Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/Xnxgvfy_kqFka-o1SUgvzkKvlDE.roa
File:                     Xnxgvfy_kqFka-o1SUgvzkKvlDE.roa (raw, json)
Hash identifier:          nUe5wk2boaHyE9lXT/ad1EASAxFWH2xIbvsw4LDOKJI=
Subject key identifier:   5E:7C:60:BD:FC:BF:92:A1:64:6B:EA:35:49:48:2F:CE:42:AF:94:31
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018B011DFB6EEEFB3323F1144D0F901EB60D
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/Xnxgvfy_kqFka-o1SUgvzkKvlDE.roa
Signing time:             Thu 05 Oct 2023 18:33:44 +0000
ROA not before:           Thu 05 Oct 2023 18:33:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49223
IP address blocks:        185.145.232.0/24 maxlen: 24
                          89.248.64.0/24 maxlen: 24
                          193.228.228.0/24 maxlen: 24
                          193.104.183.0/24 maxlen: 24
                          185.201.253.0/24 maxlen: 24
                          46.18.106.0/24 maxlen: 24
                          95.130.228.0/24 maxlen: 24
                          194.32.105.0/24 maxlen: 24
                          194.156.78.0/24 maxlen: 24
                          83.138.49.0/24 maxlen: 24
                          193.163.124.0/24 maxlen: 24
                          5.181.54.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 04 Nov 2023 19:14:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:01:1d:fb:6e:ee:fb:33:23:f1:14:4d:0f:90:1e:b6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Oct  5 18:33:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5e7c60bdfcbf92a1646bea3549482fce42af9431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:74:be:c1:cf:7a:08:7b:5e:02:4e:30:84:5d:
                    3d:84:60:7e:74:fd:1c:4a:1c:3c:42:9a:df:09:7e:
                    3d:42:f7:a8:c4:2f:97:27:c3:85:2e:75:2b:69:b8:
                    d8:b7:ba:98:f2:14:5d:40:26:60:5d:f4:2a:82:37:
                    df:17:b9:05:bb:2e:9f:e7:d2:0f:ff:29:5f:25:f7:
                    bd:62:a7:3f:7e:80:28:ea:c5:88:34:a8:ae:bb:16:
                    88:9b:e5:7c:92:6c:e6:2d:8e:63:a2:10:6a:3d:be:
                    49:65:8f:9a:d0:c2:ef:29:00:e8:c1:8b:e6:32:42:
                    36:fa:90:ca:77:37:f3:84:8d:66:75:a2:9c:db:16:
                    cd:29:5c:d2:dd:2a:bd:66:88:ac:99:f3:1e:54:a5:
                    ea:12:58:9f:63:e7:a1:79:49:60:b1:22:e0:90:f5:
                    96:e5:6c:8b:6f:61:c6:f3:fd:02:38:b4:a2:3d:24:
                    4d:7c:92:b7:da:00:e4:69:a9:86:f9:a7:af:d4:17:
                    10:26:e9:9a:d4:99:5c:b0:4d:32:02:25:f4:7a:40:
                    75:b7:0a:81:c0:3f:b8:2f:5a:ab:12:d8:fc:b8:c6:
                    c7:e4:02:f5:a3:d7:b8:65:94:05:a3:91:fe:bb:a3:
                    f8:d8:b1:45:b1:4c:8f:43:9c:11:d7:1e:f2:26:bd:
                    bb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7C:60:BD:FC:BF:92:A1:64:6B:EA:35:49:48:2F:CE:42:AF:94:31
