Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ajKg60m8KJ2fJh3YL1Lhc_MuScY.roa
File:                     ajKg60m8KJ2fJh3YL1Lhc_MuScY.roa (raw, json)
Hash identifier:          8aDPZrlHiESAkLgjL7HKKkLO2OVImEY22t0d0lu1M+A=
Subject key identifier:   6A:32:A0:EB:49:BC:28:9D:9F:26:1D:D8:2F:52:E1:73:F3:2E:49:C6
Certificate issuer:       /CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
Certificate serial:       01856FD5361C7935B7C0B5DBB7BAF825D30F
Authority key identifier: A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ajKg60m8KJ2fJh3YL1Lhc_MuScY.roa
Signing time:             Mon 02 Jan 2023 00:15:22 +0000
ROA not before:           Mon 02 Jan 2023 00:15:22 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33986
IP address blocks:        217.194.188.0/24 maxlen: 24
                          217.194.189.0/24 maxlen: 24
                          217.194.190.0/24 maxlen: 24
                          217.194.187.0/24 maxlen: 24
                          217.194.191.0/24 maxlen: 24
                          185.41.75.0/24 maxlen: 24
                          185.41.72.0/24 maxlen: 24
                          185.41.73.0/24 maxlen: 24
                          185.41.74.0/24 maxlen: 24
                          185.41.72.0/22 maxlen: 22
                          45.9.96.0/22 maxlen: 24
                          217.194.176.0/24 maxlen: 24
                          217.194.176.0/20 maxlen: 20
                          217.194.177.0/24 maxlen: 24
                          217.194.178.0/24 maxlen: 24
                          217.194.179.0/24 maxlen: 24
                          217.194.184.0/24 maxlen: 24
                          217.194.185.0/24 maxlen: 24
                          217.194.186.0/24 maxlen: 24
                          217.194.181.0/24 maxlen: 24
                          217.194.182.0/24 maxlen: 24
                          217.194.183.0/24 maxlen: 24
                          217.194.180.0/24 maxlen: 24
                          46.102.101.0/24 maxlen: 24
                          185.169.44.0/22 maxlen: 22
                          2a00:5b00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:30:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:d5:36:1c:79:35:b7:c0:b5:db:b7:ba:f8:25:d3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1f7882861c29ed599be4a937480c4d13e25bfc2
        Validity
            Not Before: Jan  2 00:15:22 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a32a0eb49bc289d9f261dd82f52e173f32e49c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9d:5e:ee:3a:ad:5d:ca:3e:76:68:36:3d:58:
                    78:fc:5f:e8:3c:06:91:5b:47:70:e1:4b:26:3a:bb:
                    76:aa:e1:35:93:7e:aa:c7:88:c6:c2:56:27:49:0e:
                    1d:4d:60:43:0e:ee:1a:b2:a7:01:89:5e:48:fb:09:
                    3b:16:7b:7a:e6:68:4d:12:a6:1a:98:96:ce:c5:71:
                    8a:9a:af:cd:c5:c4:9d:b3:df:70:19:c2:0a:d7:63:
                    29:65:92:58:e6:8b:45:5a:cd:51:4f:b0:73:59:14:
                    4b:eb:e0:0e:d7:35:cb:a3:40:b7:db:e4:25:92:5a:
                    21:45:a9:0f:5e:91:48:64:93:a8:f5:d1:24:a9:5a:
                    bb:12:56:64:92:22:bb:69:a9:78:28:13:01:4a:e1:
                    7e:11:a1:3e:84:f5:8f:ff:ce:da:dd:e5:13:1b:c8:
                    5b:a3:e5:1b:3b:a6:02:48:98:3c:53:a5:01:47:24:
                    47:c7:7b:04:d1:e7:bd:bb:2d:cf:f5:01:3f:ea:c1:
                    54:9b:b4:26:bb:91:44:54:f0:2c:39:d4:38:c7:6e:
                    56:0d:1a:36:4c:e7:5f:4f:86:31:1c:d1:58:b5:99:
                    15:51:ef:9a:54:83:44:96:5c:18:8c:3b:d4:d8:e8:
                    9e:23:71:0d:b9:3d:20:e7:b1:c3:1f:5e:18:6b:3e:
                    8a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:32:A0:EB:49:BC:28:9D:9F:26:1D:D8:2F:52:E1:73:F3:2E:49:C6
            X509v3 Authority Key Identifier:
                keyid:A1:F7:88:28:61:C2:9E:D5:99:BE:4A:93:74:80:C4:D1:3E:25:BF:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ofeIKGHCntWZvkqTdIDE0T4lv8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ajKg60m8KJ2fJh3YL1Lhc_MuScY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/03bab8-6c43-4a20-a960-c37a5982f466/1/ofeIKGHCntWZvkqTdIDE0T4lv8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.96.0/22
                  46.102.101.0/24
                  185.41.72.0/22
                  185.169.44.0/22
                  217.194.176.0/20
                IPv6:
                  2a00:5b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         37:2c:08:bc:f9:43:c8:25:07:68:fd:98:2d:21:76:d4:b8:ff:
         f8:a2:d3:21:a9:86:f4:84:da:ae:de:aa:78:8c:0c:1b:75:91:
         24:1e:3d:b8:57:ef:7b:e1:43:8c:3c:b9:57:a7:29:f6:89:51:
         73:15:75:2b:93:2a:ca:0f:cd:f3:a2:7f:20:f0:51:e6:f7:58:
         e4:9c:b9:3b:98:0d:7c:13:51:f0:bc:2c:f5:30:17:29:88:9d:
         43:1b:8c:4c:30:54:51:5d:3e:f9:58:e9:50:d2:6f:be:17:49:
         37:39:b9:26:18:04:66:59:5c:ae:70:2a:1f:64:ba:a3:aa:73:
         e2:4e:7b:53:5b:5a:fb:a7:7a:11:26:30:3a:d0:a6:2b:b2:b2:
         07:d1:ce:40:c1:24:e4:45:e3:63:6e:7d:5f:4f:a7:f1:99:c4:
         11:e9:b6:ca:a6:29:71:bf:fe:ea:93:56:bc:cd:2b:12:de:d9:
         65:0b:69:56:d3:82:55:1e:28:40:7f:fa:b2:42:38:f1:62:ee:
         93:d6:58:c0:3c:37:6a:cd:2f:bc:e6:a7:79:5d:d9:f4:b3:25:
         c5:22:8d:85:2d:ed:c5:31:1e:e4:20:6d:d2:dd:28:1f:39:0b:
         12:e9:41:c1:f0:05:ea:3b:96:19:56:7a:1c:38:4c:79:87:be:
         ac:a4:10:04
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVv1TYceTW3wLXbt7r4JdMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZjc4ODI4NjFjMjllZDU5OWJlNGE5Mzc0ODBjNGQxM2Uy
NWJmYzIwHhcNMjMwMTAyMDAxNTIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTMyYTBlYjQ5YmMyODlkOWYyNjFkZDgyZjUyZTE3M2YzMmU0OWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1e7jqtXco+dmg2PVh4/F/oPAaR
W0dw4UsmOrt2quE1k36qx4jGwlYnSQ4dTWBDDu4asqcBiV5I+wk7Fnt65mhNEqYa
mJbOxXGKmq/NxcSds99wGcIK12MpZZJY5otFWs1RT7BzWRRL6+AO1zXLo0C32+Ql
klohRakPXpFIZJOo9dEkqVq7ElZkkiK7aal4KBMBSuF+EaE+hPWP/87a3eUTG8hb
o+UbO6YCSJg8U6UBRyRHx3sE0ee9uy3P9QE/6sFUm7Qmu5FEVPAsOdQ4x25WDRo2
TOdfT4YxHNFYtZkVUe+aVINEllwYjDvU2OieI3ENuT0g57HDH14Yaz6K2QIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFGoyoOtJvCidnyYd2C9S4XPzLknGMB8GA1UdIwQY
MBaAFKH3iChhwp7Vmb5Kk3SAxNE+Jb/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAt
YzM3YTU5ODJmNDY2LzEvYWpLZzYwbThLSjJmSmgzWUwxTGhjX011U2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wM2JhYjgtNmM0My00YTIwLWE5NjAtYzM3YTU5ODJmNDY2
LzEvb2ZlSUtHSENudFdadmtxVGRJREUwVDRsdjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCLQlgAwQA
LmZlAwQCuSlIAwQCuaksAwQE2cKwMA0EAgACMAcDBQMqAFsAMA0GCSqGSIb3DQEB
CwUAA4IBAQA3LAi8+UPIJQdo/ZgtIXbUuP/4otMhqYb0hNqu3qp4jAwbdZEkHj24
V+974UOMPLlXpyn2iVFzFXUrkyrKD83zon8g8FHm91jknLk7mA18E1HwvCz1MBcp
iJ1DG4xMMFRRXT75WOlQ0m++F0k3ObkmGARmWVyucCofZLqjqnPiTntTW1r7p3oR
JjA60KYrsrIH0c5AwSTkReNjbn1fT6fxmcQR6bbKpilxv/7qk1a8zSsS3tllC2lW
04JVHihAf/qyQjjxYu6T1ljAPDdqzS+85qd5Xdn0syXFIo2FLe3FMR7kIG3S3Sgf
OQsS6UHB8AXqO5YZVnocOEx5h76spBAE
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:53 2024 by rpki-client on console-ams.rpki-client.org