Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B5khJnZPHoZNX7QQR8LV2FvXzeY.roa
File:                     B5khJnZPHoZNX7QQR8LV2FvXzeY.roa (raw, json)
Hash identifier:          KFN73blwpPS7LnqCoGX+vK2feilfhewhQR5eA0h35xU=
Subject key identifier:   07:99:21:26:76:4F:1E:86:4D:5F:B4:10:47:C2:D5:D8:5B:D7:CD:E6
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0189971A8E56120D483B31C202029D78A57C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B5khJnZPHoZNX7QQR8LV2FvXzeY.roa
Signing time:             Thu 27 Jul 2023 11:27:27 +0000
ROA not before:           Thu 27 Jul 2023 11:27:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1
IP address blocks:        95.214.26.0/24 maxlen: 24
                          171.22.28.0/24 maxlen: 24
                          87.120.166.0/24 maxlen: 24
                          95.214.25.0/24 maxlen: 24
                          194.55.227.0/24 maxlen: 24
                          85.31.47.0/24 maxlen: 24
                          45.128.233.0/24 maxlen: 24
                          87.121.98.0/24 maxlen: 24
                          88.218.76.0/22 maxlen: 24
                          185.221.67.0/24 maxlen: 24
                          185.216.70.0/24 maxlen: 24
                          87.121.44.0/24 maxlen: 24
                          87.121.46.0/24 maxlen: 24
                          194.169.175.0/24 maxlen: 24
                          94.156.79.0/24 maxlen: 24
                          87.120.36.0/24 maxlen: 24
                          185.221.64.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 27 Jul 2023 13:04:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:97:1a:8e:56:12:0d:48:3b:31:c2:02:02:9d:78:a5:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul 27 11:27:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07992126764f1e864d5fb41047c2d5d85bd7cde6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:f3:d3:22:50:5a:83:da:31:bd:de:02:36:3a:
                    fc:df:0e:0f:f3:e1:71:4d:c2:08:b7:60:f1:e4:22:
                    0a:84:7b:d3:08:a4:c9:c3:8c:4d:34:26:50:95:9b:
                    10:ea:e7:2d:0d:51:92:ae:86:77:7b:5b:94:2f:cd:
                    a4:47:b8:0f:6d:9e:8f:3c:7b:a7:66:96:69:84:78:
                    27:4c:a4:9a:d9:6a:48:cb:1a:42:c9:1d:0d:07:c4:
                    f2:4c:25:de:aa:3c:09:ea:3f:f3:73:dc:4c:f0:8e:
                    23:8a:d2:19:1f:a4:8f:31:83:6d:4d:ca:80:b8:fe:
                    37:b1:bf:f4:ea:a6:92:6b:9d:ef:59:f8:16:22:b7:
                    9f:71:3b:67:ba:f2:29:73:9b:b0:21:0f:e1:68:52:
                    7d:a4:2c:d8:df:c2:80:43:80:f1:09:9f:5e:fb:50:
                    0d:31:ac:ae:1d:35:44:30:cc:5b:b0:7b:0f:02:97:
                    d2:c9:4c:7a:33:e1:80:e1:4e:4b:fd:bb:1d:fd:d4:
                    6a:af:3e:ea:cd:27:a2:3f:74:da:f0:56:8c:bd:cc:
                    1f:5c:62:ba:88:ae:5c:22:15:66:d4:14:8d:57:be:
                    d6:f6:96:bd:0c:e3:61:f8:90:4d:2b:77:38:f5:39:
                    2b:4f:1f:ed:33:bc:2b:71:fb:4a:eb:3c:08:73:50:
                    17:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:99:21:26:76:4F:1E:86:4D:5F:B4:10:47:C2:D5:D8:5B:D7:CD:E6
