Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/dBxPIG81JzZ-areNNkFbuh_J2mw.roa
File:                     dBxPIG81JzZ-areNNkFbuh_J2mw.roa (raw, json)
Hash identifier:          ypbimx/GSFQbDSpbjgVERc3a6KQKMFrunpLSh/4FagE=
Subject key identifier:   74:1C:4F:20:6F:35:27:36:7E:6A:B7:8D:36:41:5B:BA:1F:C9:DA:6C
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018E9F3920F0AC718D943A21D0D8AC4CC74A
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/dBxPIG81JzZ-areNNkFbuh_J2mw.roa
Signing time:             Tue 02 Apr 2024 14:31:45 +0000
ROA not before:           Tue 02 Apr 2024 14:31:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208258
IP address blocks:        45.144.244.0/23 maxlen: 24
                          45.144.246.0/24 maxlen: 24
                          45.151.156.0/23 maxlen: 24
                          45.151.158.0/24 maxlen: 24
                          185.208.208.0/24 maxlen: 24
                          185.208.209.0/24 maxlen: 24
                          185.208.210.0/24 maxlen: 24
                          185.208.211.0/24 maxlen: 24
                          185.227.82.0/24 maxlen: 24
                          185.228.83.0/24 maxlen: 24
                          185.243.112.0/24 maxlen: 24
                          185.243.113.0/24 maxlen: 24
                          194.146.48.0/24 maxlen: 24
                          195.26.6.0/24 maxlen: 24
                          195.26.7.0/24 maxlen: 24
                          195.88.226.0/24 maxlen: 24
                          195.88.227.0/24 maxlen: 24
                          2a0b:3c40:1::/48 maxlen: 48
                          2a0b:3c40:9::/48 maxlen: 48
                          2a0b:3c40:11::/48 maxlen: 48
                          2a0b:3c40:12::/48 maxlen: 48
                          2a0b:3c40:15::/48 maxlen: 48
                          2a0b:3c40:16::/48 maxlen: 48
                          2a0b:3c40:17::/48 maxlen: 48
                          2a0b:3c40:20::/48 maxlen: 48
                          2a0b:3c40:21::/48 maxlen: 48
                          2a0b:3c40:25::/48 maxlen: 48
                          2a0b:3c40:fca6::/48 maxlen: 48
                          2a0e:5540::/48 maxlen: 48
                          2a0e:5540:10::/48 maxlen: 48
                          2a0e:5540:11::/48 maxlen: 48
                          2a0e:5540:12::/48 maxlen: 48
                          2a0e:5540:100::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 08 May 2024 15:02:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:9f:39:20:f0:ac:71:8d:94:3a:21:d0:d8:ac:4c:c7:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Apr  2 14:31:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=741c4f206f3527367e6ab78d36415bba1fc9da6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:cc:d2:34:e4:42:40:e7:71:89:9d:6a:b3:bd:
                    77:a5:43:80:c1:0b:d0:20:8b:66:6d:2d:21:ad:bb:
                    9d:50:e0:af:0f:fa:9b:da:39:4d:ee:b9:21:b4:e3:
                    63:08:50:02:3c:26:9f:2f:bf:49:54:cc:a2:20:e4:
                    56:8c:8b:4a:6b:56:d2:ab:f2:d8:c1:3d:e7:ef:e9:
                    0e:d2:9e:a0:61:0e:c2:95:4f:1d:82:68:b8:46:da:
                    52:a9:cf:0e:49:21:29:f0:a4:39:1e:1e:ab:9d:08:
                    da:2f:ad:5a:ce:96:1b:81:d0:d0:f8:71:70:6c:6e:
                    ef:03:33:81:78:b9:c8:49:fc:6c:4b:ea:4b:a8:55:
                    46:70:71:41:e6:81:2d:7f:67:47:8f:66:40:5b:44:
                    ab:79:df:8c:06:d1:46:80:93:93:cb:08:f9:d8:a8:
                    96:34:78:99:ef:08:1b:e9:74:c5:bb:36:86:95:fd:
                    f9:d1:bd:4a:c7:09:93:dd:f6:84:ef:2d:f0:57:69:
                    0e:e9:25:f9:31:ae:c9:ac:00:9f:f0:f2:90:a4:1e:
                    75:b3:33:4a:f0:f0:a9:00:b1:3d:ea:fd:26:30:f2:
