Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/YUgt8W0e5ADCGrPAvHrmCrMJ4SA.roa
File:                     YUgt8W0e5ADCGrPAvHrmCrMJ4SA.roa (raw, json)
Hash identifier:          X7yk9PWk5BzKq5Q3xuPBuu+YoaHDyedUZt4p/e3S0us=
Subject key identifier:   61:48:2D:F1:6D:1E:E4:00:C2:1A:B3:C0:BC:7A:E6:0A:B3:09:E1:20
Certificate issuer:       /CN=217b491dccb5632216d80b48f8d6286b1effd8d7
Certificate serial:       01856C9CC77EA4FFF4DB3434A4EE27B430DC
Authority key identifier: 21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/YUgt8W0e5ADCGrPAvHrmCrMJ4SA.roa
Signing time:             Sun 01 Jan 2023 09:14:52 +0000
ROA not before:           Sun 01 Jan 2023 09:14:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59625
IP address blocks:        185.240.17.0/24 maxlen: 24
                          185.240.16.0/24 maxlen: 24
                          185.240.18.0/24 maxlen: 24
                          185.240.19.0/24 maxlen: 24
                          204.154.202.0/24 maxlen: 24
                          204.154.200.0/24 maxlen: 24
                          204.154.201.0/24 maxlen: 24
                          204.154.205.0/24 maxlen: 24
                          204.154.206.0/24 maxlen: 24
                          204.154.203.0/24 maxlen: 24
                          204.154.204.0/24 maxlen: 24
                          204.154.207.0/24 maxlen: 24
                          185.84.69.0/24 maxlen: 24
                          185.84.68.0/24 maxlen: 24
                          185.84.70.0/24 maxlen: 24
                          185.84.71.0/24 maxlen: 24
                          185.244.178.0/24 maxlen: 24
                          185.244.179.0/24 maxlen: 24
                          2a03:7020:1::/48 maxlen: 48
                          2a03:7020:10::/48 maxlen: 48
                          2a03:7020:8::/48 maxlen: 48
                          2a03:7020:1300::/40 maxlen: 40
                          2a03:7020:800::/40 maxlen: 40
                          2a03:7020::/40 maxlen: 40
                          2a03:7020:1200::/40 maxlen: 40
                          2a03:7020::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 12 Jun 2023 18:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:9c:c7:7e:a4:ff:f4:db:34:34:a4:ee:27:b4:30:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=217b491dccb5632216d80b48f8d6286b1effd8d7
        Validity
            Not Before: Jan  1 09:14:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=61482df16d1ee400c21ab3c0bc7ae60ab309e120
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:74:f0:d9:ac:ce:41:e5:0f:42:1b:8a:ca:90:
                    0e:78:6a:15:f7:fb:4a:e6:b8:f3:61:70:44:53:a1:
                    90:48:57:91:3b:f9:dd:31:d5:b7:49:97:55:93:e0:
                    a7:e3:a4:e4:24:9f:eb:70:6c:a5:9b:9e:c7:8e:b3:
                    7d:3e:a9:96:8b:07:84:01:5b:cb:ad:60:46:9f:05:
                    c3:24:bf:c9:5f:3a:4b:33:a6:d0:4c:33:7a:53:f4:
                    62:de:71:a5:4c:a9:9e:88:4b:e0:7f:9b:0c:b7:35:
                    63:4b:42:5b:b4:50:7e:19:65:d2:9a:e9:41:2e:d2:
                    f7:53:31:52:a8:60:f9:3e:38:31:16:3d:65:ab:18:
                    d6:4f:d1:1a:ad:e0:10:78:d3:32:0c:2d:a8:10:ef:
                    f7:99:8e:f8:e1:d0:8b:2d:f7:32:6f:f9:a9:4e:21:
                    e7:1c:29:6c:0c:e0:c9:82:79:9d:a3:11:72:8d:55:
                    2b:19:65:ee:90:84:3c:59:d8:f5:5e:5f:c0:51:38:
                    7e:e8:46:1e:2a:cb:f6:47:64:5a:95:86:4a:57:94:
                    88:c2:da:e2:08:b3:7f:97:ad:0c:06:f4:c6:bf:a7:
                    23:6f:5c:34:38:97:f7:68:8b:cf:69:36:27:09:b5:
                    c0:93:84:52:67:07:cf:05:32:eb:af:81:5a:21:02:
                    fe:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:48:2D:F1:6D:1E:E4:00:C2:1A:B3:C0:BC:7A:E6:0A:B3:09:E1:20
            X509v3 Authority Key Identifier:
                keyid:21:7B:49:1D:CC:B5:63:22:16:D8:0B:48:F8:D6:28:6B:1E:FF:D8:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IXtJHcy1YyIW2AtI-NYoax7_2Nc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/YUgt8W0e5ADCGrPAvHrmCrMJ4SA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/e9f29c-9231-450d-adb0-6de05a316239/1/IXtJHcy1YyIW2AtI-NYoax7_2Nc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.68.0/22
                  185.240.16.0/22
                  185.244.178.0/23
                  204.154.200.0/21
                IPv6:
                  2a03:7020::/40
                  2a03:7020:800::/40
                  2a03:7020:1200::/39

    Signature Algorithm: sha256WithRSAEncryption
         4d:48:54:f1:af:40:42:ab:84:06:9e:a0:34:d0:24:15:1f:98:
         6d:23:c2:df:2f:22:17:9d:9a:9f:86:a4:d0:58:4b:c8:f3:24:
         ab:d2:e7:b2:4f:67:e9:39:50:99:37:2b:40:6c:35:02:c8:53:
         46:6a:6a:ce:b5:78:f2:8e:cd:72:fe:4b:d8:dd:1e:c5:2c:40:
         3a:bf:02:c9:86:5f:b8:53:89:00:3d:09:57:bf:db:f7:46:66:
         f0:8b:91:04:90:26:1d:db:2e:f2:cd:31:bb:88:11:04:d3:47:
         f5:66:98:12:b2:33:1d:3f:0d:3a:2c:8f:26:a5:10:91:96:8d:
         d1:e5:a7:0a:4b:c7:da:54:91:00:13:74:fa:99:ed:03:a7:04:
         9e:45:26:ac:cf:ad:80:35:3f:70:29:15:10:a8:96:fe:1f:0c:
         e9:f4:60:b4:ae:1a:dd:81:67:dc:06:8f:57:76:b6:9c:4c:cb:
         68:41:81:49:ca:cc:0a:2b:8f:a6:08:93:d4:38:8d:2f:78:84:
         33:35:14:00:72:fa:35:41:b1:37:fe:a7:f8:9d:3b:32:73:bb:
         90:93:18:03:e7:89:49:fc:96:45:f4:5f:28:1b:92:11:9d:70:
         5e:b2:38:75:92:02:3c:50:bb:c9:ce:60:6b:20:12:f3:95:07:
         83:a0:4e:9a
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVsnMd+pP/02zQ0pO4ntDDcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxN2I0OTFkY2NiNTYzMjIxNmQ4MGI0OGY4ZDYyODZiMWVm
ZmQ4ZDcwHhcNMjMwMTAxMDkxNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQ4MmRmMTZkMWVlNDAwYzIxYWIzYzBiYzdhZTYwYWIzMDllMTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnHTw2azOQeUPQhuKypAOeGoV9/tK
5rjzYXBEU6GQSFeRO/ndMdW3SZdVk+Cn46TkJJ/rcGylm57HjrN9PqmWiweEAVvL
rWBGnwXDJL/JXzpLM6bQTDN6U/Ri3nGlTKmeiEvgf5sMtzVjS0JbtFB+GWXSmulB
LtL3UzFSqGD5PjgxFj1lqxjWT9EareAQeNMyDC2oEO/3mY744dCLLfcyb/mpTiHn
HClsDODJgnmdoxFyjVUrGWXukIQ8Wdj1Xl/AUTh+6EYeKsv2R2RalYZKV5SIwtri
CLN/l60MBvTGv6cjb1w0OJf3aIvPaTYnCbXAk4RSZwfPBTLrr4FaIQL+nwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGFILfFtHuQAwhqzwLx65gqzCeEgMB8GA1UdIwQY
MBaAFCF7SR3MtWMiFtgLSPjWKGse/9jXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAt
NmRlMDVhMzE2MjM5LzEvWVVndDhXMGU1QURDR3JQQXZIcm1Dck1KNFNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9lOWYyOWMtOTIzMS00NTBkLWFkYjAtNmRlMDVhMzE2MjM5
LzEvSVh0SkhjeTFZeUlXMkF0SS1OWW9heDdfMk5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAeBAIAATAYAwQCuVREAwQC
ufAQAwQBufSyAwQDzJrIMB4EAgACMBgDBgAqA3AgAAMGACoDcCAIAwYBKgNwIBIw
DQYJKoZIhvcNAQELBQADggEBAE1IVPGvQEKrhAaeoDTQJBUfmG0jwt8vIhedmp+G
pNBYS8jzJKvS57JPZ+k5UJk3K0BsNQLIU0Zqas61ePKOzXL+S9jdHsUsQDq/AsmG
X7hTiQA9CVe/2/dGZvCLkQSQJh3bLvLNMbuIEQTTR/VmmBKyMx0/DTosjyalEJGW
jdHlpwpLx9pUkQATdPqZ7QOnBJ5FJqzPrYA1P3ApFRColv4fDOn0YLSuGt2BZ9wG
j1d2tpxMy2hBgUnKzAorj6YIk9Q4jS94hDM1FABy+jVBsTf+p/idOzJzu5CTGAPn
iUn8lkX0XygbkhGdcF6yOHWSAjxQu8nOYGsgEvOVB4OgTpo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:48 2024 by rpki-client on console-fra.rpki-client.org