Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/y2tTMMt_4VPsShj4oOJQrLnSxBg.roa
File:                     y2tTMMt_4VPsShj4oOJQrLnSxBg.roa (raw, json)
Hash identifier:          fp/KmCrOpZRwXGBPu72tNhdCrME2vlA3ab4DbJeMTnk=
Subject key identifier:   CB:6B:53:30:CB:7F:E1:53:EC:4A:18:F8:A0:E2:50:AC:B9:D2:C4:18
Certificate issuer:       /CN=f71d4a4374df222ac3235b9602206d96bf1dac82
Certificate serial:       018C256FEE82AB50703BB2A06AA5C43ED0DB
Authority key identifier: F7:1D:4A:43:74:DF:22:2A:C3:23:5B:96:02:20:6D:96:BF:1D:AC:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/y2tTMMt_4VPsShj4oOJQrLnSxBg.roa
Signing time:             Fri 01 Dec 2023 12:52:21 +0000
ROA not before:           Fri 01 Dec 2023 12:52:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5607
IP address blocks:        93.96.224.0/23 maxlen: 23
                          93.96.224.0/19 maxlen: 19
                          93.96.228.0/23 maxlen: 23
                          87.80.0.0/15 maxlen: 15
                          51.198.0.0/16 maxlen: 16
                          51.198.0.0/15 maxlen: 15
                          176.255.240.0/24 maxlen: 24
                          176.255.242.0/24 maxlen: 24
                          176.255.241.0/24 maxlen: 24
                          151.224.0.0/13 maxlen: 13
                          51.194.0.0/16 maxlen: 16
                          93.96.0.0/17 maxlen: 17
                          78.86.0.0/16 maxlen: 16
                          149.241.0.0/16 maxlen: 16
                          51.241.0.0/16 maxlen: 16
                          176.248.0.0/13 maxlen: 13
                          2.120.0.0/13 maxlen: 13
                          93.96.128.0/18 maxlen: 18
                          51.19.0.0/16 maxlen: 16
                          51.199.224.0/20 maxlen: 20
                          188.220.0.0/14 maxlen: 14
                          51.146.0.0/16 maxlen: 16
                          51.199.240.0/21 maxlen: 21
                          51.199.248.0/22 maxlen: 22
                          90.192.0.0/11 maxlen: 11
                          51.199.192.0/19 maxlen: 19
                          51.190.0.0/15 maxlen: 15
                          5.64.0.0/13 maxlen: 13
                          51.199.0.0/17 maxlen: 17
                          46.64.0.0/15 maxlen: 15
                          94.192.0.0/14 maxlen: 14
                          51.182.0.0/15 maxlen: 15
                          2.216.0.0/13 maxlen: 13
                          51.199.128.0/18 maxlen: 18
                          51.186.0.0/15 maxlen: 15
                          94.0.0.0/12 maxlen: 12
                          176.24.0.0/14 maxlen: 14
                          78.105.0.0/16 maxlen: 16
                          2a06:5902::/31 maxlen: 31
                          2a06:5904::/31 maxlen: 31
                          2a02:c7a:1200::/48 maxlen: 48
                          2a02:c7a:1202::/48 maxlen: 48
                          2a02:c7e::/33 maxlen: 33
                          2a02:c7e:8000::/33 maxlen: 33
                          2a06:5901::/33 maxlen: 33
                          2a02:c78::/29 maxlen: 29
                          2a02:c7b::/32 maxlen: 32
                          2a02:c7a::/32 maxlen: 32
