Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mCHmnAiuWGnjAgnKoD6lmfdqlPY.roa
File:                     mCHmnAiuWGnjAgnKoD6lmfdqlPY.roa (raw, json)
Hash identifier:          qof1o/9vDgYggLF5P0WtzYY6k7bLimnBh8LxA1iOW6g=
Subject key identifier:   98:21:E6:9C:08:AE:58:69:E3:02:09:CA:A0:3E:A5:99:F7:6A:94:F6
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018A2BC3151C7F6D4F285CA85573692A174C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mCHmnAiuWGnjAgnKoD6lmfdqlPY.roa
Signing time:             Fri 25 Aug 2023 08:15:19 +0000
ROA not before:           Fri 25 Aug 2023 08:15:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62206
IP address blocks:        91.223.110.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          195.211.190.0/24 maxlen: 24
                          2.56.108.0/22 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          45.88.136.0/24 maxlen: 24
                          185.200.63.0/24 maxlen: 24
                          185.200.62.0/24 maxlen: 24
                          194.242.96.0/22 maxlen: 22
                          194.242.97.0/24 maxlen: 24
                          193.57.43.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          195.62.24.0/24 maxlen: 24
                          45.94.168.0/22 maxlen: 22
                          45.94.170.0/24 maxlen: 24
                          185.43.248.0/24 maxlen: 24
                          185.43.251.0/24 maxlen: 24
                          185.43.249.0/24 maxlen: 24
                          193.30.243.0/24 maxlen: 24
                          193.30.242.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/22 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          85.209.123.0/24 maxlen: 24
                          85.209.122.0/24 maxlen: 24
                          193.30.241.0/24 maxlen: 24
                          45.9.29.0/24 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
                          45.81.112.0/22 maxlen: 24
                          193.30.240.0/24 maxlen: 24
                          2a10:dfc0::/29 maxlen: 29
                          2a07:9200::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a0c:a580::/29 maxlen: 29
                          2a01:7120::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sat 26 Aug 2023 09:06:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:2b:c3:15:1c:7f:6d:4f:28:5c:a8:55:73:69:2a:17:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug 25 08:15:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9821e69c08ae5869e30209caa03ea599f76a94f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ed:92:50:0d:17:50:63:07:11:68:93:c2:96:
                    bc:35:a6:54:94:26:eb:3e:6b:e7:38:b9:c0:88:8a:
                    30:80:6e:99:87:48:3a:88:91:68:3a:89:06:59:8f:
                    8f:10:3a:8a:85:71:9b:d5:79:b8:41:f8:a0:15:ee:
                    87:89:67:30:4d:f1:e9:5d:93:44:11:51:1e:6d:ae:
                    ea:0b:43:b4:c7:49:2f:c8:c5:f1:5c:33:b0:dc:c2:
                    11:2a:82:5c:3e:7b:95:85:6d:07:a5:45:92:dc:99:
                    d8:bb:f0:8c:3f:01:15:70:c7:55:7f:72:08:89:56:
                    ad:e3:7f:38:d9:9a:d4:c4:2f:e5:8a:cf:e2:69:f2:
                    b0:b3:64:7d:fe:13:f9:56:9e:dd:ef:b4:88:f4:70:
                    0e:82:61:13:72:b0:9d:42:ef:04:4e:ee:04:ba:d6:
                    a9:be:05:73:b0:d5:b3:61:6e:32:35:22:9f:5a:1f:
                    94:54:90:3c:d6:8e:72:ff:6f:2d:6f:b3:15:f7:7b:
                    f6:aa:37:c0:ca:81:9e:a0:30:1d:4e:6c:91:9b:bf:
                    74:31:79:18:27:5b:83:75:74:90:33:d1:4a:d0:a8:
                    be:67:ee:6e:c8:29:09:ad:c5:3a:61:18:ec:cb:b6:
                    76:a2:01:b6:2d:f8:27:14:27:28:80:53:e6:25:1f:
                    52:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:21:E6:9C:08:AE:58:69:E3:02:09:CA:A0:3E:A5:99:F7:6A:94:F6
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/mCHmnAiuWGnjAgnKoD6lmfdqlPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.108.0/22
                  5.181.87.0/24
                  45.9.29.0/24
                  45.81.112.0/22
                  45.88.136.0/24
                  45.88.138.0/23
                  45.94.168.0/22
                  45.132.181.0-45.132.183.255
                  45.144.212.0/23
                  77.83.39.0/24
                  85.209.120.0/22
                  91.223.110.0/24
                  185.43.248.0/23
                  185.43.251.0/24
                  185.200.62.0/23
                  193.30.240.0/22
                  193.57.41.0/24
                  193.57.43.0/24
                  194.242.96.0/22
                  195.62.24.0/24
                  195.177.92.0/22
                  195.211.188.0/22
                IPv6:
                  2a01:7120::/32
                  2a07:9200::/29
                  2a0c:a580::/29
                  2a10:dfc0::/29
                  2a11:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:95:3f:dd:32:ee:c3:2b:de:86:86:15:85:22:2a:c7:1c:d6:
         2a:7a:f4:a4:a8:72:fb:ee:bb:d7:c0:8f:14:86:a7:5b:ad:c6:
         af:0e:ac:97:21:43:41:02:fd:a1:ad:80:9a:ad:23:86:c1:ea:
         ea:14:a9:6c:d0:c9:ce:38:ad:01:aa:fe:1b:55:85:59:b2:d0:
         98:46:7b:a3:80:d3:da:56:ba:05:35:7c:91:a1:27:f4:f0:68:
         29:85:20:6a:8a:7f:9f:c5:8b:aa:be:64:50:6e:ff:ab:2b:e5:
         c5:09:52:c1:87:2c:65:ef:b9:72:12:9c:20:58:62:fa:04:59:
         b5:a6:40:ee:92:6b:18:e8:0e:0a:22:4a:14:ac:d8:eb:56:b0:
         8d:82:01:bd:c6:39:66:00:b2:ff:2f:fc:db:00:30:f6:cb:bd:
         dd:03:17:0b:31:7b:f7:1c:f5:45:11:a3:7c:03:cc:ba:e0:de:
         d9:3e:d4:70:89:79:c3:67:13:d8:cd:12:ee:22:74:f5:f4:17:
         70:c0:39:87:af:65:1e:d0:53:ff:d2:e0:27:9a:a8:82:3e:6a:
         60:90:8a:e9:41:e0:c1:d1:e3:8f:1a:94:0a:5e:77:9f:9d:61:
         b5:a8:96:3a:df:4b:57:bd:27:14:31:81:19:47:18:89:1f:99:
         4d:e7:91:66
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgISAYorwxUcf21PKFyoVXNpKhdMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMwODI1MDgxNTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODIxZTY5YzA4YWU1ODY5ZTMwMjA5Y2FhMDNlYTU5OWY3NmE5NGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhe2SUA0XUGMHEWiTwpa8NaZUlCbr
PmvnOLnAiIowgG6Zh0g6iJFoOokGWY+PEDqKhXGb1Xm4QfigFe6HiWcwTfHpXZNE
EVEeba7qC0O0x0kvyMXxXDOw3MIRKoJcPnuVhW0HpUWS3JnYu/CMPwEVcMdVf3II
iVat43842ZrUxC/lis/iafKws2R9/hP5Vp7d77SI9HAOgmETcrCdQu8ETu4Eutap
vgVzsNWzYW4yNSKfWh+UVJA81o5y/28tb7MV93v2qjfAyoGeoDAdTmyRm790MXkY
J1uDdXSQM9FK0Ki+Z+5uyCkJrcU6YRjsy7Z2ogG2LfgnFCcogFPmJR9SjwIDAQAB
o4ICvzCCArswHQYDVR0OBBYEFJgh5pwIrlhp4wIJyqA+pZn3apT2MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvbUNIbW5BaXVXR25qQWduS29ENmxtZmRxbFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHUBggrBgEFBQcBBwEB/wSBxDCBwTCBkwQCAAEwgYwDBAIC
OGwDBAAFtVcDBAAtCR0DBAItUXADBAAtWIgDBAEtWIoDBAItXqgwDAMEAC2EtQME
Ay2EsAMEAS2Q1AMEAE1TJwMEAlXReAMEAFvfbgMEAbkr+AMEALkr+wMEAbnIPgME
AsEe8AMEAME5KQMEAME5KwMEAsLyYAMEAMM+GAMEAsOxXAMEAsPTvDApBAIAAjAj
AwUAKgFxIAMFAyoHkgADBQMqDKWAAwUDKhDfwAMFAyoRBYAwDQYJKoZIhvcNAQEL
BQADggEBALqVP90y7sMr3oaGFYUiKscc1ip69KSocvvuu9fAjxSGp1utxq8OrJch
Q0EC/aGtgJqtI4bB6uoUqWzQyc44rQGq/htVhVmy0JhGe6OA09pWugU1fJGhJ/Tw
aCmFIGqKf5/Fi6q+ZFBu/6sr5cUJUsGHLGXvuXISnCBYYvoEWbWmQO6SaxjoDgoi
ShSs2OtWsI2CAb3GOWYAsv8v/NsAMPbLvd0DFwsxe/cc9UURo3wDzLrg3tk+1HCJ
ecNnE9jNEu4idPX0F3DAOYevZR7QU//S4CeaqII+amCQiulB4MHR448alAped5+d
YbWoljrfS1e9JxQxgRlHGIkfmU3nkWY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:19 2024 by rpki-client on console-ams.rpki-client.org