Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/CCofLse3SwVdavk3ds8dFsNjDmY.roa
File:                     CCofLse3SwVdavk3ds8dFsNjDmY.roa (raw, json)
Hash identifier:          1e3CkZ583uiEWxWuVnYGFLBF8tauP0OIH5MFcyaTEpo=
Subject key identifier:   08:2A:1F:2E:C7:B7:4B:05:5D:6A:F9:37:76:CF:1D:16:C3:63:0E:66
Certificate issuer:       /CN=1847b59d21ea36b3062fca80ce75c1616af5119a
Certificate serial:       01856BC1010310E0BB84A02B07E156CF4C74
Authority key identifier: 18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/CCofLse3SwVdavk3ds8dFsNjDmY.roa
Signing time:             Sun 01 Jan 2023 05:14:48 +0000
ROA not before:           Sun 01 Jan 2023 05:14:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48716
IP address blocks:        185.146.0.0/22 maxlen: 24
                          185.22.64.0/22 maxlen: 24
                          185.102.72.0/22 maxlen: 24
                          78.40.108.0/23 maxlen: 24
                          195.93.152.0/23 maxlen: 24
                          195.49.208.0/21 maxlen: 24
                          109.233.108.0/22 maxlen: 32
                          77.240.38.0/23 maxlen: 24
                          89.219.32.0/22 maxlen: 24
                          194.110.54.0/23 maxlen: 24
                          94.247.128.0/21 maxlen: 24
                          91.215.137.0/24 maxlen: 32
                          91.215.136.0/23 maxlen: 24
                          91.215.136.0/24 maxlen: 24
                          91.215.139.0/24 maxlen: 32
                          195.210.46.0/23 maxlen: 24
                          194.39.64.0/22 maxlen: 24
                          194.39.64.0/23 maxlen: 24
                          185.35.222.0/23 maxlen: 24
                          194.39.67.0/24 maxlen: 24
                          194.39.66.0/24 maxlen: 24
                          91.201.214.0/23 maxlen: 24
                          2a00:5da0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 20 Feb 2023 19:04:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:c1:01:03:10:e0:bb:84:a0:2b:07:e1:56:cf:4c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1847b59d21ea36b3062fca80ce75c1616af5119a
        Validity
            Not Before: Jan  1 05:14:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=082a1f2ec7b74b055d6af93776cf1d16c3630e66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f9:96:ae:3a:f9:84:16:b9:11:ee:d4:09:da:
                    cf:6f:12:fa:21:f2:eb:c0:5f:e9:60:e7:3e:05:77:
                    b3:81:56:c8:a1:6d:65:2d:1c:83:07:95:18:78:88:
                    0d:dc:c0:51:25:3d:a4:5f:16:5a:71:73:4c:a1:05:
                    e2:e2:10:70:37:89:06:97:a4:14:34:ba:87:37:43:
                    93:46:09:ea:b3:ed:7c:72:15:d8:83:76:73:c4:f6:
                    c8:83:19:58:b4:b9:6c:db:9f:b9:27:b3:b5:59:12:
                    63:73:8f:52:b7:90:32:38:67:d0:5f:20:21:da:fc:
                    33:7f:c7:b6:e8:17:89:e9:c0:76:94:30:97:27:b3:
                    dc:22:5f:27:47:82:c4:8e:0f:f1:a0:71:3c:cd:fd:
                    12:09:82:89:a9:aa:43:11:a5:aa:25:58:9d:a7:0f:
                    ec:ee:cd:d3:03:3a:20:e6:4e:8c:20:74:ee:ec:63:
                    91:1b:30:e4:d1:7b:63:42:9a:70:5f:62:d7:1a:2a:
                    9b:30:8e:a1:41:4f:c4:ac:37:6d:c5:12:cb:b3:8f:
                    f0:83:f8:55:b2:ad:ca:75:4f:e3:6f:c9:43:f4:24:
                    87:41:35:0f:9c:8f:3d:32:92:01:24:f5:9e:0e:30:
                    77:5e:bf:f4:85:d8:ab:1c:32:b1:d5:e2:6d:76:80:
                    54:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:2A:1F:2E:C7:B7:4B:05:5D:6A:F9:37:76:CF:1D:16:C3:63:0E:66
            X509v3 Authority Key Identifier:
