Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/S39-CArs70VVrKewpcYALbeJGQ0.roa
File:                     S39-CArs70VVrKewpcYALbeJGQ0.roa (raw, json)
Hash identifier:          3zXWG+PUHAyn1pB4DNlErZhtraUn1inJGO6MqVkKcAE=
Subject key identifier:   4B:7F:7E:08:0A:EC:EF:45:55:AC:A7:B0:A5:C6:00:2D:B7:89:19:0D
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       018DF5091083B5D3A9027B8AD89BF1C5B74C
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/S39-CArs70VVrKewpcYALbeJGQ0.roa
Signing time:             Thu 29 Feb 2024 13:23:48 +0000
ROA not before:           Thu 29 Feb 2024 13:23:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48749
IP address blocks:        80.96.106.0/24 maxlen: 24
                          80.96.236.0/23 maxlen: 23
                          81.180.36.0/23 maxlen: 23
                          81.180.94.0/23 maxlen: 23
                          81.180.172.0/23 maxlen: 23
                          81.180.204.0/23 maxlen: 23
                          81.180.252.0/23 maxlen: 23
                          81.181.173.0/24 maxlen: 24
                          85.120.44.0/23 maxlen: 23
                          85.121.18.0/23 maxlen: 23
                          85.121.36.0/23 maxlen: 23
                          85.122.84.0/23 maxlen: 23
                          194.102.216.0/24 maxlen: 24
                          217.156.91.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 14 Apr 2024 11:30:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f5:09:10:83:b5:d3:a9:02:7b:8a:d8:9b:f1:c5:b7:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Feb 29 13:23:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b7f7e080aecef4555aca7b0a5c6002db789190d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:35:c3:98:1d:57:97:12:ab:05:cf:c1:e4:e3:
                    49:dd:7e:b7:4a:28:cd:e3:16:68:53:40:dd:d4:78:
                    9f:ad:50:35:fa:23:be:5b:46:d2:e2:1d:6d:e4:33:
                    2e:cd:0b:e2:a3:f5:94:94:1a:b0:0b:95:ce:0a:ea:
                    66:46:3f:d8:3f:91:d1:bf:e9:94:b7:8e:c8:17:c5:
                    7c:68:f6:64:ca:f0:12:64:74:cf:52:92:a9:e1:b6:
                    48:14:ab:cf:7d:8b:33:36:0c:51:74:16:d7:2a:44:
                    06:34:86:39:90:0c:94:e0:4c:77:b3:54:89:87:f2:
                    bb:37:92:5c:80:38:a6:eb:d7:fd:07:ee:79:9f:72:
                    8a:fb:f0:ec:05:6b:2e:91:d0:7a:79:19:f1:fc:03:
                    3f:24:8c:a6:23:78:3e:22:b8:80:f8:59:0c:87:06:
                    da:2f:09:df:c1:21:39:c1:41:02:ca:59:65:b4:5d:
                    9d:3c:c0:8c:c0:68:67:43:38:1c:30:80:5d:2f:d3:
                    14:e9:7e:4e:20:6b:f4:ab:35:bf:88:81:d0:27:ce:
                    12:e6:9f:db:42:ec:5c:dc:f5:aa:c9:fe:a8:6e:e2:
                    9a:e9:79:0d:25:8d:45:84:8e:3c:a4:40:02:c1:b2:
                    9d:29:d7:fc:ec:8b:df:c5:d0:cf:d5:3e:7c:51:9f:
                    86:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:7F:7E:08:0A:EC:EF:45:55:AC:A7:B0:A5:C6:00:2D:B7:89:19:0D
