Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/LXhgOoWEj05QrmY_NQO8WMmQduY.roa
File:                     LXhgOoWEj05QrmY_NQO8WMmQduY.roa (raw, json)
Hash identifier:          GhXJ6X2ZPtMDAJSPoy49feY8sLTsOJ64bBzlRSkeYI4=
Subject key identifier:   2D:78:60:3A:85:84:8F:4E:50:AE:66:3F:35:03:BC:58:C9:90:76:E6
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       018F9D13632513F51AC34EDD89C295AF4B10
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/LXhgOoWEj05QrmY_NQO8WMmQduY.roa
Signing time:             Tue 21 May 2024 21:34:04 +0000
ROA not before:           Tue 21 May 2024 21:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5503
IP address blocks:        62.171.192.0/18 maxlen: 24
                          185.192.228.0/22 maxlen: 24
                          194.154.0.0/19 maxlen: 24
                          194.238.32.0/19 maxlen: 24
                          194.238.64.0/19 maxlen: 24
                          213.18.192.0/18 maxlen: 24
                          217.177.0.0/18 maxlen: 24
                          217.177.64.0/19 maxlen: 24
                          217.179.0.0/17 maxlen: 24
                          217.179.192.0/18 maxlen: 24
                          217.180.0.0/19 maxlen: 24
                          217.180.32.0/20 maxlen: 24
                          217.180.48.0/21 maxlen: 24
                          217.181.0.0/18 maxlen: 24
                          217.181.64.0/19 maxlen: 24
                          2a02:fb0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 24 Jun 2024 21:25:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9d:13:63:25:13:f5:1a:c3:4e:dd:89:c2:95:af:4b:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: May 21 21:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d78603a85848f4e50ae663f3503bc58c99076e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:92:5c:9f:5a:3f:59:3c:0b:f4:01:70:c0:44:
                    68:f1:cd:96:9c:93:c1:68:6f:af:70:9b:e8:9f:77:
                    a6:11:43:36:01:25:52:d0:04:89:10:da:6d:08:d6:
                    7e:18:38:0a:53:57:1c:1a:9a:32:66:1f:c5:ae:b1:
                    d2:89:2b:ea:6f:0e:b6:36:1e:e8:66:4d:ab:c8:f4:
                    08:1e:8e:42:50:fd:65:ea:33:6f:a7:b3:3d:79:55:
                    64:b8:43:01:f6:11:cc:52:a2:ac:78:de:be:cb:17:
                    57:83:00:41:25:61:14:a4:39:25:66:7c:0e:df:fd:
                    42:8e:5f:cf:d5:ce:9b:f6:a4:36:5e:ab:f9:d4:8e:
                    de:9a:1a:75:db:f8:56:e6:58:7d:17:99:ec:e0:c8:
                    e7:42:8b:e6:8e:a3:4c:ac:fb:8a:58:91:22:4a:13:
                    0e:b9:97:94:7d:e3:ca:ba:27:cf:cc:1d:85:bc:1f:
                    8a:f8:69:6d:36:c8:9f:ff:69:9d:f0:27:a8:66:3e:
                    0d:9b:2d:8a:10:08:a3:13:b1:12:00:d2:ae:08:28:
                    12:31:e6:33:96:fe:d4:dd:02:0c:3c:5c:8f:e9:38:
                    fc:6b:2a:d0:43:cd:a7:c7:39:e7:14:43:91:72:98:
                    b8:41:b0:8e:cf:8b:82:fb:cd:d4:e7:1e:5f:fc:25:
                    bf:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:78:60:3A:85:84:8F:4E:50:AE:66:3F:35:03:BC:58:C9:90:76:E6
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/LXhgOoWEj05QrmY_NQO8WMmQduY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.192.0/18
                  185.192.228.0/22
                  194.154.0.0/19
                  194.238.32.0-194.238.95.255
                  213.18.192.0/18
                  217.177.0.0-217.177.95.255
                  217.179.0.0/17
                  217.179.192.0-217.180.55.255
                  217.181.0.0-217.181.95.255
                IPv6:
                  2a02:fb0::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:2d:80:f4:c3:36:a7:11:ec:2b:8a:bd:a7:6b:43:1e:b2:ba:
         57:e6:ce:a5:91:a3:7c:c8:50:1f:54:74:7d:5f:1b:cf:d5:22:
         65:7f:40:4b:12:da:d7:ce:79:b4:5f:c3:e9:f8:a4:51:2a:70:
         a5:5e:a3:e8:10:59:7b:4e:32:3e:71:76:0a:81:95:75:60:6f:
         e2:98:3d:13:dd:2f:59:ff:e8:bf:ed:03:b2:f9:59:14:b5:56:
         3a:95:8e:35:09:16:04:7b:1e:83:19:5c:94:87:4c:fc:cc:81:
         4b:0b:bd:44:0a:52:2d:a2:24:aa:48:a6:a0:74:27:4b:62:6f:
         0a:c3:05:48:5c:66:fe:ec:4d:a7:3f:88:fe:e3:4d:c0:d1:e7:
         49:af:61:74:bc:3e:f5:4b:05:11:d4:60:95:b2:17:87:95:f8:
         86:e3:b9:68:39:92:26:86:00:40:a9:32:a9:93:f8:82:13:d5:
         77:a2:2a:0b:b0:d9:1f:b4:da:e0:c5:40:c9:1b:51:fd:e6:9c:
         c1:ca:56:97:d5:40:68:9a:04:63:36:50:dd:34:16:2e:c6:3b:
         03:86:75:fb:e4:36:aa:fd:2f:10:f5:38:8c:43:d5:26:f3:64:
         58:c6:67:bf:a2:0c:1d:fa:3b:a2:72:13:73:7a:ae:17:ff:ea:
         de:69:c4:ab
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAY+dE2MlE/Uaw07dicKVr0sQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjQwNTIxMjEzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc4NjAzYTg1ODQ4ZjRlNTBhZTY2M2YzNTAzYmM1OGM5OTA3NmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpJcn1o/WTwL9AFwwERo8c2WnJPB
aG+vcJvon3emEUM2ASVS0ASJENptCNZ+GDgKU1ccGpoyZh/FrrHSiSvqbw62Nh7o
Zk2ryPQIHo5CUP1l6jNvp7M9eVVkuEMB9hHMUqKseN6+yxdXgwBBJWEUpDklZnwO
3/1Cjl/P1c6b9qQ2Xqv51I7emhp12/hW5lh9F5ns4MjnQovmjqNMrPuKWJEiShMO
uZeUfePKuifPzB2FvB+K+GltNsif/2md8CeoZj4Nmy2KEAijE7ESANKuCCgSMeYz
lv7U3QIMPFyP6Tj8ayrQQ82nxznnFEORcpi4QbCOz4uC+83U5x5f/CW/ewIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFC14YDqFhI9OUK5mPzUDvFjJkHbmMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvTFhoZ09vV0VqMDVRcm1ZX05RTzhXTW1RZHVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQGPqvAAwQC
ucDkAwQFwpoAMAwDBAXC7iADBAXC7kADBAbVEsAwCwMDANmxAwQF2bFAAwQH2bMA
MAwDBAbZs8ADBAPZtDAwCwMDANm1AwQF2bVAMA0EAgACMAcDBQAqAg+wMA0GCSqG
SIb3DQEBCwUAA4IBAQBFLYD0wzanEewrir2na0MesrpX5s6lkaN8yFAfVHR9XxvP
1SJlf0BLEtrXznm0X8Pp+KRRKnClXqPoEFl7TjI+cXYKgZV1YG/imD0T3S9Z/+i/
7QOy+VkUtVY6lY41CRYEex6DGVyUh0z8zIFLC71EClItoiSqSKagdCdLYm8KwwVI
XGb+7E2nP4j+403A0edJr2F0vD71SwUR1GCVsheHlfiG47loOZImhgBAqTKpk/iC
E9V3oioLsNkftNrgxUDJG1H95pzBylaX1UBomgRjNlDdNBYuxjsDhnX75Daq/S8Q
9TiMQ9Um82RYxme/ogwd+juichNzeq4X/+reacSr
-----END CERTIFICATE-----
Generated at Tue Jun 25 02:02:42 2024 by rpki-client on console-fra.rpki-client.org