Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/sUYe5EalfltHQC4L1ZYLYbsOFvQ.roa
File:                     sUYe5EalfltHQC4L1ZYLYbsOFvQ.roa (raw, json)
Hash identifier:          Xe20Jf8uZDr+XI6HQRAmbMnO/85gu/6bcYxY+aZTCKo=
Subject key identifier:   B1:46:1E:E4:46:A5:7E:5B:47:40:2E:0B:D5:96:0B:61:BB:0E:16:F4
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018AF623EB9BDE690AE23037F17BFAF1884F
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/sUYe5EalfltHQC4L1ZYLYbsOFvQ.roa
Signing time:             Tue 03 Oct 2023 15:24:23 +0000
ROA not before:           Tue 03 Oct 2023 15:24:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62206
IP address blocks:        91.223.110.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          195.211.190.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          45.88.136.0/24 maxlen: 24
                          185.200.63.0/24 maxlen: 24
                          185.200.62.0/24 maxlen: 24
                          194.242.96.0/22 maxlen: 22
                          194.242.97.0/24 maxlen: 24
                          193.57.43.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.94.168.0/22 maxlen: 22
                          45.94.170.0/24 maxlen: 24
                          185.43.248.0/24 maxlen: 24
                          185.43.251.0/24 maxlen: 24
                          185.43.249.0/24 maxlen: 24
                          193.30.243.0/24 maxlen: 24
                          193.30.242.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/22 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          85.209.123.0/24 maxlen: 24
                          85.209.122.0/24 maxlen: 24
                          45.9.29.0/24 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
                          77.83.37.0/24 maxlen: 24
                          193.30.240.0/24 maxlen: 24
                          2a10:dfc0::/29 maxlen: 29
                          2a07:9200::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a0c:a580::/29 maxlen: 29
                          2a01:7120::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 05 Oct 2023 13:52:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:f6:23:eb:9b:de:69:0a:e2:30:37:f1:7b:fa:f1:88:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct  3 15:24:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b1461ee446a57e5b47402e0bd5960b61bb0e16f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ff:b4:2a:00:6f:0e:c4:e9:4a:78:a7:10:ad:
                    7a:ca:44:24:ca:c3:6a:e5:3f:cf:7e:6a:80:2d:21:
                    dd:b6:cf:0a:b1:9b:62:f6:11:7a:fb:f1:45:f2:e8:
                    07:75:ea:1a:1b:4f:37:56:73:5b:44:15:72:71:14:
                    99:2a:02:ee:0a:f9:7f:cd:a3:4b:a8:d4:ff:5b:fc:
                    00:6d:e6:f4:1f:1f:fd:9c:69:40:67:02:80:f4:42:
                    01:97:ce:f1:88:8b:86:45:68:be:e6:63:84:97:7a:
                    50:14:0a:31:59:7c:a9:64:e0:9b:b3:de:63:d1:b0:
                    44:2a:cf:c2:9e:e0:14:39:e0:61:6c:27:4a:ff:80:
                    24:8c:fb:35:ed:42:c5:a3:6a:ff:d8:97:37:3a:2e:
                    3b:fb:93:85:6a:7e:4b:28:d4:95:83:aa:aa:50:a6:
                    a2:0d:27:50:a3:35:1a:62:46:2e:ba:4f:08:fb:81:
                    20:80:e7:33:32:67:37:22:91:bd:c2:95:8b:0d:9d:
                    2c:70:b1:1f:b5:6e:9c:fe:82:ac:76:c6:47:a6:81:
                    74:21:57:98:88:56:d0:0e:84:8b:9d:bd:5c:98:61:
                    a2:60:40:9a:2e:03:97:29:a3:cf:d9:56:0e:87:37:
                    a6:7c:5d:87:35:20:ba:b7:da:74:b2:34:f5:f8:b8:
                    03:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:46:1E:E4:46:A5:7E:5B:47:40:2E:0B:D5:96:0B:61:BB:0E:16:F4
