Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/NAZghymQIJJB-a1xCf_IEJrlXeY.roa
File:                     NAZghymQIJJB-a1xCf_IEJrlXeY.roa (raw, json)
Hash identifier:          QgzZg1tNaN1A/u7AOXbllgP+GXAwR2DHEp21WX30grc=
Subject key identifier:   34:06:60:87:29:90:20:92:41:F9:AD:71:09:FF:C8:10:9A:E5:5D:E6
Certificate issuer:       /CN=27b8dbd97de4cd4059b52e513dcf35cd381a32b3
Certificate serial:       01856DC1AE926030B675F94B48264BC683C9
Authority key identifier: 27:B8:DB:D9:7D:E4:CD:40:59:B5:2E:51:3D:CF:35:CD:38:1A:32:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/NAZghymQIJJB-a1xCf_IEJrlXeY.roa
Signing time:             Sun 01 Jan 2023 14:34:47 +0000
ROA not before:           Sun 01 Jan 2023 14:34:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205862
IP address blocks:        185.204.43.0/24 maxlen: 24
                          185.204.40.0/24 maxlen: 24
                          185.204.42.0/24 maxlen: 24
                          185.204.41.0/24 maxlen: 24
                          2a0d:b00:2901::/48 maxlen: 48
                          2a0d:b00:3501::/48 maxlen: 48
                          2a0d:b00:9201::/48 maxlen: 48
                          2a0d:b00:3502::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:c1:ae:92:60:30:b6:75:f9:4b:48:26:4b:c6:83:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27b8dbd97de4cd4059b52e513dcf35cd381a32b3
        Validity
            Not Before: Jan  1 14:34:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=340660872990209241f9ad7109ffc8109ae55de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:83:e0:4d:d5:e3:02:f2:5b:5b:b7:9a:ac:6c:
                    a4:d4:6d:f2:e8:2d:bb:60:7b:d6:f5:94:88:e1:7b:
                    18:8f:81:5e:3f:a6:b4:f6:fd:0a:87:e5:93:8b:b1:
                    b6:58:bd:e0:bd:85:cb:e7:11:c3:cf:dc:58:73:5e:
                    67:59:f7:8b:bf:68:90:af:ef:8d:a8:b8:1e:aa:79:
                    a1:9a:3e:b4:6b:db:9f:c2:36:52:31:98:6a:9c:0d:
                    72:f4:65:35:80:dc:29:dc:7e:a2:25:40:e9:ec:ae:
                    3d:de:b4:28:e4:69:9f:6d:25:f4:d6:5d:93:40:dc:
                    71:6c:70:87:c1:48:44:59:ef:cb:35:fb:4b:71:f3:
                    f8:9d:11:db:a5:ec:7f:2d:6f:06:63:92:3b:2a:57:
                    f5:14:fd:01:56:4d:65:6b:1a:ce:be:e8:69:a3:93:
                    46:0d:16:3c:7a:57:d5:8e:c6:11:a9:d0:5d:5e:0a:
                    4b:a4:a7:a6:a4:94:5c:89:a7:03:d5:98:6a:ea:b8:
                    f7:fa:0f:42:ec:ce:7d:f0:20:e9:b9:c9:c2:3e:39:
                    b7:d7:fd:a5:66:df:50:f2:66:2c:c5:a8:53:e3:d2:
                    5b:ba:58:47:c9:e7:77:74:1c:2b:ac:65:40:5e:13:
                    f4:c2:1c:4c:d8:d9:54:58:43:a6:fa:79:c8:4d:5f:
                    ec:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:06:60:87:29:90:20:92:41:F9:AD:71:09:FF:C8:10:9A:E5:5D:E6
            X509v3 Authority Key Identifier:
                keyid:27:B8:DB:D9:7D:E4:CD:40:59:B5:2E:51:3D:CF:35:CD:38:1A:32:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/NAZghymQIJJB-a1xCf_IEJrlXeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/J7jb2X3kzUBZtS5RPc81zTgaMrM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.204.40.0/22
