Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/6jUQNLRLHmQv3U32ypTVtUTMh64.roa
File:                     6jUQNLRLHmQv3U32ypTVtUTMh64.roa (raw, json)
Hash identifier:          S5GdRTQ7SWFi54yag60Pa9XpOCf5KkS0lnzz6PQc/X4=
Subject key identifier:   EA:35:10:34:B4:4B:1E:64:2F:DD:4D:F6:CA:94:D5:B5:44:CC:87:AE
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018CC727734DA60ABA96BFA751518C2AE7B4
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/6jUQNLRLHmQv3U32ypTVtUTMh64.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202958
IP address blocks:        194.4.58.0/24 maxlen: 24
                          194.4.57.0/24 maxlen: 24
                          194.4.56.0/24 maxlen: 24
                          194.4.59.0/24 maxlen: 24
                          185.100.66.0/24 maxlen: 24
                          86.107.199.0/24 maxlen: 24
                          86.107.198.0/24 maxlen: 24
                          194.146.43.0/24 maxlen: 24
                          194.146.42.0/24 maxlen: 24
                          194.146.41.0/24 maxlen: 24
                          194.146.40.0/24 maxlen: 24
                          185.98.4.0/24 maxlen: 24
                          185.121.83.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.81.0/24 maxlen: 24
                          185.121.80.0/24 maxlen: 24
                          185.113.133.0/24 maxlen: 24
                          185.125.91.0/24 maxlen: 24
                          185.125.90.0/24 maxlen: 24
                          185.125.89.0/24 maxlen: 24
                          185.125.88.0/24 maxlen: 24
                          185.116.192.0/24 maxlen: 24
                          185.116.195.0/24 maxlen: 24
                          185.116.194.0/24 maxlen: 24
                          185.116.193.0/24 maxlen: 24
                          2a06:941::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 03:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:73:4d:a6:0a:ba:96:bf:a7:51:51:8c:2a:e7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea351034b44b1e642fdd4df6ca94d5b544cc87ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:e7:5c:41:10:21:21:88:09:a6:b5:5a:b4:a3:
                    0a:d0:a1:b9:a4:51:e0:ef:cf:73:97:0f:e4:71:5a:
                    dd:8a:99:8a:00:49:e8:b3:b0:f6:2d:d5:a4:90:73:
                    8f:cd:ab:10:c1:c8:59:c6:58:7d:4b:f7:75:2d:8a:
                    0d:25:95:cb:40:e4:5f:c8:0d:83:32:b0:c5:5e:52:
                    86:41:36:cd:37:a0:ba:33:fa:10:8c:31:3d:81:da:
                    a0:9d:59:d1:8b:fd:a7:68:67:e9:c6:bf:c9:1a:66:
                    a6:bb:a2:4d:b7:c0:8d:18:d6:38:6a:f6:45:40:9b:
                    00:63:8b:c2:0c:cd:12:cb:c3:d7:16:20:58:33:05:
                    67:62:a2:93:f7:35:58:6a:85:25:d6:08:f9:1a:4c:
                    f1:24:a7:c0:9a:88:63:c9:93:1c:32:f8:27:87:25:
                    19:60:b8:19:3b:3e:19:69:b0:86:b9:5b:8f:c6:15:
                    e1:2f:fe:f8:c2:12:12:9a:de:7c:3f:75:71:99:0e:
                    8e:9c:a5:3c:9b:fd:ee:8f:9f:b4:ab:54:c7:54:f9:
                    df:9f:a0:9b:1e:85:32:2f:11:bb:66:f2:6a:6d:cf:
