Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/XBtK3vVJxu3nzas6JZH-MPOdYgY.roa
File:                     XBtK3vVJxu3nzas6JZH-MPOdYgY.roa (raw, json)
Hash identifier:          nz+f+TiWTxlFE1fiXi8aehqJoDcBcDivSSGAnoG7xLs=
Subject key identifier:   5C:1B:4A:DE:F5:49:C6:ED:E7:CD:AB:3A:25:91:FE:30:F3:9D:62:06
Certificate issuer:       /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial:       018EFD568263553EE1215A437C67ECF6C7B3
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/XBtK3vVJxu3nzas6JZH-MPOdYgY.roa
Signing time:             Sat 20 Apr 2024 21:08:08 +0000
ROA not before:           Sat 20 Apr 2024 21:08:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216271
IP address blocks:        185.168.28.0/22 maxlen: 22
                          185.201.136.0/22 maxlen: 22
                          2a06:b3c0::/29 maxlen: 29
                          2a06:b440::/29 maxlen: 29
                          2a06:cac0::/29 maxlen: 29
                          2a0f:d480::/29 maxlen: 29
                          2a11:2f40::/29 maxlen: 29
                          2a11:3b40::/29 maxlen: 29
                          2a11:7240::/29 maxlen: 29
                          2a11:9600::/29 maxlen: 29
                          2a11:f140::/29 maxlen: 29
                          2a12:440::/29 maxlen: 29
                          2a12:28c0::/29 maxlen: 29
                          2a12:6640::/29 maxlen: 29
                          2a12:6740::/29 maxlen: 29
                          2a12:6f40::/29 maxlen: 29
                          2a12:7740::/29 maxlen: 29
                          2a12:8ec0::/29 maxlen: 29
                          2a12:ccc0::/29 maxlen: 29
                          2a12:d3c0::/29 maxlen: 29
                          2a12:e240::/29 maxlen: 29
                          2a12:f0c0::/29 maxlen: 29
                          2a14:c0::/29 maxlen: 29
                          2a14:140::/29 maxlen: 29
                          2a14:1c0::/29 maxlen: 29
                          2a14:800::/29 maxlen: 29
                          2a14:f40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 01 May 2024 17:07:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:fd:56:82:63:55:3e:e1:21:5a:43:7c:67:ec:f6:c7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
        Validity
            Not Before: Apr 20 21:08:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c1b4adef549c6ede7cdab3a2591fe30f39d6206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ae:03:6f:08:c3:de:82:8a:b0:fb:37:fc:9b:
                    17:b0:8f:58:a5:c0:1c:a4:98:e4:9f:0f:83:de:0f:
                    be:44:95:72:d9:0c:90:be:14:1c:44:2d:ad:dd:a0:
                    bf:5f:9e:1b:84:85:06:27:45:59:2a:17:68:2b:e9:
                    02:5f:40:c9:88:a7:27:fb:64:49:58:44:25:98:da:
                    4b:d2:73:ce:77:ce:a2:12:f5:c8:6b:91:76:f7:fb:
                    70:83:a2:16:44:5f:df:f8:e9:2a:af:85:65:ee:c2:
                    50:e8:57:9f:16:53:00:55:a2:88:d3:f9:8c:f7:6d:
                    0b:a0:b5:f2:0a:d3:5e:59:a2:37:06:96:3c:5e:d5:
                    ee:09:a9:ed:7a:76:a9:58:42:8c:6d:9d:e0:27:55:
                    c9:77:4f:92:0a:29:50:45:79:0b:14:5d:c9:a4:92:
                    66:50:2f:27:7f:85:a0:8d:b6:cd:d3:18:8a:72:36:
                    19:99:53:8d:71:62:fe:68:2f:c5:27:0e:d3:b3:d9:
                    81:f4:c8:af:f5:7a:66:a5:3f:a0:ad:4c:36:15:1a:
                    ab:2d:74:7e:9e:60:c8:e1:29:7c:65:e5:98:42:75:
                    21:ff:04:29:23:c8:96:f4:94:28:80:ee:ad:a6:2a:
                    61:c5:d0:46:38:ac:77:80:e5:8d:8b:7e:0a:2a:da:
                    2f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:1B:4A:DE:F5:49:C6:ED:E7:CD:AB:3A:25:91:FE:30:F3:9D:62:06
