Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xo2VtSJ2cW5wQs7zZm1huUaxawk.roa
File:                     xo2VtSJ2cW5wQs7zZm1huUaxawk.roa (raw, json)
Hash identifier:          wY+wVznu1mjuguPOhCfQjBQejjcDYtc1oe1RwlCpzPY=
Subject key identifier:   C6:8D:95:B5:22:76:71:6E:70:42:CE:F3:66:6D:61:B9:46:B1:6B:09
Certificate issuer:       /CN=c59bd1e8c58f641bd944305f11c54efe5f3a0ce2
Certificate serial:       018B3EAD4BA2466E759E8ABF3421BDB2961E
Authority key identifier: C5:9B:D1:E8:C5:8F:64:1B:D9:44:30:5F:11:C5:4E:FE:5F:3A:0C:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xZvR6MWPZBvZRDBfEcVO_l86DOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xo2VtSJ2cW5wQs7zZm1huUaxawk.roa
Signing time:             Tue 17 Oct 2023 17:27:06 +0000
ROA not before:           Tue 17 Oct 2023 17:27:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48011
IP address blocks:        87.236.161.0/24 maxlen: 24
                          5.172.177.0/24 maxlen: 24
                          45.93.168.0/22 maxlen: 24
                          213.217.31.0/24 maxlen: 24
                          77.87.122.0/24 maxlen: 24
                          193.163.72.0/24 maxlen: 24
                          185.217.143.0/24 maxlen: 24
                          213.232.203.0/24 maxlen: 24
                          45.252.180.0/24 maxlen: 24
                          45.252.182.0/23 maxlen: 23
                          45.252.182.0/24 maxlen: 24
                          45.252.183.0/24 maxlen: 24
                          45.252.181.0/24 maxlen: 24
                          185.227.139.0/24 maxlen: 24
                          185.227.137.0/24 maxlen: 24
                          185.227.138.0/24 maxlen: 24
                          185.227.136.0/24 maxlen: 24
                          45.89.236.0/22 maxlen: 24
                          185.211.79.0/24 maxlen: 24
                          62.204.58.0/24 maxlen: 24
                          185.182.105.0/24 maxlen: 24
                          2a0c:6600:6::/48 maxlen: 48
                          2a0c:6600:1::/48 maxlen: 48
                          2a0c:6600:3::/48 maxlen: 48
                          2a0c:6600:8::/48 maxlen: 48
                          2a0c:6600:5::/48 maxlen: 48
                          2a0c:6600:2000::/48 maxlen: 48
                          2a0c:6600:3000::/48 maxlen: 48
                          2a0c:6600:4000::/48 maxlen: 48
                          2a0c:6600::/48 maxlen: 48
                          2a0c:6600:6600::/48 maxlen: 48
                          2a0c:6600:6000::/48 maxlen: 48
                          2a0c:6600:1000::/48 maxlen: 48
                          2a0c:6600:9::/48 maxlen: 48
                          2a0c:6600:4::/48 maxlen: 48
                          2a0c:6600:7::/48 maxlen: 48