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/sUYe5EalfltHQC4L1ZYLYbsOFvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24
                  45.9.29.0/24
                  45.88.136.0/24
                  45.88.138.0/24
                  45.94.168.0/22
                  45.132.181.0-45.132.183.255
                  45.144.212.0/24
                  77.83.37.0/24
                  77.83.39.0/24
                  85.209.120.0/22
                  91.223.110.0/24
                  185.43.248.0/23
                  185.43.251.0/24
                  185.200.62.0/23
                  193.30.240.0/24
                  193.30.242.0/23
                  193.57.43.0/24
                  194.242.96.0/22
                  195.177.92.0-195.177.94.255
                  195.211.188.0/22
                IPv6:
                  2a01:7120::/32
                  2a07:9200::/29
                  2a0c:a580::/29
                  2a10:dfc0::/29
                  2a11:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:0e:b3:1d:65:68:bd:dd:69:1a:ec:58:6a:1d:eb:4b:0e:e2:
         25:2e:4b:1a:89:21:6c:a7:be:4a:2c:c3:66:87:35:8d:30:76:
         72:de:78:89:68:2f:04:a4:79:a9:58:00:40:60:a3:cc:b0:7d:
         16:44:65:60:74:05:c8:24:8e:70:3d:6b:07:12:dc:35:3c:b0:
         b1:e2:ae:5d:cf:81:40:ac:1e:fd:a4:12:9c:ed:62:10:12:39:
         87:5c:4a:89:51:a5:25:8a:ea:7c:28:98:d5:5d:89:54:0f:cf:
         29:82:b5:c2:76:23:aa:0e:56:2f:81:46:ef:bd:44:62:af:ea:
         76:45:46:ca:cb:eb:6c:ee:62:a5:c5:20:95:37:23:ec:00:43:
         1d:a5:95:c4:5c:e4:d3:7d:8a:1d:ae:30:bf:2b:29:63:49:93:
         23:f4:03:3b:63:bd:c2:d3:c5:8b:65:ee:99:de:f7:d8:85:ee:
         31:28:a5:4f:c8:cd:a1:bc:e0:b1:87:f3:c4:25:da:6e:e2:86:
         c0:03:3f:8b:47:92:86:27:e0:55:67:cf:ef:33:58:74:f9:b2:
         65:4e:6e:81:cb:1b:41:ce:b5:ed:72:9f:27:71:df:47:12:f0:
         c5:3b:3f:fe:16:56:89:47:5b:95:09:6d:61:c2:18:e7:6d:ed:
         8a:a6:75:9e
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAYr2I+ub3mkK4jA38Xv68YhPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMDAzMTUyNDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ2MWVlNDQ2YTU3ZTViNDc0MDJlMGJkNTk2MGI2MWJiMGUxNmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/+0KgBvDsTpSninEK16ykQkysNq
5T/PfmqALSHdts8KsZti9hF6+/FF8ugHdeoaG083VnNbRBVycRSZKgLuCvl/zaNL
qNT/W/wAbeb0Hx/9nGlAZwKA9EIBl87xiIuGRWi+5mOEl3pQFAoxWXypZOCbs95j
0bBEKs/CnuAUOeBhbCdK/4AkjPs17ULFo2r/2Jc3Oi47+5OFan5LKNSVg6qqUKai
DSdQozUaYkYuuk8I+4EggOczMmc3IpG9wpWLDZ0scLEftW6c/oKsdsZHpoF0IVeY
iFbQDoSLnb1cmGGiYECaLgOXKaPP2VYOhzemfF2HNSC6t9p0sjT1+LgDWwIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFLFGHuRGpX5bR0AuC9WWC2G7Dhb0MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvc1VZZTVFYWxmbHRIUUM0TDFaWUxZYnNPRnZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHQBggrBgEFBQcBBwEB/wSBwDCBvTCBjwQCAAEwgYgDBAAF
tVcDBAAtCR0DBAAtWIgDBAAtWIoDBAItXqgwDAMEAC2EtQMEAy2EsAMEAC2Q1AME
AE1TJQMEAE1TJwMEAlXReAMEAFvfbgMEAbkr+AMEALkr+wMEAbnIPgMEAMEe8AME
AcEe8gMEAME5KwMEAsLyYDAMAwQCw7FcAwQAw7FeAwQCw9O8MCkEAgACMCMDBQAq
AXEgAwUDKgeSAAMFAyoMpYADBQMqEN/AAwUDKhEFgDANBgkqhkiG9w0BAQsFAAOC
AQEAdA6zHWVovd1pGuxYah3rSw7iJS5LGokhbKe+SizDZoc1jTB2ct54iWgvBKR5
qVgAQGCjzLB9FkRlYHQFyCSOcD1rBxLcNTywseKuXc+BQKwe/aQSnO1iEBI5h1xK
iVGlJYrqfCiY1V2JVA/PKYK1wnYjqg5WL4FG771EYq/qdkVGysvrbO5ipcUglTcj
7ABDHaWVxFzk032KHa4wvyspY0mTI/QDO2O9wtPFi2Xumd732IXuMSilT8jNobzg
sYfzxCXabuKGwAM/i0eShifgVWfP7zNYdPmyZU5ugcsbQc617XKfJ3HfRxLwxTs/
/hZWiUdblQltYcIY523tiqZ1ng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:32 2024 by rpki-client on console-fra.rpki-client.org