSQXI/7/yVWSvhts6YHAaSc0+Ad5Wj7hg5ZKWOA17TcFC0lrXIfE
Ug264ZwN+20SwFrlrmobmnsjzW+NGiYpMVGgEsX1d4cU81ojqsJUZYhn3BuKZPUz
Cgrcm7TUoNsEBgS/LE8KmhP407bakkaZ0NBSE+1z4pn2ydfzTdFE0WhyvVYkLJp+
QK7MP1br6ltl+qdibo+ZJj4kcquJOU6Exo3sPZO0lE2zkPcNOcwtvEB2ewIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDJCXw6lJKG9cQPTPmrQakrW5x/JMB8GA1UdIwQY
MBaAFEZQxsAqm95OFxh/BbDsqVBIO/ktMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmxER3dDcWIzazRYR0g4RnNPeXBVRWc3LVMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8zNzM0MTQtOWNlNC00NmY1LTk0MGUt
NDljMjQyOTJlOWJkLzEvTWtKZkRxVWtvYjF4QTlNLWF0QnFTdGJuSDhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8zNzM0MTQtOWNlNC00NmY1LTk0MGUtNDljMjQyOTJlOWJk
LzEvUmxER3dDcWIzazRYR0g4RnNPeXBVRWc3LVMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuZsUAwQB
vNMcMA0EAgACMAcDBQMqCrCAMA0GCSqGSIb3DQEBCwUAA4IBAQA7sM5lJ0ipBfcK
CDy+b+l571GmcvyL9b2Q7mo1soZ+IqCMMs5E/Gik5SxSUFFiBFucx8qqJdboB1FC
t+phIvOXWA5XmdOLAJA47tYv1gHD9/GICcya4U9kKLljWWL8tkteKpaTeCNh2vfE
AuGhg9Ac8j/r9zJ5i98lNWetSwWOAhGT/kC6vt9yGPuNnlxNMb2ivnFsjJr6cqW5
5OhOgQOyWMJjryaoX5uUavhRENZmEesrfgnV0xbpbDXlex3/Tka5mPweAEqt0NCZ
5eEHkzhSOWRCLB7gJZB6o0AE1Fe4enfW8N/Xvf+B1UYTDk/qM+faAP1cZ1v6VVI/
g3zYcy1H
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:57 2024 by rpki-client on console-ams.rpki-client.org