Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/tvlb19f5L4Acgz5NAHAKHOuToHg.roa
File:                     tvlb19f5L4Acgz5NAHAKHOuToHg.roa (raw, json)
Hash identifier:          Mzb5uQfPfuu8WEKSa27isF7uyJtTOH59fC+gPJ43BMU=
Subject key identifier:   B6:F9:5B:D7:D7:F9:2F:80:1C:83:3E:4D:00:70:0A:1C:EB:93:A0:78
Certificate issuer:       /CN=43015654082578c4946cd27be1e89a3dd7562fa4
Certificate serial:       01857702F92B755BB33E7BB672FBA9C4B794
Authority key identifier: 43:01:56:54:08:25:78:C4:94:6C:D2:7B:E1:E8:9A:3D:D7:56:2F:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/tvlb19f5L4Acgz5NAHAKHOuToHg.roa
Signing time:             Tue 03 Jan 2023 09:42:41 +0000
ROA not before:           Tue 03 Jan 2023 09:42:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49981
IP address blocks:        217.23.0.0/20 maxlen: 20
                          185.184.192.0/22 maxlen: 22
                          178.218.196.0/22 maxlen: 22
                          185.100.232.0/22 maxlen: 22
                          185.185.48.0/22 maxlen: 22
                          185.185.51.0/24 maxlen: 24
                          185.185.50.0/24 maxlen: 24
                          91.232.105.0/24 maxlen: 24
                          193.200.164.0/24 maxlen: 24
                          93.190.136.0/21 maxlen: 22
                          93.190.140.0/22 maxlen: 22
                          185.173.160.0/22 maxlen: 22
                          185.2.80.0/22 maxlen: 22
                          185.177.124.0/22 maxlen: 22
                          185.180.220.0/22 maxlen: 22
                          89.39.104.0/22 maxlen: 22
                          185.191.0.0/22 maxlen: 22
                          2.59.168.0/22 maxlen: 22
                          2.59.168.0/24 maxlen: 24
                          2.59.171.0/24 maxlen: 24
                          2.59.170.0/24 maxlen: 24
                          2.59.169.0/24 maxlen: 24
                          212.8.240.0/24 maxlen: 24
                          212.8.242.0/23 maxlen: 23
                          212.8.248.0/23 maxlen: 23
                          212.8.250.0/24 maxlen: 24
                          212.8.252.0/23 maxlen: 23
                          185.132.132.0/22 maxlen: 22
                          185.183.32.0/22 maxlen: 22
                          185.182.192.0/22 maxlen: 22
                          185.182.192.0/24 maxlen: 24
                          62.112.8.0/22 maxlen: 24
                          185.165.240.0/22 maxlen: 22
                          185.21.60.0/22 maxlen: 22
                          185.21.63.0/24 maxlen: 24
                          45.14.132.0/22 maxlen: 22
                          80.79.4.0/22 maxlen: 22
                          185.132.176.0/22 maxlen: 22
                          89.38.96.0/22 maxlen: 22
                          45.82.64.0/22 maxlen: 22
                          91.229.23.0/24 maxlen: 24
                          178.132.0.0/21 maxlen: 21
                          194.88.104.0/22 maxlen: 22
                          109.236.80.0/20 maxlen: 20
                          185.172.88.0/22 maxlen: 22
                          2a00:7c82::/32 maxlen: 32
                          2a00:7c81::/32 maxlen: 32
