Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/0sOGSiMJf4D1GD9UOb5-lRSTN2A.roa
File:                     0sOGSiMJf4D1GD9UOb5-lRSTN2A.roa (raw, json)
Hash identifier:          6iRGeW5c7Lqd1rPdYsqYtZNTx+j7bG9JH589kXjHgGw=
Subject key identifier:   D2:C3:86:4A:23:09:7F:80:F5:18:3F:54:39:BE:7E:95:14:93:37:60
Certificate issuer:       /CN=49fe8c72aa32de957b24cf9f73f8a7fb1acf0b71
Certificate serial:       018CC3B7468B7C37202742D09AC9907EE8FA
Authority key identifier: 49:FE:8C:72:AA:32:DE:95:7B:24:CF:9F:73:F8:A7:FB:1A:CF:0B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/0sOGSiMJf4D1GD9UOb5-lRSTN2A.roa
Signing time:             Mon 01 Jan 2024 06:30:17 +0000
ROA not before:           Mon 01 Jan 2024 06:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31543
IP address blocks:        45.65.120.0/22 maxlen: 24
                          95.214.252.0/22 maxlen: 24
                          89.44.116.0/23 maxlen: 24
                          185.112.184.0/22 maxlen: 24
                          185.224.204.0/22 maxlen: 24
                          89.44.148.0/23 maxlen: 24
                          31.216.128.0/22 maxlen: 24
                          5.133.32.0/21 maxlen: 24
                          185.187.220.0/22 maxlen: 24
                          185.154.64.0/22 maxlen: 24
                          185.121.100.0/22 maxlen: 24
                          2a06:9d40::/29 maxlen: 48

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 12:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:46:8b:7c:37:20:27:42:d0:9a:c9:90:7e:e8:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49fe8c72aa32de957b24cf9f73f8a7fb1acf0b71
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2c3864a23097f80f5183f5439be7e9514933760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:16:0b:af:f8:de:66:c9:26:f7:f4:71:76:bf:
                    31:cf:e9:fb:1f:47:e9:c5:e2:25:07:75:e0:99:d5:
                    e4:ad:a5:27:cc:8e:c6:ef:d7:b9:2e:3a:ae:64:16:
                    f3:4b:09:c3:f4:04:ca:8d:35:ba:97:aa:a3:8d:ba:
                    8f:c2:28:10:f2:81:ab:28:dc:cb:98:8c:38:8b:8a:
                    c8:f5:12:4a:de:f5:ac:40:59:68:c5:d9:26:85:b6:
                    5d:29:b0:3c:80:29:a4:84:be:74:d0:92:05:14:63:
                    3f:cb:c2:81:c1:06:0d:e8:da:c6:56:c1:d9:54:8b:
                    ed:2b:43:54:82:3a:1b:09:e5:07:bf:31:37:97:96:
                    e1:f1:41:e6:42:09:53:87:80:9d:bb:ab:5c:e3:76:
                    bb:8e:4d:c7:d6:6d:76:31:cc:0a:8e:fc:21:c2:7f:
                    48:4c:44:6d:32:6a:60:00:b9:a3:ab:41:4d:4f:00:
                    ac:ee:51:56:e4:7b:71:22:fa:31:63:97:71:23:76:
                    a6:ac:9b:cb:d1:14:ab:ca:98:88:ba:ae:51:d0:23:
                    22:07:75:6d:33:5b:24:73:82:c4:3b:b4:c4:3d:17:
                    92:c8:83:8e:36:e6:d4:29:d8:f2:63:73:17:c9:00:
                    af:8e:5a:d1:e7:60:e5:fc:91:23:8f:d8:35:d8:59:
                    f5:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C3:86:4A:23:09:7F:80:F5:18:3F:54:39:BE:7E:95:14:93:37:60
            X509v3 Authority Key Identifier:
                keyid:49:FE:8C:72:AA:32:DE:95:7B:24:CF:9F:73:F8:A7:FB:1A:CF:0B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/0sOGSiMJf4D1GD9UOb5-lRSTN2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.32.0/21
