Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/iErLAjEtzpReI3Ni9G1_F2G8DMY.roa
File:                     iErLAjEtzpReI3Ni9G1_F2G8DMY.roa (raw, json)
Hash identifier:          xVcUoPLQuoOEZmDfK6kr8FkumMPcQawgLC43cKEQp3M=
Subject key identifier:   88:4A:CB:02:31:2D:CE:94:5E:23:73:62:F4:6D:7F:17:61:BC:0C:C6
Certificate issuer:       /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial:       018B1F2D2B225CD1FE65685E9C44E3178FB6
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/iErLAjEtzpReI3Ni9G1_F2G8DMY.roa
Signing time:             Wed 11 Oct 2023 14:38:55 +0000
ROA not before:           Wed 11 Oct 2023 14:38:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39521
IP address blocks:        85.8.160.0/22 maxlen: 22
                          193.38.44.0/22 maxlen: 22
                          139.28.240.0/22 maxlen: 22
                          185.231.224.0/22 maxlen: 22
                          92.249.60.0/22 maxlen: 22
                          139.28.48.0/22 maxlen: 22
                          213.139.224.0/22 maxlen: 22
                          176.96.128.0/22 maxlen: 22
                          194.93.48.0/22 maxlen: 22
                          83.171.244.0/22 maxlen: 22
                          176.53.168.0/22 maxlen: 22
                          85.8.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Sun 22 Oct 2023 14:09:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1f:2d:2b:22:5c:d1:fe:65:68:5e:9c:44:e3:17:8f:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
        Validity
            Not Before: Oct 11 14:38:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=884acb02312dce945e237362f46d7f1761bc0cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5a:44:b2:1b:b4:cd:a8:63:b3:90:be:59:3c:
                    3b:f0:74:23:a0:5f:9c:c7:fb:58:8d:2d:ff:1c:89:
                    a9:e1:5c:93:39:b6:73:2c:04:9c:b0:dd:c3:f7:b2:
                    f4:19:ba:71:a2:9a:dd:b2:e3:b7:e9:d6:3c:34:4a:
                    e1:39:62:56:b8:db:3d:f7:3e:bf:b1:13:86:30:13:
                    18:a5:88:70:9a:e2:aa:24:ee:26:19:eb:23:3e:c8:
                    de:42:48:0c:4b:34:f2:8f:e4:1b:7a:a4:5a:78:98:
                    3a:11:0d:83:bd:7b:e9:44:c9:c4:29:a0:ad:f8:3a:
                    4b:eb:e5:e9:c2:e8:70:93:8a:7a:92:0d:f7:38:03:
                    85:9a:27:dc:e0:b3:cf:4b:78:88:6e:ec:3f:d5:66:
                    43:43:be:c7:51:8d:fe:70:c3:de:5f:c6:ff:f2:fa:
                    25:41:52:7d:d5:58:2d:08:88:28:06:27:b5:c0:96:
                    20:12:1c:68:d4:2c:23:cc:c3:e4:e4:72:8c:21:6e:
                    9d:c9:1c:34:fd:a3:99:d8:48:29:dc:a5:fc:5f:f6:
                    c9:df:f4:26:c3:33:30:0b:6e:44:32:d0:b4:a1:ad:
                    eb:3e:1b:ba:a7:85:53:57:e1:5f:53:ae:dc:58:9e:
                    9c:b3:a7:1b:8e:99:df:2b:84:eb:4f:9f:9c:7f:74:
                    41:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4A:CB:02:31:2D:CE:94:5E:23:73:62:F4:6D:7F:17:61:BC:0C:C6