                          2a02:c7d::/33 maxlen: 33
                          2a02:c7d:8000::/33 maxlen: 33
                          2a06:5906::/31 maxlen: 31
                          2a02:c7c::/30 maxlen: 30
                          2a02:c7f::/33 maxlen: 33
                          2a02:c7f:8000::/33 maxlen: 33
                          2a06:5900::/32 maxlen: 32
                          2a02:c7c::/33 maxlen: 33
                          2a02:c7c:8000::/33 maxlen: 33

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:25:6f:ee:82:ab:50:70:3b:b2:a0:6a:a5:c4:3e:d0:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f71d4a4374df222ac3235b9602206d96bf1dac82
        Validity
            Not Before: Dec  1 12:52:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cb6b5330cb7fe153ec4a18f8a0e250acb9d2c418
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:80:bf:66:2b:f1:9a:33:86:17:47:0e:69:0f:
                    06:03:f7:c7:46:63:a5:f0:7c:6b:37:96:8d:cd:b8:
                    43:8e:cc:8d:79:21:3f:ea:2a:67:80:58:ba:43:f4:
                    7b:c6:ea:71:97:ca:cc:92:35:52:e2:49:55:d8:ec:
                    e6:09:f0:16:61:ed:19:5f:95:9b:52:99:2e:ba:77:
                    28:00:81:b4:93:4d:c3:66:77:27:f2:ce:63:b7:41:
                    43:4b:1f:43:1a:bb:9b:bd:47:51:84:06:3f:80:9d:
                    59:fa:83:cb:8b:1e:1c:e3:69:b2:47:2f:f6:56:de:
                    fb:cb:a1:42:7f:66:24:50:37:ca:a8:65:82:9e:cc:
                    64:f2:4a:8f:67:77:71:ff:77:9a:42:c1:11:fa:71:
                    ec:87:38:2e:8b:1f:a5:74:80:68:bb:0c:b3:92:24:
                    ef:4f:f5:b6:d0:07:e9:32:28:54:9b:fb:83:f6:bf:
                    69:8a:24:fe:74:30:ea:3a:74:39:ec:d0:ce:b9:fa:
                    f7:43:6c:2d:27:75:04:9e:da:b1:b4:a0:01:26:2f:
                    5b:78:58:e2:dc:0e:4e:5b:e1:43:3f:43:f3:ae:35:
                    a8:57:1f:97:62:4b:2a:63:81:24:1c:4a:0f:1b:0e:
                    0e:c3:cf:10:21:48:bf:ca:5a:ad:c0:a1:c2:5f:35:
                    41:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:6B:53:30:CB:7F:E1:53:EC:4A:18:F8:A0:E2:50:AC:B9:D2:C4:18
            X509v3 Authority Key Identifier:
                keyid:F7:1D:4A:43:74:DF:22:2A:C3:23:5B:96:02:20:6D:96:BF:1D:AC:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9x1KQ3TfIirDI1uWAiBtlr8drII.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/y2tTMMt_4VPsShj4oOJQrLnSxBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7739dc-1132-4837-9b85-e9ac2b00316a/1/9x1KQ3TfIirDI1uWAiBtlr8drII.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.120.0.0/13
                  2.216.0.0/13
                  5.64.0.0/13
                  46.64.0.0/15
                  51.19.0.0/16
                  51.146.0.0/16
                  51.182.0.0/15
                  51.186.0.0/15
                  51.190.0.0/15
                  51.194.0.0/16
                  51.198.0.0/15
                  51.241.0.0/16
                  78.86.0.0/16
                  78.105.0.0/16
                  87.80.0.0/15
                  90.192.0.0/11
                  93.96.0.0-93.96.191.255
                  93.96.224.0/19
                  94.0.0.0/12
                  94.192.0.0/14
                  149.241.0.0/16
