Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/ffc3c6-f64f-4090-8292-e95e2d3d23e0/1/QbyO5iZOrmms4wPE5N2fDc7xflw.roa
File:                     QbyO5iZOrmms4wPE5N2fDc7xflw.roa (raw, json)
Hash identifier:          hSnPivsgXEozsHVpzQP0One9iUCleSMUCUtOovVWdks=
Subject key identifier:   41:BC:8E:E6:26:4E:AE:69:AC:E3:03:C4:E4:DD:9F:0D:CE:F1:7E:5C
Certificate issuer:       /CN=6d939eb74abbcd2227c2192aa2a37e6dcb898e53
Certificate serial:       01856D5D168814D6CC3B0E678002F8E3E83B
Authority key identifier: 6D:93:9E:B7:4A:BB:CD:22:27:C2:19:2A:A2:A3:7E:6D:CB:89:8E:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bZOet0q7zSInwhkqoqN-bcuJjlM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/ffc3c6-f64f-4090-8292-e95e2d3d23e0/1/QbyO5iZOrmms4wPE5N2fDc7xflw.roa
Signing time:             Sun 01 Jan 2023 12:44:55 +0000
ROA not before:           Sun 01 Jan 2023 12:44:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200428
IP address blocks:        185.107.188.0/22 maxlen: 22
                          2a06:4540::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:5d:16:88:14:d6:cc:3b:0e:67:80:02:f8:e3:e8:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d939eb74abbcd2227c2192aa2a37e6dcb898e53
        Validity
            Not Before: Jan  1 12:44:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=41bc8ee6264eae69ace303c4e4dd9f0dcef17e5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:b8:23:7a:3a:ad:00:ec:e9:48:9c:2e:fe:85:
                    5f:91:33:72:e5:13:e0:f8:ee:4f:ad:4d:cf:c0:67:
                    cc:33:9b:65:f3:6f:65:7d:18:30:f7:04:b4:89:27:
                    45:ac:34:0f:02:b2:1e:27:83:65:28:06:a3:d4:6c:
                    23:e8:ae:cd:e6:ac:6c:5d:0b:e4:b5:83:14:18:dd:
                    ad:79:0c:e8:2f:88:ac:1c:fd:79:a5:43:5f:56:71:
                    6e:03:6c:20:ef:87:f6:8b:90:1a:aa:ff:29:8b:ed:
                    2f:14:b6:3a:80:85:dc:2d:b1:b8:0b:f9:4b:a8:4d:
                    a6:be:39:d8:99:90:92:37:e5:f0:7d:31:d8:c0:22:
                    f2:35:8a:5e:4f:4d:6a:69:83:ea:80:7c:88:96:9e:
                    74:c3:a2:4b:c0:db:73:51:37:70:6d:46:bf:44:07:
                    72:a6:97:bc:fc:91:bf:d4:b1:99:ae:5b:d4:fb:13:
                    70:0a:1b:c9:68:dc:bd:7a:c9:8e:ad:dd:9a:39:ff:
                    36:82:d2:d5:f7:98:b5:47:09:51:78:70:53:70:b8:
                    80:eb:2b:43:35:28:7b:38:92:94:0e:b9:84:f7:f8:
                    85:30:70:ca:48:d5:46:cb:8c:7e:72:13:5d:40:4b:
                    98:3f:a0:47:21:93:1d:63:a6:db:64:72:d7:0d:a7:
                    62:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:BC:8E:E6:26:4E:AE:69:AC:E3:03:C4:E4:DD:9F:0D:CE:F1:7E:5C
            X509v3 Authority Key Identifier:
                keyid:6D:93:9E:B7:4A:BB:CD:22:27:C2:19:2A:A2:A3:7E:6D:CB:89:8E:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bZOet0q7zSInwhkqoqN-bcuJjlM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/ffc3c6-f64f-4090-8292-e95e2d3d23e0/1/QbyO5iZOrmms4wPE5N2fDc7xflw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/ffc3c6-f64f-4090-8292-e95e2d3d23e0/1/bZOet0q7zSInwhkqoqN-bcuJjlM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.107.188.0/22
