Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Rk1FaHNo6LSojkJ9bTOEuGvyzto.roa
File:                     Rk1FaHNo6LSojkJ9bTOEuGvyzto.roa (raw, json)
Hash identifier:          JtlJ6daN9WqOPECMWnlyP7m0S8lp0LwAu0a7G3m5ToI=
Subject key identifier:   46:4D:45:68:73:68:E8:B4:A8:8E:42:7D:6D:33:84:B8:6B:F2:CE:DA
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018DA66C078FAF20030C38855555E9249975
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Rk1FaHNo6LSojkJ9bTOEuGvyzto.roa
Signing time:             Wed 14 Feb 2024 07:01:54 +0000
ROA not before:           Wed 14 Feb 2024 07:01:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        37.235.48.0/24 maxlen: 24
                          37.235.51.0/24 maxlen: 24
                          46.183.187.0/24 maxlen: 24
                          83.243.120.0/24 maxlen: 24
                          83.243.121.0/24 maxlen: 24
                          89.31.120.0/24 maxlen: 24
                          89.31.121.0/24 maxlen: 24
                          89.31.123.0/24 maxlen: 24
                          91.132.92.0/24 maxlen: 24
                          91.132.93.0/24 maxlen: 24
                          91.132.95.0/24 maxlen: 24
                          92.243.64.0/24 maxlen: 24
                          103.57.248.0/24 maxlen: 24
                          103.57.249.0/24 maxlen: 24
                          103.57.251.0/24 maxlen: 24
                          134.255.211.0/24 maxlen: 24
                          149.154.157.0/24 maxlen: 24
                          149.154.158.0/24 maxlen: 24
                          149.154.159.0/24 maxlen: 24
                          151.236.15.0/24 maxlen: 24
                          151.236.16.0/24 maxlen: 24
                          151.236.17.0/24 maxlen: 24
                          151.236.18.0/24 maxlen: 24
                          151.236.20.0/24 maxlen: 24
                          151.236.21.0/24 maxlen: 24
                          151.236.22.0/24 maxlen: 24
                          151.236.25.0/24 maxlen: 24
                          158.255.208.0/24 maxlen: 24
                          158.255.213.0/24 maxlen: 24
                          158.255.214.0/24 maxlen: 24
                          158.255.215.0/24 maxlen: 24
                          185.26.239.0/24 maxlen: 24
                          185.76.78.0/24 maxlen: 24
                          185.76.79.0/24 maxlen: 24
                          2a03:f80:32::/48 maxlen: 48
                          2a03:f80:33::/48 maxlen: 48
                          2a03:f80:39::/48 maxlen: 48
                          2a03:f80:40::/48 maxlen: 48
                          2a03:f80:44::/48 maxlen: 48
                          2a03:f80:45::/48 maxlen: 48
                          2a03:f80:47::/48 maxlen: 48
                          2a03:f80:48::/48 maxlen: 48
                          2a03:f80:49::/48 maxlen: 48
                          2a03:f80:61::/48 maxlen: 48
                          2a03:f80:65::/48 maxlen: 48