                          2a0c:6600:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 23 Oct 2023 11:13:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:3e:ad:4b:a2:46:6e:75:9e:8a:bf:34:21:bd:b2:96:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c59bd1e8c58f641bd944305f11c54efe5f3a0ce2
        Validity
            Not Before: Oct 17 17:27:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c68d95b52276716e7042cef3666d61b946b16b09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:f2:69:25:4d:3c:17:70:1d:9e:63:bb:83:65:
                    89:0e:dd:87:05:2f:3c:57:9a:ce:de:a0:26:61:95:
                    a4:47:de:57:02:90:2c:19:f1:27:27:90:a7:79:08:
                    6f:b0:d1:96:89:3c:0c:43:38:3f:f2:aa:c2:3e:99:
                    5e:a5:4e:43:99:6d:22:49:d8:c0:2f:46:1b:c5:27:
                    e5:86:dd:93:d0:3b:91:b7:04:71:f9:64:8a:c8:66:
                    29:80:41:58:d8:46:65:15:23:b1:69:38:d3:be:19:
                    68:7a:ba:c2:f1:87:c2:13:6e:1f:1f:02:33:19:cc:
                    85:98:4d:64:84:fc:18:75:34:bc:4c:e5:4c:50:2f:
                    13:44:94:14:8c:24:be:f4:89:9c:2d:01:fa:3f:67:
                    04:0a:a1:19:58:97:56:d3:d4:26:2c:60:7c:e7:f2:
                    61:2c:66:79:9c:df:9d:0f:d7:3e:9b:0d:da:5b:1e:
                    b6:4e:ad:3c:91:e6:b8:43:11:7b:9e:b1:a9:bd:6e:
                    40:47:bd:5d:eb:1d:e0:3a:99:88:b6:54:25:2c:70:
                    6b:b1:57:68:e3:55:c4:3a:10:83:8e:c0:8c:31:0d:
                    d2:78:05:0e:d0:84:3e:42:ee:16:f0:a8:75:6b:1d:
                    c2:57:ab:c3:a2:8c:0b:79:5b:1e:09:ca:ba:bc:25:
                    7c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:8D:95:B5:22:76:71:6E:70:42:CE:F3:66:6D:61:B9:46:B1:6B:09
            X509v3 Authority Key Identifier:
                keyid:C5:9B:D1:E8:C5:8F:64:1B:D9:44:30:5F:11:C5:4E:FE:5F:3A:0C:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZvR6MWPZBvZRDBfEcVO_l86DOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xo2VtSJ2cW5wQs7zZm1huUaxawk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/fd8457-810f-4f7e-9e58-56cc39db6ed6/1/xZvR6MWPZBvZRDBfEcVO_l86DOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.177.0/24
                  45.89.236.0/22
                  45.93.168.0/22
                  45.252.180.0/22
                  62.204.58.0/24
                  77.87.122.0/24
                  87.236.161.0/24
                  185.182.105.0/24
                  185.211.79.0/24
                  185.217.143.0/24
                  185.227.136.0/22
                  193.163.72.0/24
                  213.217.31.0/24
                  213.232.203.0/24
                IPv6:
                  2a0c:6600::-2a0c:6600:9:ffff:ffff:ffff:ffff:ffff
                  2a0c:6600:1000::/48
                  2a0c:6600:2000::/48
                  2a0c:6600:3000::/48
                  2a0c:6600:4000::/48
                  2a0c:6600:6000::/48
