Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/b_bJsSGHW_ZeciuVN4nJ57HqC1o.roa
File:                     b_bJsSGHW_ZeciuVN4nJ57HqC1o.roa (raw, json)
Hash identifier:          r58UUKZeCoKWcZYLl9s+ulgOJv3SkAIQ46n6G0YfAA8=
Subject key identifier:   6F:F6:C9:B1:21:87:5B:F6:5E:72:2B:95:37:89:C9:E7:B1:EA:0B:5A
Certificate issuer:       /CN=49fe8c72aa32de957b24cf9f73f8a7fb1acf0b71
Certificate serial:       01856F301F2624ADFA7505A1EC31116EFDE8
Authority key identifier: 49:FE:8C:72:AA:32:DE:95:7B:24:CF:9F:73:F8:A7:FB:1A:CF:0B:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/b_bJsSGHW_ZeciuVN4nJ57HqC1o.roa
Signing time:             Sun 01 Jan 2023 21:15:02 +0000
ROA not before:           Sun 01 Jan 2023 21:15:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31543
IP address blocks:        45.65.120.0/22 maxlen: 24
                          95.214.252.0/22 maxlen: 24
                          89.44.116.0/23 maxlen: 24
                          185.112.184.0/22 maxlen: 24
                          185.224.204.0/22 maxlen: 24
                          89.44.148.0/23 maxlen: 24
                          31.216.128.0/22 maxlen: 24
                          5.133.32.0/21 maxlen: 24
                          185.187.220.0/22 maxlen: 24
                          185.154.64.0/22 maxlen: 24
                          185.121.100.0/22 maxlen: 24
                          2a06:9d40::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:30:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:30:1f:26:24:ad:fa:75:05:a1:ec:31:11:6e:fd:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49fe8c72aa32de957b24cf9f73f8a7fb1acf0b71
        Validity
            Not Before: Jan  1 21:15:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6ff6c9b121875bf65e722b953789c9e7b1ea0b5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:cd:90:92:76:21:ea:d1:38:c1:2b:a4:90:65:
                    b2:a8:0a:df:b9:e2:33:e5:ea:24:03:39:0b:88:fe:
                    aa:05:8a:76:39:29:b1:5b:ee:0c:cb:7d:da:b2:b8:
                    4a:b5:12:7b:f6:9c:98:32:c3:10:f3:f8:f6:c0:7c:
                    4e:ff:37:29:45:c1:22:36:cc:78:4b:ef:d7:c1:4b:
                    07:ec:63:b0:8e:a0:bb:c6:b0:3b:64:34:37:a0:25:
                    17:0f:0b:d2:6d:11:4f:0c:de:84:db:2c:76:bd:75:
                    8b:8c:ea:58:c2:dc:d5:2d:7b:a6:82:02:d7:8b:ad:
                    5d:83:ad:b1:05:af:c4:28:2f:53:25:6e:83:7a:3d:
                    66:9c:f7:dd:13:8e:ed:84:c3:ad:c3:c2:c3:71:73:
                    5d:5f:77:f9:36:04:1f:2a:2b:46:65:17:b7:92:51:
                    34:67:30:8f:5a:62:34:78:f6:fa:dc:c5:bb:1b:48:
                    95:af:fd:e7:2f:2a:0c:7f:8b:51:98:27:fd:a4:13:
                    25:80:22:5c:da:dd:bf:8b:13:ca:d7:ed:66:f3:c4:
                    29:10:43:07:96:ab:88:f2:4d:a1:19:80:e6:9b:99:
                    55:5a:ce:89:04:39:e0:f8:d6:29:ee:c8:9a:01:aa:
                    9f:5a:cf:66:e0:68:2e:85:08:71:fd:24:13:e5:ec:
                    af:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F6:C9:B1:21:87:5B:F6:5E:72:2B:95:37:89:C9:E7:B1:EA:0B:5A
            X509v3 Authority Key Identifier:
                keyid:49:FE:8C:72:AA:32:DE:95:7B:24:CF:9F:73:F8:A7:FB:1A:CF:0B:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/b_bJsSGHW_ZeciuVN4nJ57HqC1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/4114a7-3122-4864-85ae-4297e572617e/1/Sf6Mcqoy3pV7JM-fc_in-xrPC3E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.32.0/21