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/S39-CArs70VVrKewpcYALbeJGQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.106.0/24
                  80.96.236.0/23
                  81.180.36.0/23
                  81.180.94.0/23
                  81.180.172.0/23
                  81.180.204.0/23
                  81.180.252.0/23
                  81.181.173.0/24
                  85.120.44.0/23
                  85.121.18.0/23
                  85.121.36.0/23
                  85.122.84.0/23
                  194.102.216.0/24
                  217.156.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:96:8f:c1:a9:44:2d:97:32:86:35:9a:50:1e:e4:af:75:c2:
         3c:1f:bd:8f:19:97:63:45:f9:20:7d:07:a9:b5:bf:e6:fb:46:
         81:5a:55:fd:f4:75:e5:9e:a0:c7:0a:22:c8:ac:47:54:9e:2d:
         19:b4:bd:19:30:8b:9f:a0:d3:30:29:55:87:bf:91:6a:2f:f1:
         0e:c6:a3:24:41:44:51:e6:31:0c:65:6f:11:d3:f0:0b:d1:47:
         2a:ac:c5:74:40:c6:67:c0:e0:47:b7:54:a1:e7:22:5d:f6:d8:
         4f:a8:d3:fa:e2:78:d1:34:da:dd:d5:72:26:d3:d2:75:fe:76:
         60:33:06:96:19:99:49:77:59:2c:ca:3c:92:f6:45:38:aa:c7:
         09:eb:57:ba:5a:32:02:61:23:ce:70:c3:24:2b:72:a4:de:6d:
         97:46:be:59:85:e8:ce:ed:6b:54:eb:72:ac:e3:7f:b9:5f:9e:
         fd:75:9b:5e:0d:01:95:64:e9:b2:a2:cf:83:f9:68:93:49:7f:
         dd:fc:ca:94:59:9b:ce:c9:16:7e:13:4e:83:1e:66:97:d4:25:
         e8:80:73:c6:71:d9:79:f8:6a:55:7f:31:dc:10:ab:0f:80:43:
         f2:7a:40:b2:15:37:8c:a9:f9:1d:36:af:db:64:f6:d0:10:2d:
         52:e6:59:c4
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY31CRCDtdOpAnuK2JvxxbdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjQwMjI5MTMyMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjdmN2UwODBhZWNlZjQ1NTVhY2E3YjBhNWM2MDAyZGI3ODkxOTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTXDmB1XlxKrBc/B5ONJ3X63SijN
4xZoU0Dd1HifrVA1+iO+W0bS4h1t5DMuzQvio/WUlBqwC5XOCupmRj/YP5HRv+mU
t47IF8V8aPZkyvASZHTPUpKp4bZIFKvPfYszNgxRdBbXKkQGNIY5kAyU4Ex3s1SJ
h/K7N5JcgDim69f9B+55n3KK+/DsBWsukdB6eRnx/AM/JIymI3g+IriA+FkMhwba
LwnfwSE5wUECyllltF2dPMCMwGhnQzgcMIBdL9MU6X5OIGv0qzW/iIHQJ84S5p/b
Quxc3PWqyf6obuKa6XkNJY1FhI48pEACwbKdKdf87IvfxdDP1T58UZ+GAwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFEt/fggK7O9FVaynsKXGAC23iRkNMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvUzM5LUNBcnM3MFZWcktld3BjWUFMYmVKR1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAUGBqAwQB
UGDsAwQBUbQkAwQBUbReAwQBUbSsAwQBUbTMAwQBUbT8AwQAUbWtAwQBVXgsAwQB
VXkSAwQBVXkkAwQBVXpUAwQAwmbYAwQA2ZxbMA0GCSqGSIb3DQEBCwUAA4IBAQBO
lo/BqUQtlzKGNZpQHuSvdcI8H72PGZdjRfkgfQeptb/m+0aBWlX99HXlnqDHCiLI
rEdUni0ZtL0ZMIufoNMwKVWHv5FqL/EOxqMkQURR5jEMZW8R0/AL0UcqrMV0QMZn
wOBHt1Sh5yJd9thPqNP64njRNNrd1XIm09J1/nZgMwaWGZlJd1ksyjyS9kU4qscJ
61e6WjICYSPOcMMkK3Kk3m2XRr5ZhejO7WtU63Ks43+5X579dZteDQGVZOmyos+D
+WiTSX/d/MqUWZvOyRZ+E06DHmaX1CXogHPGcdl5+GpVfzHcEKsPgEPyekCyFTeM
qfkdNq/bZPbQEC1S5lnE
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:05 2024 by rpki-client on console-ams.rpki-client.org