Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DCdzTmyBPvSojKOAiDDstxPcdP4.roa
File:                     DCdzTmyBPvSojKOAiDDstxPcdP4.roa (raw, json)
Hash identifier:          6TmX6XQ+X7NGiYwpzJ+jsp7my9dmhqJKca10BYzgUDU=
Subject key identifier:   0C:27:73:4E:6C:81:3E:F4:A8:8C:A3:80:88:30:EC:B7:13:DC:74:FE
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018AF4D719AC77D4529E46DD89F26A72EDC6
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DCdzTmyBPvSojKOAiDDstxPcdP4.roa
Signing time:             Tue 03 Oct 2023 09:20:51 +0000
ROA not before:           Tue 03 Oct 2023 09:20:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62206
IP address blocks:        91.223.110.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          195.211.190.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          45.88.136.0/24 maxlen: 24
                          185.200.63.0/24 maxlen: 24
                          185.200.62.0/24 maxlen: 24
                          194.242.96.0/22 maxlen: 22
                          194.242.97.0/24 maxlen: 24
                          193.57.43.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.94.168.0/22 maxlen: 22
                          45.94.170.0/24 maxlen: 24
                          185.43.248.0/24 maxlen: 24
                          185.43.251.0/24 maxlen: 24
                          185.43.249.0/24 maxlen: 24
                          193.30.243.0/24 maxlen: 24
                          193.30.242.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          85.209.120.0/22 maxlen: 24
                          85.209.123.0/24 maxlen: 24
                          85.209.122.0/24 maxlen: 24
                          45.9.29.0/24 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
                          45.81.112.0/22 maxlen: 24
                          77.83.37.0/24 maxlen: 24
                          193.30.240.0/24 maxlen: 24
                          2a10:dfc0::/29 maxlen: 29
                          2a07:9200::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a0c:a580::/29 maxlen: 29
                          2a01:7120::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 03 Oct 2023 15:24:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f4:d7:19:ac:77:d4:52:9e:46:dd:89:f2:6a:72:ed:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct  3 09:20:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0c27734e6c813ef4a88ca3808830ecb713dc74fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:5b:30:8b:af:a8:90:11:d0:a8:be:d4:94:09:
                    f3:00:56:87:aa:20:d6:ba:54:48:51:9d:14:5a:cb:
                    59:3c:c4:6c:41:b6:bd:ca:71:1a:4e:6f:b0:1e:ae:
                    50:ff:30:16:e6:16:4c:31:22:7f:e3:e3:ae:dd:23:
                    06:37:46:89:02:c6:55:f7:c9:f5:0e:e7:7b:85:d7:
                    7f:4e:fe:b5:35:3d:1d:20:29:16:1b:e0:49:00:f4:
                    01:e7:ab:50:45:e5:a7:bb:61:ef:15:c3:0a:4b:da:
                    0c:e2:d2:b6:82:32:17:de:07:7a:e4:92:60:13:40:
                    40:ab:01:23:20:03:ca:22:8b:2a:68:8c:8e:00:10:
                    74:fe:2f:85:78:46:b0:9a:95:5b:3d:52:b0:4d:eb:
                    72:55:95:46:77:be:42:2f:66:2a:30:53:c7:2b:6e:
                    f8:e9:ac:89:c7:54:25:2b:c0:65:bc:2c:5b:25:50:
                    2f:c0:4e:08:09:a3:5d:ea:0a:71:c7:c9:c1:34:48:
                    19:73:01:2f:47:30:db:df:4c:59:1e:2c:d3:55:3e:
                    45:9c:95:d4:27:67:73:ef:49:a2:04:cb:86:85:59:
                    42:d7:6e:9f:d8:f5:ae:97:96:4e:d5:0c:e9:06:fa:
                    6d:60:f1:14:22:4a:f8:9d:59:1e:2d:0f:e2:f2:f2:
                    3f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:27:73:4E:6C:81:3E:F4:A8:8C:A3:80:88:30:EC:B7:13:DC:74:FE
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/DCdzTmyBPvSojKOAiDDstxPcdP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24
                  45.9.29.0/24
                  45.81.112.0/22
                  45.88.136.0/24
                  45.88.138.0/24
                  45.94.168.0/22
                  45.132.181.0-45.132.183.255
                  45.144.212.0/24
                  77.83.37.0/24
                  77.83.39.0/24
                  85.209.120.0/22
                  91.223.110.0/24
                  185.43.248.0/23
                  185.43.251.0/24
                  185.200.62.0/23
                  193.30.240.0/24
                  193.30.242.0/23
                  193.57.43.0/24
                  194.242.96.0/22
                  195.177.92.0-195.177.94.255
                  195.211.188.0/22
                IPv6:
                  2a01:7120::/32
                  2a07:9200::/29
                  2a0c:a580::/29
                  2a10:dfc0::/29
                  2a11:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         1c:2d:c8:6e:83:d3:4e:13:06:6c:c8:f1:73:ed:b3:af:43:8c:
         06:83:dd:41:07:4c:2c:73:f3:23:f2:53:ee:1b:11:85:30:72:
         b9:3e:70:3c:02:f4:03:7e:9b:0a:6e:19:cc:09:d3:5b:35:f6:
         5d:aa:c5:77:14:af:7b:2e:08:5d:74:d9:32:21:4c:81:a8:55:
         a6:73:75:1f:4d:65:0b:f7:79:50:d8:b2:d8:22:51:f9:25:84:
         1b:bb:11:83:7d:9d:9f:2f:89:3c:0d:42:8f:75:e8:5b:55:aa:
         1e:9d:79:00:6e:81:f2:65:12:4a:86:4e:93:fb:02:0e:61:29:
         e5:0d:d3:f8:fe:2c:48:b4:64:7b:37:cd:c0:c0:f2:71:4a:f3:
         47:fa:f7:a6:08:b9:d1:97:e5:0d:23:b3:40:9f:24:5c:26:76:
         4d:3f:2f:3e:47:a3:a1:18:18:9b:97:f4:da:9a:31:70:5a:e0:
         af:a9:1d:18:84:46:1e:15:90:76:b1:8f:c9:1e:3e:28:2a:eb:
         69:52:10:e9:8b:72:56:81:f8:ac:c2:ed:d0:67:5e:78:7d:17:
         32:0c:2c:c0:06:9f:f8:9a:f8:bf:da:06:80:43:cf:e1:7b:4e:
         d6:80:8d:aa:77:48:27:6b:db:5a:97:ce:a7:5a:f5:1e:fc:46:
         37:7b:a5:f6
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgISAYr01xmsd9RSnkbdifJqcu3GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMDAzMDkyMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzI3NzM0ZTZjODEzZWY0YTg4Y2EzODA4ODMwZWNiNzEzZGM3NGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVswi6+okBHQqL7UlAnzAFaHqiDW
ulRIUZ0UWstZPMRsQba9ynEaTm+wHq5Q/zAW5hZMMSJ/4+Ou3SMGN0aJAsZV98n1
Dud7hdd/Tv61NT0dICkWG+BJAPQB56tQReWnu2HvFcMKS9oM4tK2gjIX3gd65JJg
E0BAqwEjIAPKIosqaIyOABB0/i+FeEawmpVbPVKwTetyVZVGd75CL2YqMFPHK274
6ayJx1QlK8BlvCxbJVAvwE4ICaNd6gpxx8nBNEgZcwEvRzDb30xZHizTVT5FnJXU
J2dz70miBMuGhVlC126f2PWul5ZO1QzpBvptYPEUIkr4nVkeLQ/i8vI/CwIDAQAB
o4ICwTCCAr0wHQYDVR0OBBYEFAwnc05sgT70qIyjgIgw7LcT3HT+MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRENkelRteUJQdlNvaktPQWlERHN0eFBjZFA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHWBggrBgEFBQcBBwEB/wSBxjCBwzCBlQQCAAEwgY4DBAAF
tVcDBAAtCR0DBAItUXADBAAtWIgDBAAtWIoDBAItXqgwDAMEAC2EtQMEAy2EsAME
AC2Q1AMEAE1TJQMEAE1TJwMEAlXReAMEAFvfbgMEAbkr+AMEALkr+wMEAbnIPgME
AMEe8AMEAcEe8gMEAME5KwMEAsLyYDAMAwQCw7FcAwQAw7FeAwQCw9O8MCkEAgAC
MCMDBQAqAXEgAwUDKgeSAAMFAyoMpYADBQMqEN/AAwUDKhEFgDANBgkqhkiG9w0B
AQsFAAOCAQEAHC3IboPTThMGbMjxc+2zr0OMBoPdQQdMLHPzI/JT7hsRhTByuT5w
PAL0A36bCm4ZzAnTWzX2XarFdxSvey4IXXTZMiFMgahVpnN1H01lC/d5UNiy2CJR
+SWEG7sRg32dny+JPA1Cj3XoW1WqHp15AG6B8mUSSoZOk/sCDmEp5Q3T+P4sSLRk
ezfNwMDycUrzR/r3pgi50ZflDSOzQJ8kXCZ2TT8vPkejoRgYm5f02poxcFrgr6kd
GIRGHhWQdrGPyR4+KCrraVIQ6YtyVoH4rMLt0GdeeH0XMgwswAaf+Jr4v9oGgEPP
4XtO1oCNqndIJ2vbWpfOp1r1HvxGN3ul9g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:31 2024 by rpki-client on console-fra.rpki-client.org