Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/76H2vd_sOB-gh4vLLV8OtBJHy6M.roa
File:                     76H2vd_sOB-gh4vLLV8OtBJHy6M.roa (raw, json)
Hash identifier:          shrHucoSaKHLi771EW6J+7ghue4CZEamrspqt4x+wdU=
Subject key identifier:   EF:A1:F6:BD:DF:EC:38:1F:A0:87:8B:CB:2D:5F:0E:B4:12:47:CB:A3
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01856EA69ADC3082E2A5AE4FBD7150CF07D4
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/76H2vd_sOB-gh4vLLV8OtBJHy6M.roa
Signing time:             Sun 01 Jan 2023 18:44:50 +0000
ROA not before:           Sun 01 Jan 2023 18:44:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202592
IP address blocks:        185.96.57.0/24 maxlen: 24
                          185.96.56.0/22 maxlen: 22
                          185.96.56.0/24 maxlen: 24
                          194.38.48.0/22 maxlen: 22
                          193.168.200.0/24 maxlen: 24
                          193.168.200.0/22 maxlen: 22
                          193.168.201.0/24 maxlen: 24
                          193.160.220.0/22 maxlen: 22
                          185.136.16.0/22 maxlen: 22
                          185.136.19.0/24 maxlen: 24
                          185.136.18.0/24 maxlen: 24
                          147.185.196.0/23 maxlen: 23
                          147.185.206.0/23 maxlen: 23
                          207.244.196.0/22 maxlen: 22
                          43.240.148.0/22 maxlen: 22
                          207.244.208.0/22 maxlen: 22
                          45.12.100.0/22 maxlen: 22
                          2a05:ff01::/32 maxlen: 32
                          2a05:ff00:2::/48 maxlen: 48
                          2a05:ff00:1::/48 maxlen: 48
                          2a05:ff00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 01 Nov 2023 16:35:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:a6:9a:dc:30:82:e2:a5:ae:4f:bd:71:50:cf:07:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Jan  1 18:44:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=efa1f6bddfec381fa0878bcb2d5f0eb41247cba3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fe:e1:fe:27:f6:14:02:b4:44:b8:03:0e:13:
                    4f:38:25:3d:a8:ea:58:32:76:41:b2:42:c4:85:8a:
                    18:24:b8:76:7e:15:e5:ad:06:91:99:0f:c9:a2:29:
                    fb:32:40:ee:d4:97:bb:62:d2:85:78:9f:8e:2a:7e:
                    20:25:1d:ad:bc:ac:56:af:62:ee:12:d8:3c:ab:1f:
                    35:2e:73:20:c7:f2:ae:93:dc:68:f3:83:ad:57:90:
                    54:42:13:27:c3:6e:9a:79:a4:ea:7e:75:0d:91:90:
                    d8:df:dc:76:53:87:8a:81:f8:23:e8:da:1c:1e:4f:
                    1a:5b:5c:4e:81:7a:64:05:3e:07:a5:65:4b:be:1e:
                    2e:05:d9:9a:d1:d9:0f:af:f1:ce:28:6b:6e:76:51:
                    cd:5d:d5:95:4e:65:33:30:40:b2:79:5e:56:8f:41:
                    8d:db:cc:a5:b8:9a:fe:a4:ae:d8:b4:fe:8f:5c:c4:
                    9e:62:1a:c4:f6:f9:d4:bf:18:08:64:dc:0e:d2:34:
                    19:b7:6b:31:40:0c:be:71:00:01:04:6a:e3:57:a4:
                    36:f7:0d:8c:6f:5a:b5:79:57:65:88:da:93:f0:3f:
                    4e:19:4e:81:7f:b3:40:c6:4c:86:d5:cd:c1:b8:7c:
                    c5:e2:54:d3:7c:40:5e:2c:76:57:36:07:a7:fd:89:
                    2c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:A1:F6:BD:DF:EC:38:1F:A0:87:8B:CB:2D:5F:0E:B4:12:47:CB:A3
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/76H2vd_sOB-gh4vLLV8OtBJHy6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/31

    Signature Algorithm: sha256WithRSAEncryption
         55:41:8b:44:7b:18:6b:55:16:02:5e:8f:57:c6:41:e0:65:69:
         c4:50:c2:36:09:18:e2:dc:bc:f5:5e:79:52:75:89:d9:2c:c8:
         ba:1e:8b:19:f8:a6:ed:a7:e0:d3:a7:e6:45:2e:80:09:a9:59:
         eb:b6:92:a7:34:ff:68:40:a6:38:66:48:b3:92:9d:c8:d4:0c:
         78:62:47:d4:5b:c3:6b:3f:8a:b8:ec:aa:f6:c1:52:67:ca:0c:
         cf:8e:4f:da:e4:3a:0f:0d:d3:21:05:b7:14:89:88:36:14:93:
         ce:d9:fa:2e:b4:cc:b9:0b:44:a1:c5:97:f4:d5:63:a8:7c:0b:
         57:4b:b7:6c:69:fd:9f:00:35:4a:33:bc:ca:82:09:17:03:5f:
         29:98:ea:8b:7a:22:62:37:21:2a:5b:1b:d5:5a:c7:a8:ad:55:
         59:0b:dd:cd:e9:94:59:69:cf:5c:d7:1a:ac:b1:56:b1:22:9a:
         86:91:4b:c8:33:e3:0a:c9:e4:cb:e9:ef:be:27:e9:52:a0:19:
         0a:cb:04:a3:f3:98:00:2f:19:eb:df:63:91:a8:b6:8e:85:fa:
         50:10:17:f6:2c:d7:95:a3:da:b8:8c:c3:32:be:ed:25:ca:bf:
         aa:48:5a:5c:08:50:5f:92:a2:86:71:e8:c1:93:3e:4d:a3:2a:
         01:5f:5c:69
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVupprcMILipa5PvXFQzwfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjMwMTAxMTg0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmExZjZiZGRmZWMzODFmYTA4NzhiY2IyZDVmMGViNDEyNDdjYmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArv7h/if2FAK0RLgDDhNPOCU9qOpY
MnZBskLEhYoYJLh2fhXlrQaRmQ/Join7MkDu1Je7YtKFeJ+OKn4gJR2tvKxWr2Lu
Etg8qx81LnMgx/Kuk9xo84OtV5BUQhMnw26aeaTqfnUNkZDY39x2U4eKgfgj6Noc
Hk8aW1xOgXpkBT4HpWVLvh4uBdma0dkPr/HOKGtudlHNXdWVTmUzMECyeV5Wj0GN
28yluJr+pK7YtP6PXMSeYhrE9vnUvxgIZNwO0jQZt2sxQAy+cQABBGrjV6Q29w2M
b1q1eVdliNqT8D9OGU6Bf7NAxkyG1c3BuHzF4lTTfEBeLHZXNgen/YksVwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFO+h9r3f7DgfoIeLyy1fDrQSR8ujMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvNzZIMnZkX3NPQi1naDR2TExWOE90QkpIeTZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMA0EAgACMAcDBQEqBf8AMA0GCSqGSIb3DQEBCwUAA4IBAQBVQYtE
exhrVRYCXo9XxkHgZWnEUMI2CRji3Lz1XnlSdYnZLMi6HosZ+Kbtp+DTp+ZFLoAJ
qVnrtpKnNP9oQKY4Zkizkp3I1Ax4YkfUW8NrP4q47Kr2wVJnygzPjk/a5DoPDdMh
BbcUiYg2FJPO2foutMy5C0ShxZf01WOofAtXS7dsaf2fADVKM7zKggkXA18pmOqL
eiJiNyEqWxvVWseorVVZC93N6ZRZac9c1xqssVaxIpqGkUvIM+MKyeTL6e++J+lS
oBkKywSj85gALxnr32ORqLaOhfpQEBf2LNeVo9q4jMMyvu0lyr+qSFpcCFBfkqKG
cejBkz5NoyoBX1xp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:07 2024 by rpki-client on console-fra.rpki-client.org