Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/M17yn8irN8kkWcVzYWnduD62cEc.roa
File:                     M17yn8irN8kkWcVzYWnduD62cEc.roa (raw, json)
Hash identifier:          abnYnrH8e/jAjgBG501jLZmBwS0BnCXT5Z6SrD6+HTE=
Subject key identifier:   33:5E:F2:9F:C8:AB:37:C9:24:59:C5:73:61:69:DD:B8:3E:B6:70:47
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018CC2DB235F0D48BB5D69DCC3F99810167C
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/M17yn8irN8kkWcVzYWnduD62cEc.roa
Signing time:             Mon 01 Jan 2024 02:29:50 +0000
ROA not before:           Mon 01 Jan 2024 02:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        89.40.161.0/24 maxlen: 24
                          194.50.200.0/23 maxlen: 24
                          194.50.206.0/23 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          85.159.117.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          195.138.108.0/24 maxlen: 24
                          195.138.116.0/24 maxlen: 24
                          89.39.242.0/24 maxlen: 24
                          195.138.122.0/23 maxlen: 23
                          195.138.124.0/22 maxlen: 22
                          45.67.117.0/24 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          91.242.70.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 24 Feb 2024 16:47:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:23:5f:0d:48:bb:5d:69:dc:c3:f9:98:10:16:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 02:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=335ef29fc8ab37c92459c5736169ddb83eb67047
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ef:a4:b8:a2:39:42:d7:09:ff:69:04:c4:81:
                    98:dd:dd:c1:3d:b2:ac:98:45:7d:5a:a4:22:ca:4d:
                    2f:cd:dc:7e:ef:52:da:1b:be:b4:ac:6f:c3:9b:7f:
                    80:8d:b8:e9:16:86:36:24:07:42:a5:b7:f6:87:87:
                    28:43:b7:5e:ed:ef:89:ea:28:ee:26:42:8f:12:f9:
                    28:ac:b4:c9:78:3b:f9:64:5e:c0:43:12:c6:0e:cc:
                    f9:01:23:8c:d1:91:bc:32:65:68:1f:a4:58:21:30:
                    f4:99:ce:10:e9:92:cd:fb:5d:2b:fb:bf:2c:13:33:
                    15:82:ea:9d:aa:06:7f:c3:31:d5:22:06:c6:96:8d:
                    c6:78:27:34:fc:7d:47:9c:a5:26:d7:2e:71:8f:fb:
                    30:cd:c7:7d:d1:ed:f9:15:c5:0f:2b:d2:9e:c5:0b:
                    48:5d:fe:6f:a9:19:9e:c8:31:61:8b:60:d5:9a:a0:
                    10:42:49:ee:44:1b:aa:09:34:54:55:2a:1f:72:a7:
                    a1:f3:20:c0:d2:8f:2e:69:c3:70:a6:4f:5c:e1:c3:
                    b3:bd:91:cd:ed:eb:ed:68:92:3b:9c:02:03:20:c4:
                    4b:98:4e:70:b8:1d:8c:30:ab:d7:ac:fd:10:13:ce:
                    b4:05:28:45:02:85:ca:f2:aa:3a:6d:67:7a:29:7b:
                    db:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5E:F2:9F:C8:AB:37:C9:24:59:C5:73:61:69:DD:B8:3E:B6:70:47
