Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/KfCTkMTTGAsMjqSKIHA_t0uNXDs.roa
File:                     KfCTkMTTGAsMjqSKIHA_t0uNXDs.roa (raw, json)
Hash identifier:          aUdte5IsP8tmCCr4ICFBrT1pcpzmgg/4ugDQR8Ep5z8=
Subject key identifier:   29:F0:93:90:C4:D3:18:0B:0C:8E:A4:8A:20:70:3F:B7:4B:8D:5C:3B
Certificate issuer:       /CN=002647c801fb58fcfaac135bb48f5e61fea7e566
Certificate serial:       018CC8018BF13E3EDBD2DB1CEC8FE1B66CFC
Authority key identifier: 00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/KfCTkMTTGAsMjqSKIHA_t0uNXDs.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30962
IP address blocks:        91.230.27.0/24 maxlen: 24
                          195.225.240.0/22 maxlen: 22
                          45.129.240.0/22 maxlen: 22
                          91.190.144.0/21 maxlen: 21
                          45.129.241.0/24 maxlen: 24
                          195.191.114.0/23 maxlen: 23
                          91.230.47.0/24 maxlen: 24
                          89.107.64.0/21 maxlen: 21
                          62.108.32.0/24 maxlen: 24
                          62.108.32.0/20 maxlen: 20
                          62.108.48.0/20 maxlen: 20
                          93.190.88.0/21 maxlen: 21
                          93.190.95.0/24 maxlen: 24
                          185.148.68.0/22 maxlen: 22
                          194.113.216.0/23 maxlen: 23
                          185.147.216.0/22 maxlen: 22
                          84.19.0.0/19 maxlen: 19
                          195.62.20.0/23 maxlen: 23
                          2a00:f70::/32 maxlen: 32
                          2a03:f200::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 22 Apr 2024 05:51:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8b:f1:3e:3e:db:d2:db:1c:ec:8f:e1:b6:6c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=002647c801fb58fcfaac135bb48f5e61fea7e566
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29f09390c4d3180b0c8ea48a20703fb74b8d5c3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:74:3b:29:f5:dc:7e:de:2d:37:2d:65:51:dd:
                    69:db:4d:4b:2d:36:20:8a:4c:67:bd:56:28:77:23:
                    7f:e7:7b:49:3d:1e:7c:33:75:01:87:5e:9c:17:8b:
                    ec:35:d9:98:dc:be:bf:f9:f1:5f:6e:0f:6e:7a:b1:
                    ca:15:b2:6e:3a:c5:d3:4f:73:a2:99:32:0d:59:7b:
                    3e:98:86:43:14:a3:9f:b3:a1:f1:96:b9:be:15:52:
                    7e:9a:40:cd:ae:72:70:8a:c1:c4:2e:50:7d:77:e2:
                    6f:14:de:ed:ac:d5:44:b8:ef:b7:12:f8:b3:b5:c3:
                    cd:d5:3c:9e:8b:a6:7e:bd:ff:d6:1d:6d:02:2c:f6:
                    c9:52:f7:12:69:b1:0f:11:e8:10:42:ab:79:ac:25:
                    f3:d1:27:c6:ab:25:4f:fa:38:2f:44:68:d1:25:d5:
                    39:a2:e5:c4:24:d7:21:67:ee:1d:bc:75:43:5c:c4:
                    51:f1:a8:39:0c:bb:49:04:e6:dd:3f:82:42:70:9a:
                    1c:71:ee:f9:94:7a:14:cb:24:07:18:3e:af:78:ca:
                    51:4d:b3:ae:27:30:6a:81:64:e1:65:8d:25:35:cc:
                    1d:d5:89:d0:89:3f:19:62:51:03:b6:be:c5:51:11:
                    d1:d3:2f:9b:ee:6f:9f:d0:17:02:68:aa:8c:ab:86:
                    ea:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:F0:93:90:C4:D3:18:0B:0C:8E:A4:8A:20:70:3F:B7:4B:8D:5C:3B
            X509v3 Authority Key Identifier:
