Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zBTIZnQWvQND2J8YAIBkW22kv4Y.roa
File:                     zBTIZnQWvQND2J8YAIBkW22kv4Y.roa (raw, json)
Hash identifier:          VaVDvFOUYxz3S4q230vBXEmB3E6eozZesIKTpipOZ0E=
Subject key identifier:   CC:14:C8:66:74:16:BD:03:43:D8:9F:18:00:80:64:5B:6D:A4:BF:86
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       018BD72B3E5FF74976408783EDF454086947
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zBTIZnQWvQND2J8YAIBkW22kv4Y.roa
Signing time:             Thu 16 Nov 2023 08:06:57 +0000
ROA not before:           Thu 16 Nov 2023 08:06:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35346
IP address blocks:        194.114.144.0/24 maxlen: 25
                          194.114.144.128/27 maxlen: 27
                          45.67.116.0/24 maxlen: 24
                          91.242.103.0/24 maxlen: 24
                          91.242.108.0/22 maxlen: 22
                          91.242.112.0/20 maxlen: 24
                          178.175.176.0/22 maxlen: 24
                          91.242.70.0/23 maxlen: 24
                          91.242.64.0/18 maxlen: 24
                          91.242.72.0/23 maxlen: 24
                          91.242.74.0/24 maxlen: 24
                          91.242.75.0/24 maxlen: 24
                          2a07:5540::/29 maxlen: 29
                          2a09:4440::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d7:2b:3e:5f:f7:49:76:40:87:83:ed:f4:54:08:69:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Nov 16 08:06:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cc14c8667416bd0343d89f180080645b6da4bf86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4f:9f:62:9f:c9:65:57:7b:4c:1b:b5:3e:1a:
                    a8:53:57:87:30:4b:5b:56:07:19:79:98:a6:b8:45:
                    a2:79:0d:4d:7d:0e:ef:47:c9:08:9a:e5:57:86:93:
                    62:9f:2e:01:63:e3:df:97:0e:5d:c2:34:ed:82:70:
                    60:c0:b1:67:82:9f:3e:9e:df:96:30:38:bb:ad:8f:
                    8b:91:b3:b7:5a:02:33:1a:3a:23:26:0c:99:8d:0a:
                    49:2e:50:29:16:d8:fd:a6:38:1b:23:04:9d:7f:cf:
                    59:cd:de:37:43:b2:b1:23:bb:d6:5e:6f:61:d1:ab:
                    3a:36:46:d0:b4:e1:5f:53:36:b1:f8:18:ba:b5:fd:
                    12:ac:43:fa:15:57:c0:42:7c:c2:9c:42:6c:d0:39:
                    8d:2c:0d:b6:e9:9e:cb:8c:1f:57:07:4f:62:95:19:
                    47:bc:c5:53:69:7e:ab:13:a7:9b:c2:7d:b2:82:4f:
                    12:2f:78:ef:52:a7:6c:dc:2c:ec:f9:8b:04:72:f3:
                    14:eb:9a:f6:fa:db:29:3a:ea:50:8c:95:2b:b7:d4:
                    4a:00:98:68:19:59:63:7d:45:1a:2a:20:9a:47:72:
                    fa:f3:83:65:bb:38:53:23:be:a1:ad:78:26:7f:97:
                    25:5d:bd:8d:be:b2:4f:ff:e7:23:0f:01:c0:87:b5:
                    44:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:14:C8:66:74:16:BD:03:43:D8:9F:18:00:80:64:5B:6D:A4:BF:86
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zBTIZnQWvQND2J8YAIBkW22kv4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.116.0/24
                  91.242.64.0/18
                  178.175.176.0/22
                  194.114.144.0/24
                IPv6:
                  2a07:5540::/29
                  2a09:4440::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:4b:b6:7b:ed:9c:49:14:ba:8d:b4:09:9d:56:f2:e5:9e:2e:
         69:2d:53:ec:bd:87:9a:67:96:40:bb:76:9d:e9:58:67:e1:9c:
         5b:81:86:18:86:8e:27:bb:f1:a1:8a:f0:b3:37:1d:49:91:26:
         94:77:84:d8:c6:1b:74:7e:88:9c:b0:73:7a:39:7f:70:7d:52:
         ef:38:dc:e4:24:44:95:86:a7:3e:75:e4:44:57:00:06:f4:e1:
         75:bc:b9:72:e3:a7:41:68:9d:b1:56:ce:6e:a0:e0:db:a6:60:
         52:61:df:60:d0:c8:22:97:04:0a:86:b3:18:db:d6:e2:0d:7f:
         c5:16:57:a1:6a:54:59:42:ae:e9:74:98:c4:18:90:35:35:03:
         80:9d:c1:80:b7:47:88:f6:91:3f:c2:17:e1:ca:31:91:3a:bf:
         b9:23:91:4f:51:d9:45:ee:47:b7:24:c7:7c:79:99:1f:ee:39:
         fd:32:df:be:08:e3:b4:8e:90:3c:6d:cd:c2:f5:b5:29:af:64:
         71:c0:ed:37:92:6c:97:58:61:5e:bc:0d:c1:d5:88:33:52:02:
         b8:a9:10:65:fc:33:a5:9c:45:cc:35:1e:85:23:c7:57:08:b7:
         db:15:a7:05:8b:ec:34:14:c9:cd:1f:bc:e5:b9:c3:b7:60:30:
         e1:34:63:07
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYvXKz5f90l2QIeD7fRUCGlHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMTE2MDgwNjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzE0Yzg2Njc0MTZiZDAzNDNkODlmMTgwMDgwNjQ1YjZkYTRiZjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnk+fYp/JZVd7TBu1PhqoU1eHMEtb
VgcZeZimuEWieQ1NfQ7vR8kImuVXhpNiny4BY+Pflw5dwjTtgnBgwLFngp8+nt+W
MDi7rY+LkbO3WgIzGjojJgyZjQpJLlApFtj9pjgbIwSdf89Zzd43Q7KxI7vWXm9h
0as6NkbQtOFfUzax+Bi6tf0SrEP6FVfAQnzCnEJs0DmNLA226Z7LjB9XB09ilRlH
vMVTaX6rE6ebwn2ygk8SL3jvUqds3Czs+YsEcvMU65r2+tspOupQjJUrt9RKAJho
GVljfUUaKiCaR3L684NluzhTI76hrXgmf5clXb2NvrJP/+cjDwHAh7VEAQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFMwUyGZ0Fr0DQ9ifGACAZFttpL+GMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvekJUSVpuUVd2UU5EMko4WUFJQmtXMjJrdjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQALUN0AwQG
W/JAAwQCsq+wAwQAwnKQMBQEAgACMA4DBQMqB1VAAwUDKglEQDANBgkqhkiG9w0B
AQsFAAOCAQEApku2e+2cSRS6jbQJnVby5Z4uaS1T7L2HmmeWQLt2nelYZ+GcW4GG
GIaOJ7vxoYrwszcdSZEmlHeE2MYbdH6InLBzejl/cH1S7zjc5CRElYanPnXkRFcA
BvThdby5cuOnQWidsVbObqDg26ZgUmHfYNDIIpcECoazGNvW4g1/xRZXoWpUWUKu
6XSYxBiQNTUDgJ3BgLdHiPaRP8IX4coxkTq/uSORT1HZRe5HtyTHfHmZH+45/TLf
vgjjtI6QPG3NwvW1Ka9kccDtN5Jsl1hhXrwNwdWIM1ICuKkQZfwzpZxFzDUehSPH
Vwi32xWnBYvsNBTJzR+85bnDt2Aw4TRjBw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org