Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/5VR8EbWCCwutVf0Mx783d9IqoQM.roa
File:                     5VR8EbWCCwutVf0Mx783d9IqoQM.roa (raw, json)
Hash identifier:          IGadsVg9HAc8KGBm9ndjULZKCx/Nf3q30JSWvQd0cyw=
Subject key identifier:   E5:54:7C:11:B5:82:0B:0B:AD:55:FD:0C:C7:BF:37:77:D2:2A:A1:03
Certificate issuer:       /CN=52056867e4d2885e99b549ed6fb786330adf8f44
Certificate serial:       01856C65BF07991F217B354FB04E9D91B644
Authority key identifier: 52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/5VR8EbWCCwutVf0Mx783d9IqoQM.roa
Signing time:             Sun 01 Jan 2023 08:14:45 +0000
ROA not before:           Sun 01 Jan 2023 08:14:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12990
IP address blocks:        213.180.128.0/21 maxlen: 21
                          195.88.186.0/24 maxlen: 24
                          213.180.138.0/23 maxlen: 23
                          213.180.137.0/24 maxlen: 24
                          213.180.136.0/24 maxlen: 24
                          195.88.187.0/24 maxlen: 24
                          213.180.142.0/23 maxlen: 23
                          213.180.141.0/24 maxlen: 24
                          213.180.140.0/24 maxlen: 24
                          213.180.144.0/23 maxlen: 23
                          213.180.152.0/24 maxlen: 24
                          213.180.151.0/24 maxlen: 24
                          213.180.150.0/24 maxlen: 24
                          213.180.148.0/23 maxlen: 23
                          213.180.146.0/23 maxlen: 23
                          213.180.154.0/24 maxlen: 24
                          213.180.153.0/24 maxlen: 24
                          141.105.16.0/21 maxlen: 21
                          185.104.64.0/24 maxlen: 24
                          37.26.160.0/21 maxlen: 21
                          2a02:c10::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:29:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:65:bf:07:99:1f:21:7b:35:4f:b0:4e:9d:91:b6:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52056867e4d2885e99b549ed6fb786330adf8f44
        Validity
            Not Before: Jan  1 08:14:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e5547c11b5820b0bad55fd0cc7bf3777d22aa103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e7:74:e4:a4:d1:40:34:d8:37:ec:4c:ff:0a:
                    63:de:5f:aa:6e:f7:c4:63:46:e2:f4:b4:21:1b:ed:
                    55:9c:22:4c:8f:0e:87:c2:65:27:14:f2:18:ea:a8:
                    77:e5:41:5a:43:de:71:ae:4e:bd:a7:86:8b:f2:c5:
                    2c:89:fc:74:36:cf:ef:7c:81:8d:8d:00:7a:56:d0:
                    40:6f:49:42:40:e3:ee:fe:df:51:d7:62:42:67:d6:
                    3c:63:c4:2d:38:70:ee:93:b2:d8:97:1b:cd:39:68:
                    d9:e4:32:8f:d1:f0:23:c0:0b:9e:e8:96:06:8e:a8:
                    72:43:96:99:4a:c8:a5:b1:48:89:78:67:ce:c8:06:
                    50:4e:95:b7:6b:99:5b:79:60:f0:30:aa:a0:68:f4:
                    05:4c:8e:e4:f8:4e:35:0f:03:d9:e2:db:5b:76:5f:
                    f3:62:da:53:ac:f5:c1:32:98:9e:96:89:52:be:1f:
                    58:0f:48:fe:48:61:cf:ec:96:2f:d7:cd:9e:4c:42:
                    b4:71:23:14:87:fc:38:e7:75:cf:bc:ce:37:93:38:
                    be:a6:2a:84:d4:bf:db:77:f9:9e:ab:82:a8:49:03:
                    7d:8d:1d:6b:44:73:24:c2:c0:b9:95:94:33:61:f7:
                    ac:8f:d8:30:3c:8d:77:f7:31:49:7b:7a:76:bb:ec:
                    94:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:54:7C:11:B5:82:0B:0B:AD:55:FD:0C:C7:BF:37:77:D2:2A:A1:03
            X509v3 Authority Key Identifier:
                keyid:52:05:68:67:E4:D2:88:5E:99:B5:49:ED:6F:B7:86:33:0A:DF:8F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/5VR8EbWCCwutVf0Mx783d9IqoQM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/b27d45-08cc-47a1-ac5a-5f4836083a30/1/UgVoZ-TSiF6ZtUntb7eGMwrfj0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.26.160.0/21
                  141.105.16.0/21
                  185.104.64.0/24
                  195.88.186.0/23
                  213.180.128.0-213.180.154.255
                IPv6:
                  2a02:c10::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:a7:02:86:60:90:3f:6f:bc:64:ae:c3:1b:6c:59:bc:40:d1:
         08:dc:8e:86:92:76:d9:7a:0c:9d:6e:be:ea:1e:9d:86:3c:02:
         ce:06:1d:04:3a:21:fe:58:ab:75:3b:7d:1a:40:68:20:92:01:
         42:8b:ad:81:c1:63:6f:fd:b1:60:99:35:0b:0e:46:b1:65:cd:
         5b:54:3e:d7:61:9b:ee:d9:e0:53:de:1f:61:35:bc:a2:03:75:
         71:3e:34:84:ea:bc:2c:5d:81:14:bc:a6:5d:37:3a:84:0e:f1:
         33:c1:a0:33:b9:95:f0:b1:22:dd:b6:8c:6b:10:88:8a:67:25:
         94:91:b7:00:59:38:10:ab:60:48:65:bb:7a:6c:38:08:c6:78:
         4b:47:c8:b2:ed:e1:3b:18:c0:e6:2b:a6:4d:c7:b9:aa:77:22:
         f4:13:33:e8:69:40:23:a3:28:0a:64:8d:06:86:38:57:be:e9:
         2d:19:ed:a1:6e:b5:c6:05:c5:cf:24:3e:a4:60:26:44:d1:57:
         f4:c8:4d:9b:43:e3:32:8c:29:7a:c6:9d:e3:2a:14:46:23:8f:
         a5:50:67:72:57:78:ed:be:59:68:e3:ba:22:09:15:33:19:fb:
         e4:12:ff:af:66:5d:f3:82:af:a4:ca:82:c0:cb:6a:f9:24:a8:
         c7:6b:1e:ce
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVsZb8HmR8hezVPsE6dkbZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyMDU2ODY3ZTRkMjg4NWU5OWI1NDllZDZmYjc4NjMzMGFk
ZjhmNDQwHhcNMjMwMTAxMDgxNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTU0N2MxMWI1ODIwYjBiYWQ1NWZkMGNjN2JmMzc3N2QyMmFhMTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiud05KTRQDTYN+xM/wpj3l+qbvfE
Y0bi9LQhG+1VnCJMjw6HwmUnFPIY6qh35UFaQ95xrk69p4aL8sUsifx0Ns/vfIGN
jQB6VtBAb0lCQOPu/t9R12JCZ9Y8Y8QtOHDuk7LYlxvNOWjZ5DKP0fAjwAue6JYG
jqhyQ5aZSsilsUiJeGfOyAZQTpW3a5lbeWDwMKqgaPQFTI7k+E41DwPZ4ttbdl/z
YtpTrPXBMpielolSvh9YD0j+SGHP7JYv182eTEK0cSMUh/w453XPvM43kzi+piqE
1L/bd/meq4KoSQN9jR1rRHMkwsC5lZQzYfesj9gwPI139zFJe3p2u+yUMwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFOVUfBG1ggsLrVX9DMe/N3fSKqEDMB8GA1UdIwQY
MBaAFFIFaGfk0ohembVJ7W+3hjMK349EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEt
NWY0ODM2MDgzYTMwLzEvNVZSOEViV0NDd3V0VmYwTXg3ODNkOUlxb1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9iMjdkNDUtMDhjYy00N2ExLWFjNWEtNWY0ODM2MDgzYTMw
LzEvVWdWb1otVFNpRjZadFVudGI3ZUdNd3JmajBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQDJRqgAwQD
jWkQAwQAuWhAAwQBw1i6MAwDBAfVtIADBADVtJowDQQCAAIwBwMFACoCDBAwDQYJ
KoZIhvcNAQELBQADggEBACenAoZgkD9vvGSuwxtsWbxA0QjcjoaSdtl6DJ1uvuoe
nYY8As4GHQQ6If5Yq3U7fRpAaCCSAUKLrYHBY2/9sWCZNQsORrFlzVtUPtdhm+7Z
4FPeH2E1vKIDdXE+NITqvCxdgRS8pl03OoQO8TPBoDO5lfCxIt22jGsQiIpnJZSR
twBZOBCrYEhlu3psOAjGeEtHyLLt4TsYwOYrpk3Huap3IvQTM+hpQCOjKApkjQaG
OFe+6S0Z7aFutcYFxc8kPqRgJkTRV/TITZtD4zKMKXrGneMqFEYjj6VQZ3JXeO2+
WWjjuiIJFTMZ++QS/69mXfOCr6TKgsDLavkkqMdrHs4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:27 2024 by rpki-client on console-fra.rpki-client.org