Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/yMFDnsp0XPlOnh3Z4CNKBuWT5rA.roa
File:                     yMFDnsp0XPlOnh3Z4CNKBuWT5rA.roa (raw, json)
Hash identifier:          oA3ajmTw51cmteEwQy3+ThVFtra61B62Zsh+m5OwKYo=
Subject key identifier:   C8:C1:43:9E:CA:74:5C:F9:4E:9E:1D:D9:E0:23:4A:06:E5:93:E6:B0
Certificate issuer:       /CN=f43bf90808ae7eca063f746a8f1d88865734c8a3
Certificate serial:       018AD3F905B0239098B78DB785BD72D188EB
Authority key identifier: F4:3B:F9:08:08:AE:7E:CA:06:3F:74:6A:8F:1D:88:86:57:34:C8:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/yMFDnsp0XPlOnh3Z4CNKBuWT5rA.roa
Signing time:             Wed 27 Sep 2023 00:10:27 +0000
ROA not before:           Wed 27 Sep 2023 00:10:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202448
IP address blocks:        45.137.151.0/24 maxlen: 24
                          45.137.150.0/24 maxlen: 24
                          45.137.148.0/24 maxlen: 32
                          45.137.149.0/24 maxlen: 24
                          2.56.213.0/24 maxlen: 24
                          2.56.212.0/24 maxlen: 24
                          89.43.33.0/24 maxlen: 24
                          86.107.197.0/24 maxlen: 24
                          93.114.128.0/24 maxlen: 24
                          2.56.215.0/24 maxlen: 24
                          2.56.214.0/24 maxlen: 24
                          194.32.78.0/24 maxlen: 24
                          194.32.77.0/24 maxlen: 24
                          194.32.76.0/24 maxlen: 24
                          194.32.79.0/24 maxlen: 24
                          91.250.248.0/24 maxlen: 32
                          91.250.249.0/24 maxlen: 32
                          185.234.52.0/24 maxlen: 32
                          193.201.15.0/24 maxlen: 24
                          185.96.163.0/24 maxlen: 24
                          178.157.82.0/24 maxlen: 24
                          185.170.213.0/24 maxlen: 24
                          178.157.91.0/24 maxlen: 24
                          185.170.212.0/24 maxlen: 24
                          178.157.90.0/24 maxlen: 24
                          185.170.215.0/24 maxlen: 24
                          185.170.214.0/24 maxlen: 24
                          45.153.184.0/24 maxlen: 24
                          45.153.186.0/24 maxlen: 24
                          45.153.185.0/24 maxlen: 24
                          45.153.187.0/24 maxlen: 24
                          86.106.181.0/24 maxlen: 24
                          89.38.135.0/24 maxlen: 32
                          91.227.41.0/24 maxlen: 24
                          91.227.40.0/24 maxlen: 24
                          86.105.252.0/24 maxlen: 24
                          94.176.182.0/24 maxlen: 24
                          185.243.214.0/24 maxlen: 32
                          185.243.215.0/24 maxlen: 24
                          194.99.23.0/24 maxlen: 24
                          194.99.22.0/24 maxlen: 24
                          194.99.21.0/24 maxlen: 24
                          194.99.20.0/24 maxlen: 24
                          89.38.131.0/24 maxlen: 24
                          31.14.238.0/24 maxlen: 24
                          89.38.130.0/24 maxlen: 24
                          89.38.129.0/24 maxlen: 24
                          89.38.128.0/24 maxlen: 24
                          188.212.125.0/24 maxlen: 24
                          188.212.124.0/24 maxlen: 24
                          93.114.133.0/24 maxlen: 24
