Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/_iYmjtmJS2Bs7csZjC34DSKk_eM.roa
File:                     _iYmjtmJS2Bs7csZjC34DSKk_eM.roa (raw, json)
Hash identifier:          MRB82Q2OEfJZc0HuOhEHCtkW8eKAIgZwStRzzPVpbSA=
Subject key identifier:   FE:26:26:8E:D9:89:4B:60:6C:ED:CB:19:8C:2D:F8:0D:22:A4:FD:E3
Certificate issuer:       /CN=01c38a06a39b20b8da40009237d76acdd28e71a5
Certificate serial:       018BC7813B9FE904993EA8F42DAB846317A8
Authority key identifier: 01:C3:8A:06:A3:9B:20:B8:DA:40:00:92:37:D7:6A:CD:D2:8E:71:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/_iYmjtmJS2Bs7csZjC34DSKk_eM.roa
Signing time:             Mon 13 Nov 2023 07:06:57 +0000
ROA not before:           Mon 13 Nov 2023 07:06:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16839
IP address blocks:        163.120.128.0/17 maxlen: 24
                          138.12.128.0/17 maxlen: 24
                          148.139.48.0/20 maxlen: 20
                          148.139.64.0/20 maxlen: 20
                          148.139.80.0/20 maxlen: 20
                          37.98.233.0/24 maxlen: 24
                          37.98.232.0/21 maxlen: 21
                          37.98.232.0/24 maxlen: 24
                          37.98.232.0/22 maxlen: 22
                          37.98.232.0/23 maxlen: 23
                          37.98.235.0/24 maxlen: 24
                          37.98.236.0/22 maxlen: 22
                          37.98.236.0/23 maxlen: 23
                          37.98.236.0/24 maxlen: 24
                          37.98.238.0/23 maxlen: 23
                          37.98.238.0/24 maxlen: 24
                          37.98.237.0/24 maxlen: 24
                          37.98.234.0/24 maxlen: 24
                          37.98.234.0/23 maxlen: 23
                          37.98.239.0/24 maxlen: 24
                          148.139.4.0/22 maxlen: 22
                          148.139.1.0/24 maxlen: 24
                          148.139.0.0/24 maxlen: 24
                          148.139.3.0/24 maxlen: 24
                          148.139.2.0/24 maxlen: 24
                          148.139.0.0/16 maxlen: 16
                          148.139.8.0/22 maxlen: 22
                          148.139.12.0/22 maxlen: 22
                          148.139.16.0/22 maxlen: 22
                          148.139.29.0/24 maxlen: 24
                          148.139.28.0/24 maxlen: 24
                          148.139.30.0/24 maxlen: 24
                          148.139.32.0/20 maxlen: 20
                          148.139.96.0/22 maxlen: 22
                          148.139.105.0/24 maxlen: 24
                          148.139.104.0/24 maxlen: 24
                          148.139.100.0/22 maxlen: 22
                          148.139.108.0/22 maxlen: 22
                          148.139.112.0/22 maxlen: 22
                          148.139.116.0/22 maxlen: 22
                          148.139.125.0/24 maxlen: 24
                          148.139.124.0/24 maxlen: 24
                          148.139.120.0/22 maxlen: 22
                          2a04:37c0:3510::/48 maxlen: 48
                          2a04:37c0:4910::/48 maxlen: 48
                          2a04:37c0:4110::/48 maxlen: 48
                          2a04:37c0:4410::/48 maxlen: 48
                          2a04:37c0:3110::/48 maxlen: 48
                          2a04:37c0:4430::/48 maxlen: 48
                          2a04:37c0::/29 maxlen: 48
                          2a04:37c0:3120::/48 maxlen: 48
                          2a04:37c0:4120::/48 maxlen: 48
                          2a04:37c0:4420::/48 maxlen: 48
                          2a04:37c0:4920::/48 maxlen: 48
                          2a04:37c0:3520::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 13 Nov 2023 12:16:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:c7:81:3b:9f:e9:04:99:3e:a8:f4:2d:ab:84:63:17:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01c38a06a39b20b8da40009237d76acdd28e71a5
        Validity
            Not Before: Nov 13 07:06:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=fe26268ed9894b606cedcb198c2df80d22a4fde3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:3b:e5:97:ec:5d:b8:bb:6f:9c:a7:f7:55:85:
                    eb:cd:17:fd:8a:ee:32:49:21:04:72:14:2f:ba:91:
                    c8:2f:25:b2:4d:8c:15:04:34:45:75:e6:4b:e8:29:
                    06:4e:01:85:f8:ed:80:fc:e6:a7:7b:c0:08:ad:af:
                    37:b0:6e:9c:02:6c:38:39:09:18:c5:a0:73:1a:06:
                    e6:e1:33:4d:be:c5:34:35:4a:b6:13:96:0b:7c:bf:
                    bb:88:ce:b1:fa:74:a5:bf:8b:e5:cd:60:de:58:0d:
                    b9:99:b7:cb:db:e5:90:2b:ba:1d:53:98:4f:20:63:
                    79:14:22:2b:04:de:6d:ba:f2:0e:b8:20:9b:b8:12:
                    19:ea:54:39:46:ee:a6:56:f6:f6:f5:ef:e7:80:1f:
                    6e:5c:0e:a9:08:bb:f0:9f:49:cd:e5:b9:51:dd:67:
                    2a:17:ea:a6:ce:b5:0c:8f:60:86:b7:2a:8f:57:ea:
                    76:70:8a:46:00:c3:34:b7:59:7d:74:8b:38:a1:9c:
                    28:cc:0f:53:a4:c0:23:d8:7a:b7:4d:41:bd:dc:0d:
                    72:ed:cc:03:f0:7a:f3:37:9b:83:85:40:18:a2:b5:
                    3e:22:9b:f0:6e:3f:56:43:d3:cd:20:7b:be:3c:83:
                    7b:a3:31:72:ff:15:98:37:e2:7f:84:b0:24:2b:8c:
                    d7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:26:26:8E:D9:89:4B:60:6C:ED:CB:19:8C:2D:F8:0D:22:A4:FD:E3
            X509v3 Authority Key Identifier:
                keyid:01:C3:8A:06:A3:9B:20:B8:DA:40:00:92:37:D7:6A:CD:D2:8E:71:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AcOKBqObILjaQACSN9dqzdKOcaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/_iYmjtmJS2Bs7csZjC34DSKk_eM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/6a8e5e-39b6-47e3-bbb0-b29f10cc0328/1/AcOKBqObILjaQACSN9dqzdKOcaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.98.232.0/21
                  138.12.128.0/17
                  148.139.0.0/16
                  163.120.128.0/17
                IPv6:
                  2a04:37c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7f:de:ad:79:78:17:6a:bc:2d:d9:a4:61:6a:5c:af:f0:18:be:
         8d:a9:02:b8:32:d8:bd:0a:99:2a:0a:53:bb:dd:b9:5d:55:95:
         40:23:91:8f:7f:ee:ee:17:70:e4:ff:35:c3:52:cd:6f:d8:de:
         29:a2:c3:1f:e3:cc:7a:e3:22:bc:b8:f8:ea:1a:e3:c5:bc:1a:
         b1:65:39:d6:21:9c:66:85:69:11:a9:96:c1:c5:75:65:8c:71:
         dd:70:83:4c:7c:6e:11:4a:51:0b:da:8f:50:d7:af:57:ee:bd:
         63:94:ac:97:39:e3:d3:4c:82:84:f3:6f:99:d7:67:ae:2c:71:
         b7:ff:00:90:9a:5b:f7:74:1f:0e:70:f7:5c:8c:79:4f:4c:b4:
         fc:e0:89:03:df:1d:8f:75:51:52:93:25:21:7e:8c:a3:57:36:
         89:5c:75:f7:4c:e1:59:81:eb:6c:d7:b4:3d:b7:fc:4a:7d:29:
         d6:e0:e2:4e:41:fe:cd:90:d0:89:73:7b:65:9b:46:77:a1:22:
         9a:64:92:ee:04:ec:6d:41:85:0d:15:26:fd:e2:81:6f:a1:18:
         3f:fd:e1:66:87:70:d2:6d:74:93:df:5b:2e:a1:c2:e5:0b:b2:
         fe:a3:67:f5:ce:48:61:84:1c:66:6c:b1:b3:3a:35:f4:f1:21:
         55:0b:65:d4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYvHgTuf6QSZPqj0LauEYxeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxYzM4YTA2YTM5YjIwYjhkYTQwMDA5MjM3ZDc2YWNkZDI4
ZTcxYTUwHhcNMjMxMTEzMDcwNjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTI2MjY4ZWQ5ODk0YjYwNmNlZGNiMTk4YzJkZjgwZDIyYTRmZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDvll+xduLtvnKf3VYXrzRf9iu4y
SSEEchQvupHILyWyTYwVBDRFdeZL6CkGTgGF+O2A/Oane8AIra83sG6cAmw4OQkY
xaBzGgbm4TNNvsU0NUq2E5YLfL+7iM6x+nSlv4vlzWDeWA25mbfL2+WQK7odU5hP
IGN5FCIrBN5tuvIOuCCbuBIZ6lQ5Ru6mVvb29e/ngB9uXA6pCLvwn0nN5blR3Wcq
F+qmzrUMj2CGtyqPV+p2cIpGAMM0t1l9dIs4oZwozA9TpMAj2Hq3TUG93A1y7cwD
8HrzN5uDhUAYorU+Ipvwbj9WQ9PNIHu+PIN7ozFy/xWYN+J/hLAkK4zXwwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFP4mJo7ZiUtgbO3LGYwt+A0ipP3jMB8GA1UdIwQY
MBaAFAHDigajmyC42kAAkjfXas3SjnGlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWNPS0JxT2JJTGphUUFDU045ZHF6ZEtPY2FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS82YThlNWUtMzliNi00N2UzLWJiYjAt
YjI5ZjEwY2MwMzI4LzEvX2lZbWp0bUpTMkJzN2NzWmpDMzREU0trX2VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS82YThlNWUtMzliNi00N2UzLWJiYjAtYjI5ZjEwY2MwMzI4
LzEvQWNPS0JxT2JJTGphUUFDU045ZHF6ZEtPY2FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwQDJWLoAwQH
igyAAwMAlIsDBAejeIAwDQQCAAIwBwMFAyoEN8AwDQYJKoZIhvcNAQELBQADggEB
AH/erXl4F2q8LdmkYWpcr/AYvo2pArgy2L0KmSoKU7vduV1VlUAjkY9/7u4XcOT/
NcNSzW/Y3imiwx/jzHrjIry4+Ooa48W8GrFlOdYhnGaFaRGplsHFdWWMcd1wg0x8
bhFKUQvaj1DXr1fuvWOUrJc549NMgoTzb5nXZ64scbf/AJCaW/d0Hw5w91yMeU9M
tPzgiQPfHY91UVKTJSF+jKNXNolcdfdM4VmB62zXtD23/Ep9Kdbg4k5B/s2Q0Ilz
e2WbRnehIppkku4E7G1BhQ0VJv3igW+hGD/94WaHcNJtdJPfWy6hwuULsv6jZ/XO
SGGEHGZssbM6NfTxIVULZdQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:37 2024 by rpki-client on console-ams.rpki-client.org