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/M17yn8irN8kkWcVzYWnduD62cEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.117.0/24
                  85.159.117.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.242.70.0/24
                  91.242.72.0/22
                  91.242.103.0/24
                  94.231.198.0/24
                  185.40.105.0/24
                  194.50.200.0/23
                  194.50.206.0/23
                  195.138.105.0-195.138.106.255
                  195.138.108.0/24
                  195.138.116.0/24
                  195.138.122.0-195.138.127.255

    Signature Algorithm: sha256WithRSAEncryption
         4f:89:68:64:92:69:c5:23:0a:20:7a:30:75:c4:98:e3:17:46:
         eb:cd:12:62:cd:16:a2:b8:f3:89:56:9e:b8:d5:37:85:63:6f:
         33:99:0c:a7:19:fe:2b:97:8d:4e:0c:aa:e0:ac:ae:e7:05:66:
         88:cd:28:2a:b4:b2:a2:33:b7:a0:fe:9e:bb:43:62:e4:b7:ce:
         64:79:03:4d:99:b3:23:18:39:2a:9b:1e:06:83:ac:e8:57:27:
         97:29:a5:f5:ba:a6:e0:ee:f0:8f:0b:b3:51:5d:df:37:97:d9:
         37:cd:08:65:4c:2c:93:65:3b:91:71:06:9a:22:13:08:5c:f6:
         3e:64:e7:9d:7c:b6:9f:de:62:61:cf:50:50:25:36:bf:66:9e:
         58:75:c1:b1:27:a7:b3:09:ae:b0:19:b7:34:af:8e:e4:2c:af:
         d5:8e:90:27:56:28:00:12:12:2b:69:b6:74:0f:f9:1a:86:a3:
         27:5f:3e:fb:19:77:ba:64:81:db:8b:f0:55:a9:92:35:6e:26:
         3b:10:e5:5d:a4:04:c7:e7:e5:65:a3:63:7a:ce:65:f1:02:97:
         25:64:a8:52:ad:51:f2:ce:48:09:65:7f:61:4a:36:23:27:2d:
         ef:a5:0f:06:d7:91:aa:ec:41:1f:06:c9:c0:a8:65:17:33:b7:
         40:02:fc:5c
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYzC2yNfDUi7XWncw/mYEBZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzVlZjI5ZmM4YWIzN2M5MjQ1OWM1NzM2MTY5ZGRiODNlYjY3MDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u+kuKI5QtcJ/2kExIGY3d3BPbKs
mEV9WqQiyk0vzdx+71LaG760rG/Dm3+AjbjpFoY2JAdCpbf2h4coQ7de7e+J6iju
JkKPEvkorLTJeDv5ZF7AQxLGDsz5ASOM0ZG8MmVoH6RYITD0mc4Q6ZLN+10r+78s
EzMVguqdqgZ/wzHVIgbGlo3GeCc0/H1HnKUm1y5xj/swzcd90e35FcUPK9KexQtI
Xf5vqRmeyDFhi2DVmqAQQknuRBuqCTRUVSofcqeh8yDA0o8uacNwpk9c4cOzvZHN
7evtaJI7nAIDIMRLmE5wuB2MMKvXrP0QE860BShFAoXK8qo6bWd6KXvb5QIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFDNe8p/IqzfJJFnFc2Fp3bg+tnBHMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTTE3eW44aXJOOGtrV2NWellXbmR1RDYyY0VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAC1DdQME
AFWfdQMEAFkn8gMEAFkooQMEAFvyRgMEAlvySAMEAFvyZwMEAF7nxgMEALkoaQME
AcIyyAMEAcIyzjAMAwQAw4ppAwQAw4pqAwQAw4psAwQAw4p0MAwDBAHDinoDBAfD
igAwDQYJKoZIhvcNAQELBQADggEBAE+JaGSSacUjCiB6MHXEmOMXRuvNEmLNFqK4
84lWnrjVN4VjbzOZDKcZ/iuXjU4MquCsrucFZojNKCq0sqIzt6D+nrtDYuS3zmR5
A02ZsyMYOSqbHgaDrOhXJ5cppfW6puDu8I8Ls1Fd3zeX2TfNCGVMLJNlO5FxBpoi
Ewhc9j5k5518tp/eYmHPUFAlNr9mnlh1wbEnp7MJrrAZtzSvjuQsr9WOkCdWKAAS
EitptnQP+RqGoydfPvsZd7pkgduL8FWpkjVuJjsQ5V2kBMfn5WWjY3rOZfEClyVk
qFKtUfLOSAllf2FKNiMnLe+lDwbXkarsQR8GycCoZRczt0AC/Fw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org