                          93.115.16.0/24 maxlen: 24
                          93.115.17.0/24 maxlen: 24
                          93.115.23.0/24 maxlen: 24
                          93.115.22.0/24 maxlen: 24
                          93.115.21.0/24 maxlen: 24
                          93.115.20.0/24 maxlen: 24
                          93.115.19.0/24 maxlen: 24
                          93.115.18.0/24 maxlen: 24
                          2a05:8280::/32 maxlen: 32
                          2a09:cd42::/32 maxlen: 32
                          2a09:cd45::/32 maxlen: 32
                          2a09:cd43::/32 maxlen: 32
                          2a0c:b9c1::/32 maxlen: 32
                          2a09:cd41::/32 maxlen: 32
                          2a09:cd40::/32 maxlen: 32
                          2a0c:b9c0::/32 maxlen: 32
                          2a09:cd46::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 17 Oct 2023 23:42:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:d3:f9:05:b0:23:90:98:b7:8d:b7:85:bd:72:d1:88:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f43bf90808ae7eca063f746a8f1d88865734c8a3
        Validity
            Not Before: Sep 27 00:10:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c8c1439eca745cf94e9e1dd9e0234a06e593e6b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:55:49:5f:93:4f:f3:21:7f:0f:cd:59:7b:60:
                    d7:63:1b:5b:04:16:72:05:7e:a2:36:6d:a9:07:c0:
                    f1:0f:e9:f3:13:11:8e:93:c7:f4:de:9b:a4:a6:e1:
                    b4:5b:91:da:02:6c:41:22:80:06:00:92:11:f1:3a:
                    7a:90:9a:ce:a4:b7:4e:e4:9e:17:5d:72:96:9c:1c:
                    68:14:1a:b3:d0:a1:bb:35:a2:04:fe:85:14:69:ab:
                    82:37:e2:2c:c2:3e:84:56:76:b6:e0:f9:06:9f:30:
                    50:6d:cb:fa:90:77:17:bb:2c:2d:88:56:6a:02:01:
                    48:d7:63:9e:b1:0b:2a:76:11:6b:a5:1e:2a:75:07:
                    67:dc:70:44:62:99:fd:d2:c8:8f:ce:d3:10:7d:d1:
                    d2:40:73:b0:d0:af:3e:1a:ba:79:93:73:a5:f2:9f:
                    d6:e5:dc:b7:10:f6:98:5f:04:82:bc:20:54:4d:18:
                    56:30:f0:c8:a7:de:47:7d:09:22:cf:3e:4a:fc:04:
                    e9:d3:7c:34:b8:69:9c:ab:a9:8c:9a:f0:07:6b:30:
                    e2:bf:13:fe:e2:c6:6f:08:74:ba:18:12:62:88:5e:
                    58:a7:d9:36:ff:86:4a:98:43:fa:d6:26:b1:c3:cb:
                    22:ef:a3:c2:a1:c5:7c:04:fc:cd:a8:ee:48:35:5e:
                    98:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C1:43:9E:CA:74:5C:F9:4E:9E:1D:D9:E0:23:4A:06:E5:93:E6:B0
            X509v3 Authority Key Identifier:
                keyid:F4:3B:F9:08:08:AE:7E:CA:06:3F:74:6A:8F:1D:88:86:57:34:C8:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/yMFDnsp0XPlOnh3Z4CNKBuWT5rA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/a8d943-f082-4b18-b840-389195c4f07b/1/9Dv5CAiufsoGP3Rqjx2Ihlc0yKM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.212.0/22
                  31.14.238.0/24
                  45.137.148.0/22
                  45.153.184.0/22
                  86.105.252.0/24
                  86.106.181.0/24
                  86.107.197.0/24
                  89.38.128.0/22
                  89.38.135.0/24
                  89.43.33.0/24
                  91.227.40.0/23
                  91.250.248.0/23
                  93.114.128.0/24
                  93.114.133.0/24
                  93.115.16.0/21
                  94.176.182.0/24
                  178.157.82.0/24
