Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/td2NMIgi-YZFaSH3DK-qq7o6BuQ.roa
File:                     td2NMIgi-YZFaSH3DK-qq7o6BuQ.roa (raw, json)
Hash identifier:          zhYp5L5271CCZ5g4T3xi1G8ufo+n7OLSSBnEm4cN7NE=
Subject key identifier:   B5:DD:8D:30:88:22:F9:86:45:69:21:F7:0C:AF:AA:AB:BA:3A:06:E4
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018A46C056A5414C8C34FC71CCC91990FDA0
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/td2NMIgi-YZFaSH3DK-qq7o6BuQ.roa
Signing time:             Wed 30 Aug 2023 14:02:04 +0000
ROA not before:           Wed 30 Aug 2023 14:02:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62206
IP address blocks:        91.223.110.0/24 maxlen: 24
                          5.181.87.0/24 maxlen: 24
                          195.211.188.0/22 maxlen: 24
                          195.211.190.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.88.138.0/24 maxlen: 24
                          45.88.136.0/24 maxlen: 24
                          185.200.63.0/24 maxlen: 24
                          185.200.62.0/24 maxlen: 24
                          194.242.96.0/22 maxlen: 22
                          194.242.97.0/24 maxlen: 24
                          193.57.43.0/24 maxlen: 24
                          193.57.41.0/24 maxlen: 24
                          45.144.213.0/24 maxlen: 24
                          45.144.212.0/24 maxlen: 24
                          45.132.182.0/23 maxlen: 24
                          45.132.181.0/24 maxlen: 24
                          45.94.168.0/22 maxlen: 22
                          45.94.170.0/24 maxlen: 24
                          185.43.248.0/24 maxlen: 24
                          185.43.251.0/24 maxlen: 24
                          185.43.249.0/24 maxlen: 24
                          193.30.243.0/24 maxlen: 24
                          193.30.242.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          85.209.120.0/22 maxlen: 24
                          85.209.123.0/24 maxlen: 24
                          85.209.122.0/24 maxlen: 24
                          45.9.29.0/24 maxlen: 24
                          195.177.92.0/24 maxlen: 24
                          195.177.94.0/24 maxlen: 24
                          195.177.93.0/24 maxlen: 24
                          45.81.112.0/22 maxlen: 24
                          45.81.112.0/24 maxlen: 24
                          77.83.37.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24
                          45.81.114.0/24 maxlen: 24
                          193.30.240.0/24 maxlen: 24
                          2a10:dfc0::/29 maxlen: 29
                          2a07:9200::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a0c:a580::/29 maxlen: 29
                          2a01:7120::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 30 Aug 2023 18:09:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:46:c0:56:a5:41:4c:8c:34:fc:71:cc:c9:19:90:fd:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Aug 30 14:02:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5dd8d308822f986456921f70cafaaabba3a06e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a5:8b:cb:ca:97:c8:d1:d5:f8:f1:0a:f3:d6:
                    a3:9f:62:c9:65:0e:52:4f:40:86:f2:11:d6:d9:78:
                    7c:1c:65:b8:c2:11:56:77:c3:0b:b1:eb:4f:3b:9f:
                    3f:85:ca:b8:99:63:88:99:7c:2f:ce:37:5b:f3:9e:
                    87:ac:67:7e:08:1b:0a:15:d1:25:aa:a5:0a:8d:e0:
                    cf:59:e5:7a:af:6a:83:67:e0:8f:39:d5:e7:8d:ff:
                    41:16:f2:9e:89:29:a1:8e:b3:ab:9a:43:65:9b:5c:
                    c1:14:4c:66:e5:d1:07:bb:c0:89:0b:e5:f6:46:e3:
                    2c:1c:89:8f:0d:bf:25:c6:36:93:f1:b9:3b:49:27:
                    48:bb:95:5a:18:cd:d6:8b:43:71:0d:2b:c4:79:4e:
                    fb:1f:ea:7e:f1:fd:6d:e4:92:05:9e:27:26:72:e8:
                    50:43:3b:fc:90:4d:dd:cc:ee:38:4d:5f:2a:f8:50:
                    13:e9:21:73:c6:3d:fa:7b:38:00:cc:7a:42:00:39:
                    1b:49:36:5f:23:c5:1b:35:1d:c3:ca:bf:5c:24:2e:
                    c9:c9:c5:77:1b:8c:d4:99:a2:6b:82:a9:c7:d6:b6:
                    d0:08:dc:aa:5b:ed:34:b1:01:f0:c4:c4:5d:56:19:
                    8c:0e:cd:14:73:bb:00:c8:82:bd:e1:5c:d1:03:3d:
                    ea:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:DD:8D:30:88:22:F9:86:45:69:21:F7:0C:AF:AA:AB:BA:3A:06:E4
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/td2NMIgi-YZFaSH3DK-qq7o6BuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.87.0/24
                  45.9.29.0/24
                  45.81.112.0/22
                  45.88.136.0/24
                  45.88.138.0/23
                  45.94.168.0/22
                  45.132.181.0-45.132.183.255
                  45.144.212.0/23
                  77.83.37.0/24
                  77.83.39.0/24
                  85.209.120.0/22
                  91.223.110.0/24
                  185.43.248.0/23
                  185.43.251.0/24
                  185.200.62.0/23
                  193.30.240.0/24
                  193.30.242.0/23
                  193.57.41.0/24
                  193.57.43.0/24
                  194.242.96.0/22
                  195.177.92.0-195.177.94.255
                  195.211.188.0/22
                IPv6:
                  2a01:7120::/32
                  2a07:9200::/29
                  2a0c:a580::/29
                  2a10:dfc0::/29
                  2a11:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:fa:05:a7:a1:ab:9e:ac:38:6b:08:5a:fe:9e:91:ce:23:b4:
         42:1e:d2:b4:15:8c:77:8f:bd:6b:20:5f:6a:c1:cb:cf:3f:e7:
         72:47:27:12:ed:a8:23:89:ae:e3:c4:f7:e6:87:df:04:98:67:
         d6:5f:be:df:2e:91:fe:42:3d:c2:09:11:11:6c:c5:55:04:7d:
         c2:55:e1:75:7b:e2:1f:3d:5a:c7:8c:c1:a2:e3:bd:cf:e4:63:
         3c:d0:f2:6b:a0:02:de:a7:84:8d:ce:95:85:2e:16:e2:e1:e9:
         a4:4c:a7:cf:f9:fb:f8:de:9f:d4:dd:b8:10:76:e0:79:c5:7e:
         c5:54:47:b2:ad:02:59:b6:af:47:d8:c1:c7:1b:80:73:4a:c6:
         a4:1a:69:3e:79:a6:be:29:fe:ac:12:d5:e6:77:f9:ff:44:44:
         ac:29:e8:09:42:d6:52:53:17:9f:9c:36:48:b9:8c:2c:9a:51:
         36:56:56:73:7e:d7:57:f2:a0:c6:14:19:cf:bb:64:4b:ca:29:
         f9:d5:86:75:57:54:2e:db:b3:d9:0d:81:f6:18:3c:8a:42:3f:
         13:7a:77:14:b9:da:0d:13:bc:ac:2e:61:6e:ca:59:6e:40:6c:
         8a:8f:dc:ff:18:19:ce:24:5c:c9:d5:bc:f0:09:1a:bb:6b:3e:
         72:f6:b8:33
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgISAYpGwFalQUyMNPxxzMkZkP2gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMwODMwMTQwMjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWRkOGQzMDg4MjJmOTg2NDU2OTIxZjcwY2FmYWFhYmJhM2EwNmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6WLy8qXyNHV+PEK89ajn2LJZQ5S
T0CG8hHW2Xh8HGW4whFWd8MLsetPO58/hcq4mWOImXwvzjdb856HrGd+CBsKFdEl
qqUKjeDPWeV6r2qDZ+CPOdXnjf9BFvKeiSmhjrOrmkNlm1zBFExm5dEHu8CJC+X2
RuMsHImPDb8lxjaT8bk7SSdIu5VaGM3Wi0NxDSvEeU77H+p+8f1t5JIFnicmcuhQ
Qzv8kE3dzO44TV8q+FAT6SFzxj36ezgAzHpCADkbSTZfI8UbNR3Dyr9cJC7JycV3
G4zUmaJrgqnH1rbQCNyqW+00sQHwxMRdVhmMDs0Uc7sAyIK94VzRAz3qlwIDAQAB
o4ICxzCCAsMwHQYDVR0OBBYEFLXdjTCIIvmGRWkh9wyvqqu6OgbkMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdGQyTk1JZ2ktWVpGYVNIM0RLLXFxN282QnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHcBggrBgEFBQcBBwEB/wSBzDCByTCBmwQCAAEwgZQDBAAF
tVcDBAAtCR0DBAItUXADBAAtWIgDBAEtWIoDBAItXqgwDAMEAC2EtQMEAy2EsAME
AS2Q1AMEAE1TJQMEAE1TJwMEAlXReAMEAFvfbgMEAbkr+AMEALkr+wMEAbnIPgME
AMEe8AMEAcEe8gMEAME5KQMEAME5KwMEAsLyYDAMAwQCw7FcAwQAw7FeAwQCw9O8
MCkEAgACMCMDBQAqAXEgAwUDKgeSAAMFAyoMpYADBQMqEN/AAwUDKhEFgDANBgkq
hkiG9w0BAQsFAAOCAQEASvoFp6Grnqw4awha/p6RziO0Qh7StBWMd4+9ayBfasHL
zz/nckcnEu2oI4mu48T35offBJhn1l++3y6R/kI9wgkREWzFVQR9wlXhdXviHz1a
x4zBouO9z+RjPNDya6AC3qeEjc6VhS4W4uHppEynz/n7+N6f1N24EHbgecV+xVRH
sq0CWbavR9jBxxuAc0rGpBppPnmmvin+rBLV5nf5/0RErCnoCULWUlMXn5w2SLmM
LJpRNlZWc37XV/KgxhQZz7tkS8op+dWGdVdULtuz2Q2B9hg8ikI/E3p3FLnaDRO8
rC5hbspZbkBsio/c/xgZziRcydW88Akau2s+cva4Mw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:32 2024 by rpki-client on console-fra.rpki-client.org