                    cd:7c:d8:77:78:26:e5:f5:64:dc:2a:71:f0:16:57:
                    48:d0:8b:aa:d9:16:ba:62:15:9d:d1:3a:f5:10:e6:
                    02:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:35:10:34:B4:4B:1E:64:2F:DD:4D:F6:CA:94:D5:B5:44:CC:87:AE
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/6jUQNLRLHmQv3U32ypTVtUTMh64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.107.198.0/23
                  185.98.4.0/24
                  185.100.66.0/24
                  185.113.133.0/24
                  185.116.192.0/22
                  185.121.80.0/22
                  185.125.88.0/22
                  194.4.56.0/22
                  194.146.40.0/22
                IPv6:
                  2a06:941::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:58:23:ae:5a:3a:26:20:e5:5d:66:6f:a2:cf:6f:6e:75:cd:
         4f:51:74:7e:9b:b1:ce:b5:9a:7e:df:00:df:28:f1:78:e7:f7:
         a8:bb:00:ce:ee:4c:9e:6f:0f:8a:90:fa:b2:33:9b:f5:90:03:
         8c:bc:74:57:91:69:88:3a:5f:6c:ca:d0:de:60:f8:36:71:aa:
         84:3a:51:55:56:80:c6:11:a6:ef:da:34:d5:b1:ef:f0:c4:51:
         b8:c4:56:64:00:c1:67:bb:45:93:d4:01:82:bb:93:11:df:da:
         e0:e3:7b:08:46:f4:a8:c2:d5:be:1e:96:1f:47:4a:8f:29:8b:
         19:7a:72:dd:f0:19:16:18:59:ab:b1:f2:6f:da:7a:8d:0d:cc:
         28:0c:94:91:42:cb:28:68:2f:84:45:b0:ca:a5:29:12:8b:7d:
         24:83:cc:b3:7d:90:c0:b1:b9:a9:40:c1:db:c6:df:05:c9:87:
         fb:b5:a3:a1:2c:85:19:4f:36:31:b0:12:5e:5b:12:1d:3b:59:
         84:0a:a4:4a:27:c1:22:c2:b5:77:e5:b2:8a:65:99:7d:94:e3:
         30:17:b3:b2:05:4b:0b:5d:63:2d:42:1d:e5:eb:64:de:5d:b8:
         ab:7f:74:08:00:b5:e4:d7:a8:d2:de:a9:26:49:59:c3:cb:fe:
         02:dd:c7:a7
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYzHJ3NNpgq6lr+nUVGMKue0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTM1MTAzNGI0NGIxZTY0MmZkZDRkZjZjYTk0ZDViNTQ0Y2M4N2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkudcQRAhIYgJprVatKMK0KG5pFHg
789zlw/kcVrdipmKAEnos7D2LdWkkHOPzasQwchZxlh9S/d1LYoNJZXLQORfyA2D
MrDFXlKGQTbNN6C6M/oQjDE9gdqgnVnRi/2naGfpxr/JGmamu6JNt8CNGNY4avZF
QJsAY4vCDM0Sy8PXFiBYMwVnYqKT9zVYaoUl1gj5GkzxJKfAmohjyZMcMvgnhyUZ
YLgZOz4ZabCGuVuPxhXhL/74whISmt58P3VxmQ6OnKU8m/3uj5+0q1THVPnfn6Cb
HoUyLxG7ZvJqbc/NfNh3eCbl9WTcKnHwFldI0Iuq2Ra6YhWd0Tr1EOYCZwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFOo1EDS0Sx5kL91N9sqU1bVEzIeuMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvNmpVUU5MUkxIbVF2M1UzMnlwVFZ0VVRNaDY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQBVmvGAwQA
uWIEAwQAuWRCAwQAuXGFAwQCuXTAAwQCuXlQAwQCuX1YAwQCwgQ4AwQCwpIoMA8E
AgACMAkDBwAqBglBAAAwDQYJKoZIhvcNAQELBQADggEBAENYI65aOiYg5V1mb6LP
b251zU9RdH6bsc61mn7fAN8o8Xjn96i7AM7uTJ5vD4qQ+rIzm/WQA4y8dFeRaYg6
X2zK0N5g+DZxqoQ6UVVWgMYRpu/aNNWx7/DEUbjEVmQAwWe7RZPUAYK7kxHf2uDj
ewhG9KjC1b4elh9HSo8pixl6ct3wGRYYWaux8m/aeo0NzCgMlJFCyyhoL4RFsMql
KRKLfSSDzLN9kMCxualAwdvG3wXJh/u1o6EshRlPNjGwEl5bEh07WYQKpEonwSLC
tXflsoplmX2U4zAXs7IFSwtdYy1CHeXrZN5duKt/dAgAteTXqNLeqSZJWcPL/gLd
x6c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:22 2024 by rpki-client on console-ams.rpki-client.org