Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/z8-FAiWhvDg03VshwPLIAT3uRok.roa
File:                     z8-FAiWhvDg03VshwPLIAT3uRok.roa (raw, json)
Hash identifier:          dUxkF7tg/8bUjdKlwRQVJm1O1MredqTe5ZPWg65NAos=
Subject key identifier:   CF:CF:85:02:25:A1:BC:38:34:DD:5B:21:C0:F2:C8:01:3D:EE:46:89
Certificate issuer:       /CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
Certificate serial:       018D6212CEDCDD79B4265AC07D0AD502F526
Authority key identifier: BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/z8-FAiWhvDg03VshwPLIAT3uRok.roa
Signing time:             Thu 01 Feb 2024 00:30:16 +0000
ROA not before:           Thu 01 Feb 2024 00:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60144
IP address blocks:        45.138.36.0/22 maxlen: 24
                          45.150.76.0/22 maxlen: 24
                          91.215.156.0/22 maxlen: 24
                          146.19.105.0/24 maxlen: 24
                          185.27.236.0/24 maxlen: 32
                          185.27.237.0/24 maxlen: 32
                          185.27.238.0/24 maxlen: 32
                          185.27.239.0/24 maxlen: 32
                          185.53.8.0/22 maxlen: 24
                          185.56.28.0/22 maxlen: 24
                          192.162.136.0/22 maxlen: 24
                          2a02:5060::/32 maxlen: 48
                          2a07:f9c0::/29 maxlen: 48
                          2a12:1680::/29 maxlen: 29
                          2a12:8f00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 11 Sep 2024 08:22:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:62:12:ce:dc:dd:79:b4:26:5a:c0:7d:0a:d5:02:f5:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcc63f010c540bcd4554344bfb9a59a2edbabc29
        Validity
            Not Before: Feb  1 00:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfcf850225a1bc3834dd5b21c0f2c8013dee4689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:80:4c:dd:a7:c4:07:08:81:6e:a8:34:0c:f6:
                    25:68:2d:8e:68:6a:fd:e4:29:4e:44:32:44:01:88:
                    e9:1d:38:4c:42:19:19:14:71:95:d3:56:8a:b6:3d:
                    e5:7c:69:f9:b8:99:ae:cc:1c:98:90:99:b5:ab:49:
                    3c:00:a9:45:b9:9a:72:75:03:55:19:ff:de:59:e6:
                    ae:7c:70:b3:7b:7c:b5:3c:45:fa:fd:14:de:b5:d6:
                    e2:3b:e5:85:a1:fa:d9:96:af:77:1e:92:4f:8c:7d:
                    1c:ed:da:60:d1:ef:f5:63:56:29:d8:e1:0a:9a:1d:
                    24:80:de:1a:fd:0f:69:b2:20:ba:01:d4:30:5d:5b:
                    d2:7b:3c:78:5c:bc:e4:c3:8d:ca:ce:23:05:5c:38:
                    30:ca:7d:19:26:a0:8f:d6:99:fc:4f:a6:38:e6:17:
                    e3:91:41:be:e3:30:b8:f0:b5:93:ab:bf:0d:77:86:
                    af:57:c7:10:4e:88:50:c1:6d:bf:66:9d:47:7b:47:
                    0a:08:cf:5f:84:f9:1b:84:08:b5:b0:6d:a5:3e:04:
                    98:93:aa:f8:f1:18:b2:05:3a:c9:80:b8:16:73:d7:
                    25:7d:3c:e5:87:f5:1d:60:d4:fd:a3:e1:45:5f:62:
                    b8:ae:de:5c:54:ef:4c:cb:fc:f8:6d:0d:fb:95:60:
                    ea:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:CF:85:02:25:A1:BC:38:34:DD:5B:21:C0:F2:C8:01:3D:EE:46:89
            X509v3 Authority Key Identifier:
                keyid:BC:C6:3F:01:0C:54:0B:CD:45:54:34:4B:FB:9A:59:A2:ED:BA:BC:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vMY_AQxUC81FVDRL-5pZou26vCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/z8-FAiWhvDg03VshwPLIAT3uRok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a29c67-f24d-4979-b2af-cc41c4a3198d/1/vMY_AQxUC81FVDRL-5pZou26vCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.36.0/22
                  45.150.76.0/22
                  91.215.156.0/22
                  146.19.105.0/24
                  185.27.236.0/22
                  185.53.8.0/22
                  185.56.28.0/22
                  192.162.136.0/22
                IPv6:
                  2a02:5060::/32
                  2a07:f9c0::/29
                  2a12:1680::/29
                  2a12:8f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         50:bd:06:fc:f9:d3:5a:9f:9b:6d:51:24:e3:2d:0d:a5:a7:d6:
         bb:d0:a1:a3:b1:f3:54:52:5d:2a:8d:db:ff:32:43:69:a6:a6:
         31:ad:10:94:ce:bd:cd:4a:2c:fb:d2:c8:18:64:23:15:3e:e4:
         00:a9:ad:bd:1c:57:94:61:6f:3b:36:e8:ac:65:81:0f:cb:4a:
         8c:24:d8:c6:04:e5:bc:ed:ac:1c:dd:91:4e:26:f9:e7:79:5f:
         bb:b5:2e:50:51:33:94:cf:a9:0f:cb:6c:e8:6e:be:c2:3e:49:
         16:41:96:ad:77:f1:47:d5:7c:f5:a4:83:60:ea:3d:a3:6d:c5:
         c8:6f:3a:fe:a6:a5:37:7e:64:69:66:48:26:1d:0a:4a:7e:56:
         8d:da:0b:28:03:d8:6e:e2:2b:59:0e:43:89:1e:f2:5f:73:ec:
         ed:13:f5:aa:d5:d8:75:f2:df:5e:0c:84:34:05:93:39:02:55:
         fc:0d:a7:d8:cc:28:83:60:77:61:ae:82:1d:9b:5b:94:72:dc:
         57:28:ad:9d:a0:2c:64:1d:1a:d3:f2:bf:b6:fb:83:09:5c:1a:
         fb:d0:7f:04:71:61:85:3f:77:e0:83:87:98:6e:01:fa:19:cb:
         6e:b4:ae:7d:6f:10:ff:e8:4f:52:a9:12:29:e6:c1:1c:ec:fd:
         8e:df:b8:59
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY1iEs7c3Xm0JlrAfQrVAvUmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjYzYzZjAxMGM1NDBiY2Q0NTU0MzQ0YmZiOWE1OWEyZWRi
YWJjMjkwHhcNMjQwMjAxMDAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmNmODUwMjI1YTFiYzM4MzRkZDViMjFjMGYyYzgwMTNkZWU0Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4BM3afEBwiBbqg0DPYlaC2OaGr9
5ClORDJEAYjpHThMQhkZFHGV01aKtj3lfGn5uJmuzByYkJm1q0k8AKlFuZpydQNV
Gf/eWeaufHCze3y1PEX6/RTetdbiO+WFofrZlq93HpJPjH0c7dpg0e/1Y1Yp2OEK
mh0kgN4a/Q9psiC6AdQwXVvSezx4XLzkw43KziMFXDgwyn0ZJqCP1pn8T6Y45hfj
kUG+4zC48LWTq78Nd4avV8cQTohQwW2/Zp1He0cKCM9fhPkbhAi1sG2lPgSYk6r4
8RiyBTrJgLgWc9clfTzlh/UdYNT9o+FFX2K4rt5cVO9My/z4bQ37lWDqEwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFM/PhQIlobw4NN1bIcDyyAE97kaJMB8GA1UdIwQY
MBaAFLzGPwEMVAvNRVQ0S/uaWaLturwpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk1ZX0FReFVDODFGVkRSTC01cFpvdTI2dkNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMjljNjctZjI0ZC00OTc5LWIyYWYt
Y2M0MWM0YTMxOThkLzEvejgtRkFpV2h2RGcwM1ZzaHdQTElBVDN1Um9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMjljNjctZjI0ZC00OTc5LWIyYWYtY2M0MWM0YTMxOThk
LzEvdk1ZX0FReFVDODFGVkRSTC01cFpvdTI2dkNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDA2BAIAATAwAwQCLYokAwQC
LZZMAwQCW9ecAwQAkhNpAwQCuRvsAwQCuTUIAwQCuTgcAwQCwKKIMCIEAgACMBwD
BQAqAlBgAwUDKgf5wAMFAyoSFoADBQMqEo8AMA0GCSqGSIb3DQEBCwUAA4IBAQBQ
vQb8+dNan5ttUSTjLQ2lp9a70KGjsfNUUl0qjdv/MkNppqYxrRCUzr3NSiz70sgY
ZCMVPuQAqa29HFeUYW87NuisZYEPy0qMJNjGBOW87awc3ZFOJvnneV+7tS5QUTOU
z6kPy2zobr7CPkkWQZatd/FH1Xz1pINg6j2jbcXIbzr+pqU3fmRpZkgmHQpKflaN
2gsoA9hu4itZDkOJHvJfc+ztE/Wq1dh18t9eDIQ0BZM5AlX8DafYzCiDYHdhroId
m1uUctxXKK2doCxkHRrT8r+2+4MJXBr70H8EcWGFP3fgg4eYbgH6GctutK59bxD/
6E9SqRIp5sEc7P2O37hZ
-----END CERTIFICATE-----
Generated at Wed Sep 11 09:55:36 2024 by rpki-client on console-fra.rpki-client.org