                  151.224.0.0/13
                  176.24.0.0/14
                  176.248.0.0/13
                  188.220.0.0/14
                IPv6:
                  2a02:c78::/29
                  2a06:5900::-2a06:5901:7fff:ffff:ffff:ffff:ffff:ffff
                  2a06:5902::-2a06:5907:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         84:1c:48:c6:87:09:01:37:47:65:89:3d:88:73:be:b7:c6:1d:
         55:94:de:94:18:69:41:e2:f9:77:f1:eb:44:ec:ba:58:43:41:
         f4:a0:60:11:6e:4d:af:bd:c1:4c:07:58:0e:d0:f0:99:73:24:
         ee:c7:71:87:bc:82:32:33:e0:db:d5:8d:28:dd:56:73:2f:df:
         23:c4:35:1f:c9:42:30:0a:fc:83:60:7d:87:01:e0:aa:17:79:
         eb:aa:d2:b1:40:e0:f8:06:9d:bc:71:58:17:20:33:61:f1:a5:
         5c:4c:c6:ae:71:f0:a1:cf:45:18:35:3d:fd:76:b5:c4:80:eb:
         cd:ab:a8:97:fe:0e:24:66:9c:da:07:38:08:ed:72:d5:48:6c:
         4f:3d:0f:64:db:9e:e2:8f:ee:47:5b:17:7c:49:fb:92:10:75:
         ae:7e:d4:31:68:ac:97:88:1f:fd:6a:14:50:2b:b0:b8:6b:82:
         f7:fd:1f:d2:1b:08:f6:ef:5e:91:b8:f0:52:aa:1f:eb:71:24:
         56:fa:20:06:19:03:b7:0a:d8:00:6f:bb:49:78:55:bf:eb:09:
         2f:0f:43:ba:cc:5b:99:7f:28:3f:9e:e7:70:50:6d:2c:52:47:
         46:82:9a:2d:c5:61:2f:6b:36:b2:5e:89:51:e8:ff:70:51:59:
         8c:b7:cf:ab
-----BEGIN CERTIFICATE-----
MIIFsTCCBJmgAwIBAgISAYwlb+6Cq1BwO7KgaqXEPtDbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MWQ0YTQzNzRkZjIyMmFjMzIzNWI5NjAyMjA2ZDk2YmYx
ZGFjODIwHhcNMjMxMjAxMTI1MjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjZiNTMzMGNiN2ZlMTUzZWM0YTE4ZjhhMGUyNTBhY2I5ZDJjNDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoC/ZivxmjOGF0cOaQ8GA/fHRmOl
8HxrN5aNzbhDjsyNeSE/6ipngFi6Q/R7xupxl8rMkjVS4klV2OzmCfAWYe0ZX5Wb
UpkuuncoAIG0k03DZncn8s5jt0FDSx9DGrubvUdRhAY/gJ1Z+oPLix4c42myRy/2
Vt77y6FCf2YkUDfKqGWCnsxk8kqPZ3dx/3eaQsER+nHshzguix+ldIBouwyzkiTv
T/W20AfpMihUm/uD9r9piiT+dDDqOnQ57NDOufr3Q2wtJ3UEntqxtKABJi9beFji
3A5OW+FDP0PzrjWoVx+XYksqY4EkHEoPGw4Ow88QIUi/ylqtwKHCXzVB7wIDAQAB
o4ICvTCCArkwHQYDVR0OBBYEFMtrUzDLf+FT7EoY+KDiUKy50sQYMB8GA1UdIwQY
MBaAFPcdSkN03yIqwyNblgIgbZa/HayCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXgxS1EzVGZJaXJESTF1V0FpQnRscjhkcklJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NzM5ZGMtMTEzMi00ODM3LTliODUt
ZTlhYzJiMDAzMTZhLzEveTJ0VE1NdF80VlBzU2hqNG9PSlFyTG5TeEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NzM5ZGMtMTEzMi00ODM3LTliODUtZTlhYzJiMDAzMTZh
LzEvOXgxS1EzVGZJaXJESTF1V0FpQnRscjhkcklJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHSBggrBgEFBQcBBwEB/wSBwjCBvzCBjQQCAAEwgYYDAwMC
eAMDAwLYAwMDBUADAwEuQAMDADMTAwMAM5IDAwEztgMDATO6AwMBM74DAwAzwgMD
ATPGAwMAM/EDAwBOVgMDAE5pAwMBV1ADAwVawDALAwMFXWADBAZdYIADBAVdYOAD
AwReAAMDAl7AAwMAlfEDAwOX4AMDArAYAwMDsPgDAwK83DAtBAIAAjAnAwUDKgIM
eDAOAwQAKgZZAwYHKgZZAQAwDgMFASoGWQIDBQMqBlkAMA0GCSqGSIb3DQEBCwUA
A4IBAQCEHEjGhwkBN0dliT2Ic763xh1VlN6UGGlB4vl38etE7LpYQ0H0oGARbk2v
vcFMB1gO0PCZcyTux3GHvIIyM+Db1Y0o3VZzL98jxDUfyUIwCvyDYH2HAeCqF3nr
qtKxQOD4Bp28cVgXIDNh8aVcTMaucfChz0UYNT39drXEgOvNq6iX/g4kZpzaBzgI
7XLVSGxPPQ9k257ij+5HWxd8SfuSEHWuftQxaKyXiB/9ahRQK7C4a4L3/R/SGwj2
716RuPBSqh/rcSRW+iAGGQO3CtgAb7tJeFW/6wkvD0O6zFuZfyg/nudwUG0sUkdG
gpotxWEvazayXolR6P9wUVmMt8+r
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:23 2024 by rpki-client on console-fra.rpki-client.org