Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/g0lLi7L7NcISmVL33LfTS66QG3M.roa
File:                     g0lLi7L7NcISmVL33LfTS66QG3M.roa (raw, json)
Hash identifier:          lD6N6+aFRS9/zAieB5s6wlOQWUVTR8fXOZN5xitWFf0=
Subject key identifier:   83:49:4B:8B:B2:FB:35:C2:12:99:52:F7:DC:B7:D3:4B:AE:90:1B:73
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       018EE2D3ADD171855AC68F09A63A41230075
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/g0lLi7L7NcISmVL33LfTS66QG3M.roa
Signing time:             Mon 15 Apr 2024 17:35:07 +0000
ROA not before:           Mon 15 Apr 2024 17:35:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7489
IP address blocks:        2.56.164.0/22 maxlen: 24
                          45.81.20.0/22 maxlen: 24
                          45.90.144.0/22 maxlen: 24
                          45.90.145.0/24 maxlen: 24
                          45.90.146.0/24 maxlen: 24
                          45.140.220.0/22 maxlen: 24
                          45.154.196.0/22 maxlen: 24
                          77.83.240.0/22 maxlen: 24
                          77.83.243.0/24 maxlen: 24
                          78.108.216.0/22 maxlen: 24
                          78.108.217.0/24 maxlen: 24
                          83.143.116.0/22 maxlen: 24
                          83.143.116.0/24 maxlen: 24
                          83.143.119.0/24 maxlen: 24
                          85.202.160.0/22 maxlen: 24
                          89.190.156.0/22 maxlen: 24
                          178.218.144.0/22 maxlen: 24
                          185.185.40.0/22 maxlen: 24
                          185.186.64.0/22 maxlen: 24
                          185.227.68.0/22 maxlen: 24
                          185.227.71.0/24 maxlen: 24
                          185.234.72.0/22 maxlen: 24
                          185.242.224.0/22 maxlen: 24
                          185.242.225.0/24 maxlen: 24
                          193.31.28.0/22 maxlen: 24
                          193.31.30.0/24 maxlen: 24
                          193.34.76.0/22 maxlen: 24
                          193.34.77.0/24 maxlen: 24
                          193.105.184.0/24 maxlen: 24
                          193.105.207.0/24 maxlen: 24
                          193.221.192.0/22 maxlen: 24
                          194.31.141.0/24 maxlen: 24
                          194.50.16.0/22 maxlen: 24
                          194.56.224.0/22 maxlen: 24
                          194.56.226.0/24 maxlen: 24
                          212.107.12.0/22 maxlen: 24
                          212.107.14.0/24 maxlen: 24
                          2a0b:b82::/44 maxlen: 44
                          2a0b:b84::/32 maxlen: 32
                          2a0b:b85::/32 maxlen: 32
                          2a0b:b86::/40 maxlen: 48
                          2a0b:b87:ff12::/48 maxlen: 48
                          2a0b:b87:ffb4::/48 maxlen: 48
                          2a0b:b87:ffda::/48 maxlen: 48
                          2a0b:b87:ffec::/48 maxlen: 48