                  178.157.90.0/23
                  185.96.163.0/24
                  185.170.212.0/22
                  185.234.52.0/24
                  185.243.214.0/23
                  188.212.124.0/23
                  193.201.15.0/24
                  194.32.76.0/22
                  194.99.20.0/22
                IPv6:
                  2a05:8280::/32
                  2a09:cd40::/30
                  2a09:cd45::-2a09:cd46:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0c:b9c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         53:1e:3d:d7:f0:0e:ac:1f:ac:ab:5a:69:6a:fc:ec:d6:ed:a9:
         96:9f:d4:87:84:cb:78:7e:f7:64:bc:78:fd:e1:10:ee:e8:9a:
         d8:67:90:c3:ff:d5:1c:21:79:06:3b:31:7f:e4:e0:0d:2d:58:
         81:6b:2a:b3:25:58:0d:19:28:af:b1:a8:e1:95:1f:25:85:74:
         40:76:e0:99:8b:52:0e:1e:24:c1:0e:2c:39:d5:96:ab:69:5d:
         68:5d:82:1f:5a:be:f1:12:4b:87:c4:d8:c5:bf:28:28:d4:67:
         bd:1d:c7:d2:8e:c7:e2:ff:ff:35:c0:ce:c8:52:ad:19:f7:d1:
         a8:85:42:b4:64:f4:fc:cf:20:69:0e:d3:03:65:4f:2e:6c:fe:
         89:6c:c3:ee:5b:cf:4d:58:f8:88:aa:42:54:9f:2b:a1:5d:0d:
         c6:06:78:64:06:44:46:36:94:94:c4:4a:7b:1d:fc:f3:06:e2:
         ca:be:de:1c:9e:10:c1:de:48:ec:ac:02:0d:1e:de:4b:77:f4:
         10:e5:83:80:2c:ce:21:21:ec:d9:97:9c:e2:5c:03:9b:85:b6:
         0b:40:3f:3a:2a:b6:2a:5e:db:8c:11:29:46:91:4a:4e:75:e7:
         84:b9:a5:87:d4:dd:01:2d:43:9f:3f:66:1e:71:d2:a5:bc:ae:
         75:55:48:ed
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgISAYrT+QWwI5CYt423hb1y0YjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0M2JmOTA4MDhhZTdlY2EwNjNmNzQ2YThmMWQ4ODg2NTcz
NGM4YTMwHhcNMjMwOTI3MDAxMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGMxNDM5ZWNhNzQ1Y2Y5NGU5ZTFkZDllMDIzNGEwNmU1OTNlNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVVJX5NP8yF/D81Ze2DXYxtbBBZy
BX6iNm2pB8DxD+nzExGOk8f03pukpuG0W5HaAmxBIoAGAJIR8Tp6kJrOpLdO5J4X
XXKWnBxoFBqz0KG7NaIE/oUUaauCN+Iswj6EVna24PkGnzBQbcv6kHcXuywtiFZq
AgFI12OesQsqdhFrpR4qdQdn3HBEYpn90siPztMQfdHSQHOw0K8+Grp5k3Ol8p/W
5dy3EPaYXwSCvCBUTRhWMPDIp95HfQkizz5K/ATp03w0uGmcq6mMmvAHazDivxP+
4sZvCHS6GBJiiF5Yp9k2/4ZKmEP61iaxw8si76PCocV8BPzNqO5INV6YJQIDAQAB
o4IC0TCCAs0wHQYDVR0OBBYEFMjBQ57KdFz5Tp4d2eAjSgblk+awMB8GA1UdIwQY
MBaAFPQ7+QgIrn7KBj90ao8diIZXNMijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUR2NUNBaXVmc29HUDNScWp4MklobGMweUtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9hOGQ5NDMtZjA4Mi00YjE4LWI4NDAt
Mzg5MTk1YzRmMDdiLzEveU1GRG5zcDBYUGxPbmgzWjRDTktCdVdUNXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9hOGQ5NDMtZjA4Mi00YjE4LWI4NDAtMzg5MTk1YzRmMDdi
LzEvOUR2NUNBaXVmc29HUDNScWp4MklobGMweUtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHmBggrBgEFBQcBBwEB/wSB1jCB0zCBowQCAAEwgZwDBAIC
ONQDBAAfDu4DBAItiZQDBAItmbgDBABWafwDBABWarUDBABWa8UDBAJZJoADBABZ
JocDBABZKyEDBAFb4ygDBAFb+vgDBABdcoADBABdcoUDBANdcxADBABesLYDBACy
nVIDBAGynVoDBAC5YKMDBAK5qtQDBAC56jQDBAG589YDBAG81HwDBADByQ8DBALC
IEwDBALCYxQwKwQCAAIwJQMFACoFgoADBQIqCc1AMA4DBQAqCc1FAwUAKgnNRgMF
ASoMucAwDQYJKoZIhvcNAQELBQADggEBAFMePdfwDqwfrKtaaWr87NbtqZaf1IeE
y3h+92S8eP3hEO7omthnkMP/1RwheQY7MX/k4A0tWIFrKrMlWA0ZKK+xqOGVHyWF
dEB24JmLUg4eJMEOLDnVlqtpXWhdgh9avvESS4fE2MW/KCjUZ70dx9KOx+L//zXA
zshSrRn30aiFQrRk9PzPIGkO0wNlTy5s/olsw+5bz01Y+IiqQlSfK6FdDcYGeGQG
REY2lJTESnsd/PMG4sq+3hyeEMHeSOysAg0e3kt39BDlg4AsziEh7NmXnOJcA5uF
tgtAPzoqtipe24wRKUaRSk5154S5pYfU3QEtQ58/Zh5x0qW8rnVVSO0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:23 2024 by rpki-client on console-ams.rpki-client.org