                keyid:00:26:47:C8:01:FB:58:FC:FA:AC:13:5B:B4:8F:5E:61:FE:A7:E5:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ACZHyAH7WPz6rBNbtI9eYf6n5WY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/KfCTkMTTGAsMjqSKIHA_t0uNXDs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/cfc06f-82be-49fb-bc82-94efbf5cecd4/1/ACZHyAH7WPz6rBNbtI9eYf6n5WY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.240.0/22
                  62.108.32.0/19
                  84.19.0.0/19
                  89.107.64.0/21
                  91.190.144.0/21
                  91.230.27.0/24
                  91.230.47.0/24
                  93.190.88.0/21
                  185.147.216.0/22
                  185.148.68.0/22
                  194.113.216.0/23
                  195.62.20.0/23
                  195.191.114.0/23
                  195.225.240.0/22
                IPv6:
                  2a00:f70::/32
                  2a03:f200::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:10:11:99:f3:d1:99:dc:46:d6:84:d7:da:46:62:3d:89:b8:
         be:b6:31:ab:50:e4:59:ce:1c:62:b0:b5:80:a1:8b:ac:f1:9e:
         2a:25:10:05:80:d9:9b:19:32:a0:ca:5e:87:0f:dc:86:45:1e:
         ef:96:f3:2a:9c:dd:ae:76:f6:91:67:2d:62:38:71:55:b1:b8:
         38:fb:42:b8:1e:f8:76:42:06:21:82:d0:7f:0f:da:eb:fb:d9:
         c0:65:1f:0d:7d:4c:e7:af:38:0f:cf:59:1e:b5:44:09:89:2a:
         e3:2b:4d:dc:4d:30:b9:81:8e:5b:61:aa:f6:be:6c:97:ec:0d:
         d6:bc:f7:6d:08:45:c6:02:3e:c8:87:6b:43:c9:d7:db:b5:fe:
         d0:24:f9:6d:7a:1b:7d:d8:54:5b:e1:eb:38:f2:a9:a2:d4:65:
         ad:c7:8f:57:59:e1:2f:8d:28:34:60:47:90:f0:bf:d4:f1:05:
         8d:99:d5:c0:ae:2b:0d:c5:53:41:43:50:b3:95:30:73:de:46:
         1b:43:e8:f5:df:2d:43:50:cc:ce:e0:30:38:23:2a:68:3b:40:
         81:b3:36:52:3b:ac:b4:c0:4c:cd:04:39:d5:4c:a4:89:d1:ed:
         60:2f:07:8a:5c:78:a0:cd:35:4e:7f:dd:38:13:9d:70:6b:a8:
         49:ea:14:e3
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYzIAYvxPj7b0tsc7I/htmz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMjY0N2M4MDFmYjU4ZmNmYWFjMTM1YmI0OGY1ZTYxZmVh
N2U1NjYwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYwOTM5MGM0ZDMxODBiMGM4ZWE0OGEyMDcwM2ZiNzRiOGQ1YzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnQ7KfXcft4tNy1lUd1p201LLTYg
ikxnvVYodyN/53tJPR58M3UBh16cF4vsNdmY3L6/+fFfbg9uerHKFbJuOsXTT3Oi
mTINWXs+mIZDFKOfs6Hxlrm+FVJ+mkDNrnJwisHELlB9d+JvFN7trNVEuO+3Eviz
tcPN1Tyei6Z+vf/WHW0CLPbJUvcSabEPEegQQqt5rCXz0SfGqyVP+jgvRGjRJdU5
ouXEJNchZ+4dvHVDXMRR8ag5DLtJBObdP4JCcJocce75lHoUyyQHGD6veMpRTbOu
JzBqgWThZY0lNcwd1YnQiT8ZYlEDtr7FURHR0y+b7m+f0BcCaKqMq4bqyQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFCnwk5DE0xgLDI6kiiBwP7dLjVw7MB8GA1UdIwQY
MBaAFAAmR8gB+1j8+qwTW7SPXmH+p+VmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODIt
OTRlZmJmNWNlY2Q0LzEvS2ZDVGtNVFRHQXNNanFTS0lIQV90MHVOWERzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC9jZmMwNmYtODJiZS00OWZiLWJjODItOTRlZmJmNWNlY2Q0
LzEvQUNaSHlBSDdXUHo2ckJOYnRJOWVZZjZuNVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwWgQCAAEwVAMEAi2B8AME
BT5sIAMEBVQTAAMEA1lrQAMEA1u+kAMEAFvmGwMEAFvmLwMEA12+WAMEArmT2AME
ArmURAMEAcJx2AMEAcM+FAMEAcO/cgMEAsPh8DAUBAIAAjAOAwUAKgAPcAMFACoD
8gAwDQYJKoZIhvcNAQELBQADggEBAEAQEZnz0ZncRtaE19pGYj2JuL62MatQ5FnO
HGKwtYChi6zxniolEAWA2ZsZMqDKXocP3IZFHu+W8yqc3a529pFnLWI4cVWxuDj7
Qrge+HZCBiGC0H8P2uv72cBlHw19TOevOA/PWR61RAmJKuMrTdxNMLmBjlthqva+
bJfsDda8920IRcYCPsiHa0PJ19u1/tAk+W16G33YVFvh6zjyqaLUZa3Hj1dZ4S+N
KDRgR5Dwv9TxBY2Z1cCuKw3FU0FDULOVMHPeRhtD6PXfLUNQzM7gMDgjKmg7QIGz
NlI7rLTATM0EOdVMpInR7WAvB4pceKDNNU5/3TgTnXBrqEnqFOM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:37 2024 by rpki-client on console-fra.rpki-client.org