Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rretgz_chObucBftCRALXQ028fQ.roa
File:                     Rretgz_chObucBftCRALXQ028fQ.roa (raw, json)
Hash identifier:          GQOdUdKX3qv9RtecPGe+59bG/Eh/iX/9CUPkAGy6Dg4=
Subject key identifier:   46:B7:AD:83:3F:DC:84:E6:EE:70:17:ED:09:10:0B:5D:0D:36:F1:F4
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018E73EBEE1D2C2EC5A7D34A81FBE1DC669D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rretgz_chObucBftCRALXQ028fQ.roa
Signing time:             Mon 25 Mar 2024 04:43:45 +0000
ROA not before:           Mon 25 Mar 2024 04:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3257
IP address blocks:        45.67.117.0/24 maxlen: 24
                          85.159.117.0/24 maxlen: 24
                          89.39.242.0/24 maxlen: 24
                          89.40.161.0/24 maxlen: 24
                          91.242.70.0/24 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/23 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          91.242.95.0/24 maxlen: 24
                          91.242.96.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.105.0/24 maxlen: 24
                          91.242.123.0/24 maxlen: 24
                          91.242.124.0/24 maxlen: 24
                          91.242.125.0/24 maxlen: 24
                          91.242.126.0/24 maxlen: 24
                          91.242.127.0/24 maxlen: 24
                          94.231.198.0/24 maxlen: 24
                          185.40.105.0/24 maxlen: 24
                          194.50.200.0/23 maxlen: 24
                          194.50.206.0/23 maxlen: 24
                          195.138.103.0/24 maxlen: 24
                          195.138.104.0/24 maxlen: 24
                          195.138.105.0/24 maxlen: 24
                          195.138.106.0/24 maxlen: 24
                          195.138.107.0/24 maxlen: 24
                          195.138.108.0/24 maxlen: 24
                          195.138.111.0/24 maxlen: 24
                          195.138.112.0/24 maxlen: 24
                          195.138.114.0/24 maxlen: 24
                          195.138.116.0/24 maxlen: 24
                          195.138.118.0/24 maxlen: 24
                          195.138.120.0/24 maxlen: 24
                          195.138.122.0/23 maxlen: 23
                          195.138.124.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 25 Mar 2024 14:45:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:73:eb:ee:1d:2c:2e:c5:a7:d3:4a:81:fb:e1:dc:66:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Mar 25 04:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46b7ad833fdc84e6ee7017ed09100b5d0d36f1f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:cf:bd:16:94:f2:4f:9a:ad:fa:64:21:7b:ef:
                    5d:0c:fc:c1:c7:cb:9f:da:b2:2d:3d:a2:48:fd:1c:
                    92:ee:96:29:0b:c9:43:2f:84:be:d4:f5:ef:e0:4d:
                    ff:31:32:f0:23:f1:6e:b9:32:77:2a:ea:e0:31:dd:
                    16:c6:7d:32:1a:b5:5c:01:b8:88:bb:bf:93:84:92:
                    78:82:91:e4:12:e3:fa:b3:0e:4b:1a:81:c7:15:45:
                    e1:9c:d7:77:f6:ad:6a:fa:ba:a3:d2:a6:a7:8e:1a:
                    db:fb:72:e1:84:24:9d:c3:59:35:7f:18:ef:50:82:
                    90:4b:af:00:f9:49:6c:38:2c:ed:84:09:28:c1:38:
                    a6:79:e3:31:6c:c6:40:28:66:5e:ff:10:eb:ea:3e:
                    fd:5a:ad:c3:83:17:58:5d:de:1e:8a:74:83:2d:b6:
                    5f:dd:9a:59:0b:31:93:2b:f5:57:a7:dd:31:87:6f:
                    d7:37:b9:12:90:3d:27:61:15:a8:16:1a:1d:ad:df:
                    21:41:e2:ce:39:bf:f3:a3:64:37:80:2f:fa:dc:6e:
                    20:ff:1e:44:6a:51:48:4c:08:66:da:1e:00:61:e5:
                    db:28:80:e1:18:5b:7f:a5:bc:da:52:32:39:23:b5:
                    a5:de:44:cd:10:cc:5d:fc:5f:c7:b3:85:85:64:c7:
                    fa:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:B7:AD:83:3F:DC:84:E6:EE:70:17:ED:09:10:0B:5D:0D:36:F1:F4
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Rretgz_chObucBftCRALXQ028fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.117.0/24
                  85.159.117.0/24
                  89.39.242.0/24
                  89.40.161.0/24
                  91.242.70.0/24
                  91.242.72.0/22
                  91.242.95.0-91.242.96.255
                  91.242.103.0/24
                  91.242.105.0/24
                  91.242.123.0-91.242.127.255
                  94.231.198.0/24
                  185.40.105.0/24
                  194.50.200.0/23
                  194.50.206.0/23
                  195.138.103.0-195.138.108.255
                  195.138.111.0-195.138.112.255
                  195.138.114.0/24
                  195.138.116.0/24
                  195.138.118.0/24
                  195.138.120.0/24
                  195.138.122.0-195.138.127.255

    Signature Algorithm: sha256WithRSAEncryption
         33:64:86:ab:37:34:9d:98:ce:0b:62:d0:8e:c4:f6:73:e1:07:
         af:15:44:e5:07:a4:84:eb:d4:75:d6:39:f3:d0:07:0a:a3:07:
         a6:ef:51:17:ec:b2:1f:6d:84:8b:f1:d8:b9:81:3b:be:bf:8b:
         c7:d5:91:d1:ab:67:6c:68:1c:24:06:78:b9:05:db:85:9a:3e:
         09:f5:4d:97:23:24:99:9e:de:df:20:27:bb:b8:aa:75:9f:7a:
         88:28:b4:61:6d:04:ff:fc:7f:a1:90:6c:34:68:9f:6f:c1:7f:
         2c:29:72:f6:c1:e7:c9:7c:e3:df:7a:70:3d:98:b9:d4:04:73:
         6b:48:b2:a6:a1:1e:e0:a4:e3:08:1d:45:f2:94:f9:41:ff:01:
         db:89:12:a0:49:b1:ec:f7:f1:c0:97:78:44:f2:b7:50:37:a4:
         7d:96:0a:e6:59:f7:d3:f3:35:22:8c:0c:15:07:bb:1b:25:90:
         0c:39:90:68:8b:a9:1f:d7:09:64:ff:64:81:b2:2e:d0:0a:68:
         54:b0:51:be:a0:25:8f:e5:b8:f9:07:2b:a7:89:15:40:d1:53:
         c8:4f:ab:34:85:36:08:49:57:a0:0d:94:65:f5:c3:74:62:e1:
         ee:69:9f:d6:f4:d2:a0:4d:e3:e2:e0:f9:30:74:aa:58:18:b7:
         84:1d:91:f7
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgISAY5z6+4dLC7Fp9NKgfvh3GadMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMzI1MDQ0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmI3YWQ4MzNmZGM4NGU2ZWU3MDE3ZWQwOTEwMGI1ZDBkMzZmMWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhc+9FpTyT5qt+mQhe+9dDPzBx8uf
2rItPaJI/RyS7pYpC8lDL4S+1PXv4E3/MTLwI/FuuTJ3KurgMd0Wxn0yGrVcAbiI
u7+ThJJ4gpHkEuP6sw5LGoHHFUXhnNd39q1q+rqj0qanjhrb+3LhhCSdw1k1fxjv
UIKQS68A+UlsOCzthAkowTimeeMxbMZAKGZe/xDr6j79Wq3DgxdYXd4einSDLbZf
3ZpZCzGTK/VXp90xh2/XN7kSkD0nYRWoFhodrd8hQeLOOb/zo2Q3gC/63G4g/x5E
alFITAhm2h4AYeXbKIDhGFt/pbzaUjI5I7Wl3kTNEMxd/F/Hs4WFZMf6ZQIDAQAB
o4ICrjCCAqowHQYDVR0OBBYEFEa3rYM/3ITm7nAX7QkQC10NNvH0MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvUnJldGd6X2NoT2J1Y0JmdENSQUxYUTAyOGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHDBggrBgEFBQcBBwEB/wSBszCBsDCBrQQCAAEwgaYDBAAt
Q3UDBABVn3UDBABZJ/IDBABZKKEDBABb8kYDBAJb8kgwDAMEAFvyXwMEAFvyYAME
AFvyZwMEAFvyaTAMAwQAW/J7AwQHW/IAAwQAXufGAwQAuShpAwQBwjLIAwQBwjLO
MAwDBADDimcDBADDimwwDAMEAMOKbwMEAMOKcAMEAMOKcgMEAMOKdAMEAMOKdgME
AMOKeDAMAwQBw4p6AwQHw4oAMA0GCSqGSIb3DQEBCwUAA4IBAQAzZIarNzSdmM4L
YtCOxPZz4QevFUTlB6SE69R11jnz0AcKowem71EX7LIfbYSL8di5gTu+v4vH1ZHR
q2dsaBwkBni5BduFmj4J9U2XIySZnt7fICe7uKp1n3qIKLRhbQT//H+hkGw0aJ9v
wX8sKXL2wefJfOPfenA9mLnUBHNrSLKmoR7gpOMIHUXylPlB/wHbiRKgSbHs9/HA
l3hE8rdQN6R9lgrmWffT8zUijAwVB7sbJZAMOZBoi6kf1wlk/2SBsi7QCmhUsFG+
oCWP5bj5ByuniRVA0VPIT6s0hTYISVegDZRl9cN0YuHuaZ/W9NKgTePi4PkwdKpY
GLeEHZH3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org