Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/FIrOIjyARoKBS0SYcETRCWgw_40.roa
File:                     FIrOIjyARoKBS0SYcETRCWgw_40.roa (raw, json)
Hash identifier:          E9A5aQPUAa2TBxKNnObiSSuuil3YKJZ9HKHqqYclV1E=
Subject key identifier:   14:8A:CE:22:3C:80:46:82:81:4B:44:98:70:44:D1:09:68:30:FF:8D
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018A40B602D5C88CFB3F74361F52AB0EF6B2
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/FIrOIjyARoKBS0SYcETRCWgw_40.roa
Signing time:             Tue 29 Aug 2023 09:53:04 +0000
ROA not before:           Tue 29 Aug 2023 09:53:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207333
IP address blocks:        86.107.44.0/24 maxlen: 24
                          86.107.45.0/24 maxlen: 24
                          89.33.41.0/24 maxlen: 24
                          185.129.51.0/24 maxlen: 24
                          185.129.48.0/24 maxlen: 24
                          185.129.50.0/24 maxlen: 24
                          92.114.7.0/24 maxlen: 24
                          185.100.64.0/24 maxlen: 24
                          185.100.65.0/24 maxlen: 24
                          185.100.67.0/24 maxlen: 24
                          188.241.216.0/24 maxlen: 24
                          188.241.217.0/24 maxlen: 24
                          86.107.199.0/24 maxlen: 24
                          86.107.198.0/24 maxlen: 24
                          185.111.105.0/24 maxlen: 24
                          185.111.104.0/24 maxlen: 24
                          185.111.107.0/24 maxlen: 24
                          185.111.106.0/24 maxlen: 24
                          185.98.7.0/24 maxlen: 24
                          185.98.5.0/24 maxlen: 24
                          185.98.6.0/24 maxlen: 24
                          185.121.83.0/24 maxlen: 24
                          185.121.80.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.81.0/24 maxlen: 24
                          31.14.27.0/24 maxlen: 24
                          89.46.34.0/24 maxlen: 24
                          185.113.132.0/24 maxlen: 24
                          185.113.135.0/24 maxlen: 24
                          185.113.134.0/24 maxlen: 24
                          185.125.89.0/24 maxlen: 24
                          2a06:940::/48 maxlen: 48
                          2a06:942::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:40:b6:02:d5:c8:8c:fb:3f:74:36:1f:52:ab:0e:f6:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Aug 29 09:53:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=148ace223c804682814b44987044d1096830ff8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:da:af:1f:64:19:f3:51:25:61:be:85:bb:be:
                    c8:04:5e:32:25:3b:f2:64:61:da:ed:b5:03:e9:3c:
                    16:78:e1:e2:1c:61:9c:d2:14:71:02:9a:2a:eb:5f:
                    b7:73:f9:1e:35:6b:18:e4:99:03:e8:db:61:a5:c1:
                    a9:cf:a6:7b:ea:9f:47:75:ff:51:67:9b:ca:b4:b1:
                    6a:81:93:5c:07:7d:b4:34:61:28:dc:04:bc:5a:2b:
                    c0:59:55:29:6e:85:a8:ce:76:65:48:63:2f:8b:2e:
                    e5:de:b0:13:39:fd:8e:ba:8b:75:6b:72:10:1a:fa:
                    ea:8e:ac:29:09:55:ed:db:56:09:d8:1d:b6:7d:30:
                    81:32:37:ee:3e:d0:50:6e:ac:57:67:d6:8d:fa:3a:
                    12:6b:8c:6f:88:10:5a:9d:76:e0:71:98:f5:68:d0:
                    1f:ae:86:90:22:53:dc:ac:f3:b3:f7:af:7f:ce:ea:
                    b7:65:9d:30:45:23:ab:78:3b:59:58:2a:d9:84:45:
                    3f:e5:f8:8b:a5:35:52:6b:28:d2:51:13:0a:ee:a8:
                    6a:23:b3:68:a2:4a:15:e6:09:a5:94:2b:fc:5c:a6:
                    13:13:dc:5e:d3:45:44:97:c5:89:da:04:52:10:bd:
                    ce:af:2b:a8:85:d8:dd:99:c2:06:6e:02:88:36:de:
                    aa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:8A:CE:22:3C:80:46:82:81:4B:44:98:70:44:D1:09:68:30:FF:8D
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/FIrOIjyARoKBS0SYcETRCWgw_40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.27.0/24
                  86.107.44.0/23
                  86.107.198.0/23
                  89.33.41.0/24
                  89.46.34.0/24
                  92.114.7.0/24
                  185.98.5.0-185.98.7.255
                  185.100.64.0/23
                  185.100.67.0/24
                  185.111.104.0/22
                  185.113.132.0/24
                  185.113.134.0/23
                  185.121.80.0/22
                  185.125.89.0/24
                  185.129.48.0/24
                  185.129.50.0/23
                  188.241.216.0/23
                IPv6:
                  2a06:940::/48
                  2a06:942::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:de:ab:5d:86:64:5b:ea:de:29:bd:d1:46:6e:03:90:7e:26:
         34:b0:ab:5a:6a:5b:c7:5e:d8:37:d1:c4:12:80:c3:56:be:cd:
         1e:c3:d8:5f:54:70:f9:e1:26:48:a7:78:e4:38:ef:3b:6d:49:
         b0:5d:2b:80:26:b0:11:6c:86:71:b1:2a:10:64:8c:20:57:11:
         10:96:33:fe:b4:48:39:d8:d9:d4:97:8b:2f:69:7e:fb:a6:1a:
         1e:c2:da:b8:98:e3:d9:44:3b:46:1b:4b:6c:75:bc:e8:d4:63:
         09:f7:a7:bd:f1:ae:9d:92:53:9d:3d:48:0f:64:bd:89:2f:1a:
         0a:3c:01:8f:6f:36:00:ff:a1:65:bf:55:6b:73:54:41:cd:4e:
         d0:99:c1:26:58:46:2e:6f:be:90:5c:e4:d8:62:ac:7c:4f:81:
         8b:fd:07:95:81:a2:96:08:43:ba:8e:ba:65:fc:d6:1f:bd:94:
         b9:9b:74:0d:a5:f5:76:83:20:34:e1:21:b4:d4:75:8e:ba:0a:
         1c:39:63:e3:e0:ef:90:cb:d4:f9:28:07:64:21:20:de:c0:a2:
         c6:bf:7c:58:4c:d1:81:e1:62:70:8e:33:5b:b0:b3:3a:e9:df:
         ec:cf:be:2b:c2:48:31:b2:c7:d6:ea:5d:b3:12:95:93:65:a2:
         d9:b6:1e:df
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAYpAtgLVyIz7P3Q2H1KrDvayMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjMwODI5MDk1MzA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDhhY2UyMjNjODA0NjgyODE0YjQ0OTg3MDQ0ZDEwOTY4MzBmZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9qvH2QZ81ElYb6Fu77IBF4yJTvy
ZGHa7bUD6TwWeOHiHGGc0hRxApoq61+3c/keNWsY5JkD6NthpcGpz6Z76p9Hdf9R
Z5vKtLFqgZNcB320NGEo3AS8WivAWVUpboWoznZlSGMviy7l3rATOf2Ouot1a3IQ
GvrqjqwpCVXt21YJ2B22fTCBMjfuPtBQbqxXZ9aN+joSa4xviBBanXbgcZj1aNAf
roaQIlPcrPOz969/zuq3ZZ0wRSOreDtZWCrZhEU/5fiLpTVSayjSURMK7qhqI7No
okoV5gmllCv8XKYTE9xe00VEl8WJ2gRSEL3OryuohdjdmcIGbgKINt6qnwIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFBSKziI8gEaCgUtEmHBE0QloMP+NMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvRklyT0lqeUFSb0tCUzBTWWNFVFJDV2d3XzQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDB0BAIAATBuAwQAHw4b
AwQBVmssAwQBVmvGAwQAWSEpAwQAWS4iAwQAXHIHMAwDBAC5YgUDBAO5YgADBAG5
ZEADBAC5ZEMDBAK5b2gDBAC5cYQDBAG5cYYDBAK5eVADBAC5fVkDBAC5gTADBAG5
gTIDBAG88dgwGAQCAAIwEgMHACoGCUAAAAMHACoGCUIAADANBgkqhkiG9w0BAQsF
AAOCAQEAbt6rXYZkW+reKb3RRm4DkH4mNLCrWmpbx17YN9HEEoDDVr7NHsPYX1Rw
+eEmSKd45DjvO21JsF0rgCawEWyGcbEqEGSMIFcREJYz/rRIOdjZ1JeLL2l++6Ya
HsLauJjj2UQ7RhtLbHW86NRjCfenvfGunZJTnT1ID2S9iS8aCjwBj282AP+hZb9V
a3NUQc1O0JnBJlhGLm++kFzk2GKsfE+Bi/0HlYGilghDuo66ZfzWH72UuZt0DaX1
doMgNOEhtNR1jroKHDlj4+DvkMvU+SgHZCEg3sCixr98WEzRgeFicI4zW7CzOunf
7M++K8JIMbLH1updsxKVk2Wi2bYe3w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:23 2024 by rpki-client on console-fra.rpki-client.org