                keyid:18:47:B5:9D:21:EA:36:B3:06:2F:CA:80:CE:75:C1:61:6A:F5:11:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEe1nSHqNrMGL8qAznXBYWr1EZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/CCofLse3SwVdavk3ds8dFsNjDmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/3824cd-e527-4adc-a412-f91bb5179217/1/GEe1nSHqNrMGL8qAznXBYWr1EZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.240.38.0/23
                  78.40.108.0/23
                  89.219.32.0/22
                  91.201.214.0/23
                  91.215.136.0/23
                  91.215.139.0/24
                  94.247.128.0/21
                  109.233.108.0/22
                  185.22.64.0/22
                  185.35.222.0/23
                  185.102.72.0/22
                  185.146.0.0/22
                  194.39.64.0/22
                  194.110.54.0/23
                  195.49.208.0/21
                  195.93.152.0/23
                  195.210.46.0/23
                IPv6:
                  2a00:5da0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:12:f6:11:84:7d:f8:d0:e1:1f:5f:4d:8f:97:c6:e7:d4:88:
         04:1f:0c:74:f2:98:d2:b6:a3:9b:51:eb:fe:00:dc:ca:cd:b0:
         a3:63:00:0d:a5:97:e0:35:fb:6b:e2:4c:44:de:e2:bc:4d:dd:
         30:a0:bb:26:10:83:f0:dd:a3:74:4e:24:4c:ea:e3:de:7c:9b:
         09:6d:48:f1:a7:56:27:1c:5f:f1:c4:fe:8e:81:32:d9:50:b0:
         02:67:d3:c7:e4:ef:88:f4:06:c4:7c:52:17:e9:85:e0:68:4c:
         11:05:a7:c8:bc:61:91:bb:7a:86:14:61:02:a6:c6:07:1d:84:
         39:0f:aa:24:e3:fe:16:e7:9d:e5:0c:c6:13:5e:fb:1e:bc:1b:
         69:b3:6a:93:3c:a9:30:df:1e:f5:62:f6:d8:f1:cc:3d:56:7f:
         b8:e8:1a:b9:cd:d0:26:fe:80:b1:fb:e7:95:41:29:be:d6:1e:
         f2:23:f9:e5:4b:33:f7:d3:d0:55:e2:a6:74:9f:5e:09:28:f2:
         31:3a:3d:a4:0d:84:7a:8f:f3:d7:3b:44:2c:8c:27:70:2e:55:
         21:5b:e5:4a:82:b9:3c:27:4a:94:66:34:70:b2:5d:3b:3d:b3:
         3e:f3:b0:8f:54:87:4f:84:b7:b0:1c:61:7f:28:63:37:25:e8:
         79:9d:e6:4e
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYVrwQEDEOC7hKArB+FWz0x0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDdiNTlkMjFlYTM2YjMwNjJmY2E4MGNlNzVjMTYxNmFm
NTExOWEwHhcNMjMwMTAxMDUxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODJhMWYyZWM3Yjc0YjA1NWQ2YWY5Mzc3NmNmMWQxNmMzNjMwZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPmWrjr5hBa5Ee7UCdrPbxL6IfLr
wF/pYOc+BXezgVbIoW1lLRyDB5UYeIgN3MBRJT2kXxZacXNMoQXi4hBwN4kGl6QU
NLqHN0OTRgnqs+18chXYg3ZzxPbIgxlYtLls25+5J7O1WRJjc49St5AyOGfQXyAh
2vwzf8e26BeJ6cB2lDCXJ7PcIl8nR4LEjg/xoHE8zf0SCYKJqapDEaWqJVidpw/s
7s3TAzog5k6MIHTu7GORGzDk0XtjQppwX2LXGiqbMI6hQU/ErDdtxRLLs4/wg/hV
sq3KdU/jb8lD9CSHQTUPnI89MpIBJPWeDjB3Xr/0hdirHDKx1eJtdoBUSQIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFAgqHy7Ht0sFXWr5N3bPHRbDYw5mMB8GA1UdIwQY
MBaAFBhHtZ0h6jazBi/KgM51wWFq9RGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTIt
ZjkxYmI1MTc5MjE3LzEvQ0NvZkxzZTNTd1ZkYXZrM2RzOGRGc05qRG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi8zODI0Y2QtZTUyNy00YWRjLWE0MTItZjkxYmI1MTc5MjE3
LzEvR0VlMW5TSHFOck1HTDhxQXpuWEJZV3IxRVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAU3wJgME
AU4obAMEAlnbIAMEAVvJ1gMEAVvXiAMEAFvXiwMEA173gAMEAm3pbAMEArkWQAME
Abkj3gMEArlmSAMEArmSAAMEAsInQAMEAcJuNgMEA8Mx0AMEAcNdmAMEAcPSLjAN
BAIAAjAHAwUAKgBdoDANBgkqhkiG9w0BAQsFAAOCAQEAbRL2EYR9+NDhH19Nj5fG
59SIBB8MdPKY0rajm1Hr/gDcys2wo2MADaWX4DX7a+JMRN7ivE3dMKC7JhCD8N2j
dE4kTOrj3nybCW1I8adWJxxf8cT+joEy2VCwAmfTx+TviPQGxHxSF+mF4GhMEQWn
yLxhkbt6hhRhAqbGBx2EOQ+qJOP+Fued5QzGE177HrwbabNqkzypMN8e9WL22PHM
PVZ/uOgauc3QJv6AsfvnlUEpvtYe8iP55Usz99PQVeKmdJ9eCSjyMTo9pA2Eeo/z
1ztELIwncC5VIVvlSoK5PCdKlGY0cLJdOz2zPvOwj1SHT4S3sBxhfyhjNyXoeZ3m
Tg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:51 2024 by rpki-client on console-fra.rpki-client.org