Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1q8dWJ0iyXwrxDgn0S4qpONJh0c.roa
File:                     1q8dWJ0iyXwrxDgn0S4qpONJh0c.roa (raw, json)
Hash identifier:          90RDg49Yew7B+TNtnCDkkbUi2QAGIJUok+k5zjrBe2s=
Subject key identifier:   D6:AF:1D:58:9D:22:C9:7C:2B:C4:38:27:D1:2E:2A:A4:E3:49:87:47
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018AF03A2896227B0F59369F496AD97CE9C0
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1q8dWJ0iyXwrxDgn0S4qpONJh0c.roa
Signing time:             Mon 02 Oct 2023 11:50:57 +0000
ROA not before:           Mon 02 Oct 2023 11:50:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          2.56.109.0/24 maxlen: 24
                          2.56.110.0/24 maxlen: 24
                          45.138.183.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 02 Oct 2023 16:43:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f0:3a:28:96:22:7b:0f:59:36:9f:49:6a:d9:7c:e9:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct  2 11:50:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d6af1d589d22c97c2bc43827d12e2aa4e3498747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:85:22:03:f9:bf:df:97:91:ce:3d:04:bf:b2:
                    44:7c:3c:1e:6a:b7:51:0b:0e:3f:8c:46:3e:ee:a4:
                    16:0a:87:31:d9:80:ec:be:40:26:de:2b:db:2f:37:
                    4c:0c:91:b6:8b:42:f9:62:0f:08:f2:08:ce:46:e6:
                    12:22:7a:dc:0b:46:fb:43:eb:d6:17:7e:22:66:c8:
                    4a:4c:bb:54:9c:e8:48:59:6a:06:03:02:7d:3d:d6:
                    03:78:5d:a9:98:3e:2a:d7:f7:9d:81:c7:5c:57:f1:
                    50:33:60:10:e6:9b:ac:89:f5:d3:4e:4a:0d:f1:72:
                    ba:75:d8:ed:48:96:77:6d:10:e6:95:f1:7e:98:5a:
                    dc:21:02:d5:70:51:9e:f4:69:ee:c4:dc:71:b2:a3:
                    d8:c8:d8:5d:3b:04:33:b2:91:0d:64:84:67:0d:2a:
                    39:d5:8b:06:74:72:9d:8d:d9:bb:84:e1:57:35:0c:
                    7e:b8:34:aa:f0:6b:e7:57:96:e8:4d:a3:33:9e:f1:
                    3d:78:83:f2:da:af:d1:89:c5:57:d8:0b:c0:9a:20:
                    d3:23:6d:aa:d2:4d:23:86:41:c1:53:2f:3d:1f:94:
                    ef:51:ed:90:6f:0a:09:3a:6a:52:18:82:4f:21:10:
                    2c:42:dc:f4:09:3c:30:12:4f:60:58:24:65:dd:71:
                    9a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:AF:1D:58:9D:22:C9:7C:2B:C4:38:27:D1:2E:2A:A4:E3:49:87:47
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/1q8dWJ0iyXwrxDgn0S4qpONJh0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.109.0-2.56.110.255
                  45.94.171.0/24
                  45.138.183.0/24
                  45.144.213.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  195.62.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:71:3b:17:64:8c:fd:6c:ae:30:ad:59:de:6d:c5:c9:84:bd:
         ed:53:c0:ae:75:f7:62:13:a9:f7:82:e3:36:a6:b5:df:82:06:
         bc:9d:d5:f9:3c:7a:95:4b:22:33:51:f8:63:28:dd:0f:d9:02:
         25:ab:48:08:10:f7:69:6f:f9:68:68:0f:47:d5:9a:2b:fb:c4:
         6a:69:ba:72:33:01:81:2e:17:4d:d2:4d:13:6f:54:12:9c:79:
         d5:e8:db:f3:7a:c5:ef:93:ed:45:f7:8a:ef:a8:38:3e:89:62:
         c7:2d:02:ea:b2:fe:a5:34:09:0d:c4:d2:6f:11:0c:7e:57:bb:
         8b:92:55:aa:b2:b6:2c:89:95:1e:bd:eb:30:4c:54:11:11:f7:
         a7:53:a1:af:c8:26:7c:6c:e4:b4:93:5d:df:7a:d2:83:da:d3:
         75:ca:02:40:59:c4:bd:c2:65:39:25:cb:ce:1b:16:14:f3:d6:
         1f:78:4a:62:3b:a1:96:49:5f:53:93:f3:bd:44:14:24:80:57:
         19:eb:66:01:ad:3a:b5:e9:b0:20:91:d1:1c:7e:75:88:98:1e:
         e6:5a:09:b3:9a:51:e2:29:b9:ea:55:5f:4f:e5:bd:d1:af:a2:
         95:72:93:73:fc:58:3e:80:b0:ea:b9:7b:73:16:90:f5:4d:65:
         31:72:68:3b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYrwOiiWInsPWTafSWrZfOnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMDAyMTE1MDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmFmMWQ1ODlkMjJjOTdjMmJjNDM4MjdkMTJlMmFhNGUzNDk4NzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4UiA/m/35eRzj0Ev7JEfDweardR
Cw4/jEY+7qQWCocx2YDsvkAm3ivbLzdMDJG2i0L5Yg8I8gjORuYSInrcC0b7Q+vW
F34iZshKTLtUnOhIWWoGAwJ9PdYDeF2pmD4q1/edgcdcV/FQM2AQ5pusifXTTkoN
8XK6ddjtSJZ3bRDmlfF+mFrcIQLVcFGe9GnuxNxxsqPYyNhdOwQzspENZIRnDSo5
1YsGdHKdjdm7hOFXNQx+uDSq8GvnV5boTaMznvE9eIPy2q/RicVX2AvAmiDTI22q
0k0jhkHBUy89H5TvUe2QbwoJOmpSGIJPIRAsQtz0CTwwEk9gWCRl3XGaQwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFNavHVidIsl8K8Q4J9EuKqTjSYdHMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvMXE4ZFdKMGl5WHdyeERnbjBTNHFwT05KaDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAACOG0D
BAACOG4DBAAtXqsDBAAtircDBAAtkNUDBABNUycDBAFV0XgDBADDPhgwDQYJKoZI
hvcNAQELBQADggEBALdxOxdkjP1srjCtWd5txcmEve1TwK5192ITqfeC4zamtd+C
Bryd1fk8epVLIjNR+GMo3Q/ZAiWrSAgQ92lv+WhoD0fVmiv7xGppunIzAYEuF03S
TRNvVBKcedXo2/N6xe+T7UX3iu+oOD6JYsctAuqy/qU0CQ3E0m8RDH5Xu4uSVaqy
tiyJlR696zBMVBER96dToa/IJnxs5LSTXd960oPa03XKAkBZxL3CZTkly84bFhTz
1h94SmI7oZZJX1OT871EFCSAVxnrZgGtOrXpsCCR0Rx+dYiYHuZaCbOaUeIpuepV
X0/lvdGvopVyk3P8WD6AsOq5e3MWkPVNZTFyaDs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:17 2024 by rpki-client on console-ams.rpki-client.org