                  31.216.128.0/22
                  45.65.120.0/22
                  89.44.116.0/23
                  89.44.148.0/23
                  95.214.252.0/22
                  185.112.184.0/22
                  185.121.100.0/22
                  185.154.64.0/22
                  185.187.220.0/22
                  185.224.204.0/22
                IPv6:
                  2a06:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         cb:74:f3:0b:10:be:7f:ce:f5:b5:dc:a8:a2:0c:66:39:d9:ac:
         3e:81:62:f2:36:51:0c:0d:9c:c6:92:18:d5:36:81:ad:59:74:
         e7:ce:41:28:3f:49:ba:7e:d7:f2:e3:c6:bf:21:c6:cb:ad:d2:
         d6:b7:9b:5d:ac:cb:83:65:a5:cd:97:2b:35:a8:1d:af:82:34:
         0c:5f:c2:df:96:50:2b:29:c7:85:c5:04:ba:3f:65:06:be:0b:
         bc:73:2a:bd:3a:39:07:f4:cf:d9:27:bc:6f:52:e6:85:84:f2:
         2c:e2:9c:81:80:4d:4c:db:43:f3:05:40:13:8f:bc:1d:2f:89:
         5e:05:da:94:a5:b9:9e:08:4d:18:db:42:f2:13:a4:21:29:d0:
         4d:ee:01:f8:04:ee:e8:ae:bd:f2:d7:e2:9e:78:60:ac:1b:a5:
         14:c4:55:08:8c:b2:38:13:50:3b:3f:2f:47:05:44:79:19:8e:
         29:09:1f:38:49:44:15:16:d4:2a:c5:1f:3b:51:63:0b:29:fa:
         b9:61:ec:76:53:43:1c:1c:76:40:a6:79:df:25:aa:69:94:70:
         42:e5:47:bf:20:95:8b:6b:6a:53:3b:27:70:f7:22:78:fd:f4:
         6e:3f:ae:1c:a5:58:29:2c:cf:79:85:da:3c:b2:20:c5:51:2c:
         37:25:4a:d8
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYzDt0aLfDcgJ0LQmsmQfuj6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZmU4YzcyYWEzMmRlOTU3YjI0Y2Y5ZjczZjhhN2ZiMWFj
ZjBiNzEwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmMzODY0YTIzMDk3ZjgwZjUxODNmNTQzOWJlN2U5NTE0OTMzNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArBYLr/jeZskm9/Rxdr8xz+n7H0fp
xeIlB3XgmdXkraUnzI7G79e5LjquZBbzSwnD9ATKjTW6l6qjjbqPwigQ8oGrKNzL
mIw4i4rI9RJK3vWsQFloxdkmhbZdKbA8gCmkhL500JIFFGM/y8KBwQYN6NrGVsHZ
VIvtK0NUgjobCeUHvzE3l5bh8UHmQglTh4Cdu6tc43a7jk3H1m12McwKjvwhwn9I
TERtMmpgALmjq0FNTwCs7lFW5HtxIvoxY5dxI3amrJvL0RSrypiIuq5R0CMiB3Vt
M1skc4LEO7TEPReSyIOONubUKdjyY3MXyQCvjlrR52Dl/JEjj9g12Fn1jQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFNLDhkojCX+A9Rg/VDm+fpUUkzdgMB8GA1UdIwQY
MBaAFEn+jHKqMt6VeyTPn3P4p/sazwtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2Y2TWNxb3kzcFY3Sk0tZmNfaW4teHJQQzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80MTE0YTctMzEyMi00ODY0LTg1YWUt
NDI5N2U1NzI2MTdlLzEvMHNPR1NpTUpmNEQxR0Q5VU9iNS1sUlNUTjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80MTE0YTctMzEyMi00ODY0LTg1YWUtNDI5N2U1NzI2MTdl
LzEvU2Y2TWNxb3kzcFY3Sk0tZmNfaW4teHJQQzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDBYUgAwQC
H9iAAwQCLUF4AwQBWSx0AwQBWSyUAwQCX9b8AwQCuXC4AwQCuXlkAwQCuZpAAwQC
ubvcAwQCueDMMA0EAgACMAcDBQMqBp1AMA0GCSqGSIb3DQEBCwUAA4IBAQDLdPML
EL5/zvW13KiiDGY52aw+gWLyNlEMDZzGkhjVNoGtWXTnzkEoP0m6ftfy48a/IcbL
rdLWt5tdrMuDZaXNlys1qB2vgjQMX8LfllArKceFxQS6P2UGvgu8cyq9OjkH9M/Z
J7xvUuaFhPIs4pyBgE1M20PzBUATj7wdL4leBdqUpbmeCE0Y20LyE6QhKdBN7gH4
BO7orr3y1+KeeGCsG6UUxFUIjLI4E1A7Py9HBUR5GY4pCR84SUQVFtQqxR87UWML
Kfq5Yex2U0McHHZApnnfJapplHBC5Ue/IJWLa2pTOydw9yJ4/fRuP64cpVgpLM95
hdo8siDFUSw3JUrY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:36 2024 by rpki-client on console-fra.rpki-client.org