            X509v3 Authority Key Identifier:
                keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/iErLAjEtzpReI3Ni9G1_F2G8DMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.244.0/22
                  85.8.156.0-85.8.163.255
                  92.249.60.0/22
                  139.28.48.0/22
                  139.28.240.0/22
                  176.53.168.0/22
                  176.96.128.0/22
                  185.231.224.0/22
                  193.38.44.0/22
                  194.93.48.0/22
                  213.139.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         78:7c:7d:46:29:f9:73:fb:94:57:b9:1a:d0:76:21:23:4c:5d:
         26:79:35:26:9e:02:c0:90:31:13:e2:38:2c:b9:0e:65:d6:9a:
         98:44:98:f8:dc:f7:8c:00:5e:c6:51:b2:24:61:12:9b:c6:f2:
         a8:1e:8c:c0:5f:21:a6:cc:dc:d1:86:06:aa:34:64:2a:b8:02:
         2b:d9:0a:b3:fc:10:2a:14:e1:95:57:1b:d5:a2:3b:19:af:f4:
         e4:0c:7b:a4:b8:47:8f:04:8c:ae:09:e4:3b:dc:45:d8:36:c0:
         eb:5b:3a:a3:61:e2:83:84:82:39:6f:90:f5:5d:28:18:12:6d:
         cf:a0:26:c8:ba:bf:a2:c7:f0:3d:35:4d:62:77:bd:52:43:5a:
         42:14:94:b1:81:14:cd:db:ca:af:28:df:9a:62:fe:ea:f1:57:
         7e:f1:26:c0:d3:a6:2c:82:6f:06:29:8b:46:da:30:92:8a:b3:
         d6:0e:75:e4:1d:6b:ec:00:e5:f0:6b:9d:4f:8c:16:8c:df:63:
         2a:94:39:7a:43:c4:5f:44:d6:ff:8e:2a:74:9f:c4:7b:90:7d:
         a5:ee:83:f9:a3:2b:63:b3:b2:bb:df:12:46:38:64:3a:cb:4b:
         98:34:3f:a8:09:f5:b3:55:93:17:96:0c:01:6f:2a:4a:69:8b:
         67:1d:60:3d
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAYsfLSsiXNH+ZWhenETjF4+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMxMDExMTQzODU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODRhY2IwMjMxMmRjZTk0NWUyMzczNjJmNDZkN2YxNzYxYmMwY2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1pEshu0zahjs5C+WTw78HQjoF+c
x/tYjS3/HImp4VyTObZzLAScsN3D97L0GbpxoprdsuO36dY8NErhOWJWuNs99z6/
sROGMBMYpYhwmuKqJO4mGesjPsjeQkgMSzTyj+QbeqRaeJg6EQ2DvXvpRMnEKaCt
+DpL6+Xpwuhwk4p6kg33OAOFmifc4LPPS3iIbuw/1WZDQ77HUY3+cMPeX8b/8vol
QVJ91VgtCIgoBie1wJYgEhxo1CwjzMPk5HKMIW6dyRw0/aOZ2Egp3KX8X/bJ3/Qm
wzMwC25EMtC0oa3rPhu6p4VTV+FfU67cWJ6cs6cbjpnfK4TrT5+cf3RBkQIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFIhKywIxLc6UXiNzYvRtfxdhvAzGMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvaUVyTEFqRXR6cFJlSTNOaTlHMV9GMkc4RE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQCU6v0MAwD
BAJVCJwDBAJVCKADBAJc+TwDBAKLHDADBAKLHPADBAKwNagDBAKwYIADBAK55+AD
BALBJiwDBALCXTADBALVi+AwDQYJKoZIhvcNAQELBQADggEBAHh8fUYp+XP7lFe5
GtB2ISNMXSZ5NSaeAsCQMRPiOCy5DmXWmphEmPjc94wAXsZRsiRhEpvG8qgejMBf
IabM3NGGBqo0ZCq4AivZCrP8ECoU4ZVXG9WiOxmv9OQMe6S4R48EjK4J5DvcRdg2
wOtbOqNh4oOEgjlvkPVdKBgSbc+gJsi6v6LH8D01TWJ3vVJDWkIUlLGBFM3byq8o
35pi/urxV37xJsDTpiyCbwYpi0baMJKKs9YOdeQda+wA5fBrnU+MFozfYyqUOXpD
xF9E1v+OKnSfxHuQfaXug/mjK2OzsrvfEkY4ZDrLS5g0P6gJ9bNVkxeWDAFvKkpp
i2cdYD0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:50 2024 by rpki-client on console-fra.rpki-client.org