Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ummPO7mydqUcgee4Z3kThjHg294.roa
File:                     ummPO7mydqUcgee4Z3kThjHg294.roa (raw, json)
Hash identifier:          6Zolde2iH/pQ34w5hc8EMZw9WAa7ThACbLpRtMxxct8=
Subject key identifier:   BA:69:8F:3B:B9:B2:76:A5:1C:81:E7:B8:67:79:13:86:31:E0:DB:DE
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018C33E827C0951D106EDFAF2A7E2BB39760
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ummPO7mydqUcgee4Z3kThjHg294.roa
Signing time:             Mon 04 Dec 2023 08:18:21 +0000
ROA not before:           Mon 04 Dec 2023 08:18:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43260
IP address blocks:        193.30.241.0/24 maxlen: 24
                          77.83.39.0/24 maxlen: 24
                          85.209.120.0/23 maxlen: 24
                          45.94.171.0/24 maxlen: 24
                          195.177.95.0/24 maxlen: 24
                          45.88.139.0/24 maxlen: 24
                          45.81.113.0/24 maxlen: 24
                          45.81.115.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 04 Dec 2023 14:13:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:33:e8:27:c0:95:1d:10:6e:df:af:2a:7e:2b:b3:97:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Dec  4 08:18:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ba698f3bb9b276a51c81e7b86779138631e0dbde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:eb:5f:48:bf:d1:06:55:7d:8c:bb:c8:9d:55:
                    38:c5:26:01:5d:86:a9:a9:3d:a4:ed:e0:3d:44:10:
                    31:8c:47:10:ab:83:fa:60:9a:07:2d:cd:68:11:2d:
                    a0:29:e6:25:a7:f2:4c:3f:1c:d9:1c:58:8b:16:fe:
                    81:4f:c3:66:e2:a0:ce:ce:aa:8d:0c:7b:ab:63:db:
                    18:7c:70:52:f2:dc:34:b8:1a:e0:80:d4:9c:0f:07:
                    2f:aa:db:77:28:fc:f0:06:73:88:3b:e4:81:b7:52:
                    86:f0:65:1c:2b:92:e9:80:92:e3:4e:43:a5:49:8b:
                    91:2e:c3:b4:6a:ab:d8:16:e8:76:c0:00:07:c2:69:
                    ea:c6:71:79:76:58:3d:ff:05:29:a2:44:0a:70:0d:
                    0c:a8:da:9c:a8:de:cf:90:6a:38:ac:77:cc:d3:9b:
                    55:f6:84:86:78:3e:7d:66:55:4b:a6:ed:52:24:ed:
                    ee:db:b2:6c:5b:47:b1:55:d2:ca:65:ce:6d:b4:af:
                    d0:2c:d9:c4:64:bc:91:b4:ff:1d:fa:c9:56:22:c0:
                    b0:55:db:73:ec:cc:22:db:cd:f8:6d:3b:45:d0:9d:
                    02:00:a1:d7:1b:e0:f3:5c:4c:03:68:0d:21:f2:78:
                    fa:01:5c:33:0f:85:f3:73:7d:8c:aa:14:d3:bc:9b:
                    db:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:69:8F:3B:B9:B2:76:A5:1C:81:E7:B8:67:79:13:86:31:E0:DB:DE
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ummPO7mydqUcgee4Z3kThjHg294.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.113.0/24
                  45.81.115.0/24
                  45.88.139.0/24
                  45.94.171.0/24
                  77.83.39.0/24
                  85.209.120.0/23
                  193.30.241.0/24
                  195.177.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:ea:00:f9:d6:a4:af:08:02:74:37:c2:de:87:d0:92:b1:79:
         1b:01:40:ae:8e:be:1e:6e:04:5a:2a:7a:3d:05:5e:3b:43:0f:
         30:49:47:5e:32:1a:4e:09:95:36:be:42:4d:e8:60:62:11:4b:
         37:1d:73:30:5b:e8:06:cb:2a:5b:26:35:93:e5:d7:fa:29:49:
         e4:27:49:b8:25:ac:98:a2:3e:3d:45:cf:ea:2e:53:cf:45:1d:
         87:5a:6d:62:39:cc:2a:82:76:4e:f9:32:5c:5d:72:bf:84:25:
         c1:9b:a5:cd:50:be:06:d6:b8:c5:4c:c1:76:3d:1c:b6:2e:15:
         0b:2b:b5:51:83:a0:5a:e0:21:d0:e5:80:91:3f:1f:ef:cd:f2:
         e7:7d:47:72:10:62:e5:48:a7:45:77:9e:29:7b:c8:08:42:6e:
         89:ec:6b:05:fb:48:38:b7:9d:70:d2:59:9b:b1:08:bf:bd:f8:
         90:b9:64:73:40:9a:97:41:e6:3c:6a:19:a0:77:71:8b:a8:2d:
         c5:96:19:fb:89:e6:32:b7:42:04:f1:49:84:e0:7e:d2:5b:78:
         3b:07:05:20:35:62:d9:c0:e0:0b:02:0e:b2:ec:aa:fd:00:95:
         20:7f:4d:43:49:9a:c7:f5:27:c3:e7:31:89:fe:18:31:1b:e8:
         b3:df:79:15
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYwz6CfAlR0Qbt+vKn4rs5dgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMjA0MDgxODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTY5OGYzYmI5YjI3NmE1MWM4MWU3Yjg2Nzc5MTM4NjMxZTBkYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAputfSL/RBlV9jLvInVU4xSYBXYap
qT2k7eA9RBAxjEcQq4P6YJoHLc1oES2gKeYlp/JMPxzZHFiLFv6BT8Nm4qDOzqqN
DHurY9sYfHBS8tw0uBrggNScDwcvqtt3KPzwBnOIO+SBt1KG8GUcK5LpgJLjTkOl
SYuRLsO0aqvYFuh2wAAHwmnqxnF5dlg9/wUpokQKcA0MqNqcqN7PkGo4rHfM05tV
9oSGeD59ZlVLpu1SJO3u27JsW0exVdLKZc5ttK/QLNnEZLyRtP8d+slWIsCwVdtz
7Mwi2834bTtF0J0CAKHXG+DzXEwDaA0h8nj6AVwzD4Xzc32MqhTTvJvbzwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLppjzu5snalHIHnuGd5E4Yx4NveMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdW1tUE83bXlkcVVjZ2VlNFoza1RoakhnMjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVFxAwQA
LVFzAwQALViLAwQALV6rAwQATVMnAwQBVdF4AwQAwR7xAwQAw7FfMA0GCSqGSIb3
DQEBCwUAA4IBAQBa6gD51qSvCAJ0N8Leh9CSsXkbAUCujr4ebgRaKno9BV47Qw8w
SUdeMhpOCZU2vkJN6GBiEUs3HXMwW+gGyypbJjWT5df6KUnkJ0m4JayYoj49Rc/q
LlPPRR2HWm1iOcwqgnZO+TJcXXK/hCXBm6XNUL4G1rjFTMF2PRy2LhULK7VRg6Ba
4CHQ5YCRPx/vzfLnfUdyEGLlSKdFd54pe8gIQm6J7GsF+0g4t51w0lmbsQi/vfiQ
uWRzQJqXQeY8ahmgd3GLqC3Flhn7ieYyt0IE8UmE4H7SW3g7BwUgNWLZwOALAg6y
7Kr9AJUgf01DSZrH9SfD5zGJ/hgxG+iz33kV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:32 2024 by rpki-client on console-fra.rpki-client.org