                          2a00:7c83::/32 maxlen: 32
                          2a00:7c80::/29 maxlen: 32

Validation:               Failed, certificate revoked on Tue 03 Jan 2023 14:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:77:02:f9:2b:75:5b:b3:3e:7b:b6:72:fb:a9:c4:b7:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43015654082578c4946cd27be1e89a3dd7562fa4
        Validity
            Not Before: Jan  3 09:42:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b6f95bd7d7f92f801c833e4d00700a1ceb93a078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:fe:b6:0a:ac:bc:eb:da:25:74:88:02:87:a6:
                    58:0b:60:dc:5b:21:4e:da:0b:12:d9:be:1b:f7:09:
                    6a:69:53:6a:01:0e:b2:30:71:b4:fa:59:e2:7c:af:
                    d4:5d:c6:0b:28:a8:b0:22:e2:7a:1e:96:7a:0a:cf:
                    e6:de:e8:38:ff:63:bc:8d:00:4e:1f:fe:a0:f3:90:
                    98:f5:6f:0a:80:96:a9:68:c7:62:c0:42:7b:48:8c:
                    fc:43:25:7a:a1:d9:7e:bb:a7:bb:ff:ed:7b:ea:6e:
                    dd:a2:fc:af:4c:b5:ad:70:b8:0a:bb:33:ae:a1:79:
                    5c:f0:5d:b1:c2:cb:f3:a7:cb:5d:cc:5c:1a:6b:75:
                    92:91:e0:4f:6d:ce:f3:37:34:0c:7b:eb:dd:c1:19:
                    ea:a9:b0:a3:36:41:c0:54:c5:68:ee:34:52:76:8b:
                    1a:44:9a:4e:30:17:26:e1:fc:9d:4e:ab:a1:56:aa:
                    36:69:59:9e:3d:18:58:e0:47:7d:51:37:d5:bb:d0:
                    13:7f:72:89:81:cd:eb:bc:1d:ec:4d:84:3b:6d:9a:
                    4e:70:3f:b8:9a:38:3f:0d:6d:7a:31:84:3d:59:b5:
                    a2:47:4a:a0:95:cf:e8:ce:e0:8f:5e:98:07:6d:69:
                    ec:bd:50:35:71:a0:0e:9a:38:38:9f:2b:c1:09:97:
                    62:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F9:5B:D7:D7:F9:2F:80:1C:83:3E:4D:00:70:0A:1C:EB:93:A0:78
            X509v3 Authority Key Identifier:
                keyid:43:01:56:54:08:25:78:C4:94:6C:D2:7B:E1:E8:9A:3D:D7:56:2F:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QwFWVAgleMSUbNJ74eiaPddWL6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/tvlb19f5L4Acgz5NAHAKHOuToHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/c27fa6-b2b0-4dcb-a899-1030cdbe6bd4/1/QwFWVAgleMSUbNJ74eiaPddWL6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.168.0/22
                  45.14.132.0/22
                  45.82.64.0/22
                  62.112.8.0/22
                  80.79.4.0/22
                  89.38.96.0/22
                  89.39.104.0/22
                  91.229.23.0/24
                  91.232.105.0/24
                  93.190.136.0/21
                  109.236.80.0/20
                  178.132.0.0/21
                  178.218.196.0/22
                  185.2.80.0/22
                  185.21.60.0/22
                  185.100.232.0/22
                  185.132.132.0/22
                  185.132.176.0/22
                  185.165.240.0/22
                  185.172.88.0/22
                  185.173.160.0/22
                  185.177.124.0/22
                  185.180.220.0/22
                  185.182.192.0/22
                  185.183.32.0/22
                  185.184.192.0/22
                  185.185.48.0/22
                  185.191.0.0/22
                  193.200.164.0/24
                  194.88.104.0/22
