Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/C2IEcBryPW1OCTRqBF7p_U0EYBk.roa
File:                     C2IEcBryPW1OCTRqBF7p_U0EYBk.roa (raw, json)
Hash identifier:          hdF3CuyRwJplZz0KDagQD8y1UYrDkBBJ9hC0Z4A7glY=
Subject key identifier:   0B:62:04:70:1A:F2:3D:6D:4E:09:34:6A:04:5E:E9:FD:4D:04:60:19
Certificate issuer:       /CN=67b5b02dc401666ee045ab90cc88817fe09d706a
Certificate serial:       018BD1EFD39470458E2D8DBDA4B9025A9691
Authority key identifier: 67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/C2IEcBryPW1OCTRqBF7p_U0EYBk.roa
Signing time:             Wed 15 Nov 2023 07:43:57 +0000
ROA not before:           Wed 15 Nov 2023 07:43:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2914
IP address blocks:        163.171.254.0/24 maxlen: 24
                          91.194.205.0/24 maxlen: 24
                          163.171.77.0/24 maxlen: 24
                          163.171.90.0/24 maxlen: 24
                          163.171.91.0/24 maxlen: 24
                          185.27.228.0/24 maxlen: 24
                          163.171.246.0/24 maxlen: 24
                          163.171.253.0/24 maxlen: 24
                          163.171.251.0/24 maxlen: 24
                          163.171.247.0/24 maxlen: 24
                          91.202.200.0/24 maxlen: 24
                          148.253.239.0/24 maxlen: 24
                          148.253.240.0/24 maxlen: 24
                          148.253.242.0/24 maxlen: 24
                          148.253.243.0/24 maxlen: 24
                          148.253.241.0/24 maxlen: 24
                          148.253.249.0/24 maxlen: 24
                          148.253.250.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 29 Nov 2023 03:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d1:ef:d3:94:70:45:8e:2d:8d:bd:a4:b9:02:5a:96:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67b5b02dc401666ee045ab90cc88817fe09d706a
        Validity
            Not Before: Nov 15 07:43:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0b6204701af23d6d4e09346a045ee9fd4d046019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:19:b3:57:dd:bf:11:2e:36:dd:d5:20:b0:18:
                    51:96:e0:30:f6:68:2e:62:d6:90:0c:db:3d:ea:10:
                    38:46:79:16:42:05:da:e7:50:88:7f:4e:e7:c9:54:
                    23:48:3b:ed:bf:3b:9c:28:e2:db:9f:7c:1e:96:5f:
                    27:02:7f:53:e5:e2:59:a3:0d:b5:8c:a1:4c:da:7f:
                    5e:7c:78:a6:15:f2:51:60:2c:3d:25:fc:b0:34:fd:
                    f9:99:bd:21:4e:08:04:17:2b:c1:e8:03:e5:47:f6:
                    96:b8:ae:08:94:2b:42:05:78:37:49:20:5f:b1:1e:
                    b1:66:a1:35:01:1d:13:fb:13:e4:be:1a:01:28:d5:
                    85:f3:23:01:4c:35:8f:a5:91:5b:cd:02:4c:c2:e1:
                    0a:d8:c7:62:fc:96:71:fc:fa:d7:c0:5c:14:d3:d1:
                    cf:22:c5:a3:bd:65:cf:af:0b:d4:f0:89:21:ef:7e:
                    fe:cd:be:2f:ec:67:b8:a8:10:e6:89:c0:e3:a9:3e:
                    a3:8f:36:43:da:80:ba:b3:04:50:0f:51:ca:7d:8c:
                    df:c6:0f:0e:b9:99:c2:d8:be:20:87:d1:42:07:78:
                    9e:9e:b0:45:d2:33:59:68:57:29:54:51:b7:7f:de:
                    49:1a:c0:5c:b8:d8:28:7e:0a:83:9c:6d:68:d4:db:
                    c6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:62:04:70:1A:F2:3D:6D:4E:09:34:6A:04:5E:E9:FD:4D:04:60:19
            X509v3 Authority Key Identifier:
