Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/LvLqCQshu-OTX0Mzph2TfiVo01c.roa
File:                     LvLqCQshu-OTX0Mzph2TfiVo01c.roa (raw, json)
Hash identifier:          H5Cr7o2tcZakjiAGnQ2Nqjb1G9+HIUtDR+UrK0w8BHE=
Subject key identifier:   2E:F2:EA:09:0B:21:BB:E3:93:5F:43:33:A6:1D:93:7E:25:68:D3:57
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       018B8BBD3A6966855C2A3B3C2DAA542773F9
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/LvLqCQshu-OTX0Mzph2TfiVo01c.roa
Signing time:             Wed 01 Nov 2023 16:35:16 +0000
ROA not before:           Wed 01 Nov 2023 16:35:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202592
IP address blocks:        185.96.57.0/24 maxlen: 24
                          185.96.56.0/22 maxlen: 22
                          185.96.56.0/24 maxlen: 24
                          194.38.48.0/22 maxlen: 22
                          193.168.200.0/24 maxlen: 24
                          193.168.200.0/22 maxlen: 22
                          193.168.201.0/24 maxlen: 24
                          193.160.220.0/22 maxlen: 22
                          185.136.16.0/22 maxlen: 22
                          147.185.196.0/23 maxlen: 23
                          185.136.19.0/24 maxlen: 24
                          185.136.18.0/24 maxlen: 24
                          147.185.206.0/23 maxlen: 23
                          207.244.196.0/22 maxlen: 22
                          43.240.148.0/22 maxlen: 22
                          207.244.208.0/22 maxlen: 22
                          45.12.100.0/22 maxlen: 22
                          2a05:ff01::/32 maxlen: 32
                          2a05:ff00:2::/48 maxlen: 48
                          2a05:ff00:1::/48 maxlen: 48
                          2a07:5b40::/29 maxlen: 48
                          2a05:ff00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sun 05 Nov 2023 14:38:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:8b:bd:3a:69:66:85:5c:2a:3b:3c:2d:aa:54:27:73:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov  1 16:35:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ef2ea090b21bbe3935f4333a61d937e2568d357
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:95:c1:4c:66:04:a9:2e:66:2e:2a:17:6b:08:
                    e9:c2:77:8b:ac:b1:3a:7d:ac:85:76:3a:ab:39:ef:
                    87:6b:33:07:89:77:a3:59:ff:27:25:d5:cf:0c:96:
                    a9:a4:ba:0b:e7:c0:c2:ba:cc:6c:e2:6b:72:91:71:
                    d4:74:2b:2e:ae:a2:34:45:25:0e:4a:02:78:0a:88:
                    1c:8c:cd:3f:00:d9:13:43:09:52:3e:8e:19:00:64:
                    9e:e5:b8:ea:ec:41:35:5a:d9:b2:42:7f:33:86:12:
                    6e:8c:8a:04:4e:c9:26:ac:33:29:d0:63:0b:72:63:
                    6b:20:e0:49:42:8d:be:2b:29:3f:cc:66:0d:b1:c1:
                    d4:56:76:fd:c6:7a:fd:ab:b4:d6:2e:e1:2f:e2:b5:
                    50:cd:cc:7d:09:14:e1:fe:45:25:62:21:66:e1:63:
                    72:66:0d:a4:81:ac:c3:4f:0a:d2:1e:3a:61:8f:ff:
