Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IFc2GexFfotKn31viOVvaWREXVY.roa
File:                     IFc2GexFfotKn31viOVvaWREXVY.roa (raw, json)
Hash identifier:          IdjUB4KClZ9PoCr8+tV6ZQdWXAODb2l2Dd6M5JQSp8w=
Subject key identifier:   20:57:36:19:EC:45:7E:8B:4A:9F:7D:6F:88:E5:6F:69:64:44:5D:56
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018A86118883AAE71741A7D056A38DD03DB7
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IFc2GexFfotKn31viOVvaWREXVY.roa
Signing time:             Mon 11 Sep 2023 21:06:50 +0000
ROA not before:           Mon 11 Sep 2023 21:06:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62206
IP address blocks:        91.223.110.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          195.211.190.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          45.88.136.0/24 maxlen: 24
                          185.200.63.0/24 maxlen: 24
                          185.200.62.0/24 maxlen: 24
                          194.242.96.0/22 maxlen: 22
                          194.242.97.0/24 maxlen: 24
                          193.57.43.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.94.168.0/22 maxlen: 22
                          45.94.170.0/24 maxlen: 24
                          185.43.248.0/24 maxlen: 24
                          185.43.251.0/24 maxlen: 24
                          185.43.249.0/24 maxlen: 24
                          193.30.243.0/24 maxlen: 24
                          193.30.242.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          85.209.120.0/22 maxlen: 24
                          85.209.123.0/24 maxlen: 24
                          85.209.122.0/24 maxlen: 24
                          45.9.29.0/24 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
                          45.81.112.0/22 maxlen: 24
                          77.83.37.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          193.30.240.0/24 maxlen: 24
                          2a10:dfc0::/29 maxlen: 29
                          2a07:9200::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a0c:a580::/29 maxlen: 29
                          2a01:7120::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 12 Sep 2023 17:51:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:86:11:88:83:aa:e7:17:41:a7:d0:56:a3:8d:d0:3d:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep 11 21:06:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20573619ec457e8b4a9f7d6f88e56f6964445d56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:02:cc:2c:7e:01:0e:40:8e:f4:b8:af:ea:cd:
                    6e:65:d7:aa:f1:78:ea:96:b3:44:88:eb:20:8e:d3:
                    4c:b4:8d:9d:ea:71:3f:ac:11:5f:f3:d7:b9:7a:5c:
                    bb:32:fb:68:26:b9:1f:52:04:a0:2f:68:ad:c3:17:
                    21:0c:45:89:cc:81:e5:89:18:1a:f8:5f:29:f8:00:
                    63:16:de:2e:09:0b:10:24:ec:7e:30:e5:cf:28:73:
                    45:2b:64:d7:c1:aa:dd:b4:e1:88:44:a0:f8:02:8c:
                    db:ae:bb:83:11:10:bd:06:72:41:42:8f:0a:6c:7a:
                    3d:e1:9d:b2:7a:ed:76:fe:17:fe:ab:6a:7e:fb:84:
                    3f:9a:8f:b0:63:20:34:da:ab:04:31:23:96:48:80:
                    80:f2:ab:5a:d3:ed:2c:dc:29:a0:bd:0b:fc:1b:95:
                    9e:60:c5:32:80:07:45:d3:f9:b6:17:35:df:3f:72:
                    c2:57:0a:1a:cc:8a:44:d1:4b:fb:61:02:9c:be:f5:
                    5a:07:81:e2:44:45:ef:00:3b:f1:5f:32:a6:f0:8b:
                    2b:db:09:50:7d:59:4b:a1:6b:27:34:4b:2e:9a:b4:
                    e6:f7:a5:c3:7e:65:45:38:81:1a:93:1f:95:eb:bd:
                    1c:3e:69:58:3a:72:b6:d8:7f:45:f0:32:97:4d:3a:
                    a7:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:57:36:19:EC:45:7E:8B:4A:9F:7D:6F:88:E5:6F:69:64:44:5D:56
