Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/qaDnhdP2nh8QJGqxynGj9SWyqbk.roa
File:                     qaDnhdP2nh8QJGqxynGj9SWyqbk.roa (raw, json)
Hash identifier:          EIKHllwVtFTcFKm9BVqFSqqbydVQJdNfPTsY9S9fEUQ=
Subject key identifier:   A9:A0:E7:85:D3:F6:9E:1F:10:24:6A:B1:CA:71:A3:F5:25:B2:A9:B9
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018CC7277536A7AAD37131D60B16684E6EBE
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/qaDnhdP2nh8QJGqxynGj9SWyqbk.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207333
IP address blocks:        86.107.44.0/24 maxlen: 24
                          86.107.45.0/24 maxlen: 24
                          89.33.41.0/24 maxlen: 24
                          185.129.51.0/24 maxlen: 24
                          185.129.48.0/24 maxlen: 24
                          185.129.50.0/24 maxlen: 24
                          92.114.7.0/24 maxlen: 24
                          185.100.64.0/24 maxlen: 24
                          185.100.65.0/24 maxlen: 24
                          185.100.67.0/24 maxlen: 24
                          188.241.216.0/24 maxlen: 24
                          188.241.217.0/24 maxlen: 24
                          86.107.199.0/24 maxlen: 24
                          86.107.198.0/24 maxlen: 24
                          185.111.105.0/24 maxlen: 24
                          185.111.104.0/24 maxlen: 24
                          185.111.107.0/24 maxlen: 24
                          185.111.106.0/24 maxlen: 24
                          185.98.7.0/24 maxlen: 24
                          185.98.5.0/24 maxlen: 24
                          185.98.6.0/24 maxlen: 24
                          185.121.83.0/24 maxlen: 24
                          185.121.80.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.81.0/24 maxlen: 24
                          31.14.27.0/24 maxlen: 24
                          89.46.34.0/24 maxlen: 24
                          185.113.132.0/24 maxlen: 24
                          185.113.135.0/24 maxlen: 24
                          185.113.134.0/24 maxlen: 24
                          185.125.89.0/24 maxlen: 24
                          2a06:940::/48 maxlen: 48
                          2a06:942::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 24 Aug 2024 22:41:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:75:36:a7:aa:d3:71:31:d6:0b:16:68:4e:6e:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9a0e785d3f69e1f10246ab1ca71a3f525b2a9b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5c:49:44:5b:60:1b:b9:30:6d:3f:e5:69:97:
                    c3:96:81:89:7b:cd:e6:c9:71:11:8d:ee:41:dc:47:
                    83:f8:30:02:df:4b:8d:a9:39:3e:9c:49:fb:4e:b4:
                    34:a5:a8:74:0b:02:ec:3e:ac:2b:0e:5b:62:ca:ca:
                    64:f9:ca:c0:f0:8b:d9:13:8f:fb:b0:49:de:c8:b6:
                    6a:1a:42:94:cc:68:ed:f0:5d:ea:d3:83:5f:20:0b:
                    8d:2b:48:9a:14:59:69:b6:cd:25:7f:57:4b:b6:cd:
                    7b:69:c2:42:1a:10:21:cf:71:dd:70:4d:12:e2:c3:
                    79:f1:33:d3:ad:5b:ed:7d:49:2d:46:43:d5:19:24:
                    71:1a:bd:82:6c:1d:ae:17:b4:3c:44:be:df:55:83:
                    80:0b:d2:b7:8b:bc:cd:c9:19:81:d2:ad:69:b4:00:
                    37:d4:c7:68:d9:43:2a:e0:28:6b:66:3e:7f:3d:7d:
                    43:6c:44:ba:06:cf:39:c7:f6:29:44:49:e7:ca:40:
                    b3:e1:42:d2:03:87:ac:1b:a8:01:c6:2d:75:11:3e:
                    ad:32:2f:2a:b5:52:01:04:00:16:9a:70:4e:b1:4b:
                    af:6e:3d:29:d2:7a:39:be:91:bc:aa:71:cc:44:29:
                    30:a5:82:71:41:0e:0d:a8:df:30:86:d5:cf:ed:2a:
                    8a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:A0:E7:85:D3:F6:9E:1F:10:24:6A:B1:CA:71:A3:F5:25:B2:A9:B9
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/qaDnhdP2nh8QJGqxynGj9SWyqbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.27.0/24
                  86.107.44.0/23
                  86.107.198.0/23
                  89.33.41.0/24
                  89.46.34.0/24
                  92.114.7.0/24
                  185.98.5.0-185.98.7.255
                  185.100.64.0/23
                  185.100.67.0/24
                  185.111.104.0/22
                  185.113.132.0/24
                  185.113.134.0/23
                  185.121.80.0/22
                  185.125.89.0/24
                  185.129.48.0/24
                  185.129.50.0/23
                  188.241.216.0/23
                IPv6:
                  2a06:940::/48
                  2a06:942::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:bd:f8:bc:17:92:29:af:90:e1:60:ac:6a:bb:5c:f8:26:4d:
         64:40:1c:61:40:2e:8b:07:a7:01:b5:ca:15:38:59:23:63:72:
         20:84:48:f5:5b:81:b1:b9:47:9e:d1:e4:8c:53:cd:bb:75:aa:
         ef:ee:14:ee:1f:d7:ec:b0:b8:99:25:4f:72:7d:7d:1c:4b:6f:
         3a:20:77:e3:94:0c:f2:46:90:84:7f:3b:8a:69:ea:89:5b:ac:
         da:3b:e3:2e:28:d4:1e:79:b6:11:cf:9f:04:4d:c0:f8:db:08:
         a3:90:9c:b8:01:fc:1b:ed:41:b5:83:3b:81:85:dc:6a:6f:b9:
         a4:b2:01:a2:82:e7:27:bf:c4:58:43:c3:12:2d:e9:38:9a:04:
         59:ed:c4:b7:a1:78:ed:b7:ea:c5:f0:08:01:ff:2b:24:5c:c4:
         19:af:c4:31:8c:2d:8a:68:73:1f:5f:c9:bf:ac:32:6a:67:ec:
         41:7f:c7:b4:c9:80:c2:a1:27:12:04:10:c5:d7:27:d7:9f:79:
         bc:1b:fd:37:63:77:16:90:81:71:5f:3b:18:8e:33:7d:04:ea:
         57:2c:6c:46:09:c5:c0:91:8c:29:22:46:e4:a6:09:1c:da:ed:
         e4:ea:81:1a:74:ee:5a:f8:f6:35:5e:53:d4:45:eb:e2:fb:8f:
         a6:da:8d:c5
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAYzHJ3U2p6rTcTHWCxZoTm6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWEwZTc4NWQzZjY5ZTFmMTAyNDZhYjFjYTcxYTNmNTI1YjJhOWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFxJRFtgG7kwbT/laZfDloGJe83m
yXERje5B3EeD+DAC30uNqTk+nEn7TrQ0pah0CwLsPqwrDltiyspk+crA8IvZE4/7
sEneyLZqGkKUzGjt8F3q04NfIAuNK0iaFFlpts0lf1dLts17acJCGhAhz3HdcE0S
4sN58TPTrVvtfUktRkPVGSRxGr2CbB2uF7Q8RL7fVYOAC9K3i7zNyRmB0q1ptAA3
1Mdo2UMq4ChrZj5/PX1DbES6Bs85x/YpREnnykCz4ULSA4esG6gBxi11ET6tMi8q
tVIBBAAWmnBOsUuvbj0p0no5vpG8qnHMRCkwpYJxQQ4NqN8whtXP7SqKwwIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFKmg54XT9p4fECRqscpxo/Ulsqm5MB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvcWFEbmhkUDJuaDhRSkdxeHluR2o5U1d5cWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDB0BAIAATBuAwQAHw4b
AwQBVmssAwQBVmvGAwQAWSEpAwQAWS4iAwQAXHIHMAwDBAC5YgUDBAO5YgADBAG5
ZEADBAC5ZEMDBAK5b2gDBAC5cYQDBAG5cYYDBAK5eVADBAC5fVkDBAC5gTADBAG5
gTIDBAG88dgwGAQCAAIwEgMHACoGCUAAAAMHACoGCUIAADANBgkqhkiG9w0BAQsF
AAOCAQEApr34vBeSKa+Q4WCsartc+CZNZEAcYUAuiwenAbXKFThZI2NyIIRI9VuB
sblHntHkjFPNu3Wq7+4U7h/X7LC4mSVPcn19HEtvOiB345QM8kaQhH87imnqiVus
2jvjLijUHnm2Ec+fBE3A+NsIo5CcuAH8G+1BtYM7gYXcam+5pLIBooLnJ7/EWEPD
Ei3pOJoEWe3Et6F47bfqxfAIAf8rJFzEGa/EMYwtimhzH1/Jv6wyamfsQX/HtMmA
wqEnEgQQxdcn1595vBv9N2N3FpCBcV87GI4zfQTqVyxsRgnFwJGMKSJG5KYJHNrt
5OqBGnTuWvj2NV5T1EXr4vuPptqNxQ==
-----END CERTIFICATE-----
Generated at Sun Aug 25 00:15:31 2024 by rpki-client on console-ams.rpki-client.org