                          2a03:f80:81::/48 maxlen: 48
                          2a03:f80:381::/48 maxlen: 48
                          2a03:f80:852::/48 maxlen: 48
                          2a03:f80:971::/48 maxlen: 48
                          2a03:f80:4416::/48 maxlen: 48
                          2a03:f80:ed51::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 19 Feb 2024 14:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a6:6c:07:8f:af:20:03:0c:38:85:55:55:e9:24:99:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Feb 14 07:01:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=464d45687368e8b4a88e427d6d3384b86bf2ceda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a5:8c:50:2a:fe:63:b3:30:db:17:64:12:85:
                    e7:5b:dc:cc:c3:fe:7d:c8:f5:10:d9:b8:19:80:13:
                    84:6f:4f:b4:0b:e4:1a:b7:c3:e8:8f:42:59:8d:5f:
                    7a:ae:fd:ee:ab:d4:b0:2a:bf:e3:bd:37:de:16:3d:
                    eb:37:8a:e1:d3:29:d0:21:96:5e:1d:ad:e4:a1:62:
                    c6:35:e3:c3:cc:9e:37:30:0c:55:08:b8:7c:f3:13:
                    58:0e:d1:85:9d:fe:23:bf:f7:2b:ca:47:01:a4:49:
                    ee:1c:30:7b:46:14:33:18:f1:7e:f8:65:62:0c:23:
                    02:7c:6a:5b:5e:45:2c:53:28:a8:20:80:2d:b8:ef:
                    fd:ed:83:39:a8:7b:71:32:75:f0:87:e4:31:a7:aa:
                    67:51:5f:8a:4e:9f:be:55:65:08:02:ea:74:a0:6b:
                    ca:65:83:42:59:31:80:8c:f7:5a:c1:a1:a2:36:14:
                    3e:47:4a:be:6a:e3:f9:ea:3b:b3:12:2b:5b:cb:79:
                    56:f6:12:a7:85:3c:85:6b:f6:2f:36:54:91:98:c3:
                    4e:b8:70:dd:41:6b:35:4b:22:d6:ee:90:3b:6a:b0:
                    01:5d:43:fa:93:e3:d9:35:e5:bc:04:05:c2:91:cb:
                    0d:67:64:04:6e:a5:c0:fc:bf:27:93:d2:54:0d:ed:
                    55:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:4D:45:68:73:68:E8:B4:A8:8E:42:7D:6D:33:84:B8:6B:F2:CE:DA
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/Rk1FaHNo6LSojkJ9bTOEuGvyzto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.48.0/24
                  37.235.51.0/24
                  46.183.187.0/24
                  83.243.120.0/23
                  89.31.120.0/23
                  89.31.123.0/24
                  91.132.92.0/23
                  91.132.95.0/24
                  92.243.64.0/24
                  103.57.248.0/23
                  103.57.251.0/24
                  134.255.211.0/24
                  149.154.157.0-149.154.159.255
                  151.236.15.0-151.236.18.255
                  151.236.20.0-151.236.22.255
                  151.236.25.0/24
                  158.255.208.0/24
                  158.255.213.0-158.255.215.255
                  185.26.239.0/24
                  185.76.78.0/23
                IPv6:
                  2a03:f80:32::/47
                  2a03:f80:39::/48
                  2a03:f80:40::/48
                  2a03:f80:44::/47
                  2a03:f80:47::-2a03:f80:49:ffff:ffff:ffff:ffff:ffff