                          2a0b:b87:fff0::/44 maxlen: 44
                          2a0b:7080:10::/44 maxlen: 44
                          2a0b:7080:10::/45 maxlen: 45
                          2a0b:7080:10::/48 maxlen: 48
                          2a0b:7080:20::/44 maxlen: 48
                          2a0b:7080:20::/48 maxlen: 48
                          2a0b:7080:30::/44 maxlen: 48
                          2a0d:77c0::/29 maxlen: 32

Validation:               Failed, certificate revoked on Wed 17 Apr 2024 13:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e2:d3:ad:d1:71:85:5a:c6:8f:09:a6:3a:41:23:00:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Apr 15 17:35:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=83494b8bb2fb35c2129952f7dcb7d34bae901b73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:17:3c:bf:21:a3:00:cb:4e:64:37:9b:7f:08:
                    bd:f6:39:67:d6:88:22:17:a3:a2:e8:3b:05:9f:53:
                    f6:78:12:f5:61:33:17:36:2d:c0:2a:90:24:1c:c2:
                    72:a9:f9:d2:fd:6c:0c:44:69:d5:2e:94:15:40:8a:
                    27:b1:d5:f9:43:bf:2c:00:58:bf:cf:e9:7f:5e:58:
                    18:2b:d3:cc:3e:81:12:ac:d6:a7:eb:72:3a:e9:bb:
                    42:f6:64:8b:ff:74:45:0c:fc:37:9f:39:8d:e7:34:
                    4f:e3:a2:a7:8b:3c:57:15:49:a2:4a:61:b2:c8:bc:
                    ae:80:48:82:a0:89:a5:67:80:fe:e0:d5:c7:ed:47:
                    f9:6e:36:d6:03:eb:24:cb:f3:0e:26:69:e2:61:a5:
                    3d:a3:df:18:d3:93:f2:f6:4d:f7:f9:e3:8c:2e:90:
                    ec:15:28:77:6d:91:81:0c:85:75:53:85:01:0a:25:
                    d8:6d:fb:4b:2b:6b:22:71:06:16:87:e8:8d:69:7f:
                    21:3c:10:65:27:e4:00:f9:ea:cf:48:81:ad:8d:70:
                    3e:c7:b7:8e:0c:92:08:73:be:83:6a:48:f3:c9:0f:
                    29:c6:1a:f5:b7:04:65:bd:9d:be:38:99:4d:36:97:
                    e5:86:41:3b:70:19:cb:a9:d1:6b:65:b7:42:9a:75:
                    a9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:49:4B:8B:B2:FB:35:C2:12:99:52:F7:DC:B7:D3:4B:AE:90:1B:73
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/g0lLi7L7NcISmVL33LfTS66QG3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.164.0/22
                  45.81.20.0/22
                  45.90.144.0/22
                  45.140.220.0/22
                  45.154.196.0/22
                  77.83.240.0/22
                  78.108.216.0/22
                  83.143.116.0/22
                  85.202.160.0/22
                  89.190.156.0/22
                  178.218.144.0/22
                  185.185.40.0/22
                  185.186.64.0/22
                  185.227.68.0/22
                  185.234.72.0/22
                  185.242.224.0/22
                  193.31.28.0/22
                  193.34.76.0/22
                  193.105.184.0/24
                  193.105.207.0/24
                  193.221.192.0/22
                  194.31.141.0/24
                  194.50.16.0/22
                  194.56.224.0/22
                  212.107.12.0/22
                IPv6:
                  2a0b:b82::/44
                  2a0b:b84::-2a0b:b86:ff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b87:ff12::/48
                  2a0b:b87:ffb4::/48
                  2a0b:b87:ffda::/48
                  2a0b:b87:ffec::/48
                  2a0b:b87:fff0::/44
                  2a0b:7080:10::-2a0b:7080:3f:ffff:ffff:ffff:ffff:ffff
                  2a0d:77c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:0a:4b:80:bb:cd:3e:ee:95:51:1e:16:7f:06:fb:e9:d0:ab:
         39:7e:d4:10:a5:7f:38:80:4f:af:18:20:21:7a:12:cf:a9:4a:
         e9:fd:0f:07:51:6f:c6:67:94:bc:7d:5e:14:03:12:62:5b:af:
         56:34:49:76:ac:23:35:9c:71:31:09:8c:1a:3c:1c:b8:46:4c:
         7b:1f:88:2c:59:52:37:39:66:d6:f0:8e:13:6b:79:bc:74:8e:
         a4:f4:48:f6:7c:e9:f1:ee:8f:3e:79:2b:a2:1c:45:48:02:51:
         be:c4:75:0c:26:97:64:8c:51:09:96:e1:aa:13:09:23:18:1c:
         9b:76:26:90:76:cb:5f:e9:48:5d:a1:b6:53:81:96:c3:f2:76:
         e7:6d:0b:f5:5f:ac:77:86:7e:31:6d:5e:15:4a:fa:46:94:f3:
         b9:18:04:7b:3d:40:6f:97:2e:84:66:eb:69:57:b8:93:76:a5:
         23:3d:45:1a:05:80:2a:ee:d5:76:1a:9d:a4:4a:30:e1:5e:24:
         bc:7b:49:5e:d1:89:df:e0:56:ed:28:7c:86:fa:25:bc:10:ad:
         24:df:ba:70:75:ae:80:cf:f5:eb:cd:9f:6c:01:35:df:06:02:
         92:d6:94:53:79:39:bd:33:aa:64:55:1f:bf:99:75:f3:f3:d7:
         2a:4b:fa:55
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgISAY7i063RcYVaxo8JpjpBIwB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwNDE1MTczNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzQ5NGI4YmIyZmIzNWMyMTI5OTUyZjdkY2I3ZDM0YmFlOTAxYjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhc8vyGjAMtOZDebfwi99jln1ogi
F6Oi6DsFn1P2eBL1YTMXNi3AKpAkHMJyqfnS/WwMRGnVLpQVQIonsdX5Q78sAFi/
z+l/XlgYK9PMPoESrNan63I66btC9mSL/3RFDPw3nzmN5zRP46KnizxXFUmiSmGy
yLyugEiCoImlZ4D+4NXH7Uf5bjbWA+sky/MOJmniYaU9o98Y05Py9k33+eOMLpDs
FSh3bZGBDIV1U4UBCiXYbftLK2sicQYWh+iNaX8hPBBlJ+QA+erPSIGtjXA+x7eO
DJIIc76DakjzyQ8pxhr1twRlvZ2+OJlNNpflhkE7cBnLqdFrZbdCmnWpwwIDAQAB
o4IDCzCCAwcwHQYDVR0OBBYEFINJS4uy+zXCEplS99y300uukBtzMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZzBsTGk3TDdOY0lTbVZMMzNMZlRTNjZRRzNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHwYIKwYBBQUHAQcBAf8EggEOMIIBCjCBnQQCAAEwgZYD
BAICOKQDBAItURQDBAItWpADBAItjNwDBAItmsQDBAJNU/ADBAJObNgDBAJTj3QD
BAJVyqADBAJZvpwDBAKy2pADBAK5uSgDBAK5ukADBAK540QDBAK56kgDBAK58uAD
BALBHxwDBALBIkwDBADBabgDBADBac8DBALB3cADBADCH40DBALCMhADBALCOOAD
BALUawwwaAQCAAIwYgMHBCoLC4IAADAPAwUCKgsLhAMGACoLC4YAAwcAKgsLh/8S
AwcAKgsLh/+0AwcAKgsLh//aAwcAKgsLh//sAwcEKgsLh//wMBIDBwQqC3CAABAD
BwYqC3CAAAADBQMqDXfAMA0GCSqGSIb3DQEBCwUAA4IBAQBQCkuAu80+7pVRHhZ/
Bvvp0Ks5ftQQpX84gE+vGCAhehLPqUrp/Q8HUW/GZ5S8fV4UAxJiW69WNEl2rCM1
nHExCYwaPBy4Rkx7H4gsWVI3OWbW8I4Ta3m8dI6k9Ej2fOnx7o8+eSuiHEVIAlG+
xHUMJpdkjFEJluGqEwkjGBybdiaQdstf6UhdobZTgZbD8nbnbQv1X6x3hn4xbV4V
SvpGlPO5GAR7PUBvly6EZutpV7iTdqUjPUUaBYAq7tV2Gp2kSjDhXiS8e0le0Ynf
4FbtKHyG+iW8EK0k37pwda6Az/XrzZ9sATXfBgKS1pRTeTm9M6pkVR+/mXXz89cq
S/pV
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:39 2024 by rpki-client on console-ams.rpki-client.org