                  31.216.128.0/22
                  45.65.120.0/22
                  89.44.116.0/23
                  89.44.148.0/23
                  95.214.252.0/22
                  185.112.184.0/22
                  185.121.100.0/22
                  185.154.64.0/22
                  185.187.220.0/22
                  185.224.204.0/22
                IPv6:
                  2a06:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:bb:46:9f:2c:c8:11:6d:33:c2:ea:ce:e0:b3:a6:b6:a4:bc:
         ab:31:3b:f0:c8:b3:b3:69:c4:e5:ef:d1:74:49:b0:5d:b5:35:
         45:e7:32:36:8c:1f:06:71:b9:73:2e:10:ad:92:3e:c3:82:7d:
         fc:86:9a:a3:d5:cd:9a:83:d4:ec:a3:22:e4:6c:98:ca:d4:ef:
         65:da:5e:61:ff:6a:ea:09:04:e4:a0:b5:42:a6:47:8a:39:86:
         cc:ba:7d:0e:27:3e:63:18:f9:6d:32:ad:b7:ce:c2:6a:a7:01:
         14:0a:f8:1a:00:54:1f:58:dd:11:cb:a9:17:77:26:74:5d:3f:
         44:be:7b:1d:07:c7:43:85:fa:fc:0f:f8:aa:49:5b:e6:c8:f6:
         61:33:33:11:7f:bb:87:64:06:5d:e4:54:99:10:63:e9:e4:0c:
         32:b5:4a:7f:7a:f8:03:65:78:6b:1f:d8:ac:96:22:92:3c:1a:
         22:20:29:b5:e0:07:e1:c2:95:97:b3:a2:18:ec:a9:d9:ba:1b:
         9b:be:d9:58:4b:3e:ee:be:84:cb:d3:6c:56:71:f8:dd:e7:92:
         b6:d9:ec:ca:be:72:2d:19:fa:1f:b9:d1:b8:ba:6f:5f:ea:16:
         5c:69:cb:23:80:5d:df:e7:b1:aa:a2:c4:f8:2d:28:ad:34:dc:
         dd:36:01:e7
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVvMB8mJK36dQWh7DERbv3oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZmU4YzcyYWEzMmRlOTU3YjI0Y2Y5ZjczZjhhN2ZiMWFj
ZjBiNzEwHhcNMjMwMTAxMjExNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmY2YzliMTIxODc1YmY2NWU3MjJiOTUzNzg5YzllN2IxZWEwYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc2QknYh6tE4wSukkGWyqArfueIz
5eokAzkLiP6qBYp2OSmxW+4My33asrhKtRJ79pyYMsMQ8/j2wHxO/zcpRcEiNsx4
S+/XwUsH7GOwjqC7xrA7ZDQ3oCUXDwvSbRFPDN6E2yx2vXWLjOpYwtzVLXumggLX
i61dg62xBa/EKC9TJW6Dej1mnPfdE47thMOtw8LDcXNdX3f5NgQfKitGZRe3klE0
ZzCPWmI0ePb63MW7G0iVr/3nLyoMf4tRmCf9pBMlgCJc2t2/ixPK1+1m88QpEEMH
lquI8k2hGYDmm5lVWs6JBDng+NYp7siaAaqfWs9m4GguhQhx/SQT5eyvjwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFG/2ybEhh1v2XnIrlTeJyeex6gtaMB8GA1UdIwQY
MBaAFEn+jHKqMt6VeyTPn3P4p/sazwtxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2Y2TWNxb3kzcFY3Sk0tZmNfaW4teHJQQzNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy80MTE0YTctMzEyMi00ODY0LTg1YWUt
NDI5N2U1NzI2MTdlLzEvYl9iSnNTR0hXX1plY2l1Vk40bko1N0hxQzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy80MTE0YTctMzEyMi00ODY0LTg1YWUtNDI5N2U1NzI2MTdl
LzEvU2Y2TWNxb3kzcFY3Sk0tZmNfaW4teHJQQzNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDBYUgAwQC
H9iAAwQCLUF4AwQBWSx0AwQBWSyUAwQCX9b8AwQCuXC4AwQCuXlkAwQCuZpAAwQC
ubvcAwQCueDMMA0EAgACMAcDBQMqBp1AMA0GCSqGSIb3DQEBCwUAA4IBAQAru0af
LMgRbTPC6s7gs6a2pLyrMTvwyLOzacTl79F0SbBdtTVF5zI2jB8GcblzLhCtkj7D
gn38hpqj1c2ag9TsoyLkbJjK1O9l2l5h/2rqCQTkoLVCpkeKOYbMun0OJz5jGPlt
Mq23zsJqpwEUCvgaAFQfWN0Ry6kXdyZ0XT9EvnsdB8dDhfr8D/iqSVvmyPZhMzMR
f7uHZAZd5FSZEGPp5AwytUp/evgDZXhrH9isliKSPBoiICm14AfhwpWXs6IY7KnZ
uhubvtlYSz7uvoTL02xWcfjd55K22ezKvnItGfofudG4um9f6hZcacsjgF3f57Gq
osT4LSitNNzdNgHn
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:52:28 2024 by rpki-client on console-ams.rpki-client.org