                  2a03:f80:61::/48
                  2a03:f80:65::/48
                  2a03:f80:81::/48
                  2a03:f80:381::/48
                  2a03:f80:852::/48
                  2a03:f80:971::/48
                  2a03:f80:4416::/48
                  2a03:f80:ed51::/48

    Signature Algorithm: sha256WithRSAEncryption
         be:fc:08:d1:de:8b:7b:8c:c4:ad:63:5e:39:1a:37:a1:2d:10:
         11:b5:4f:60:c1:d4:7b:f3:b2:55:bb:33:f7:93:b4:09:2f:95:
         41:14:e8:7a:82:b0:3f:03:81:a8:a3:aa:d6:f4:d5:89:99:17:
         ec:77:e3:26:41:04:c6:f7:71:0a:a5:5b:72:13:01:75:cc:f4:
         74:de:8b:dc:39:ad:c3:40:2d:73:5d:bf:ca:dd:10:09:33:4d:
         34:b3:e9:fc:fd:85:fe:2c:56:fc:56:7d:82:19:e2:47:45:b8:
         74:52:2a:77:3f:28:c4:08:28:10:87:85:ad:a3:b8:0b:b7:c0:
         7f:03:16:8c:d4:74:72:4b:04:ee:a7:d2:1a:de:0e:5e:99:c1:
         8c:fb:ff:61:37:dd:f9:6d:46:d7:65:7c:07:38:c9:3f:ca:e2:
         44:4b:85:d7:ea:68:8a:02:f1:c9:f2:87:d2:0e:1c:b1:16:fe:
         01:8f:74:0d:59:b0:80:7e:bf:84:5b:09:ad:58:c9:72:9a:43:
         22:b5:9d:f1:c3:38:5c:64:18:ba:88:01:3c:22:5a:dd:51:98:
         0b:14:d8:00:9c:24:13:fa:8d:0e:7b:b1:1d:ec:80:be:1f:95:
         c5:5f:b3:17:85:34:72:aa:72:e7:99:1d:f4:07:6e:8d:26:45:
         c1:fd:7c:67
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISAY2mbAePryADDDiFVVXpJJl1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMjE0MDcwMTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjRkNDU2ODczNjhlOGI0YTg4ZTQyN2Q2ZDMzODRiODZiZjJjZWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKWMUCr+Y7Mw2xdkEoXnW9zMw/59
yPUQ2bgZgBOEb0+0C+Qat8Poj0JZjV96rv3uq9SwKr/jvTfeFj3rN4rh0ynQIZZe
Ha3koWLGNePDzJ43MAxVCLh88xNYDtGFnf4jv/crykcBpEnuHDB7RhQzGPF++GVi
DCMCfGpbXkUsUyioIIAtuO/97YM5qHtxMnXwh+Qxp6pnUV+KTp++VWUIAup0oGvK
ZYNCWTGAjPdawaGiNhQ+R0q+auP56juzEitby3lW9hKnhTyFa/YvNlSRmMNOuHDd
QWs1SyLW7pA7arABXUP6k+PZNeW8BAXCkcsNZ2QEbqXA/L8nk9JUDe1V1wIDAQAB
o4IDLTCCAykwHQYDVR0OBBYEFEZNRWhzaOi0qI5CfW0zhLhr8s7aMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvUmsxRmFITm82TFNvamtKOWJUT0V1R3Z5enRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQQYIKwYBBQUHAQcBAf8EggEwMIIBLDCBnwQCAAEwgZgD
BAAl6zADBAAl6zMDBAAut7sDBAFT83gDBAFZH3gDBABZH3sDBAFbhFwDBABbhF8D
BABc80ADBAFnOfgDBABnOfsDBACG/9MwDAMEAJWanQMEBZWagDAMAwQAl+wPAwQA
l+wSMAwDBAKX7BQDBACX7BYDBACX7BkDBACe/9AwDAMEAJ7/1QMEA57/0AMEALka
7wMEAblMTjCBhwQCAAIwgYADBwEqAw+AADIDBwAqAw+AADkDBwAqAw+AAEADBwEq
Aw+AAEQwEgMHACoDD4AARwMHASoDD4AASAMHACoDD4AAYQMHACoDD4AAZQMHACoD
D4AAgQMHACoDD4ADgQMHACoDD4AIUgMHACoDD4AJcQMHACoDD4BEFgMHACoDD4Dt
UTANBgkqhkiG9w0BAQsFAAOCAQEAvvwI0d6Le4zErWNeORo3oS0QEbVPYMHUe/Oy
Vbsz95O0CS+VQRToeoKwPwOBqKOq1vTViZkX7HfjJkEExvdxCqVbchMBdcz0dN6L
3Dmtw0Atc12/yt0QCTNNNLPp/P2F/ixW/FZ9ghniR0W4dFIqdz8oxAgoEIeFraO4
C7fAfwMWjNR0cksE7qfSGt4OXpnBjPv/YTfd+W1G12V8BzjJP8riREuF1+poigLx
yfKH0g4csRb+AY90DVmwgH6/hFsJrVjJcppDIrWd8cM4XGQYuogBPCJa3VGYCxTY
AJwkE/qNDnuxHeyAvh+VxV+zF4U0cqpy55kd9AdujSZFwf18Zw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:28 2024 by rpki-client on console-fra.rpki-client.org