                IPv6:
                  2a06:4540::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:ce:f9:68:db:23:5d:54:c0:80:89:46:a2:16:e2:1c:8a:2e:
         91:43:80:44:aa:ed:a5:75:b9:3f:dc:10:32:40:82:8d:1d:49:
         f7:d0:71:04:4b:0f:af:0f:11:83:87:e3:7f:a4:70:83:f8:b8:
         01:ad:88:f4:53:62:86:8b:0f:aa:25:fe:25:f8:fd:cf:b5:47:
         21:7e:6f:fd:24:b5:86:b6:dc:d1:a9:4a:e8:5e:7a:26:20:f1:
         51:29:d0:4d:c6:f6:de:7c:77:80:d5:17:31:b8:0a:09:99:b4:
         b7:d2:67:d9:5f:c8:d3:86:f1:0d:56:6c:08:10:f1:fa:4c:89:
         7f:c8:fc:7b:1b:0a:86:0d:b5:a1:92:5c:5b:93:a2:fa:e5:8f:
         1d:b6:ef:9c:8e:5e:86:49:92:a6:d7:6a:ce:e6:03:dc:27:35:
         52:61:e2:4f:dc:ea:d6:b0:cd:63:fe:d8:fd:41:e3:f1:e6:4d:
         00:99:d0:7b:70:b6:61:55:9b:87:94:14:f5:cd:2c:56:20:fd:
         69:0a:41:e4:07:19:ea:59:61:86:39:e3:e0:b8:22:ae:df:d7:
         b1:74:6e:dc:a9:41:e4:62:63:a0:3a:03:1b:fa:47:04:89:ca:
         27:ec:fc:4c:0d:ca:a3:b9:81:63:ed:ff:7e:ec:79:a9:7f:45:
         eb:02:02:67
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVtXRaIFNbMOw5ngAL44+g7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkOTM5ZWI3NGFiYmNkMjIyN2MyMTkyYWEyYTM3ZTZkY2I4
OThlNTMwHhcNMjMwMTAxMTI0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWJjOGVlNjI2NGVhZTY5YWNlMzAzYzRlNGRkOWYwZGNlZjE3ZTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbgjejqtAOzpSJwu/oVfkTNy5RPg
+O5PrU3PwGfMM5tl829lfRgw9wS0iSdFrDQPArIeJ4NlKAaj1Gwj6K7N5qxsXQvk
tYMUGN2teQzoL4isHP15pUNfVnFuA2wg74f2i5Aaqv8pi+0vFLY6gIXcLbG4C/lL
qE2mvjnYmZCSN+XwfTHYwCLyNYpeT01qaYPqgHyIlp50w6JLwNtzUTdwbUa/RAdy
ppe8/JG/1LGZrlvU+xNwChvJaNy9esmOrd2aOf82gtLV95i1RwlReHBTcLiA6ytD
NSh7OJKUDrmE9/iFMHDKSNVGy4x+chNdQEuYP6BHIZMdY6bbZHLXDadiRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEG8juYmTq5prOMDxOTdnw3O8X5cMB8GA1UdIwQY
MBaAFG2TnrdKu80iJ8IZKqKjfm3LiY5TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlpPZXQwcTd6U0lud2hrcW9xTi1iY3VKamxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9mZmMzYzYtZjY0Zi00MDkwLTgyOTIt
ZTk1ZTJkM2QyM2UwLzEvUWJ5TzVpWk9ybW1zNHdQRTVOMmZEYzd4Zmx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9mZmMzYzYtZjY0Zi00MDkwLTgyOTItZTk1ZTJkM2QyM2Uw
LzEvYlpPZXQwcTd6U0lud2hrcW9xTi1iY3VKamxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWu8MA0E
AgACMAcDBQMqBkVAMA0GCSqGSIb3DQEBCwUAA4IBAQCFzvlo2yNdVMCAiUaiFuIc
ii6RQ4BEqu2ldbk/3BAyQIKNHUn30HEESw+vDxGDh+N/pHCD+LgBrYj0U2KGiw+q
Jf4l+P3PtUchfm/9JLWGttzRqUroXnomIPFRKdBNxvbefHeA1RcxuAoJmbS30mfZ
X8jThvENVmwIEPH6TIl/yPx7GwqGDbWhklxbk6L65Y8dtu+cjl6GSZKm12rO5gPc
JzVSYeJP3OrWsM1j/tj9QePx5k0AmdB7cLZhVZuHlBT1zSxWIP1pCkHkBxnqWWGG
OePguCKu39exdG7cqUHkYmOgOgMb+kcEicon7PxMDcqjuYFj7f9+7Hmpf0XrAgJn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:31 2024 by rpki-client on console-ams.rpki-client.org