Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/by7Mtsr5tS2syKFR5B4fON0COhk.roa
File:                     by7Mtsr5tS2syKFR5B4fON0COhk.roa (raw, json)
Hash identifier:          I+iQLGBRA4D7Kc+oqXphuG8nkUgCZuMFl+95lXQ56bc=
Subject key identifier:   6F:2E:CC:B6:CA:F9:B5:2D:AC:C8:A1:51:E4:1E:1F:38:DD:02:3A:19
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       0191868D24F87FED282299D74C0E31135C9D
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/by7Mtsr5tS2syKFR5B4fON0COhk.roa
Signing time:             Sat 24 Aug 2024 22:41:22 +0000
ROA not before:           Sat 24 Aug 2024 22:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207333
IP address blocks:        31.14.27.0/24 maxlen: 24
                          86.107.44.0/24 maxlen: 24
                          86.107.45.0/24 maxlen: 24
                          86.107.198.0/24 maxlen: 24
                          86.107.199.0/24 maxlen: 24
                          89.33.41.0/24 maxlen: 24
                          89.35.124.0/24 maxlen: 24
                          89.35.125.0/24 maxlen: 24
                          89.46.33.0/24 maxlen: 24
                          89.46.34.0/24 maxlen: 24
                          92.114.7.0/24 maxlen: 24
                          185.98.5.0/24 maxlen: 24
                          185.98.6.0/24 maxlen: 24
                          185.98.7.0/24 maxlen: 24
                          185.100.64.0/24 maxlen: 24
                          185.100.65.0/24 maxlen: 24
                          185.100.67.0/24 maxlen: 24
                          185.111.104.0/24 maxlen: 24
                          185.111.105.0/24 maxlen: 24
                          185.111.106.0/24 maxlen: 24
                          185.111.107.0/24 maxlen: 24
                          185.113.132.0/24 maxlen: 24
                          185.113.134.0/24 maxlen: 24
                          185.113.135.0/24 maxlen: 24
                          185.121.80.0/24 maxlen: 24
                          185.121.81.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.83.0/24 maxlen: 24
                          185.125.89.0/24 maxlen: 24
                          185.129.48.0/24 maxlen: 24
                          185.129.49.0/24 maxlen: 24
                          185.129.50.0/24 maxlen: 24
                          185.129.51.0/24 maxlen: 24
                          188.241.216.0/24 maxlen: 24
                          188.241.217.0/24 maxlen: 24
                          2a06:940::/48 maxlen: 48
                          2a06:942::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 21 Sep 2024 14:25:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:86:8d:24:f8:7f:ed:28:22:99:d7:4c:0e:31:13:5c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Aug 24 22:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f2eccb6caf9b52dacc8a151e41e1f38dd023a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:07:b5:e1:d6:25:47:3a:b0:98:a0:6a:f4:22:
                    c7:3c:62:5a:36:0a:26:cf:05:d2:e4:b8:5d:b0:dd:
                    58:27:a5:a9:8c:b2:8b:f5:fb:a5:bc:8e:44:52:62:
                    83:86:3c:b7:31:09:33:43:7d:06:a6:c7:79:2a:38:
                    0e:57:74:12:b1:1f:a7:03:99:7e:cd:95:8c:7a:57:
                    2f:e8:a7:cf:56:5c:10:c9:54:f7:fc:ed:62:d1:14:
                    fd:52:d7:44:06:ae:a4:f7:87:11:67:af:44:11:72:
                    7c:94:4f:61:85:85:09:6c:dd:56:b7:69:42:ef:77:
                    03:96:ba:19:5b:fe:36:4b:c9:d1:db:bd:8c:44:6f:
                    bf:79:e4:44:4d:bc:85:3c:d3:7f:43:44:8d:3a:c5:
                    a7:a9:14:47:f9:b8:1e:2d:a0:02:2f:1e:a1:fd:06:
                    e2:34:c2:4f:a9:00:7e:2f:ad:ea:84:f9:ca:e4:1d:
                    62:9c:87:7a:a2:e1:f8:b6:3d:2f:e7:0c:f8:45:84:
                    92:4d:0a:a1:56:09:0f:73:f3:59:0c:8a:38:27:bb:
                    fa:bb:e4:a0:21:32:87:e8:69:1c:3d:8b:ac:59:ae:
                    92:fb:a3:9e:37:0e:05:b6:b0:63:34:64:19:60:1d:
                    3c:6b:70:20:e7:b2:bc:62:e6:65:fa:bc:a8:f0:6c:
                    48:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:2E:CC:B6:CA:F9:B5:2D:AC:C8:A1:51:E4:1E:1F:38:DD:02:3A:19
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/by7Mtsr5tS2syKFR5B4fON0COhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.27.0/24
                  86.107.44.0/23
                  86.107.198.0/23
                  89.33.41.0/24
                  89.35.124.0/23
                  89.46.33.0-89.46.34.255
                  92.114.7.0/24
                  185.98.5.0-185.98.7.255
                  185.100.64.0/23
                  185.100.67.0/24
                  185.111.104.0/22
                  185.113.132.0/24
                  185.113.134.0/23
                  185.121.80.0/22
                  185.125.89.0/24
                  185.129.48.0/22
                  188.241.216.0/23
                IPv6:
                  2a06:940::/48
                  2a06:942::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:ac:51:31:01:1e:cc:1f:09:3f:5a:38:cd:e5:29:bb:51:80:
         5b:a3:ef:07:5a:5c:f6:b1:bf:9b:e8:b7:3e:91:c1:d6:e5:98:
         de:8f:88:5d:b4:ca:9a:47:9d:e7:d2:5a:da:88:22:62:b5:1b:
         3e:97:47:d2:23:a0:58:aa:4a:ee:03:8a:65:30:37:3e:47:3a:
         86:84:73:46:e0:bb:78:43:7e:1e:f7:f9:c4:64:ff:2a:6c:68:
         a7:44:09:e6:ca:fd:29:cb:be:df:c3:1c:e9:d4:65:98:74:11:
         89:d0:5e:fc:b0:d3:c9:bd:6d:41:72:6f:32:96:9e:78:58:49:
         13:a5:96:8c:37:fb:84:f2:1d:8b:3f:f3:76:a0:24:bd:e7:fe:
         ee:ad:c2:f4:b9:04:81:68:61:ee:67:7e:60:23:80:c3:b5:7b:
         91:69:17:03:0b:e6:f4:c8:78:a4:32:91:6b:72:65:a1:6e:1c:
         43:6c:c7:ac:b7:fa:f9:18:17:05:b4:c3:c6:c6:9b:03:88:3f:
         91:bd:f5:19:44:6c:6d:48:e0:16:6c:70:35:c9:a1:15:c8:91:
         13:63:c9:60:8d:f4:e7:2d:91:36:4d:ec:54:0e:c5:08:2b:44:
         a5:be:1c:01:6c:31:59:dd:ea:cf:24:af:7c:d5:13:94:90:6e:
         f2:63:7d:47
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAZGGjST4f+0oIpnXTA4xE1ydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwODI0MjI0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjJlY2NiNmNhZjliNTJkYWNjOGExNTFlNDFlMWYzOGRkMDIzYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2ge14dYlRzqwmKBq9CLHPGJaNgom
zwXS5LhdsN1YJ6WpjLKL9fulvI5EUmKDhjy3MQkzQ30Gpsd5KjgOV3QSsR+nA5l+
zZWMelcv6KfPVlwQyVT3/O1i0RT9UtdEBq6k94cRZ69EEXJ8lE9hhYUJbN1Wt2lC
73cDlroZW/42S8nR272MRG+/eeRETbyFPNN/Q0SNOsWnqRRH+bgeLaACLx6h/Qbi
NMJPqQB+L63qhPnK5B1inId6ouH4tj0v5wz4RYSSTQqhVgkPc/NZDIo4J7v6u+Sg
ITKH6GkcPYusWa6S+6OeNw4FtrBjNGQZYB08a3Ag57K8YuZl+ryo8GxIrwIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFG8uzLbK+bUtrMihUeQeHzjdAjoZMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvYnk3TXRzcjV0UzJzeUtGUjVCNGZPTjBDT2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDB8BAIAATB2AwQAHw4b
AwQBVmssAwQBVmvGAwQAWSEpAwQBWSN8MAwDBABZLiEDBABZLiIDBABccgcwDAME
ALliBQMEA7liAAMEAblkQAMEALlkQwMEArlvaAMEALlxhAMEAblxhgMEArl5UAME
ALl9WQMEArmBMAMEAbzx2DAYBAIAAjASAwcAKgYJQAAAAwcAKgYJQgAAMA0GCSqG
SIb3DQEBCwUAA4IBAQB8rFExAR7MHwk/WjjN5Sm7UYBbo+8HWlz2sb+b6Lc+kcHW
5Zjej4hdtMqaR53n0lraiCJitRs+l0fSI6BYqkruA4plMDc+RzqGhHNG4Lt4Q34e
9/nEZP8qbGinRAnmyv0py77fwxzp1GWYdBGJ0F78sNPJvW1Bcm8ylp54WEkTpZaM
N/uE8h2LP/N2oCS95/7urcL0uQSBaGHuZ35gI4DDtXuRaRcDC+b0yHikMpFrcmWh
bhxDbMest/r5GBcFtMPGxpsDiD+RvfUZRGxtSOAWbHA1yaEVyJETY8lgjfTnLZE2
TexUDsUIK0SlvhwBbDFZ3erPJK981ROUkG7yY31H
-----END CERTIFICATE-----
Generated at Sat Sep 21 16:45:58 2024 by rpki-client on console-fra.rpki-client.org