Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/bnucm0RBT-9IkHiVHk2CWdeE2Po.roa
File:                     bnucm0RBT-9IkHiVHk2CWdeE2Po.roa (raw, json)
Hash identifier:          gqChjyTewGoOofRmQNYCS+Po6erMH3R7VeEMyByqGzQ=
Subject key identifier:   6E:7B:9C:9B:44:41:4F:EF:48:90:78:95:1E:4D:82:59:D7:84:D8:FA
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       018C86DD1A7032F740555312506D58DA504E
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/bnucm0RBT-9IkHiVHk2CWdeE2Po.roa
Signing time:             Wed 20 Dec 2023 10:54:46 +0000
ROA not before:           Wed 20 Dec 2023 10:54:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        37.235.48.0/24 maxlen: 24
                          37.235.51.0/24 maxlen: 24
                          158.255.208.0/24 maxlen: 24
                          134.255.211.0/24 maxlen: 24
                          158.255.213.0/24 maxlen: 24
                          158.255.214.0/24 maxlen: 24
                          158.255.215.0/24 maxlen: 24
                          185.26.239.0/24 maxlen: 24
                          149.154.157.0/24 maxlen: 24
                          149.154.158.0/24 maxlen: 24
                          149.154.159.0/24 maxlen: 24
                          46.183.187.0/24 maxlen: 24
                          89.31.120.0/24 maxlen: 24
                          89.31.121.0/24 maxlen: 24
                          89.31.123.0/24 maxlen: 24
                          83.243.120.0/24 maxlen: 24
                          83.243.121.0/24 maxlen: 24
                          91.132.92.0/24 maxlen: 24
                          91.132.93.0/24 maxlen: 24
                          91.132.95.0/24 maxlen: 24
                          151.236.15.0/24 maxlen: 24
                          151.236.16.0/24 maxlen: 24
                          151.236.17.0/24 maxlen: 24
                          151.236.18.0/24 maxlen: 24
                          151.236.20.0/24 maxlen: 24
                          151.236.21.0/24 maxlen: 24
                          151.236.22.0/24 maxlen: 24
                          151.236.25.0/24 maxlen: 24
                          92.243.64.0/24 maxlen: 24
                          103.57.248.0/24 maxlen: 24
                          103.57.249.0/24 maxlen: 24
                          103.57.251.0/24 maxlen: 24
                          2a03:f80:45::/48 maxlen: 48
                          2a03:f80:4416::/48 maxlen: 48
                          2a03:f80:971::/48 maxlen: 48
                          2a03:f80:49::/48 maxlen: 48
                          2a03:f80:32::/48 maxlen: 48
                          2a03:f80:61::/48 maxlen: 48
                          2a03:f80:65::/48 maxlen: 48
                          2a03:f80:40::/48 maxlen: 48
                          2a03:f80:39::/48 maxlen: 48
                          2a03:f80:33::/48 maxlen: 48
                          2a03:f80:ed51::/48 maxlen: 48
                          2a03:f80:47::/48 maxlen: 48
                          2a03:f80:44::/48 maxlen: 48
                          2a03:f80:852::/48 maxlen: 48
                          2a03:f80:48::/48 maxlen: 48
                          2a03:f80:81::/48 maxlen: 48
                          2a03:f80:381::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:31:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:86:dd:1a:70:32:f7:40:55:53:12:50:6d:58:da:50:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Dec 20 10:54:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6e7b9c9b44414fef489078951e4d8259d784d8fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:2a:1a:11:a0:2a:60:cc:8d:78:95:d7:e2:e3:
                    bc:ed:c7:75:37:0c:a1:64:ef:3e:58:fa:c6:9a:1f:
                    94:ab:ca:37:ce:be:1b:22:3f:4d:1b:6c:a3:7c:b8:
                    aa:89:bf:51:c7:26:44:04:0f:bc:eb:b9:0a:a9:61:
                    5e:d4:55:39:a9:ea:d5:21:13:31:2d:d2:54:e7:4a:
                    eb:bd:c7:ed:66:8c:d1:ef:74:de:bb:bf:4a:c3:7d:
                    fc:52:ec:53:8b:63:0f:0c:9c:bd:a3:93:a5:40:87:
                    ab:22:df:89:fa:20:7e:9a:20:fa:3f:f7:28:56:88:
                    c9:2c:93:02:02:9f:76:75:ca:d4:bf:81:8b:10:6a:
                    cc:eb:d2:5e:07:6d:4e:26:dc:ed:60:39:ee:d6:14:
                    6c:ce:37:60:c0:19:52:ab:26:5d:e2:fd:33:98:28:
                    22:02:c1:f5:87:09:49:10:c4:cb:f6:22:25:00:ca:
                    38:b6:b0:20:a1:b2:00:5d:db:7f:d3:22:ee:fa:d3:
                    90:dc:bb:45:9f:39:8e:0e:e9:77:bf:57:fb:f0:b8:
                    a9:c8:34:a5:e4:3e:cd:05:2a:0d:d2:e6:83:ee:c3:
                    a3:83:83:03:3d:f2:22:eb:27:20:e2:ff:0d:38:b0:
                    40:68:37:2f:f2:63:fa:77:0f:c4:cf:e2:b7:ab:4a:
                    0b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:7B:9C:9B:44:41:4F:EF:48:90:78:95:1E:4D:82:59:D7:84:D8:FA
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/bnucm0RBT-9IkHiVHk2CWdeE2Po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.235.48.0/24
                  37.235.51.0/24
                  46.183.187.0/24
                  83.243.120.0/23
                  89.31.120.0/23
                  89.31.123.0/24
                  91.132.92.0/23
                  91.132.95.0/24
                  92.243.64.0/24
                  103.57.248.0/23
                  103.57.251.0/24
                  134.255.211.0/24
                  149.154.157.0-149.154.159.255
                  151.236.15.0-151.236.18.255
                  151.236.20.0-151.236.22.255
                  151.236.25.0/24
                  158.255.208.0/24
                  158.255.213.0-158.255.215.255
                  185.26.239.0/24
                IPv6:
                  2a03:f80:32::/47
                  2a03:f80:39::/48
                  2a03:f80:40::/48
                  2a03:f80:44::/47
                  2a03:f80:47::-2a03:f80:49:ffff:ffff:ffff:ffff:ffff
                  2a03:f80:61::/48
                  2a03:f80:65::/48
                  2a03:f80:81::/48
                  2a03:f80:381::/48
                  2a03:f80:852::/48
                  2a03:f80:971::/48
                  2a03:f80:4416::/48
                  2a03:f80:ed51::/48

    Signature Algorithm: sha256WithRSAEncryption
         13:a5:49:3b:a2:f5:e7:0a:97:bf:f3:d2:1b:a3:83:42:59:0a:
         ee:eb:63:ef:4a:66:a7:61:2e:be:6e:ae:fb:cf:38:6a:0f:a7:
         7c:5a:a1:05:77:47:5e:ed:70:20:c5:d0:ec:90:05:8a:f2:b7:
         0b:36:45:08:02:68:9f:a5:52:9d:5d:e0:27:22:38:6a:d2:03:
         bf:4f:46:c6:44:70:c2:90:88:e0:30:6b:64:81:68:9d:21:a5:
         bd:7c:01:c4:1c:c7:52:28:18:b5:2c:fa:a1:3e:d3:87:96:9a:
         d1:83:96:7a:ad:90:29:95:ae:b0:b2:95:43:d5:ad:ac:f6:63:
         c3:5f:da:ab:1e:33:bf:43:62:cc:2e:c7:c6:9c:80:46:2e:bc:
         6d:d6:dc:46:ce:60:19:88:64:41:83:93:47:53:25:85:13:d3:
         59:f1:59:72:94:f8:bb:1a:f6:99:25:32:7d:74:9c:c7:2f:ad:
         b5:f3:4e:a5:fb:60:0b:2f:ed:ec:87:5d:75:1d:61:55:66:eb:
         42:59:28:c4:fa:6f:1c:2d:30:2d:86:66:c2:06:16:4e:01:1a:
         c8:09:dc:77:02:28:2c:3d:d9:04:c2:2e:1a:6b:7a:28:33:5e:
         9f:d1:41:1a:ff:45:a0:39:c2:ed:9f:88:c8:6f:7a:05:97:49:
         7b:95:90:0c
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAYyG3RpwMvdAVVMSUG1Y2lBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjMxMjIwMTA1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTdiOWM5YjQ0NDE0ZmVmNDg5MDc4OTUxZTRkODI1OWQ3ODRkOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCoaEaAqYMyNeJXX4uO87cd1Nwyh
ZO8+WPrGmh+Uq8o3zr4bIj9NG2yjfLiqib9RxyZEBA+867kKqWFe1FU5qerVIRMx
LdJU50rrvcftZozR73Teu79Kw338UuxTi2MPDJy9o5OlQIerIt+J+iB+miD6P/co
VojJLJMCAp92dcrUv4GLEGrM69JeB21OJtztYDnu1hRszjdgwBlSqyZd4v0zmCgi
AsH1hwlJEMTL9iIlAMo4trAgobIAXdt/0yLu+tOQ3LtFnzmODul3v1f78LipyDSl
5D7NBSoN0uaD7sOjg4MDPfIi6ycg4v8NOLBAaDcv8mP6dw/Ez+K3q0oLIwIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFG57nJtEQU/vSJB4lR5NglnXhNj6MB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvYm51Y20wUkJULTlJa0hpVkhrMkNXZGVFMlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCBmQQCAAEwgZID
BAAl6zADBAAl6zMDBAAut7sDBAFT83gDBAFZH3gDBABZH3sDBAFbhFwDBABbhF8D
BABc80ADBAFnOfgDBABnOfsDBACG/9MwDAMEAJWanQMEBZWagDAMAwQAl+wPAwQA
l+wSMAwDBAKX7BQDBACX7BYDBACX7BkDBACe/9AwDAMEAJ7/1QMEA57/0AMEALka
7zCBhwQCAAIwgYADBwEqAw+AADIDBwAqAw+AADkDBwAqAw+AAEADBwEqAw+AAEQw
EgMHACoDD4AARwMHASoDD4AASAMHACoDD4AAYQMHACoDD4AAZQMHACoDD4AAgQMH
ACoDD4ADgQMHACoDD4AIUgMHACoDD4AJcQMHACoDD4BEFgMHACoDD4DtUTANBgkq
hkiG9w0BAQsFAAOCAQEAE6VJO6L15wqXv/PSG6ODQlkK7utj70pmp2Euvm6u+884
ag+nfFqhBXdHXu1wIMXQ7JAFivK3CzZFCAJon6VSnV3gJyI4atIDv09GxkRwwpCI
4DBrZIFonSGlvXwBxBzHUigYtSz6oT7Th5aa0YOWeq2QKZWusLKVQ9WtrPZjw1/a
qx4zv0NizC7HxpyARi68bdbcRs5gGYhkQYOTR1MlhRPTWfFZcpT4uxr2mSUyfXSc
xy+ttfNOpftgCy/t7IdddR1hVWbrQlkoxPpvHC0wLYZmwgYWTgEayAncdwIoLD3Z
BMIuGmt6KDNen9FBGv9FoDnC7Z+IyG96BZdJe5WQDA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:28 2024 by rpki-client on console-fra.rpki-client.org