Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/sx32viXbQjceYBztmIhCHGhllHI.roa
File:                     sx32viXbQjceYBztmIhCHGhllHI.roa (raw, json)
Hash identifier:          xwigfm4LbJ4X8tCGLrk+7uwF3dYZSxnQMZQ+K8lDWHw=
Subject key identifier:   B3:1D:F6:BE:25:DB:42:37:1E:60:1C:ED:98:88:42:1C:68:65:94:72
Certificate issuer:       /CN=72e81fb5cf0fb32c4575f8413acbd41aa84b82f4
Certificate serial:       018CC4923C6E79B5ADCFCCCA959BF5DF24BB
Authority key identifier: 72:E8:1F:B5:CF:0F:B3:2C:45:75:F8:41:3A:CB:D4:1A:A8:4B:82:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cugftc8PsyxFdfhBOsvUGqhLgvQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/sx32viXbQjceYBztmIhCHGhllHI.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15695
IP address blocks:        195.238.244.0/24 maxlen: 24
                          37.26.224.0/24 maxlen: 24
                          37.26.226.0/24 maxlen: 24
                          37.26.225.0/24 maxlen: 24
                          37.26.231.0/24 maxlen: 24
                          37.26.230.0/24 maxlen: 24
                          37.26.229.0/24 maxlen: 24
                          37.26.228.0/24 maxlen: 24
                          37.26.227.0/24 maxlen: 24
                          63.247.206.0/24 maxlen: 24
                          63.247.205.0/24 maxlen: 24
                          63.247.204.0/24 maxlen: 24
                          63.247.203.0/24 maxlen: 24
                          63.247.202.0/24 maxlen: 24
                          63.247.201.0/24 maxlen: 24
                          63.247.200.0/24 maxlen: 24
                          63.247.207.0/24 maxlen: 24
                          91.103.17.0/24 maxlen: 24
                          91.103.16.0/24 maxlen: 24
                          91.103.19.0/24 maxlen: 24
                          91.103.18.0/24 maxlen: 24
                          91.103.23.0/24 maxlen: 24
                          91.103.21.0/24 maxlen: 24
                          86.48.218.0/24 maxlen: 24
                          86.48.217.0/24 maxlen: 24
                          86.48.216.0/24 maxlen: 24
                          86.48.219.0/24 maxlen: 24
                          86.48.223.0/24 maxlen: 24
                          86.48.222.0/24 maxlen: 24
                          86.48.221.0/24 maxlen: 24
                          86.48.220.0/24 maxlen: 24
                          86.48.240.0/24 maxlen: 24
                          185.62.118.0/24 maxlen: 24
                          185.62.117.0/24 maxlen: 24
                          185.62.116.0/24 maxlen: 24
                          63.247.192.0/24 maxlen: 24
                          185.62.119.0/24 maxlen: 24
                          63.247.199.0/24 maxlen: 24
                          63.247.198.0/24 maxlen: 24
                          63.247.197.0/24 maxlen: 24
                          63.247.196.0/24 maxlen: 24
                          63.247.195.0/24 maxlen: 24
                          63.247.194.0/24 maxlen: 24
                          63.247.193.0/24 maxlen: 24
                          45.93.85.0/24 maxlen: 24
                          45.93.84.0/24 maxlen: 24
                          45.93.87.0/24 maxlen: 24
                          193.160.135.0/24 maxlen: 24
                          193.160.134.0/24 maxlen: 24
                          45.81.223.0/24 maxlen: 24
                          45.81.222.0/24 maxlen: 24
                          45.81.221.0/24 maxlen: 24
                          45.81.220.0/24 maxlen: 24
                          45.95.219.0/24 maxlen: 24
                          45.95.218.0/24 maxlen: 24
                          45.95.217.0/24 maxlen: 24
                          45.95.216.0/24 maxlen: 24
                          86.48.209.0/24 maxlen: 24
                          86.48.208.0/24 maxlen: 24