                    ab:18:2a:6b:8a:00:07:22:19:9e:3d:48:91:60:f7:
                    31:ae:78:4f:67:e8:0a:4a:32:a8:1d:cf:5b:9f:a8:
                    01:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:1C:4F:20:6F:35:27:36:7E:6A:B7:8D:36:41:5B:BA:1F:C9:DA:6C
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/dBxPIG81JzZ-areNNkFbuh_J2mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.244.0-45.144.246.255
                  45.151.156.0-45.151.158.255
                  185.208.208.0/22
                  185.227.82.0/24
                  185.228.83.0/24
                  185.243.112.0/23
                  194.146.48.0/24
                  195.26.6.0/23
                  195.88.226.0/23
                IPv6:
                  2a0b:3c40:1::/48
                  2a0b:3c40:9::/48
                  2a0b:3c40:11::-2a0b:3c40:12:ffff:ffff:ffff:ffff:ffff
                  2a0b:3c40:15::-2a0b:3c40:17:ffff:ffff:ffff:ffff:ffff
                  2a0b:3c40:20::/47
                  2a0b:3c40:25::/48
                  2a0b:3c40:fca6::/48
                  2a0e:5540::/48
                  2a0e:5540:10::-2a0e:5540:12:ffff:ffff:ffff:ffff:ffff
                  2a0e:5540:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:e4:9a:a2:fa:b5:02:6e:20:70:93:19:87:d0:0a:5b:13:93:
         98:a5:a1:b3:a6:34:d6:1d:c6:a1:91:35:dc:20:16:60:57:73:
         e4:ea:bb:d1:76:eb:de:79:07:17:02:ab:4e:27:6a:1d:18:b1:
         65:b5:df:06:f3:f8:34:0f:55:0c:e7:cd:56:b9:3f:71:6c:e8:
         b3:c3:a1:51:35:d4:7f:a7:6a:f1:c9:65:41:13:e4:e0:0d:24:
         ec:10:7a:2a:8f:da:4f:b0:00:c5:5b:2c:9e:82:18:bc:32:6a:
         22:d7:f3:1b:72:72:75:f8:70:95:19:02:a2:55:ce:44:b4:84:
         83:dd:3e:23:2d:02:2c:76:d4:f3:02:4c:fd:ce:7c:22:49:24:
         cf:dc:7b:54:66:ce:b1:b2:27:41:b3:04:c6:c4:37:a3:4b:c4:
         98:a5:04:6c:3c:bf:f0:44:14:a9:fe:63:e3:37:02:43:a1:7e:
         1c:42:96:62:45:63:3e:08:1d:9f:1e:ee:bb:24:df:53:fe:6b:
         1f:da:cf:66:d8:91:f0:80:c1:5d:8a:6b:42:25:49:09:9f:bf:
         a7:72:34:c4:b8:a6:de:da:37:66:32:25:f5:c7:64:ab:21:92:
         9f:42:1b:bc:dd:b7:94:4f:26:20:ed:22:ba:fd:f9:5b:48:0a:
         ee:ed:54:6e
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISAY6fOSDwrHGNlDoh0NisTMdKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwNDAyMTQzMTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDFjNGYyMDZmMzUyNzM2N2U2YWI3OGQzNjQxNWJiYTFmYzlkYTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMzSNORCQOdxiZ1qs713pUOAwQvQ
IItmbS0hrbudUOCvD/qb2jlN7rkhtONjCFACPCafL79JVMyiIORWjItKa1bSq/LY
wT3n7+kO0p6gYQ7ClU8dgmi4RtpSqc8OSSEp8KQ5Hh6rnQjaL61azpYbgdDQ+HFw
bG7vAzOBeLnISfxsS+pLqFVGcHFB5oEtf2dHj2ZAW0Sred+MBtFGgJOTywj52KiW
NHiZ7wgb6XTFuzaGlf350b1KxwmT3faE7y3wV2kO6SX5Ma7JrACf8PKQpB51szNK
8PCpALE96v0mMPKrGCprigAHIhmePUiRYPcxrnhPZ+gKSjKoHc9bn6gBwQIDAQAB
o4IC0DCCAswwHQYDVR0OBBYEFHQcTyBvNSc2fmq3jTZBW7ofydpsMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvZEJ4UElHODFKelotYXJlTk5rRmJ1aF9KMm13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHlBggrBgEFBQcBBwEB/wSB1TCB0jBMBAIAATBGMAwDBAIt
kPQDBAAtkPYwDAMEAi2XnAMEAC2XngMEArnQ0AMEALnjUgMEALnkUwMEAbnzcAME
AMKSMAMEAcMaBgMEAcNY4jCBgQQCAAIwewMHACoLPEAAAQMHACoLPEAACTASAwcA
Kgs8QAARAwcAKgs8QAASMBIDBwAqCzxAABUDBwMqCzxAABADBwEqCzxAACADBwAq
CzxAACUDBwAqCzxA/KYDBwAqDlVAAAAwEgMHBCoOVUAAEAMHACoOVUAAEgMHACoO
VUABADANBgkqhkiG9w0BAQsFAAOCAQEAEuSaovq1Am4gcJMZh9AKWxOTmKWhs6Y0
1h3GoZE13CAWYFdz5Oq70Xbr3nkHFwKrTidqHRixZbXfBvP4NA9VDOfNVrk/cWzo
s8OhUTXUf6dq8cllQRPk4A0k7BB6Ko/aT7AAxVssnoIYvDJqItfzG3JydfhwlRkC
olXORLSEg90+Iy0CLHbU8wJM/c58Ikkkz9x7VGbOsbInQbMExsQ3o0vEmKUEbDy/
8EQUqf5j4zcCQ6F+HEKWYkVjPggdnx7uuyTfU/5rH9rPZtiR8IDBXYprQiVJCZ+/
p3I0xLim3to3ZjIl9cdkqyGSn0IbvN23lE8mIO0iuv35W0gK7u1Ubg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:17 2024 by rpki-client on console-ams.rpki-client.org