                keyid:67:B5:B0:2D:C4:01:66:6E:E0:45:AB:90:CC:88:81:7F:E0:9D:70:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z7WwLcQBZm7gRauQzIiBf-CdcGo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/C2IEcBryPW1OCTRqBF7p_U0EYBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/64a3de-812a-4ace-814d-b5d888adfd37/1/Z7WwLcQBZm7gRauQzIiBf-CdcGo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.205.0/24
                  91.202.200.0/24
                  148.253.239.0-148.253.243.255
                  148.253.249.0-148.253.250.255
                  163.171.77.0/24
                  163.171.90.0/23
                  163.171.246.0/23
                  163.171.251.0/24
                  163.171.253.0-163.171.254.255
                  185.27.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:d6:06:98:15:10:a9:d2:57:4f:1a:89:ed:8c:e3:ef:73:65:
         36:70:15:3b:40:be:7e:f0:1d:44:6a:02:69:8d:18:46:56:14:
         5a:24:4d:e0:6f:ca:53:97:29:9a:dd:22:b6:a9:35:b7:f5:14:
         dd:ea:85:e1:b2:07:22:4c:b3:8b:a1:aa:68:b6:5e:18:bf:55:
         ad:bf:f3:4d:28:a9:57:45:74:79:3c:31:89:0f:cc:5b:3d:3d:
         53:d7:47:c2:d3:29:1e:bc:89:df:13:67:9a:f2:7d:8f:22:c9:
         37:06:21:84:1d:c4:23:d9:36:55:82:7d:d7:fc:67:80:fb:0c:
         f3:c5:ec:00:05:dc:56:b0:8c:53:8f:3a:c7:00:00:ce:13:55:
         2b:36:84:d1:5e:4f:3e:a3:9b:50:6c:e8:13:77:38:f7:12:b6:
         7c:5d:b6:73:ad:de:4c:80:8f:b4:fe:23:10:53:65:2c:ab:98:
         57:1e:6b:22:4e:9c:4d:b9:56:7c:77:c9:0b:6d:32:88:f4:7c:
         11:68:9f:97:a6:39:58:b7:9d:2a:9f:0e:93:6a:ff:63:91:b7:
         5f:4e:4f:ef:b0:92:ad:7a:da:79:90:25:ad:01:6d:5d:03:08:
         a7:db:a5:21:0e:97:28:0e:4b:e0:bc:26:24:62:44:0b:e5:48:
         a3:cc:88:21
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYvR79OUcEWOLY29pLkCWpaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3YjViMDJkYzQwMTY2NmVlMDQ1YWI5MGNjODg4MTdmZTA5
ZDcwNmEwHhcNMjMxMTE1MDc0MzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjYyMDQ3MDFhZjIzZDZkNGUwOTM0NmEwNDVlZTlmZDRkMDQ2MDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixmzV92/ES423dUgsBhRluAw9mgu
YtaQDNs96hA4RnkWQgXa51CIf07nyVQjSDvtvzucKOLbn3well8nAn9T5eJZow21
jKFM2n9efHimFfJRYCw9JfywNP35mb0hTggEFyvB6APlR/aWuK4IlCtCBXg3SSBf
sR6xZqE1AR0T+xPkvhoBKNWF8yMBTDWPpZFbzQJMwuEK2Mdi/JZx/PrXwFwU09HP
IsWjvWXPrwvU8Ikh737+zb4v7Ge4qBDmicDjqT6jjzZD2oC6swRQD1HKfYzfxg8O
uZnC2L4gh9FCB3ienrBF0jNZaFcpVFG3f95JGsBcuNgofgqDnG1o1NvGIQIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFAtiBHAa8j1tTgk0agRe6f1NBGAZMB8GA1UdIwQY
MBaAFGe1sC3EAWZu4EWrkMyIgX/gnXBqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQt
YjVkODg4YWRmZDM3LzEvQzJJRWNCcnlQVzFPQ1RScUJGN3BfVTBFWUJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82NGEzZGUtODEyYS00YWNlLTgxNGQtYjVkODg4YWRmZDM3
LzEvWjdXd0xjUUJabTdnUmF1UXpJaUJmLUNkY0dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAW8LNAwQA
W8rIMAwDBACU/e8DBAKU/fAwDAMEAJT9+QMEAJT9+gMEAKOrTQMEAaOrWgMEAaOr
9gMEAKOr+zAMAwQAo6v9AwQAo6v+AwQAuRvkMA0GCSqGSIb3DQEBCwUAA4IBAQCK
1gaYFRCp0ldPGontjOPvc2U2cBU7QL5+8B1EagJpjRhGVhRaJE3gb8pTlyma3SK2
qTW39RTd6oXhsgciTLOLoapotl4Yv1Wtv/NNKKlXRXR5PDGJD8xbPT1T10fC0yke
vInfE2ea8n2PIsk3BiGEHcQj2TZVgn3X/GeA+wzzxewABdxWsIxTjzrHAADOE1Ur
NoTRXk8+o5tQbOgTdzj3ErZ8XbZzrd5MgI+0/iMQU2Usq5hXHmsiTpxNuVZ8d8kL
bTKI9HwRaJ+XpjlYt50qnw6Tav9jkbdfTk/vsJKtetp5kCWtAW1dAwin26UhDpco
DkvgvCYkYkQL5UijzIgh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:48 2024 by rpki-client on console-fra.rpki-client.org