Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/xSg6sEGfR8tuQEJRRGGzTPZVzZU.roa
File:                     xSg6sEGfR8tuQEJRRGGzTPZVzZU.roa (raw, json)
Hash identifier:          fAc3tWefhCki4sR/NboYpI4FTxnNgoyifZjPVqIlTQ4=
Subject key identifier:   C5:28:3A:B0:41:9F:47:CB:6E:40:42:51:44:61:B3:4C:F6:55:CD:95
Certificate issuer:       /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial:       018F7C560EED97E60E3297BEAB65BD8C818A
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/xSg6sEGfR8tuQEJRRGGzTPZVzZU.roa
Signing time:             Wed 15 May 2024 12:59:25 +0000
ROA not before:           Wed 15 May 2024 12:59:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3301
IP address blocks:        2.248.0.0/14 maxlen: 14
                          2.252.0.0/15 maxlen: 15
                          2.254.0.0/16 maxlen: 16
                          2.255.0.0/17 maxlen: 17
                          2.255.128.0/18 maxlen: 18
                          2.255.190.0/24 maxlen: 24
                          2.255.191.0/24 maxlen: 24
                          62.20.0.0/16 maxlen: 16
                          78.64.0.0/12 maxlen: 12
                          81.224.0.0/12 maxlen: 12
                          81.228.4.0/23 maxlen: 23
                          81.228.4.0/24 maxlen: 24
                          81.228.5.0/24 maxlen: 24
                          82.214.0.0/18 maxlen: 18
                          90.224.0.0/12 maxlen: 12
                          95.109.0.0/17 maxlen: 17
                          95.192.0.0/12 maxlen: 12
                          192.16.152.0/23 maxlen: 23
                          192.16.153.0/24 maxlen: 24
                          192.150.58.0/23 maxlen: 23
                          192.150.60.0/22 maxlen: 22
                          192.150.64.0/22 maxlen: 22
                          192.150.68.0/23 maxlen: 23
                          192.150.78.0/23 maxlen: 23
                          192.150.80.0/23 maxlen: 23
                          193.44.0.0/15 maxlen: 15
                          194.16.0.0/15 maxlen: 15
                          194.18.0.0/16 maxlen: 16
                          194.22.0.0/15 maxlen: 15
                          194.218.0.0/16 maxlen: 16
                          194.236.0.0/15 maxlen: 15
                          195.67.0.0/16 maxlen: 16
                          195.198.0.0/16 maxlen: 16
                          195.252.32.0/19 maxlen: 19
                          212.28.192.0/19 maxlen: 19
                          212.181.0.0/16 maxlen: 16
                          213.64.0.0/14 maxlen: 14
                          217.208.0.0/13 maxlen: 13

Validation:               Failed, certificate revoked on Mon 03 Jun 2024 11:32:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:7c:56:0e:ed:97:e6:0e:32:97:be:ab:65:bd:8c:81:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
        Validity
            Not Before: May 15 12:59:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5283ab0419f47cb6e4042514461b34cf655cd95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f1:6e:6d:d3:2b:05:ff:ec:1c:41:25:80:54:
                    95:e2:b4:8f:76:a9:20:82:91:ed:93:95:df:14:8a:
                    83:48:c8:3a:67:91:ca:da:33:a8:53:97:16:ef:39:
                    e4:21:02:a3:ba:4d:97:b7:d3:f9:11:4a:df:9c:c6:
                    71:66:6e:4f:f3:cd:39:4b:c7:5b:98:3e:3f:73:8d:
                    66:e6:ce:62:69:ed:30:d2:20:47:ae:b6:09:9a:08:
                    29:a5:ae:42:f2:38:19:3b:88:9e:19:07:08:14:5e:
                    2a:16:66:01:1f:75:d5:11:cb:58:d9:c2:dd:cb:8e:
                    5d:9f:f7:ae:8e:b4:a2:d5:b9:87:33:b6:34:de:78:
                    7c:0a:81:f9:c2:1c:f4:28:00:4e:0c:99:e4:7d:6d:
                    d6:17:61:07:77:18:cb:4d:59:7a:c5:32:c5:de:4c:
                    c6:f3:94:24:e7:f8:f9:b3:ae:cf:f2:e0:b3:39:31:
                    a9:17:c0:bc:0f:0e:85:fe:13:2d:00:83:ae:92:2c:
                    65:22:21:69:c8:72:7d:f8:46:8f:e8:92:be:9e:55:
                    c6:18:46:f6:37:e5:4f:ce:d3:f8:7f:99:c8:43:03:
                    13:fb:57:c9:f4:aa:e7:13:68:f1:5c:de:33:af:83:
                    18:b1:43:29:4a:e1:0c:af:28:c7:56:90:5b:80:98:
                    9a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:28:3A:B0:41:9F:47:CB:6E:40:42:51:44:61:B3:4C:F6:55:CD:95
            X509v3 Authority Key Identifier:
                keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/xSg6sEGfR8tuQEJRRGGzTPZVzZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.248.0.0-2.255.191.255
                  62.20.0.0/16
                  78.64.0.0/12
                  81.224.0.0/12
                  82.214.0.0/18
                  90.224.0.0/12
                  95.109.0.0/17
                  95.192.0.0/12
                  192.16.152.0/23
                  192.150.58.0-192.150.69.255
                  192.150.78.0-192.150.81.255
                  193.44.0.0/15
                  194.16.0.0-194.18.255.255
                  194.22.0.0/15
                  194.218.0.0/16
                  194.236.0.0/15
                  195.67.0.0/16
                  195.198.0.0/16
                  195.252.32.0/19
                  212.28.192.0/19
                  212.181.0.0/16
                  213.64.0.0/14
                  217.208.0.0/13

    Signature Algorithm: sha256WithRSAEncryption
         84:ec:c8:b5:c5:02:1c:3a:b9:43:c3:97:a7:9d:ed:bc:f8:9c:
         97:6b:c5:5f:6c:60:24:e5:ee:ce:aa:e7:1a:a9:a8:87:0f:8d:
         78:b4:8c:b9:36:a7:6b:f4:b6:cb:4c:74:7c:24:61:b0:56:1b:
         6d:f5:b3:b0:c5:6d:aa:02:59:17:09:1c:83:f5:75:7f:d2:2f:
         3a:3e:eb:54:72:2f:cb:9b:58:bc:5e:d0:55:d7:bd:2b:21:e6:
         6f:9e:9e:73:6a:2c:45:52:9f:8c:3b:a4:dd:42:0f:93:89:0c:
         3a:93:4b:48:90:01:2c:74:7e:83:86:f8:bf:8c:96:81:11:c8:
         4c:88:34:2b:ef:39:cb:0d:3b:14:c0:4c:e1:57:03:a8:d3:31:
         ea:8a:00:37:a2:64:9d:54:66:9d:b6:72:44:68:1c:ec:aa:57:
         cd:5e:2a:c8:fd:80:9e:79:e8:58:0d:ad:2c:91:e6:e8:9d:1a:
         1c:c5:04:35:0b:fc:06:9e:24:a0:f2:dc:6c:6a:b3:95:0a:e3:
         b7:cc:d3:72:56:14:c6:58:bc:34:32:65:98:b5:d3:c3:79:ba:
         b8:20:91:d6:28:3e:67:b3:1d:fe:0b:60:94:22:4a:6e:8a:0a:
         dd:1f:db:e1:5e:e9:93:9b:a7:b2:eb:de:6b:d5:45:04:a2:e3:
         c7:9a:12:bb
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAY98Vg7tl+YOMpe+q2W9jIGKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjQwNTE1MTI1OTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTI4M2FiMDQxOWY0N2NiNmU0MDQyNTE0NDYxYjM0Y2Y2NTVjZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfFubdMrBf/sHEElgFSV4rSPdqkg
gpHtk5XfFIqDSMg6Z5HK2jOoU5cW7znkIQKjuk2Xt9P5EUrfnMZxZm5P8805S8db
mD4/c41m5s5iae0w0iBHrrYJmggppa5C8jgZO4ieGQcIFF4qFmYBH3XVEctY2cLd
y45dn/eujrSi1bmHM7Y03nh8CoH5whz0KABODJnkfW3WF2EHdxjLTVl6xTLF3kzG
85Qk5/j5s67P8uCzOTGpF8C8Dw6F/hMtAIOukixlIiFpyHJ9+EaP6JK+nlXGGEb2
N+VPztP4f5nIQwMT+1fJ9KrnE2jxXN4zr4MYsUMpSuEMryjHVpBbgJiaMQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFMUoOrBBn0fLbkBCUURhs0z2Vc2VMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEveFNnNnNFR2ZSOHR1UUVKUlJHR3pUUFpWelpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozCBoAQCAAEwgZkwCwMD
AwL4AwQGAv+AAwMAPhQDAwROQAMDBFHgAwQGUtYAAwMEWuADBAdfbQADAwRfwAME
AcAQmDAMAwQBwJY6AwQBwJZEMAwDBAHAlk4DBAHAllADAwHBLDAKAwMEwhADAwDC
EgMDAcIWAwMAwtoDAwHC7AMDAMNDAwMAw8YDBAXD/CADBAXUHMADAwDUtQMDAtVA
AwMD2dAwDQYJKoZIhvcNAQELBQADggEBAITsyLXFAhw6uUPDl6ed7bz4nJdrxV9s
YCTl7s6q5xqpqIcPjXi0jLk2p2v0tstMdHwkYbBWG231s7DFbaoCWRcJHIP1dX/S
Lzo+61RyL8ubWLxe0FXXvSsh5m+ennNqLEVSn4w7pN1CD5OJDDqTS0iQASx0foOG
+L+MloERyEyINCvvOcsNOxTATOFXA6jTMeqKADeiZJ1UZp22ckRoHOyqV81eKsj9
gJ556FgNrSyR5uidGhzFBDUL/AaeJKDy3Gxqs5UK47fM03JWFMZYvDQyZZi108N5
urggkdYoPmezHf4LYJQiSm6KCt0f2+Fe6ZObp7Lr3mvVRQSi48eaErs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:04 2024 by rpki-client on console-ams.rpki-client.org