                  212.8.240.0/24
                  212.8.242.0/23
                  212.8.248.0-212.8.250.255
                  212.8.252.0/23
                  217.23.0.0/20
                IPv6:
                  2a00:7c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:c2:de:5a:b7:00:5f:9a:e6:7b:6c:52:00:30:85:19:38:6d:
         62:52:ea:d2:d6:15:f5:73:36:90:d4:37:c0:68:97:6f:15:85:
         12:63:52:f6:58:c1:cb:4a:d4:f1:92:23:6b:3e:17:66:cb:b1:
         08:cd:73:24:48:4d:64:f8:35:8f:84:12:1c:40:ec:71:cf:d6:
         c7:7e:82:f0:dc:4b:bb:9e:08:2c:de:9e:84:a2:ab:30:8c:7a:
         79:7d:89:38:90:4a:ea:93:b5:af:ad:c6:f7:9a:d4:13:f1:a9:
         ed:44:97:e0:28:37:59:22:27:81:68:83:ac:00:92:07:67:d2:
         b8:1e:30:7f:51:f9:d9:08:8b:84:d6:fa:2f:5f:90:14:9d:a8:
         23:6f:d9:28:fb:0c:55:e2:65:b4:f7:f5:07:c6:8c:d3:28:8d:
         77:27:5e:d2:9c:b8:45:c0:93:45:88:b5:7d:c5:af:2c:08:17:
         29:80:7c:20:7f:89:88:a7:2c:40:22:4e:0f:93:10:d0:b1:ea:
         fb:af:89:a9:7d:48:8b:a7:50:a6:8f:12:d6:7b:7f:42:d8:bd:
         c7:c1:84:2d:2f:1f:47:a1:c8:36:66:82:79:e2:f3:d7:22:92:
         63:05:c0:f1:a0:23:a1:57:04:b4:0e:1a:a4:71:96:e9:06:f1:
         67:85:e0:7e
-----BEGIN CERTIFICATE-----
MIIF5jCCBM6gAwIBAgISAYV3AvkrdVuzPnu2cvupxLeUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzMDE1NjU0MDgyNTc4YzQ5NDZjZDI3YmUxZTg5YTNkZDc1
NjJmYTQwHhcNMjMwMTAzMDk0MjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY5NWJkN2Q3ZjkyZjgwMWM4MzNlNGQwMDcwMGExY2ViOTNhMDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiP62Cqy869oldIgCh6ZYC2DcWyFO
2gsS2b4b9wlqaVNqAQ6yMHG0+lnifK/UXcYLKKiwIuJ6HpZ6Cs/m3ug4/2O8jQBO
H/6g85CY9W8KgJapaMdiwEJ7SIz8QyV6odl+u6e7/+176m7dovyvTLWtcLgKuzOu
oXlc8F2xwsvzp8tdzFwaa3WSkeBPbc7zNzQMe+vdwRnqqbCjNkHAVMVo7jRSdosa
RJpOMBcm4fydTquhVqo2aVmePRhY4Ed9UTfVu9ATf3KJgc3rvB3sTYQ7bZpOcD+4
mjg/DW16MYQ9WbWiR0qglc/ozuCPXpgHbWnsvVA1caAOmjg4nyvBCZdiFwIDAQAB
o4IC8jCCAu4wHQYDVR0OBBYEFLb5W9fX+S+AHIM+TQBwChzrk6B4MB8GA1UdIwQY
MBaAFEMBVlQIJXjElGzSe+Homj3XVi+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXdGV1ZBZ2xlTVNVYk5KNzRlaWFQZGRXTDZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9jMjdmYTYtYjJiMC00ZGNiLWE4OTkt
MTAzMGNkYmU2YmQ0LzEvdHZsYjE5ZjVMNEFjZ3o1TkFIQUtIT3VUb0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9jMjdmYTYtYjJiMC00ZGNiLWE4OTktMTAzMGNkYmU2YmQ0
LzEvUXdGV1ZBZ2xlTVNVYk5KNzRlaWFQZGRXTDZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBgYIKwYBBQUHAQcBAf8EgfYwgfMwgeEEAgABMIHaAwQC
AjuoAwQCLQ6EAwQCLVJAAwQCPnAIAwQCUE8EAwQCWSZgAwQCWSdoAwQAW+UXAwQA
W+hpAwQDXb6IAwQEbexQAwQDsoQAAwQCstrEAwQCuQJQAwQCuRU8AwQCuWToAwQC
uYSEAwQCuYSwAwQCuaXwAwQCuaxYAwQCua2gAwQCubF8AwQCubTcAwQCubbAAwQC
ubcgAwQCubjAAwQCubkwAwQCub8AAwQAwcikAwQCwlhoAwQA1AjwAwQB1AjyMAwD
BAPUCPgDBADUCPoDBAHUCPwDBATZFwAwDQQCAAIwBwMFAyoAfIAwDQYJKoZIhvcN
AQELBQADggEBAG3C3lq3AF+a5ntsUgAwhRk4bWJS6tLWFfVzNpDUN8Bol28VhRJj
UvZYwctK1PGSI2s+F2bLsQjNcyRITWT4NY+EEhxA7HHP1sd+gvDcS7ueCCzenoSi
qzCMenl9iTiQSuqTta+txvea1BPxqe1El+AoN1kiJ4Fog6wAkgdn0rgeMH9R+dkI
i4TW+i9fkBSdqCNv2Sj7DFXiZbT39QfGjNMojXcnXtKcuEXAk0WItX3FrywIFymA
fCB/iYinLEAiTg+TENCx6vuvial9SIunUKaPEtZ7f0LYvcfBhC0vH0ehyDZmgnni
89cikmMFwPGgI6FXBLQOGqRxlukG8WeF4H4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:26 2024 by rpki-client on console-ams.rpki-client.org