Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/XLvbfJTqXkBFi5lTWCiXT-hh9IQ.roa
File:                     XLvbfJTqXkBFi5lTWCiXT-hh9IQ.roa (raw, json)
Hash identifier:          VZL9IGlDAFFuyKoWoN1xwRhY9obbfSnUAYzgSe+w4aE=
Subject key identifier:   5C:BB:DB:7C:94:EA:5E:40:45:8B:99:53:58:28:97:4F:E8:61:F4:84
Certificate issuer:       /CN=93b2981978885696ce1c2bbf4af99dadc2c618eb
Certificate serial:       0185CF55B167F8507D8BF1BA82E9911D39E0
Authority key identifier: 93:B2:98:19:78:88:56:96:CE:1C:2B:BF:4A:F9:9D:AD:C2:C6:18:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k7KYGXiIVpbOHCu_SvmdrcLGGOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/XLvbfJTqXkBFi5lTWCiXT-hh9IQ.roa
Signing time:             Fri 20 Jan 2023 13:19:37 +0000
ROA not before:           Fri 20 Jan 2023 13:19:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199256
IP address blocks:        93.119.24.0/22 maxlen: 24
                          159.253.224.0/22 maxlen: 24
                          185.122.132.0/22 maxlen: 24
                          185.57.100.0/22 maxlen: 24
                          185.156.196.0/22 maxlen: 24
                          81.173.12.0/22 maxlen: 24
                          144.2.240.0/21 maxlen: 24
                          45.137.184.0/22 maxlen: 22
                          91.216.236.0/24 maxlen: 24
                          91.216.241.0/24 maxlen: 24
                          185.32.152.0/22 maxlen: 24
                          5.149.168.0/21 maxlen: 24
                          2a04:b00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:33:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:cf:55:b1:67:f8:50:7d:8b:f1:ba:82:e9:91:1d:39:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93b2981978885696ce1c2bbf4af99dadc2c618eb
        Validity
            Not Before: Jan 20 13:19:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5cbbdb7c94ea5e40458b99535828974fe861f484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fb:e7:5f:3e:bd:89:b2:d2:1f:64:65:b7:61:
                    e2:fc:4d:78:ef:a9:e6:d3:84:10:95:3d:60:52:1c:
                    4e:7d:73:f3:fe:58:0a:ae:e5:97:d0:31:62:7a:89:
                    1b:64:ff:23:0a:dd:3f:cc:70:ea:5f:be:e7:b8:c8:
                    f7:b8:1b:d4:4a:7c:04:75:ee:9c:f2:7d:87:1e:2e:
                    48:50:94:9e:1b:bf:31:dc:d8:07:f9:ea:fc:0b:6c:
                    7c:78:0f:0e:ac:ff:28:d4:77:3e:ce:4b:f6:30:5f:
                    b9:6f:e2:46:55:96:be:79:22:b4:52:d4:2e:77:22:
                    fa:15:b7:71:0b:9b:31:5f:9a:43:66:f1:9a:59:cb:
                    8c:cf:3e:e7:0d:fa:22:97:51:3b:ea:6b:bd:f4:ab:
                    db:c6:93:f9:0d:a7:df:cc:a8:bb:35:85:99:70:31:
                    5c:40:ea:4f:00:71:c8:8e:32:ee:c0:46:f0:60:4b:
                    ca:f0:a0:60:96:16:db:0a:a4:ab:f9:a6:2c:97:6f:
                    1a:08:37:49:7f:22:8b:2e:4d:97:2e:e8:2a:ae:93:
                    2a:b5:d9:dd:7b:ad:23:eb:41:13:b1:f9:68:c6:90:
                    38:09:c1:2c:09:a8:0e:91:72:a5:53:5d:c8:7c:65:
                    99:01:78:94:82:ca:a2:40:4d:3c:df:87:a0:eb:ba:
                    5a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:BB:DB:7C:94:EA:5E:40:45:8B:99:53:58:28:97:4F:E8:61:F4:84
            X509v3 Authority Key Identifier:
                keyid:93:B2:98:19:78:88:56:96:CE:1C:2B:BF:4A:F9:9D:AD:C2:C6:18:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k7KYGXiIVpbOHCu_SvmdrcLGGOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/XLvbfJTqXkBFi5lTWCiXT-hh9IQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7986a9-4e46-4c33-92c9-31c95e2a1d6f/1/k7KYGXiIVpbOHCu_SvmdrcLGGOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.168.0/21
                  45.137.184.0/22
                  81.173.12.0/22
                  91.216.236.0/24
                  91.216.241.0/24
                  93.119.24.0/22
                  144.2.240.0/21
                  159.253.224.0/22
                  185.32.152.0/22
                  185.57.100.0/22
                  185.122.132.0/22
                  185.156.196.0/22
                IPv6:
                  2a04:b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ac:28:a0:1d:5c:c4:8c:a7:f0:f6:e3:70:ce:0b:30:1a:ed:2b:
         38:a3:d6:10:32:28:f3:b6:48:b4:3c:85:bb:ed:fe:9c:42:9a:
         6a:af:22:d6:7b:b3:4f:cf:72:ca:a6:88:21:38:c6:01:90:37:
         a6:81:d5:15:53:8e:c0:29:f5:04:8b:3b:bd:60:23:87:cc:13:
         64:61:44:3b:02:c5:56:ad:ff:74:9b:a9:06:4c:4a:29:59:1c:
         14:44:7d:99:43:de:58:d5:10:3d:81:81:f7:45:88:c9:9f:39:
         bc:1a:4a:63:06:a7:44:46:55:02:f6:4a:72:af:6b:51:04:ea:
         59:7f:90:7e:af:8b:6f:e7:96:9f:61:87:d7:b5:eb:44:83:bc:
         de:a1:3b:d6:78:b6:b5:37:1a:30:c3:d4:21:63:b4:0f:85:86:
         e3:cc:cd:e7:02:92:d1:db:ed:af:31:2d:b5:7e:26:21:cc:a9:
         9e:a2:df:8e:99:0c:b4:89:34:60:90:17:48:58:31:5e:b8:e3:
         1c:64:07:4b:22:f2:63:f5:af:6c:73:dc:42:0d:b4:f8:6b:06:
         5e:e5:3c:1f:51:18:d9:8c:25:03:9f:c5:2c:2a:09:cc:40:a7:
         56:4f:a0:5d:89:75:c7:9d:53:0d:a4:66:fb:de:0a:f6:8b:2a:
         17:f7:a8:fa
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYXPVbFn+FB9i/G6gumRHTngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYjI5ODE5Nzg4ODU2OTZjZTFjMmJiZjRhZjk5ZGFkYzJj
NjE4ZWIwHhcNMjMwMTIwMTMxOTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2JiZGI3Yzk0ZWE1ZTQwNDU4Yjk5NTM1ODI4OTc0ZmU4NjFmNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfvnXz69ibLSH2Rlt2Hi/E1476nm
04QQlT1gUhxOfXPz/lgKruWX0DFieokbZP8jCt0/zHDqX77nuMj3uBvUSnwEde6c
8n2HHi5IUJSeG78x3NgH+er8C2x8eA8OrP8o1Hc+zkv2MF+5b+JGVZa+eSK0UtQu
dyL6FbdxC5sxX5pDZvGaWcuMzz7nDfoil1E76mu99KvbxpP5DaffzKi7NYWZcDFc
QOpPAHHIjjLuwEbwYEvK8KBglhbbCqSr+aYsl28aCDdJfyKLLk2XLugqrpMqtdnd
e60j60ETsfloxpA4CcEsCagOkXKlU13IfGWZAXiUgsqiQE0834eg67pacQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFFy723yU6l5ARYuZU1gol0/oYfSEMB8GA1UdIwQY
MBaAFJOymBl4iFaWzhwrv0r5na3CxhjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazdLWUdYaUlWcGJPSEN1X1N2bWRyY0xHR09zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83OTg2YTktNGU0Ni00YzMzLTkyYzkt
MzFjOTVlMmExZDZmLzEvWEx2YmZKVHFYa0JGaTVsVFdDaVhULWhoOUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83OTg2YTktNGU0Ni00YzMzLTkyYzktMzFjOTVlMmExZDZm
LzEvazdLWUdYaUlWcGJPSEN1X1N2bWRyY0xHR09zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDBZWoAwQC
LYm4AwQCUa0MAwQAW9jsAwQAW9jxAwQCXXcYAwQDkALwAwQCn/3gAwQCuSCYAwQC
uTlkAwQCuXqEAwQCuZzEMA0EAgACMAcDBQMqBAsAMA0GCSqGSIb3DQEBCwUAA4IB
AQCsKKAdXMSMp/D243DOCzAa7Ss4o9YQMijztki0PIW77f6cQppqryLWe7NPz3LK
poghOMYBkDemgdUVU47AKfUEizu9YCOHzBNkYUQ7AsVWrf90m6kGTEopWRwURH2Z
Q95Y1RA9gYH3RYjJnzm8GkpjBqdERlUC9kpyr2tRBOpZf5B+r4tv55afYYfXtetE
g7zeoTvWeLa1Nxoww9QhY7QPhYbjzM3nApLR2+2vMS21fiYhzKmeot+OmQy0iTRg
kBdIWDFeuOMcZAdLIvJj9a9sc9xCDbT4awZe5TwfURjZjCUDn8UsKgnMQKdWT6Bd
iXXHnVMNpGb73gr2iyoX96j6
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:08 2024 by rpki-client on console-fra.rpki-client.org