Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/mB5Zw-0YX7pHhiopopjiAVMwk-4.roa
File:                     mB5Zw-0YX7pHhiopopjiAVMwk-4.roa (raw, json)
Hash identifier:          g9CuZHNrMcTEA6TDOipdZpGXjhdO9pv1K5Y3OMR3HyU=
Subject key identifier:   98:1E:59:C3:ED:18:5F:BA:47:86:2A:29:A2:98:E2:01:53:30:93:EE
Certificate issuer:       /CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
Certificate serial:       01856E2FA1DB6134AF6707EE870F7123B4BC
Authority key identifier: DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/mB5Zw-0YX7pHhiopopjiAVMwk-4.roa
Signing time:             Sun 01 Jan 2023 16:34:53 +0000
ROA not before:           Sun 01 Jan 2023 16:34:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204601
IP address blocks:        185.224.215.0/24 maxlen: 24
                          185.80.234.0/24 maxlen: 24
                          80.89.228.0/23 maxlen: 23
                          80.89.230.0/24 maxlen: 24
                          80.89.234.0/23 maxlen: 23
                          80.89.238.0/23 maxlen: 23
                          80.89.237.0/24 maxlen: 24
                          85.208.186.0/24 maxlen: 24
                          85.208.184.0/22 maxlen: 22
                          85.208.184.0/24 maxlen: 24
                          85.208.185.0/24 maxlen: 24
                          85.208.187.0/24 maxlen: 24
                          185.92.148.0/22 maxlen: 24
                          89.105.213.0/24 maxlen: 24
                          89.105.217.0/24 maxlen: 24
                          45.14.13.0/24 maxlen: 24
                          45.14.12.0/24 maxlen: 24
                          45.14.14.0/24 maxlen: 24
                          45.14.15.0/24 maxlen: 24
                          80.89.224.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:2f:a1:db:61:34:af:67:07:ee:87:0f:71:23:b4:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc90e0aee1ecc31066cb744f8a7feedefb3f7930
        Validity
            Not Before: Jan  1 16:34:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=981e59c3ed185fba47862a29a298e201533093ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4f:2b:20:1e:5c:c0:b7:56:21:5d:4b:7d:71:
                    3b:c9:ac:f1:32:08:8c:53:64:cd:f5:77:09:31:2d:
                    78:f0:a6:f5:df:ae:ea:93:f8:4f:59:98:c3:5b:dd:
                    cc:20:24:97:b3:ce:65:c2:28:e8:e8:9a:82:5b:8a:
                    7e:a5:c7:22:77:8d:87:f2:3c:6f:b0:fb:c6:f8:b9:
                    65:4d:3f:f0:94:d3:f1:41:76:3a:e6:fd:8a:20:69:
                    0b:21:9f:78:a1:f2:18:e4:9e:f9:99:69:fb:58:43:
                    b8:f8:76:c0:69:23:55:ac:b4:a8:10:8d:e0:0e:84:
                    02:8f:99:09:05:9a:ba:a4:b8:bf:1b:b5:27:7d:67:
                    22:ab:ba:77:64:dc:c0:78:0c:45:87:ff:ea:b3:58:
                    17:11:44:ca:f6:f5:b2:59:ef:92:46:73:7f:30:52:
                    84:c0:4c:fc:bf:a0:22:a4:4d:07:4b:35:86:bd:ee:
                    14:32:9b:0b:d6:81:90:9b:11:69:d9:af:e6:ff:37:
                    8c:74:68:5b:be:4e:b9:35:51:a1:da:12:d2:f7:43:
                    62:8b:21:53:f5:a8:42:e4:d5:9b:9f:09:c7:84:cd:
                    76:9a:da:0a:77:a2:bc:a3:85:31:b6:60:f5:2f:ce:
                    8a:68:e7:fe:ba:af:ec:9b:94:21:ac:58:ae:10:44:
                    83:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:1E:59:C3:ED:18:5F:BA:47:86:2A:29:A2:98:E2:01:53:30:93:EE
            X509v3 Authority Key Identifier:
                keyid:DC:90:E0:AE:E1:EC:C3:10:66:CB:74:4F:8A:7F:EE:DE:FB:3F:79:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JDgruHswxBmy3RPin_u3vs_eTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/mB5Zw-0YX7pHhiopopjiAVMwk-4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/87b267-49c2-4269-9f66-00bcd9b91c1b/1/3JDgruHswxBmy3RPin_u3vs_eTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.12.0/22
                  80.89.224.0-80.89.230.255
                  80.89.234.0/23
                  80.89.237.0-80.89.239.255
                  85.208.184.0/22
                  89.105.213.0/24
                  89.105.217.0/24
                  185.80.234.0/24
                  185.92.148.0/22
                  185.224.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ce:1f:a6:10:07:08:a1:99:67:98:18:ca:97:f9:39:77:8d:26:
         75:ef:66:e1:29:45:bb:14:cb:32:9c:bb:f2:0e:ae:74:9f:fc:
         8e:a9:8d:9b:4e:da:ea:86:7f:12:3c:6a:58:71:a5:a8:d3:e6:
         4d:3e:97:7c:44:0a:01:8f:5b:e2:5b:6c:4b:bf:80:1c:2f:95:
         46:5f:31:49:b1:4a:76:22:4c:7e:50:6e:bc:29:81:0e:62:24:
         3d:05:a9:90:70:17:50:0d:dd:94:4a:ed:a3:3b:ec:fd:ff:34:
         1f:66:33:4b:99:0c:5e:d1:e9:a0:f3:ed:24:2a:f3:15:d1:07:
         62:8b:ea:2f:e8:04:61:71:2e:13:1f:09:23:5a:86:cc:ae:65:
         9e:14:8d:c5:48:b1:cf:0a:44:c2:17:40:68:07:f4:f4:fa:4d:
         c5:62:c7:88:54:cf:44:bb:47:ec:39:1c:7c:de:29:84:87:40:
         0e:ca:91:1b:17:45:30:4a:8f:ef:88:d5:d7:31:90:26:42:9f:
         2e:1b:37:0f:0b:01:db:6b:80:79:1a:99:f1:20:b2:fb:07:4f:
         5f:d4:85:48:0f:6c:a4:98:b7:50:f9:61:6b:c3:0e:53:e5:f3:
         6f:26:d5:6c:19:72:36:44:c8:42:31:f3:a5:78:e1:8f:be:4e:
         b8:6e:62:c6
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYVuL6HbYTSvZwfuhw9xI7S8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOTBlMGFlZTFlY2MzMTA2NmNiNzQ0ZjhhN2ZlZWRlZmIz
Zjc5MzAwHhcNMjMwMTAxMTYzNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODFlNTljM2VkMTg1ZmJhNDc4NjJhMjlhMjk4ZTIwMTUzMzA5M2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE8rIB5cwLdWIV1LfXE7yazxMgiM
U2TN9XcJMS148Kb1367qk/hPWZjDW93MICSXs85lwijo6JqCW4p+pccid42H8jxv
sPvG+LllTT/wlNPxQXY65v2KIGkLIZ94ofIY5J75mWn7WEO4+HbAaSNVrLSoEI3g
DoQCj5kJBZq6pLi/G7UnfWciq7p3ZNzAeAxFh//qs1gXEUTK9vWyWe+SRnN/MFKE
wEz8v6AipE0HSzWGve4UMpsL1oGQmxFp2a/m/zeMdGhbvk65NVGh2hLS90NiiyFT
9ahC5NWbnwnHhM12mtoKd6K8o4UxtmD1L86KaOf+uq/sm5QhrFiuEESDdwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJgeWcPtGF+6R4YqKaKY4gFTMJPuMB8GA1UdIwQY
MBaAFNyQ4K7h7MMQZst0T4p/7t77P3kwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0pEZ3J1SHN3eEJteTNSUGluX3UzdnNfZVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84N2IyNjctNDljMi00MjY5LTlmNjYt
MDBiY2Q5YjkxYzFiLzEvbUI1WnctMFlYN3BIaGlvcG9wamlBVk13ay00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84N2IyNjctNDljMi00MjY5LTlmNjYtMDBiY2Q5YjkxYzFi
LzEvM0pEZ3J1SHN3eEJteTNSUGluX3UzdnNfZVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQCLQ4MMAwD
BAVQWeADBABQWeYDBAFQWeowDAMEAFBZ7QMEBFBZ4AMEAlXQuAMEAFlp1QMEAFlp
2QMEALlQ6gMEArlclAMEALng1zANBgkqhkiG9w0BAQsFAAOCAQEAzh+mEAcIoZln
mBjKl/k5d40mde9m4SlFuxTLMpy78g6udJ/8jqmNm07a6oZ/EjxqWHGlqNPmTT6X
fEQKAY9b4ltsS7+AHC+VRl8xSbFKdiJMflBuvCmBDmIkPQWpkHAXUA3dlErtozvs
/f80H2YzS5kMXtHpoPPtJCrzFdEHYovqL+gEYXEuEx8JI1qGzK5lnhSNxUixzwpE
whdAaAf09PpNxWLHiFTPRLtH7DkcfN4phIdADsqRGxdFMEqP74jV1zGQJkKfLhs3
DwsB22uAeRqZ8SCy+wdPX9SFSA9spJi3UPlha8MOU+XzbybVbBlyNkTIQjHzpXjh
j75OuG5ixg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:34 2024 by rpki-client on console-fra.rpki-client.org