Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/xLh528fM1j_GFDCxfUMqsuAdKD4.roa
File:                     xLh528fM1j_GFDCxfUMqsuAdKD4.roa (raw, json)
Hash identifier:          +wiSvMiLh1eNF0HFFbb4oXJcZmvQIKRH2BiZGxB60OY=
Subject key identifier:   C4:B8:79:DB:C7:CC:D6:3F:C6:14:30:B1:7D:43:2A:B2:E0:1D:28:3E
Certificate issuer:       /CN=3f96240998fce4124c3cb4dfbacbb0ed1618405a
Certificate serial:       01857102F37AC3795D529FD84E1819BCEF95
Authority key identifier: 3F:96:24:09:98:FC:E4:12:4C:3C:B4:DF:BA:CB:B0:ED:16:18:40:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P5YkCZj85BJMPLTfusuw7RYYQFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/xLh528fM1j_GFDCxfUMqsuAdKD4.roa
Signing time:             Mon 02 Jan 2023 05:44:56 +0000
ROA not before:           Mon 02 Jan 2023 05:44:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201457
IP address blocks:        185.74.204.0/22 maxlen: 24
                          2a03:4760::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:02:f3:7a:c3:79:5d:52:9f:d8:4e:18:19:bc:ef:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f96240998fce4124c3cb4dfbacbb0ed1618405a
        Validity
            Not Before: Jan  2 05:44:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c4b879dbc7ccd63fc61430b17d432ab2e01d283e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9d:18:2b:74:0b:d7:0a:7e:58:e3:75:8e:ba:
                    14:4f:6c:7b:5a:b6:df:41:88:98:51:6b:96:b3:0d:
                    81:0d:71:03:d1:38:f1:96:6c:57:ae:bf:2b:4f:79:
                    e7:14:16:c2:ab:f1:b0:d4:2a:88:eb:1a:22:4b:df:
                    d9:fb:de:bf:6f:31:96:cd:3b:48:a9:4a:7f:17:b1:
                    c9:ef:35:f9:22:79:2d:62:be:b2:d5:0b:57:3e:f3:
                    73:4a:2e:4f:31:e3:97:a4:08:c3:73:4f:ce:4e:b0:
                    f7:32:42:a9:35:00:cc:aa:b6:d2:be:11:72:10:5e:
                    e0:1d:a6:65:3a:02:e6:31:2f:e8:5f:4c:38:62:10:
                    00:e0:cf:2d:5a:e4:ff:1e:c8:9c:03:e1:5e:bb:39:
                    c4:6b:8a:1b:d2:62:0d:c9:28:6e:7b:6a:c5:2c:fa:
                    e0:6b:e7:58:14:b4:76:ea:5f:ae:d6:c7:4d:03:57:
                    9f:26:06:f1:c2:8d:21:bc:c0:9d:b7:b6:6a:21:94:
                    f1:eb:cd:bd:87:95:8a:a4:38:1f:71:e3:e9:7c:31:
                    33:1c:58:60:00:e4:47:0f:b1:77:f2:1d:39:b1:c7:
                    c6:96:c1:fe:e7:59:b1:3d:bd:24:a3:c8:14:f8:01:
                    7b:c7:04:cb:9e:2c:94:75:d2:0f:03:d7:8a:35:43:
                    2e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:B8:79:DB:C7:CC:D6:3F:C6:14:30:B1:7D:43:2A:B2:E0:1D:28:3E
            X509v3 Authority Key Identifier:
                keyid:3F:96:24:09:98:FC:E4:12:4C:3C:B4:DF:BA:CB:B0:ED:16:18:40:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P5YkCZj85BJMPLTfusuw7RYYQFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/xLh528fM1j_GFDCxfUMqsuAdKD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/60fec7-0b51-4446-9b5d-c741c27b4e22/1/P5YkCZj85BJMPLTfusuw7RYYQFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.74.204.0/22