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B5khJnZPHoZNX7QQR8LV2FvXzeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.233.0/24
                  85.31.47.0/24
                  87.120.36.0/24
                  87.120.166.0/24
                  87.121.44.0/24
                  87.121.46.0/24
                  87.121.98.0/24
                  88.218.76.0/22
                  94.156.79.0/24
                  95.214.25.0-95.214.26.255
                  171.22.28.0/24
                  185.216.70.0/24
                  185.221.64.0/24
                  185.221.67.0/24
                  194.55.227.0/24
                  194.169.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:96:b5:a9:4c:11:7f:3e:89:c6:8b:45:3b:cc:20:b7:4b:b6:
         76:e3:af:11:20:fb:45:52:fe:1d:f8:1b:c3:b5:65:3e:19:01:
         93:b9:e8:54:46:71:60:af:d9:c9:d8:67:5c:e8:6b:15:e8:e7:
         f7:8d:80:5e:c8:cc:0a:19:73:20:bd:40:40:5d:36:77:f2:d8:
         2d:a2:c6:ad:e2:c5:8a:88:7c:75:53:c8:0a:d7:83:a8:eb:2e:
         3c:4f:a2:a4:cc:05:0d:ee:b4:3e:46:45:a5:3e:9c:76:36:ae:
         0a:2d:08:d5:dd:69:27:3c:f9:e0:8e:8e:9b:00:6e:83:80:3b:
         64:b1:6c:9b:9e:4e:46:16:6e:57:59:16:cb:80:07:6b:84:ef:
         4f:9f:2b:22:47:c5:c8:08:a0:25:75:dc:65:f0:6e:4a:3d:6f:
         55:f9:4e:04:b9:7e:84:b9:24:4d:fb:a0:f2:8e:6c:cc:ea:0b:
         7f:20:5c:fa:3c:a7:c4:80:d3:aa:08:91:7f:f2:f2:8c:ae:78:
         c5:69:47:1d:c5:5d:5a:e7:cb:00:c1:ca:24:ce:07:95:7b:ee:
         66:dc:a2:9b:0e:0d:7e:6d:8a:50:28:5e:f2:3d:51:44:ae:76:
         87:0e:7d:41:95:bc:cf:d2:2e:c7:bd:65:85:d4:c7:7b:7e:74:
         40:a2:c6:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYmXGo5WEg1IOzHCAgKdeKV8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzI3MTEyNzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzk5MjEyNjc2NGYxZTg2NGQ1ZmI0MTA0N2MyZDVkODViZDdjZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifPTIlBag9oxvd4CNjr83w4P8+Fx
TcIIt2Dx5CIKhHvTCKTJw4xNNCZQlZsQ6uctDVGSroZ3e1uUL82kR7gPbZ6PPHun
ZpZphHgnTKSa2WpIyxpCyR0NB8TyTCXeqjwJ6j/zc9xM8I4jitIZH6SPMYNtTcqA
uP43sb/06qaSa53vWfgWIrefcTtnuvIpc5uwIQ/haFJ9pCzY38KAQ4DxCZ9e+1AN
MayuHTVEMMxbsHsPApfSyUx6M+GA4U5L/bsd/dRqrz7qzSeiP3Ta8FaMvcwfXGK6
iK5cIhVm1BSNV77W9pa9DONh+JBNK3c49TkrTx/tM7wrcftK6zwIc1AX8wIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFAeZISZ2Tx6GTV+0EEfC1dhb183mMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQjVraEpuWlBIb1pOWDdRUVI4TFYyRnZYemVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAC2A6QME
AFUfLwMEAFd4JAMEAFd4pgMEAFd5LAMEAFd5LgMEAFd5YgMEAljaTAMEAF6cTzAM
AwQAX9YZAwQAX9YaAwQAqxYcAwQAudhGAwQAud1AAwQAud1DAwQAwjfjAwQAwqmv
MA0GCSqGSIb3DQEBCwUAA4IBAQAKlrWpTBF/PonGi0U7zCC3S7Z2468RIPtFUv4d
+BvDtWU+GQGTuehURnFgr9nJ2Gdc6GsV6Of3jYBeyMwKGXMgvUBAXTZ38tgtosat
4sWKiHx1U8gK14Oo6y48T6KkzAUN7rQ+RkWlPpx2Nq4KLQjV3WknPPngjo6bAG6D
gDtksWybnk5GFm5XWRbLgAdrhO9PnysiR8XICKAlddxl8G5KPW9V+U4EuX6EuSRN
+6DyjmzM6gt/IFz6PKfEgNOqCJF/8vKMrnjFaUcdxV1a58sAwcokzgeVe+5m3KKb
Dg1+bYpQKF7yPVFErnaHDn1BlbzP0i7HvWWF1Md7fnRAosYU
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:26 2024 by rpki-client on console-ams.rpki-client.org