Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bkmq_pTYn0tGixLFSOH12N2VMq8.roa
File:                     bkmq_pTYn0tGixLFSOH12N2VMq8.roa (raw, json)
Hash identifier:          foz5pTJb8h3kciDw1cdz2ndndZxdEAL5PUhGAcBtobQ=
Subject key identifier:   6E:49:AA:FE:94:D8:9F:4B:46:8B:12:C5:48:E1:F5:D8:DD:95:32:AF
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       018CC9BC3B43DA6F51604CE8492BD961D1F9
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bkmq_pTYn0tGixLFSOH12N2VMq8.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51088
IP address blocks:        77.246.245.0/24 maxlen: 24
                          178.249.152.0/21 maxlen: 21
                          146.19.97.0/24 maxlen: 24
                          31.134.200.0/21 maxlen: 21
                          212.24.126.0/24 maxlen: 24
                          46.244.96.0/19 maxlen: 19
                          46.244.0.0/19 maxlen: 19
                          5.10.192.0/24 maxlen: 24
                          185.51.52.0/23 maxlen: 23
                          62.3.55.0/24 maxlen: 24
                          31.41.255.0/24 maxlen: 24
                          185.205.52.0/22 maxlen: 22
                          2a13:800::/29 maxlen: 29
                          2a02:1668::/32 maxlen: 32
                          2a13:3400::/29 maxlen: 29
                          2a02:166b::/32 maxlen: 32
                          2a0f:ba00::/29 maxlen: 29
                          2a06:2602::/32 maxlen: 32
                          2a13:2c00::/29 maxlen: 29
                          2a0b:1c0::/29 maxlen: 29
                          2a05:2900::/29 maxlen: 29
                          2a0a:e80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 21 Mar 2024 10:29:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3b:43:da:6f:51:60:4c:e8:49:2b:d9:61:d1:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e49aafe94d89f4b468b12c548e1f5d8dd9532af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9f:d8:37:10:f0:b7:cf:43:de:bb:12:99:8d:
                    e4:33:c4:76:e4:90:d3:d6:4a:32:2c:71:2d:2b:10:
                    aa:95:e1:b6:f4:89:8d:1a:ac:96:95:06:87:8b:5c:
                    97:75:e7:0a:85:6f:cc:80:61:8f:dc:e0:a4:43:9c:
                    29:d5:7d:01:5e:ae:98:63:fd:d0:21:91:6c:af:20:
                    44:09:5f:b1:7f:29:2c:d9:41:84:7f:d5:26:63:f2:
                    f1:40:e4:26:00:d0:88:08:4c:f3:0b:98:09:b8:da:
                    9f:62:a3:5b:6b:69:f8:d6:64:af:c1:1c:2c:63:a1:
                    aa:43:e7:44:86:fd:5e:48:43:e4:a3:90:0e:f0:a3:
                    8e:82:16:bb:eb:34:f5:04:72:b5:fa:bb:e2:0e:25:
                    94:29:31:5e:49:a3:fa:20:13:c0:53:28:b0:56:db:
                    5e:39:56:85:b9:33:e4:b5:2d:aa:27:83:18:04:a2:
                    57:fe:5d:78:1f:54:0a:b4:86:8d:25:43:2a:c9:1e:
                    35:0a:1f:96:ce:a7:44:44:fb:1f:91:6b:b1:6c:5b:
                    1d:d5:bb:9a:35:31:d3:05:15:a9:1f:61:ab:5e:e1:
                    da:6e:c3:6d:09:fe:11:f4:c1:bb:69:06:cb:06:48:
                    2d:8d:e8:8b:4c:60:cb:1c:0b:55:39:4f:72:da:ad:
                    1c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:49:AA:FE:94:D8:9F:4B:46:8B:12:C5:48:E1:F5:D8:DD:95:32:AF
