Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/iTYgnOx5dAY_4fHoe3J39qpLNZc.roa
File:                     iTYgnOx5dAY_4fHoe3J39qpLNZc.roa (raw, json)
Hash identifier:          sfiWf2mmq6Wa4IQ7xuMsqwkdb2S6o70dXIcx5K+fvnw=
Subject key identifier:   89:36:20:9C:EC:79:74:06:3F:E1:F1:E8:7B:72:77:F6:AA:4B:35:97
Certificate issuer:       /CN=a8cface114d8cdea6dc5e7a49943f322346cb35d
Certificate serial:       018CC348A7C27C11895CC7533B7A05671C5B
Authority key identifier: A8:CF:AC:E1:14:D8:CD:EA:6D:C5:E7:A4:99:43:F3:22:34:6C:B3:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qM-s4RTYzeptxeekmUPzIjRss10.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/iTYgnOx5dAY_4fHoe3J39qpLNZc.roa
Signing time:             Mon 01 Jan 2024 04:29:27 +0000
ROA not before:           Mon 01 Jan 2024 04:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        193.222.142.0/23 maxlen: 24
                          193.47.139.0/24 maxlen: 24
                          103.73.172.0/22 maxlen: 24
                          185.247.248.0/22 maxlen: 24
                          193.222.188.0/23 maxlen: 24
                          62.244.70.0/23 maxlen: 24
                          62.244.72.0/24 maxlen: 24
                          62.244.72.0/22 maxlen: 24
                          62.244.90.0/23 maxlen: 24
                          62.244.92.0/23 maxlen: 24
                          37.157.60.0/22 maxlen: 24
                          2a0d:4240::/29 maxlen: 48

Validation:               Failed, certificate revoked on Wed 26 Jun 2024 08:18:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a7:c2:7c:11:89:5c:c7:53:3b:7a:05:67:1c:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8cface114d8cdea6dc5e7a49943f322346cb35d
        Validity
            Not Before: Jan  1 04:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8936209cec7974063fe1f1e87b7277f6aa4b3597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5b:d2:9a:c5:90:99:e3:01:60:51:ea:fc:3e:
                    70:65:15:c3:f6:87:79:87:cb:b9:36:cf:a8:89:6e:
                    ab:f1:0c:d0:68:76:a4:5d:5d:e0:f7:21:33:94:ff:
                    05:44:97:44:f5:c8:09:bb:be:5c:d5:6f:51:55:ed:
                    a2:d9:6e:88:b6:38:11:40:2a:fe:27:a0:f8:87:4e:
                    a7:ca:f8:29:55:42:5f:80:33:0c:dd:3c:d8:c5:e6:
                    fa:b6:d3:48:ff:8f:84:2b:57:81:9d:c2:c9:29:e4:
                    81:9b:83:77:0d:c0:aa:5a:b8:3b:df:4f:15:64:ff:
                    dd:02:32:b6:ce:0e:7d:8a:5c:15:f5:72:3b:3c:52:
                    94:de:d1:7b:97:55:00:15:f5:96:58:12:28:a3:46:
                    9d:d6:3a:8e:a0:30:f8:1b:f0:d8:67:66:ef:37:db:
                    bb:74:29:27:6f:89:7e:f3:2f:a4:17:11:62:4e:f4:
                    58:81:b9:ce:fe:81:05:78:f6:20:18:2e:81:37:8c:
                    21:ec:02:9f:d0:60:5d:ed:15:42:69:e8:23:5d:0c:
                    1a:20:6f:80:84:46:39:9b:0c:2b:4b:08:48:3e:73:
                    78:7f:f0:49:33:f5:d2:66:d6:78:c6:f0:e7:a3:0b:
                    dd:08:37:93:03:70:71:81:a5:8c:74:80:21:8e:28:
                    8b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:36:20:9C:EC:79:74:06:3F:E1:F1:E8:7B:72:77:F6:AA:4B:35:97
            X509v3 Authority Key Identifier:
                keyid:A8:CF:AC:E1:14:D8:CD:EA:6D:C5:E7:A4:99:43:F3:22:34:6C:B3:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qM-s4RTYzeptxeekmUPzIjRss10.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/iTYgnOx5dAY_4fHoe3J39qpLNZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/7db802-04ad-4c2d-b11a-64964976f7b3/1/qM-s4RTYzeptxeekmUPzIjRss10.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.60.0/22
                  62.244.70.0-62.244.75.255
                  62.244.90.0-62.244.93.255
                  103.73.172.0/22
                  185.247.248.0/22
                  193.47.139.0/24
                  193.222.142.0/23
                  193.222.188.0/23
                IPv6:
                  2a0d:4240::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:8b:f9:bc:78:39:a4:85:54:f2:29:26:de:1c:a8:19:c9:a1:
         83:ca:f7:df:f1:60:8e:55:87:59:87:f4:de:d1:c7:f3:1c:df:
         2d:fe:ac:fb:98:62:c9:76:a9:e2:7a:0b:c5:dc:f9:e5:88:af:
         8b:3a:b3:35:f0:6d:2e:47:da:6f:f7:21:2a:bd:2a:c8:f2:26:
         35:4b:0b:32:ff:42:c1:9d:54:b3:25:49:81:cc:88:75:42:a6:
         78:02:46:14:ad:c0:ad:32:01:e8:a9:66:8f:02:6b:47:62:1a:
         29:01:b6:11:8e:10:f2:77:3c:c8:b0:aa:d0:d0:ad:ce:51:9a:
         ba:89:ab:d1:35:93:0c:cf:1c:c1:d2:d2:f4:ca:f5:5c:71:ba:
         1f:5b:e3:69:22:2d:16:8a:2b:3b:b7:b4:8b:d0:32:53:3f:0e:
         79:33:7f:ad:57:6a:6a:ce:76:58:7f:8f:45:53:c9:78:de:51:
         2d:d4:32:1c:d6:75:0f:08:85:96:ea:c0:1c:d2:a5:09:19:75:
         99:b5:ef:59:b2:be:4c:c1:4b:0a:63:e1:bf:a9:2f:d1:15:f0:
         ec:d8:ae:91:61:ab:d5:b2:b7:84:a9:5f:c3:97:a3:ee:80:b4:
         ba:57:9f:7c:bb:b0:aa:2b:15:d0:b5:5b:81:ea:cb:c5:e8:db:
         67:42:13:28
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYzDSKfCfBGJXMdTO3oFZxxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4Y2ZhY2UxMTRkOGNkZWE2ZGM1ZTdhNDk5NDNmMzIyMzQ2
Y2IzNWQwHhcNMjQwMTAxMDQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM2MjA5Y2VjNzk3NDA2M2ZlMWYxZTg3YjcyNzdmNmFhNGIzNTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVvSmsWQmeMBYFHq/D5wZRXD9od5
h8u5Ns+oiW6r8QzQaHakXV3g9yEzlP8FRJdE9cgJu75c1W9RVe2i2W6ItjgRQCr+
J6D4h06nyvgpVUJfgDMM3TzYxeb6ttNI/4+EK1eBncLJKeSBm4N3DcCqWrg7308V
ZP/dAjK2zg59ilwV9XI7PFKU3tF7l1UAFfWWWBIoo0ad1jqOoDD4G/DYZ2bvN9u7
dCknb4l+8y+kFxFiTvRYgbnO/oEFePYgGC6BN4wh7AKf0GBd7RVCaegjXQwaIG+A
hEY5mwwrSwhIPnN4f/BJM/XSZtZ4xvDnowvdCDeTA3BxgaWMdIAhjiiLVQIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFIk2IJzseXQGP+Hx6Htyd/aqSzWXMB8GA1UdIwQY
MBaAFKjPrOEU2M3qbcXnpJlD8yI0bLNdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU0tczRSVFl6ZXB0eGVla21VUHpJalJzczEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC83ZGI4MDItMDRhZC00YzJkLWIxMWEt
NjQ5NjQ5NzZmN2IzLzEvaVRZZ25PeDVkQVlfNGZIb2UzSjM5cXBMTlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC83ZGI4MDItMDRhZC00YzJkLWIxMWEtNjQ5NjQ5NzZmN2Iz
LzEvcU0tczRSVFl6ZXB0eGVla21VUHpJalJzczEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQCJZ08MAwD
BAE+9EYDBAI+9EgwDAMEAT70WgMEAT70XAMEAmdJrAMEArn3+AMEAMEviwMEAcHe
jgMEAcHevDANBAIAAjAHAwUDKg1CQDANBgkqhkiG9w0BAQsFAAOCAQEAFov5vHg5
pIVU8ikm3hyoGcmhg8r33/FgjlWHWYf03tHH8xzfLf6s+5hiyXap4noLxdz55Yiv
izqzNfBtLkfab/chKr0qyPImNUsLMv9CwZ1UsyVJgcyIdUKmeAJGFK3ArTIB6Klm
jwJrR2IaKQG2EY4Q8nc8yLCq0NCtzlGauomr0TWTDM8cwdLS9Mr1XHG6H1vjaSIt
FoorO7e0i9AyUz8OeTN/rVdqas52WH+PRVPJeN5RLdQyHNZ1DwiFlurAHNKlCRl1
mbXvWbK+TMFLCmPhv6kv0RXw7NiukWGr1bK3hKlfw5ej7oC0uleffLuwqisV0LVb
gerLxejbZ0ITKA==
-----END CERTIFICATE-----
Generated at Wed Jun 26 11:54:49 2024 by rpki-client on console-fra.rpki-client.org