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/IFc2GexFfotKn31viOVvaWREXVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24
                  45.9.29.0/24
                  45.81.112.0/22
                  45.88.136.0/24
                  45.88.138.0/24
                  45.94.168.0/22
                  45.132.181.0-45.132.183.255
                  45.144.212.0/23
                  77.83.37.0/24
                  77.83.39.0/24
                  85.209.120.0/22
                  91.223.110.0/24
                  185.43.248.0/23
                  185.43.251.0/24
                  185.200.62.0/23
                  193.30.240.0/24
                  193.30.242.0/23
                  193.57.41.0/24
                  193.57.43.0/24
                  194.242.96.0/22
                  195.177.92.0-195.177.94.255
                  195.211.188.0/22
                IPv6:
                  2a01:7120::/32
                  2a07:9200::/29
                  2a0c:a580::/29
                  2a10:dfc0::/29
                  2a11:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         a4:c4:59:8c:65:58:10:60:06:93:84:2b:c7:fe:9f:7b:81:25:
         e3:0a:66:ab:e0:d4:fc:0e:87:61:3c:51:cf:0a:f4:51:2b:4e:
         a4:40:36:be:f4:16:7c:89:77:92:4c:86:7a:42:82:6d:b7:b8:
         25:26:c9:04:59:d4:76:6f:68:75:ac:a3:fa:40:b0:ad:03:d7:
         43:ec:2e:93:30:3b:3a:b0:f4:64:11:69:59:4a:f4:f7:c9:ae:
         80:ef:8c:e0:94:6f:fc:19:d9:88:e5:27:57:dd:e4:e0:1a:d9:
         af:6c:a3:f5:33:c3:7d:ff:4c:6f:64:a5:25:74:35:60:6d:fc:
         80:53:c2:2a:a9:23:bb:80:a7:1d:45:ab:5e:8d:b5:f5:db:4e:
         21:c9:67:9f:29:9e:b6:3f:ab:e6:9d:57:6b:78:52:ca:d7:8e:
         be:e8:19:2c:b4:1d:f4:e6:4d:e3:aa:55:71:80:10:a7:6d:84:
         15:4c:cd:2d:81:26:4a:00:3c:35:bf:93:ef:04:c7:3e:1a:de:
         00:db:de:64:34:92:6a:a9:b8:1a:1f:c4:6e:31:45:0e:db:e8:
         d6:28:99:d9:0e:60:13:83:4a:ce:4d:7f:a6:3e:7b:6a:6b:39:
         a0:a2:d7:1a:e4:df:33:8d:23:ed:a6:2f:2a:c3:08:2f:d3:e2:
         d7:6c:db:07
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgISAYqGEYiDqucXQafQVqON0D23MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMwOTExMjEwNjUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU3MzYxOWVjNDU3ZThiNGE5ZjdkNmY4OGU1NmY2OTY0NDQ1ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwLMLH4BDkCO9Liv6s1uZdeq8Xjq
lrNEiOsgjtNMtI2d6nE/rBFf89e5ely7MvtoJrkfUgSgL2itwxchDEWJzIHliRga
+F8p+ABjFt4uCQsQJOx+MOXPKHNFK2TXwardtOGIRKD4AozbrruDERC9BnJBQo8K
bHo94Z2yeu12/hf+q2p++4Q/mo+wYyA02qsEMSOWSICA8qta0+0s3CmgvQv8G5We
YMUygAdF0/m2FzXfP3LCVwoazIpE0Uv7YQKcvvVaB4HiREXvADvxXzKm8Isr2wlQ
fVlLoWsnNEsumrTm96XDfmVFOIEakx+V670cPmlYOnK22H9F8DKXTTqnfQIDAQAB
o4ICxzCCAsMwHQYDVR0OBBYEFCBXNhnsRX6LSp99b4jlb2lkRF1WMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvSUZjMkdleEZmb3RLbjMxdmlPVnZhV1JFWFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHcBggrBgEFBQcBBwEB/wSBzDCByTCBmwQCAAEwgZQDBAAF
tVcDBAAtCR0DBAItUXADBAAtWIgDBAAtWIoDBAItXqgwDAMEAC2EtQMEAy2EsAME
AS2Q1AMEAE1TJQMEAE1TJwMEAlXReAMEAFvfbgMEAbkr+AMEALkr+wMEAbnIPgME
AMEe8AMEAcEe8gMEAME5KQMEAME5KwMEAsLyYDAMAwQCw7FcAwQAw7FeAwQCw9O8
MCkEAgACMCMDBQAqAXEgAwUDKgeSAAMFAyoMpYADBQMqEN/AAwUDKhEFgDANBgkq
hkiG9w0BAQsFAAOCAQEApMRZjGVYEGAGk4Qrx/6fe4El4wpmq+DU/A6HYTxRzwr0
UStOpEA2vvQWfIl3kkyGekKCbbe4JSbJBFnUdm9odayj+kCwrQPXQ+wukzA7OrD0
ZBFpWUr098mugO+M4JRv/BnZiOUnV93k4BrZr2yj9TPDff9Mb2SlJXQ1YG38gFPC
Kqkju4CnHUWrXo219dtOIclnnymetj+r5p1Xa3hSyteOvugZLLQd9OZN46pVcYAQ
p22EFUzNLYEmSgA8Nb+T7wTHPhreANveZDSSaqm4Gh/EbjFFDtvo1iiZ2Q5gE4NK
zk1/pj57ams5oKLXGuTfM40j7aYvKsMIL9Pi12zbBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:31 2024 by rpki-client on console-fra.rpki-client.org