                IPv6:
                  2a03:4760::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:7b:dc:7d:84:2e:2e:35:42:0a:1a:ac:ef:42:d2:e8:0f:dd:
         cd:37:4f:d2:00:b6:40:5e:6c:dc:3d:f9:d8:2c:6e:3c:24:44:
         c3:dd:84:ed:28:3d:20:7f:f9:85:55:8d:d2:fd:70:e6:0e:41:
         0a:ff:60:ee:31:cd:b4:68:d3:4b:1d:6b:b7:48:ed:b0:c9:06:
         d4:c2:f4:79:36:16:50:33:9e:25:93:50:36:fa:6b:c4:55:61:
         dd:9d:a8:3e:99:54:d1:df:e1:f4:16:9d:38:6f:03:6b:b8:4d:
         be:8b:94:ac:f8:9a:01:a0:e8:6a:fe:b5:73:40:f2:18:6a:59:
         64:bb:34:69:4d:ad:aa:ae:c4:00:df:24:1c:b9:6f:a0:85:63:
         4d:99:42:ac:35:bc:91:05:72:6a:bf:07:89:66:bb:59:3f:22:
         c0:2d:48:5a:d0:7c:86:dd:d8:ca:30:05:fe:1e:97:1d:82:e2:
         9f:a3:b9:6f:aa:ed:93:3d:f1:05:21:4e:fd:cb:c5:21:3c:d6:
         d7:41:50:93:0d:aa:30:8b:05:17:5f:6e:d9:6b:87:5a:31:48:
         0c:3a:86:8a:67:d6:ff:fa:25:4b:1f:34:68:19:93:51:e8:7c:
         dc:81:39:18:b0:07:2b:2a:03:97:5e:14:4e:e7:95:7a:93:15:
         f5:b3:9b:10
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxAvN6w3ldUp/YThgZvO+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmOTYyNDA5OThmY2U0MTI0YzNjYjRkZmJhY2JiMGVkMTYx
ODQwNWEwHhcNMjMwMTAyMDU0NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGI4NzlkYmM3Y2NkNjNmYzYxNDMwYjE3ZDQzMmFiMmUwMWQyODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg50YK3QL1wp+WON1jroUT2x7Wrbf
QYiYUWuWsw2BDXED0TjxlmxXrr8rT3nnFBbCq/Gw1CqI6xoiS9/Z+96/bzGWzTtI
qUp/F7HJ7zX5InktYr6y1QtXPvNzSi5PMeOXpAjDc0/OTrD3MkKpNQDMqrbSvhFy
EF7gHaZlOgLmMS/oX0w4YhAA4M8tWuT/HsicA+FeuznEa4ob0mINyShue2rFLPrg
a+dYFLR26l+u1sdNA1efJgbxwo0hvMCdt7ZqIZTx6829h5WKpDgfcePpfDEzHFhg
AORHD7F38h05scfGlsH+51mxPb0ko8gU+AF7xwTLniyUddIPA9eKNUMuLwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMS4edvHzNY/xhQwsX1DKrLgHSg+MB8GA1UdIwQY
MBaAFD+WJAmY/OQSTDy037rLsO0WGEBaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDVZa0Naajg1QkpNUExUZnVzdXc3UllZUUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi82MGZlYzctMGI1MS00NDQ2LTliNWQt
Yzc0MWMyN2I0ZTIyLzEveExoNTI4Zk0xal9HRkRDeGZVTXFzdUFkS0Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi82MGZlYzctMGI1MS00NDQ2LTliNWQtYzc0MWMyN2I0ZTIy
LzEvUDVZa0Naajg1QkpNUExUZnVzdXc3UllZUUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUrMMA0E
AgACMAcDBQMqA0dgMA0GCSqGSIb3DQEBCwUAA4IBAQCme9x9hC4uNUIKGqzvQtLo
D93NN0/SALZAXmzcPfnYLG48JETD3YTtKD0gf/mFVY3S/XDmDkEK/2DuMc20aNNL
HWu3SO2wyQbUwvR5NhZQM54lk1A2+mvEVWHdnag+mVTR3+H0Fp04bwNruE2+i5Ss
+JoBoOhq/rVzQPIYallkuzRpTa2qrsQA3yQcuW+ghWNNmUKsNbyRBXJqvweJZrtZ
PyLALUha0HyG3djKMAX+HpcdguKfo7lvqu2TPfEFIU79y8UhPNbXQVCTDaowiwUX
X27Za4daMUgMOoaKZ9b/+iVLHzRoGZNR6HzcgTkYsAcrKgOXXhRO55V6kxX1s5sQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:11 2024 by rpki-client on console-fra.rpki-client.org