                IPv6:
                  2a0d:b00:2901::/48
                  2a0d:b00:3501::-2a0d:b00:3502:ffff:ffff:ffff:ffff:ffff
                  2a0d:b00:9201::/48

    Signature Algorithm: sha256WithRSAEncryption
         a2:52:e9:38:dc:c4:44:b6:df:a4:99:0f:f1:28:09:ca:a0:62:
         2f:7e:0d:de:00:47:6f:44:6b:6e:67:99:e4:55:3e:d7:74:90:
         56:2e:56:46:a9:fd:d8:a8:f4:2a:93:69:2f:22:82:fc:0c:b2:
         8e:94:0a:15:c0:3e:da:b3:de:2c:c8:7b:6b:14:40:5e:16:3f:
         c0:02:8a:cd:ee:f2:c6:72:5e:1a:41:19:6e:f5:ca:c8:ad:56:
         93:6d:68:2e:8d:74:c1:39:aa:77:9f:74:5f:a8:b7:f0:f8:15:
         ab:f5:9d:cc:41:c9:ac:90:ee:7b:a5:0e:3e:0a:7a:82:53:38:
         91:f0:ab:a1:17:2e:ce:a5:50:dd:60:0e:55:d7:b5:3f:8f:99:
         6e:9c:8c:73:b0:58:8f:15:f0:6e:0d:12:d1:60:be:0f:40:12:
         c9:17:58:b4:fb:e9:5d:3f:50:13:0d:98:b5:92:2a:e9:0d:ad:
         77:a0:24:0e:6d:82:04:0f:67:28:ef:1b:d4:9c:2d:8e:a5:8c:
         17:9a:9a:04:49:4c:21:9e:4b:74:e7:3b:d4:cb:21:ad:34:6d:
         a0:09:a7:d9:31:f4:e8:cc:a6:a2:2a:19:7d:7f:41:49:e1:b5:
         04:fc:34:77:ee:21:13:1f:55:e6:b4:c7:96:cb:d7:7f:15:10:
         8b:51:17:f8
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYVtwa6SYDC2dflLSCZLxoPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YjhkYmQ5N2RlNGNkNDA1OWI1MmU1MTNkY2YzNWNkMzgx
YTMyYjMwHhcNMjMwMTAxMTQzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA2NjA4NzI5OTAyMDkyNDFmOWFkNzEwOWZmYzgxMDlhZTU1ZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioPgTdXjAvJbW7earGyk1G3y6C27
YHvW9ZSI4XsYj4FeP6a09v0Kh+WTi7G2WL3gvYXL5xHDz9xYc15nWfeLv2iQr++N
qLgeqnmhmj60a9ufwjZSMZhqnA1y9GU1gNwp3H6iJUDp7K493rQo5GmfbSX01l2T
QNxxbHCHwUhEWe/LNftLcfP4nRHbpex/LW8GY5I7Klf1FP0BVk1laxrOvuhpo5NG
DRY8elfVjsYRqdBdXgpLpKempJRciacD1Zhq6rj3+g9C7M598CDpucnCPjm31/2l
Zt9Q8mYsxahT49JbulhHyed3dBwrrGVAXhP0whxM2NlUWEOm+nnITV/sWQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDQGYIcpkCCSQfmtcQn/yBCa5V3mMB8GA1UdIwQY
MBaAFCe429l95M1AWbUuUT3PNc04GjKzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdqYjJYM2t6VUJadFM1UlBjODF6VGdhTXJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTkyOGYtNWYxOS00MWQ5LTgyMzgt
NWM1NGNkYWQxOWYxLzEvTkFaZ2h5bVFJSkpCLWExeENmX0lFSnJsWGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84NTkyOGYtNWYxOS00MWQ5LTgyMzgtNWM1NGNkYWQxOWYx
LzEvSjdqYjJYM2t6VUJadFM1UlBjODF6VGdhTXJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAMBAIAATAGAwQCucwoMCwE
AgACMCYDBwAqDQsAKQEwEgMHACoNCwA1AQMHACoNCwA1AgMHACoNCwCSATANBgkq
hkiG9w0BAQsFAAOCAQEAolLpONzERLbfpJkP8SgJyqBiL34N3gBHb0RrbmeZ5FU+
13SQVi5WRqn92Kj0KpNpLyKC/AyyjpQKFcA+2rPeLMh7axRAXhY/wAKKze7yxnJe
GkEZbvXKyK1Wk21oLo10wTmqd590X6i38PgVq/WdzEHJrJDue6UOPgp6glM4kfCr
oRcuzqVQ3WAOVde1P4+ZbpyMc7BYjxXwbg0S0WC+D0ASyRdYtPvpXT9QEw2YtZIq
6Q2td6AkDm2CBA9nKO8b1JwtjqWMF5qaBElMIZ5LdOc71MshrTRtoAmn2TH06Mym
oioZfX9BSeG1BPw0d+4hEx9V5rTHlsvXfxUQi1EX+A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:39 2024 by rpki-client on console-fra.rpki-client.org