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/Xnxgvfy_kqFka-o1SUgvzkKvlDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.54.0/24
                  46.18.106.0/24
                  83.138.49.0/24
                  89.248.64.0/24
                  95.130.228.0/24
                  185.145.232.0/24
                  185.201.253.0/24
                  193.104.183.0/24
                  193.163.124.0/24
                  193.228.228.0/24
                  194.32.105.0/24
                  194.156.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:38:5e:e1:c8:c6:a4:0d:7f:5e:2b:7b:52:94:cf:a8:7d:cb:
         bc:a0:88:5e:8c:4a:0e:69:a5:71:ea:8d:d2:eb:b5:7e:00:d1:
         14:31:e7:a6:53:77:ce:03:a4:61:4f:c0:3f:d4:36:18:58:97:
         f7:f8:2a:52:9e:4f:eb:97:3b:87:2d:74:22:75:35:c2:d3:a1:
         4f:65:39:dd:10:cb:b7:e3:97:60:7e:7b:e7:83:12:68:dd:7f:
         fc:03:31:ca:e6:7f:38:70:46:ff:14:4a:62:78:6a:8d:3e:e3:
         da:ec:13:8d:67:c2:44:e1:95:b9:16:36:5d:e9:c8:37:43:fd:
         22:fd:99:55:ef:ee:cf:bd:4e:ec:31:63:80:69:9c:6e:e8:aa:
         9f:c7:59:7a:b5:84:f4:6a:99:97:29:15:c4:a7:ec:b4:8b:56:
         97:64:e2:23:b1:38:7c:9a:e5:da:2b:c0:51:19:50:1a:94:f2:
         8d:ce:48:c7:a9:ac:88:0a:e6:bf:49:0c:35:a4:e4:a8:cf:5d:
         dc:ea:e7:57:b0:94:f1:2f:93:42:a0:98:62:2a:88:84:9a:37:
         35:db:78:0b:f8:bd:16:7c:d2:a1:67:81:ec:9f:4b:f1:41:3c:
         c5:b7:80:cd:99:d1:e9:66:25:a0:e8:a3:be:7e:53:98:88:09:
         43:de:a8:68
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYsBHftu7vszI/EUTQ+QHrYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjMxMDA1MTgzMzQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTdjNjBiZGZjYmY5MmExNjQ2YmVhMzU0OTQ4MmZjZTQyYWY5NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0HS+wc96CHteAk4whF09hGB+dP0c
Shw8QprfCX49QveoxC+XJ8OFLnUrabjYt7qY8hRdQCZgXfQqgjffF7kFuy6f59IP
/ylfJfe9Yqc/foAo6sWINKiuuxaIm+V8kmzmLY5johBqPb5JZY+a0MLvKQDowYvm
MkI2+pDKdzfzhI1mdaKc2xbNKVzS3Sq9ZoismfMeVKXqElifY+eheUlgsSLgkPWW
5WyLb2HG8/0COLSiPSRNfJK32gDkaamG+aev1BcQJuma1JlcsE0yAiX0ekB1twqB
wD+4L1qrEtj8uMbH5AL1o9e4ZZQFo5H+u6P42LFFsUyPQ5wR1x7yJr27EwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFF58YL38v5KhZGvqNUlIL85Cr5QxMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvWG54Z3ZmeV9rcUZrYS1vMVNVZ3Z6a0t2bERFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQABbU2AwQA
LhJqAwQAU4oxAwQAWfhAAwQAX4LkAwQAuZHoAwQAucn9AwQAwWi3AwQAwaN8AwQA
weTkAwQAwiBpAwQAwpxOMA0GCSqGSIb3DQEBCwUAA4IBAQAAOF7hyMakDX9eK3tS
lM+ofcu8oIhejEoOaaVx6o3S67V+ANEUMeemU3fOA6RhT8A/1DYYWJf3+CpSnk/r
lzuHLXQidTXC06FPZTndEMu345dgfnvngxJo3X/8AzHK5n84cEb/FEpieGqNPuPa
7BONZ8JE4ZW5FjZd6cg3Q/0i/ZlV7+7PvU7sMWOAaZxu6Kqfx1l6tYT0apmXKRXE
p+y0i1aXZOIjsTh8muXaK8BRGVAalPKNzkjHqayICua/SQw1pOSoz13c6udXsJTx
L5NCoJhiKoiEmjc123gL+L0WfNKhZ4Hsn0vxQTzFt4DNmdHpZiWg6KO+flOYiAlD
3qho
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:01:24 2024 by rpki-client on console-ams.rpki-client.org