                    71:1c:ac:07:2b:65:1b:3c:c8:9f:58:b3:3a:fc:e3:
                    d5:21:c2:ea:33:53:a1:d9:c5:1b:87:1d:55:da:1a:
                    55:a3:a6:4c:f7:b2:b1:f7:5c:4d:3e:f7:96:ff:3f:
                    04:8b:48:0d:cb:31:bd:c0:5e:35:e7:bb:26:3a:fa:
                    42:82:fb:49:99:fb:a6:2d:bf:65:a2:d8:ec:78:b7:
                    b9:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:F2:EA:09:0B:21:BB:E3:93:5F:43:33:A6:1D:93:7E:25:68:D3:57
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/LvLqCQshu-OTX0Mzph2TfiVo01c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/31
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:bc:b3:41:ad:80:e6:cd:d4:a9:53:d6:94:fd:2f:81:f1:cc:
         55:d9:bf:b1:ba:70:e6:a8:69:79:68:38:64:a1:ee:b9:3d:e1:
         4c:0d:69:1d:f5:5a:01:f8:25:1c:3a:68:4f:5f:55:59:91:a4:
         4f:20:4e:e8:a8:66:43:59:08:af:78:c9:e5:05:08:6d:2a:73:
         c4:d3:75:ff:28:26:16:90:14:c2:7c:fc:53:2e:c1:20:f3:a0:
         f4:af:0a:d2:ef:28:f9:bc:5d:e2:2c:55:ba:80:10:ba:9f:64:
         c5:75:cf:f3:0d:ba:f4:36:26:81:c8:02:d9:13:10:66:49:fb:
         6b:4e:eb:89:76:32:77:7a:f1:d9:93:c5:43:c7:5d:38:94:7b:
         de:9c:ee:f3:4a:73:eb:a0:66:7d:26:c1:84:40:b5:e7:8c:05:
         b7:33:de:53:45:1e:ef:5c:b1:78:b6:1a:40:8d:8a:69:89:9c:
         83:fe:6a:fb:92:bf:a2:2f:5d:31:1f:92:9f:20:73:f7:44:c0:
         4b:76:b0:0e:8d:fa:e8:57:16:4b:67:fb:3b:ae:7b:2f:88:54:
         22:ee:93:52:6a:9b:3c:9a:1b:ce:ac:aa:47:e1:75:5a:7b:9d:
         d6:11:b6:0c:4e:b2:2a:05:07:36:72:2d:66:2f:83:05:f8:25:
         de:c2:7a:d5
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYuLvTppZoVcKjs8LapUJ3P5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjMxMTAxMTYzNTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWYyZWEwOTBiMjFiYmUzOTM1ZjQzMzNhNjFkOTM3ZTI1NjhkMzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5XBTGYEqS5mLioXawjpwneLrLE6
fayFdjqrOe+HazMHiXejWf8nJdXPDJappLoL58DCusxs4mtykXHUdCsurqI0RSUO
SgJ4CogcjM0/ANkTQwlSPo4ZAGSe5bjq7EE1WtmyQn8zhhJujIoETskmrDMp0GML
cmNrIOBJQo2+Kyk/zGYNscHUVnb9xnr9q7TWLuEv4rVQzcx9CRTh/kUlYiFm4WNy
Zg2kgazDTwrSHjphj/9xHKwHK2UbPMifWLM6/OPVIcLqM1Oh2cUbhx1V2hpVo6ZM
97Kx91xNPveW/z8Ei0gNyzG9wF4157smOvpCgvtJmfumLb9lotjseLe5dQIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFC7y6gkLIbvjk19DM6Ydk34laNNXMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvTHZMcUNRc2h1LU9UWDBNenBoMlRmaVZvMDFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMBQEAgACMA4DBQEqBf8AAwUDKgdbQDANBgkqhkiG9w0BAQsFAAOC
AQEAZbyzQa2A5s3UqVPWlP0vgfHMVdm/sbpw5qhpeWg4ZKHuuT3hTA1pHfVaAfgl
HDpoT19VWZGkTyBO6KhmQ1kIr3jJ5QUIbSpzxNN1/ygmFpAUwnz8Uy7BIPOg9K8K
0u8o+bxd4ixVuoAQup9kxXXP8w269DYmgcgC2RMQZkn7a07riXYyd3rx2ZPFQ8dd
OJR73pzu80pz66BmfSbBhEC154wFtzPeU0Ue71yxeLYaQI2KaYmcg/5q+5K/oi9d
MR+SnyBz90TAS3awDo366FcWS2f7O657L4hUIu6TUmqbPJobzqyqR+F1Wnud1hG2
DE6yKgUHNnItZi+DBfgl3sJ61Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:07 2024 by rpki-client on console-fra.rpki-client.org