                          5.253.89.0/24 maxlen: 24
                          5.253.88.0/24 maxlen: 24
                          5.253.91.0/24 maxlen: 24
                          5.253.90.0/24 maxlen: 24
                          45.94.190.0/24 maxlen: 24
                          216.172.64.0/24 maxlen: 24
                          216.172.67.0/24 maxlen: 24
                          216.172.66.0/24 maxlen: 24
                          216.172.65.0/24 maxlen: 24
                          216.172.71.0/24 maxlen: 24
                          216.172.70.0/24 maxlen: 24
                          216.172.69.0/24 maxlen: 24
                          216.172.68.0/24 maxlen: 24
                          216.172.74.0/24 maxlen: 24
                          216.172.73.0/24 maxlen: 24
                          216.172.72.0/24 maxlen: 24
                          216.172.78.0/24 maxlen: 24
                          216.172.77.0/24 maxlen: 24
                          216.172.76.0/24 maxlen: 24
                          216.172.75.0/24 maxlen: 24
                          216.172.79.0/24 maxlen: 24
                          2a00:cb8:31::/48 maxlen: 48
                          2a00:cb8:971::/48 maxlen: 48
                          2a00:cb8:34::/48 maxlen: 48
                          2a00:cb8:48::/48 maxlen: 48
                          2a00:cb8:41::/48 maxlen: 48
                          2a00:cb8:144::/48 maxlen: 48
                          2a00:cb8:44::/48 maxlen: 48
                          2a00:cb8:33::/48 maxlen: 48
                          2a00:cb8:39::/48 maxlen: 48
                          2a00:cb8:49::/48 maxlen: 48
                          2a00:cb8:353::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 12 Jan 2024 10:04:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3c:6e:79:b5:ad:cf:cc:ca:95:9b:f5:df:24:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72e81fb5cf0fb32c4575f8413acbd41aa84b82f4
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b31df6be25db42371e601ced9888421c68659472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:bb:46:6d:ec:bc:15:ea:19:f1:95:f5:5a:a3:
                    a9:f2:81:34:db:95:11:1b:f1:7c:72:51:e6:4f:4e:
                    90:0c:b8:72:4f:2e:bb:cd:95:f7:6e:32:d9:87:92:
                    25:35:9f:6d:b8:a2:7d:45:e0:d0:30:91:d6:e5:f8:
                    e0:e8:31:a3:32:87:41:d7:91:02:bd:23:31:5d:dd:
                    c1:ac:88:13:7c:5b:8e:58:d1:7d:50:ab:c7:4e:1c:
                    94:55:bc:d2:58:06:31:67:e0:24:ff:2b:55:8b:d1:
                    f4:e9:e2:16:b4:45:b4:76:9c:a2:10:07:34:5a:e4:
                    6c:12:46:fc:c0:ca:21:8a:a4:92:fd:7c:e3:57:d8:
                    d7:07:d3:7a:55:0f:71:e4:45:01:70:0a:be:02:2e:
                    b2:94:52:7e:47:78:38:fa:23:29:cc:4b:5b:18:fe:
                    c2:3e:15:31:72:b7:35:f1:0c:ff:18:fd:34:5e:c7:
                    ac:ff:c2:f0:75:15:24:b2:b4:0f:5c:81:70:bf:4d:
                    32:6a:d1:ba:19:cc:bd:9c:dc:32:44:b5:18:5a:66:
                    d5:43:7c:a7:8c:c0:36:ce:36:7c:c1:5d:fb:00:ff:
                    da:b9:4f:dd:93:f9:08:4b:6b:48:b6:b4:44:87:b6:
                    a7:93:82:14:d4:5b:ba:d7:24:74:70:cc:20:04:3b:
                    2c:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:1D:F6:BE:25:DB:42:37:1E:60:1C:ED:98:88:42:1C:68:65:94:72
            X509v3 Authority Key Identifier:
                keyid:72:E8:1F:B5:CF:0F:B3:2C:45:75:F8:41:3A:CB:D4:1A:A8:4B:82:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cugftc8PsyxFdfhBOsvUGqhLgvQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/sx32viXbQjceYBztmIhCHGhllHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/f068a7-5f8c-4f32-ab94-cda6e19ffb88/1/cugftc8PsyxFdfhBOsvUGqhLgvQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.88.0/22
                  37.26.224.0/21
                  45.81.220.0/22