            X509v3 Authority Key Identifier:
                keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/XBtK3vVJxu3nzas6JZH-MPOdYgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.28.0/22
                  185.201.136.0/22
                IPv6:
                  2a06:b3c0::/29
                  2a06:b440::/29
                  2a06:cac0::/29
                  2a0f:d480::/29
                  2a11:2f40::/29
                  2a11:3b40::/29
                  2a11:7240::/29
                  2a11:9600::/29
                  2a11:f140::/29
                  2a12:440::/29
                  2a12:28c0::/29
                  2a12:6640::/29
                  2a12:6740::/29
                  2a12:6f40::/29
                  2a12:7740::/29
                  2a12:8ec0::/29
                  2a12:ccc0::/29
                  2a12:d3c0::/29
                  2a12:e240::/29
                  2a12:f0c0::/29
                  2a14:c0::/29
                  2a14:140::/29
                  2a14:1c0::/29
                  2a14:800::/29
                  2a14:f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:90:db:9d:d7:e1:8e:45:f7:6d:e4:a3:25:19:ec:78:bf:fd:
         df:8b:0f:f6:33:ea:28:62:fe:66:ce:8e:6d:43:35:b5:8b:22:
         b6:12:e2:d7:1f:72:d2:66:82:22:81:4f:08:eb:8e:a4:98:cc:
         8e:90:b4:7f:e3:c5:42:d4:a2:b5:e0:d5:82:7b:6f:9a:84:9c:
         4c:16:e9:99:21:22:b3:72:be:c8:7b:f3:d1:11:59:be:cf:c6:
         8e:1d:68:96:29:81:fb:6f:d9:24:d0:2d:98:ac:fa:18:8a:9a:
         ce:4d:41:01:8a:98:f6:6e:7b:d4:0d:dd:f6:af:6c:8f:96:38:
         89:a1:07:ef:6e:b8:be:ff:7f:d1:7e:a6:7b:37:d4:36:d3:4f:
         55:0a:04:19:48:85:eb:cf:6e:94:9b:fa:93:ab:dd:ad:20:bd:
         f7:a2:80:39:b6:f7:f5:19:a1:9f:ff:eb:35:12:25:fd:d3:78:
         c6:64:51:1a:95:83:cf:a3:74:96:52:d6:f2:4d:fe:b2:3b:be:
         de:cf:7f:66:40:c2:93:b4:e7:97:f4:ab:14:55:6f:4a:49:eb:
         ae:e0:32:3c:48:0a:7b:86:ba:bc:77:7c:64:ad:44:ac:a3:79:
         cb:3f:54:41:5e:1d:ff:48:d2:05:b7:e5:79:cb:e5:81:ab:40:
         0d:c3:10:9a
-----BEGIN CERTIFICATE-----
MIIFvzCCBKegAwIBAgISAY79VoJjVT7hIVpDfGfs9sezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwNDIwMjEwODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzFiNGFkZWY1NDljNmVkZTdjZGFiM2EyNTkxZmUzMGYzOWQ2MjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo64DbwjD3oKKsPs3/JsXsI9YpcAc
pJjknw+D3g++RJVy2QyQvhQcRC2t3aC/X54bhIUGJ0VZKhdoK+kCX0DJiKcn+2RJ
WEQlmNpL0nPOd86iEvXIa5F29/twg6IWRF/f+Okqr4Vl7sJQ6FefFlMAVaKI0/mM
920LoLXyCtNeWaI3BpY8XtXuCantenapWEKMbZ3gJ1XJd0+SCilQRXkLFF3JpJJm
UC8nf4WgjbbN0xiKcjYZmVONcWL+aC/FJw7Ts9mB9Miv9XpmpT+grUw2FRqrLXR+
nmDI4Sl8ZeWYQnUh/wQpI8iW9JQogO6tpiphxdBGOKx3gOWNi34KKtovBwIDAQAB
o4ICyzCCAscwHQYDVR0OBBYEFFwbSt71Scbt582rOiWR/jDznWIGMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvWEJ0SzN2Vkp4dTNuemFzNkpaSC1NUE9kWWdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHgBggrBgEFBQcBBwEB/wSB0DCBzTASBAIAATAMAwQCuagc
AwQCucmIMIG2BAIAAjCBrwMFAyoGs8ADBQMqBrRAAwUDKgbKwAMFAyoP1IADBQMq
ES9AAwUDKhE7QAMFAyoRckADBQMqEZYAAwUDKhHxQAMFAyoSBEADBQMqEijAAwUD
KhJmQAMFAyoSZ0ADBQMqEm9AAwUDKhJ3QAMFAyoSjsADBQMqEszAAwUDKhLTwAMF
AyoS4kADBQMqEvDAAwUDKhQAwAMFAyoUAUADBQMqFAHAAwUDKhQIAAMFAyoUD0Aw
DQYJKoZIhvcNAQELBQADggEBACmQ253X4Y5F923koyUZ7Hi//d+LD/Yz6ihi/mbO
jm1DNbWLIrYS4tcfctJmgiKBTwjrjqSYzI6QtH/jxULUorXg1YJ7b5qEnEwW6Zkh
IrNyvsh789ERWb7Pxo4daJYpgftv2STQLZis+hiKms5NQQGKmPZue9QN3favbI+W
OImhB+9uuL7/f9F+pns31DbTT1UKBBlIhevPbpSb+pOr3a0gvfeigDm29/UZoZ//
6zUSJf3TeMZkURqVg8+jdJZS1vJN/rI7vt7Pf2ZAwpO055f0qxRVb0pJ667gMjxI
CnuGurx3fGStRKyjecs/VEFeHf9I0gW35XnL5YGrQA3DEJo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:02 2024 by rpki-client on console-ams.rpki-client.org