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/bkmq_pTYn0tGixLFSOH12N2VMq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.192.0/24
                  31.41.255.0/24
                  31.134.200.0/21
                  46.244.0.0/19
                  46.244.96.0/19
                  62.3.55.0/24
                  77.246.245.0/24
                  146.19.97.0/24
                  178.249.152.0/21
                  185.51.52.0/23
                  185.205.52.0/22
                  212.24.126.0/24
                IPv6:
                  2a02:1668::/32
                  2a02:166b::/32
                  2a05:2900::/29
                  2a06:2602::/32
                  2a0a:e80::/29
                  2a0b:1c0::/29
                  2a0f:ba00::/29
                  2a13:800::/29
                  2a13:2c00::/29
                  2a13:3400::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:a4:b2:23:c5:36:e4:75:3a:d2:e4:88:8d:50:d9:ea:3f:40:
         2a:ca:bf:39:f0:ef:af:a4:81:c8:0d:e8:fc:e9:f9:8b:0c:2a:
         f4:c4:e3:83:05:ba:48:00:ec:cd:82:95:df:c5:d0:67:aa:16:
         37:99:d4:9e:a8:65:3f:1c:e1:14:c0:da:b6:3e:1f:96:89:63:
         15:a7:18:49:38:f0:b8:4f:bf:d4:2d:06:ee:43:86:4f:bc:34:
         58:5a:2b:a3:fe:64:fb:22:39:5b:8c:1c:62:8e:89:09:51:e8:
         3f:a1:3f:75:3b:7b:92:a8:93:ec:3c:db:89:52:2a:20:63:0d:
         27:d8:b2:87:f8:a4:2a:b9:21:0a:50:92:0f:0d:8e:bc:e0:ee:
         cd:f1:c2:52:80:12:6f:50:07:7d:a4:b6:b9:2b:43:b8:07:e0:
         81:d8:c1:18:82:fa:31:1f:24:a4:2a:e2:46:27:fa:d3:3f:ce:
         0c:bd:e4:e3:e5:5a:77:d6:0a:85:d0:aa:74:b8:52:73:2f:5d:
         16:a1:37:93:62:40:b5:30:4b:68:14:6f:5d:f6:62:d3:26:e1:
         7a:54:be:8b:69:a0:3d:74:63:23:f7:35:37:fe:b5:8a:1a:64:
         71:7f:4c:bc:60:5f:a5:08:6e:d9:b0:6d:cf:cd:53:e3:59:f4:
         9f:cd:fc:2f
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAYzJvDtD2m9RYEzoSSvZYdH5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTQ5YWFmZTk0ZDg5ZjRiNDY4YjEyYzU0OGUxZjVkOGRkOTUzMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp/YNxDwt89D3rsSmY3kM8R25JDT
1koyLHEtKxCqleG29ImNGqyWlQaHi1yXdecKhW/MgGGP3OCkQ5wp1X0BXq6YY/3Q
IZFsryBECV+xfyks2UGEf9UmY/LxQOQmANCICEzzC5gJuNqfYqNba2n41mSvwRws
Y6GqQ+dEhv1eSEPko5AO8KOOgha76zT1BHK1+rviDiWUKTFeSaP6IBPAUyiwVtte
OVaFuTPktS2qJ4MYBKJX/l14H1QKtIaNJUMqyR41Ch+WzqdERPsfkWuxbFsd1bua
NTHTBRWpH2GrXuHabsNtCf4R9MG7aQbLBkgtjeiLTGDLHAtVOU9y2q0c3wIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFG5Jqv6U2J9LRosSxUjh9djdlTKvMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvYmttcV9wVFluMHRHaXhMRlNPSDEyTjJWTXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjBOBAIAATBIAwQABQrA
AwQAHyn/AwQDH4bIAwQFLvQAAwQFLvRgAwQAPgM3AwQATfb1AwQAkhNhAwQDsvmY
AwQBuTM0AwQCuc00AwQA1Bh+MEwEAgACMEYDBQAqAhZoAwUAKgIWawMFAyoFKQAD
BQAqBiYCAwUDKgoOgAMFAyoLAcADBQMqD7oAAwUDKhMIAAMFAyoTLAADBQMqEzQA
MA0GCSqGSIb3DQEBCwUAA4IBAQB5pLIjxTbkdTrS5IiNUNnqP0Aqyr858O+vpIHI
Dej86fmLDCr0xOODBbpIAOzNgpXfxdBnqhY3mdSeqGU/HOEUwNq2Ph+WiWMVpxhJ
OPC4T7/ULQbuQ4ZPvDRYWiuj/mT7IjlbjBxijokJUeg/oT91O3uSqJPsPNuJUiog
Yw0n2LKH+KQquSEKUJIPDY684O7N8cJSgBJvUAd9pLa5K0O4B+CB2MEYgvoxHySk
KuJGJ/rTP84MveTj5Vp31gqF0Kp0uFJzL10WoTeTYkC1MEtoFG9d9mLTJuF6VL6L
aaA9dGMj9zU3/rWKGmRxf0y8YF+lCG7ZsG3PzVPjWfSfzfwv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:40 2024 by rpki-client on console-fra.rpki-client.org