                  2a0c:6600:6600::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:ec:4f:6a:de:8d:a8:78:d6:c6:0c:72:f6:a3:01:4d:13:51:
         92:cb:8b:ad:c8:6d:16:7d:78:12:30:8f:cc:69:d5:cc:50:be:
         db:66:4e:28:bd:84:a1:f6:c6:43:99:f5:99:e5:32:ec:d4:93:
         7f:16:08:1a:07:c9:a8:aa:c9:f1:04:09:8d:e2:28:33:bd:01:
         9e:ef:5c:48:95:97:57:49:9e:1e:fe:22:0a:ff:f9:38:9c:29:
         9e:b3:41:f1:c0:b3:a8:b8:23:e7:5f:b5:6e:30:18:2f:b5:f5:
         4a:85:a2:97:8c:97:0b:08:1b:37:9e:da:f1:31:1a:c5:41:e0:
         41:7a:e4:97:b7:3f:df:03:2e:4f:b9:b0:4d:96:f8:bc:30:34:
         64:cd:f9:bc:43:67:ae:fd:3a:86:45:54:fd:df:4b:33:09:30:
         29:c2:9b:d5:7d:dc:b3:f2:6b:b9:85:a2:75:e9:81:ba:90:f7:
         ae:fd:40:78:b6:47:0a:2b:3c:02:5f:41:a5:72:85:0c:21:99:
         d8:b4:02:f8:9e:66:55:c1:d5:2a:ea:bf:9d:76:ff:30:53:52:
         c9:29:b5:c8:00:62:05:59:dc:cd:5e:dd:59:ea:35:af:df:7b:
         81:69:6d:3c:03:38:ca:35:58:9d:89:e7:8d:17:ac:a8:43:85:
         4a:b6:d4:1c
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgISAYs+rUuiRm51noq/NCG9spYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OWJkMWU4YzU4ZjY0MWJkOTQ0MzA1ZjExYzU0ZWZlNWYz
YTBjZTIwHhcNMjMxMDE3MTcyNzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjhkOTViNTIyNzY3MTZlNzA0MmNlZjM2NjZkNjFiOTQ2YjE2YjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjPJpJU08F3AdnmO7g2WJDt2HBS88
V5rO3qAmYZWkR95XApAsGfEnJ5CneQhvsNGWiTwMQzg/8qrCPplepU5DmW0iSdjA
L0YbxSflht2T0DuRtwRx+WSKyGYpgEFY2EZlFSOxaTjTvhloerrC8YfCE24fHwIz
GcyFmE1khPwYdTS8TOVMUC8TRJQUjCS+9ImcLQH6P2cECqEZWJdW09QmLGB85/Jh
LGZ5nN+dD9c+mw3aWx62Tq08kea4QxF7nrGpvW5AR71d6x3gOpmItlQlLHBrsVdo
41XEOhCDjsCMMQ3SeAUO0IQ+Qu4W8Kh1ax3CV6vDoowLeVseCcq6vCV8QwIDAQAB
o4ICqTCCAqUwHQYDVR0OBBYEFMaNlbUidnFucELO82ZtYblGsWsJMB8GA1UdIwQY
MBaAFMWb0ejFj2Qb2UQwXxHFTv5fOgziMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFp2UjZNV1BaQnZaUkRCZkVjVk9fbDg2RE9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9mZDg0NTctODEwZi00ZjdlLTllNTgt
NTZjYzM5ZGI2ZWQ2LzEveG8yVnRTSjJjVzV3UXM3elptMWh1VWF4YXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9mZDg0NTctODEwZi00ZjdlLTllNTgtNTZjYzM5ZGI2ZWQ2
LzEveFp2UjZNV1BaQnZaUkRCZkVjVk9fbDg2RE9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG+BggrBgEFBQcBBwEB/wSBrjCBqzBaBAIAATBUAwQABayx
AwQCLVnsAwQCLV2oAwQCLfy0AwQAPsw6AwQATVd6AwQAV+yhAwQAubZpAwQAudNP
AwQAudmPAwQCueOIAwQAwaNIAwQA1dkfAwQA1ejLME0EAgACMEcwDwMEASoMZgMH
ASoMZgAACAMHACoMZgAQAAMHACoMZgAgAAMHACoMZgAwAAMHACoMZgBAAAMHACoM
ZgBgAAMHACoMZgBmADANBgkqhkiG9w0BAQsFAAOCAQEAMexPat6NqHjWxgxy9qMB
TRNRksuLrchtFn14EjCPzGnVzFC+22ZOKL2EofbGQ5n1meUy7NSTfxYIGgfJqKrJ
8QQJjeIoM70Bnu9cSJWXV0meHv4iCv/5OJwpnrNB8cCzqLgj51+1bjAYL7X1SoWi
l4yXCwgbN57a8TEaxUHgQXrkl7c/3wMuT7mwTZb4vDA0ZM35vENnrv06hkVU/d9L
MwkwKcKb1X3cs/JruYWidemBupD3rv1AeLZHCis8Al9BpXKFDCGZ2LQC+J5mVcHV
Kuq/nXb/MFNSySm1yABiBVnczV7dWeo1r997gWltPAM4yjVYnYnnjResqEOFSrbU
HA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:16 2024 by rpki-client on console-fra.rpki-client.org