                  45.93.84.0/23
                  45.93.87.0/24
                  45.94.190.0/24
                  45.95.216.0/22
                  63.247.192.0/20
                  86.48.208.0/23
                  86.48.216.0/21
                  86.48.240.0/24
                  91.103.16.0/22
                  91.103.21.0/24
                  91.103.23.0/24
                  185.62.116.0/22
                  193.160.134.0/23
                  195.238.244.0/24
                  216.172.64.0/20
                IPv6:
                  2a00:cb8:31::/48
                  2a00:cb8:33::-2a00:cb8:34:ffff:ffff:ffff:ffff:ffff
                  2a00:cb8:39::/48
                  2a00:cb8:41::/48
                  2a00:cb8:44::/48
                  2a00:cb8:48::/47
                  2a00:cb8:144::/48
                  2a00:cb8:353::/48
                  2a00:cb8:971::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:7b:5e:a0:38:66:69:95:da:1f:1a:86:18:d6:e2:d6:1d:53:
         0d:56:72:13:ce:8a:99:be:b7:c2:a2:8b:a0:50:e3:c2:ea:d7:
         40:ed:6c:0c:fd:84:e0:94:7a:36:5a:45:d6:35:50:18:51:c9:
         e9:1f:8c:32:81:06:28:a7:ba:55:ce:8a:12:f1:9b:41:f0:3b:
         51:3b:ad:a8:fe:74:60:58:28:fa:84:ee:8a:21:4f:31:70:33:
         27:41:68:fd:9b:d5:92:22:67:7a:6b:bd:7d:d8:d4:2f:ae:59:
         3d:da:fa:ca:e4:81:3c:ca:3d:da:78:c1:1a:60:40:e6:f5:70:
         5c:7e:a6:6c:95:c1:fa:de:5c:99:cc:c1:d3:04:18:2e:2c:7b:
         0a:81:ff:92:99:f8:57:25:e1:59:97:77:16:77:8d:11:f8:83:
         ec:8e:ba:fd:15:e1:9a:e0:3b:ee:ac:aa:7f:e0:c0:90:de:b2:
         ec:c2:3b:48:a0:37:e6:2c:f4:cb:fc:20:e0:37:c1:00:a5:2f:
         0f:a1:58:8b:97:d1:b6:48:7b:93:4c:1b:96:c9:ba:ff:d9:1c:
         9d:17:69:bf:20:f5:51:60:fd:a1:e6:3b:00:44:11:7a:c0:67:
         8c:18:f5:0d:5d:1b:d3:cf:15:26:6d:b6:4a:2d:49:45:15:b7:
         80:43:ec:dc
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAYzEkjxuebWtz8zKlZv13yS7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyZTgxZmI1Y2YwZmIzMmM0NTc1Zjg0MTNhY2JkNDFhYTg0
YjgyZjQwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzFkZjZiZTI1ZGI0MjM3MWU2MDFjZWQ5ODg4NDIxYzY4NjU5NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8btGbey8FeoZ8ZX1WqOp8oE025UR
G/F8clHmT06QDLhyTy67zZX3bjLZh5IlNZ9tuKJ9ReDQMJHW5fjg6DGjModB15EC
vSMxXd3BrIgTfFuOWNF9UKvHThyUVbzSWAYxZ+Ak/ytVi9H06eIWtEW0dpyiEAc0
WuRsEkb8wMohiqSS/XzjV9jXB9N6VQ9x5EUBcAq+Ai6ylFJ+R3g4+iMpzEtbGP7C
PhUxcrc18Qz/GP00Xses/8LwdRUksrQPXIFwv00yatG6Gcy9nNwyRLUYWmbVQ3yn
jMA2zjZ8wV37AP/auU/dk/kIS2tItrREh7ank4IU1Fu61yR0cMwgBDss/QIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFLMd9r4l20I3HmAc7ZiIQhxoZZRyMB8GA1UdIwQY
MBaAFHLoH7XPD7MsRXX4QTrL1BqoS4L0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3VnZnRjOFBzeXhGZGZoQk9zdlVHcWhMZ3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9mMDY4YTctNWY4Yy00ZjMyLWFiOTQt
Y2RhNmUxOWZmYjg4LzEvc3gzMnZpWGJRamNlWUJ6dG1JaENIR2hsbEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9mMDY4YTctNWY4Yy00ZjMyLWFiOTQtY2RhNmUxOWZmYjg4
LzEvY3VnZnRjOFBzeXhGZGZoQk9zdlVHcWhMZ3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DByBAIAATBsAwQCBf1Y
AwQDJRrgAwQCLVHcAwQBLV1UAwQALV1XAwQALV6+AwQCLV/YAwQEP/fAAwQBVjDQ
AwQDVjDYAwQAVjDwAwQCW2cQAwQAW2cVAwQAW2cXAwQCuT50AwQBwaCGAwQAw+70
AwQE2KxAMGIEAgACMFwDBwAqAAy4ADEwEgMHACoADLgAMwMHACoADLgANAMHACoA
DLgAOQMHACoADLgAQQMHACoADLgARAMHASoADLgASAMHACoADLgBRAMHACoADLgD
UwMHACoADLgJcTANBgkqhkiG9w0BAQsFAAOCAQEAHnteoDhmaZXaHxqGGNbi1h1T
DVZyE86Kmb63wqKLoFDjwurXQO1sDP2E4JR6NlpF1jVQGFHJ6R+MMoEGKKe6Vc6K
EvGbQfA7UTutqP50YFgo+oTuiiFPMXAzJ0Fo/ZvVkiJnemu9fdjUL65ZPdr6yuSB
PMo92njBGmBA5vVwXH6mbJXB+t5cmczB0wQYLix7CoH/kpn4VyXhWZd3FneNEfiD
7I66/RXhmuA77qyqf+DAkN6y7MI7SKA35iz0y/wg4DfBAKUvD6FYi5fRtkh7k0wb
lsm6/9kcnRdpvyD1UWD9oeY7AEQResBnjBj1DV0b088VJm22Si1JRRW3gEPs3A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:14 2024 by rpki-client on console-fra.rpki-client.org