Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XE-shc9BSe5tny9-Ksr1R7JRmEY.roa
File:                     XE-shc9BSe5tny9-Ksr1R7JRmEY.roa (raw, json)
Hash identifier:          ScAonKyxJril6zzdLGm8HS4eKgCRIkT9zXIcuE39E7g=
Subject key identifier:   5C:4F:AC:85:CF:41:49:EE:6D:9F:2F:7E:2A:CA:F5:47:B2:51:98:46
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       0185EF8C0232C745DE8898A1FCA86BAC0E00
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XE-shc9BSe5tny9-Ksr1R7JRmEY.roa
Signing time:             Thu 26 Jan 2023 19:26:48 +0000
ROA not before:           Thu 26 Jan 2023 19:26:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34450
IP address blocks:        89.43.42.0/24 maxlen: 24
                          89.43.44.0/24 maxlen: 24
                          89.43.40.0/24 maxlen: 24
                          89.43.41.0/24 maxlen: 24
                          93.114.187.0/24 maxlen: 24
                          86.106.80.0/24 maxlen: 24
                          89.34.8.0/21 maxlen: 21
                          89.43.73.0/24 maxlen: 24
                          89.39.252.0/24 maxlen: 24
                          188.213.18.0/24 maxlen: 24
                          188.240.14.0/24 maxlen: 24
                          85.204.125.0/24 maxlen: 24
                          85.204.127.0/24 maxlen: 24
                          93.114.99.0/24 maxlen: 24
                          93.113.158.0/24 maxlen: 24
                          89.33.163.0/24 maxlen: 24
                          89.37.136.0/24 maxlen: 24
                          93.114.55.0/24 maxlen: 24
                          188.215.72.0/23 maxlen: 24
                          188.215.73.0/24 maxlen: 24
                          2a05:b680:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 27 Jan 2023 12:56:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ef:8c:02:32:c7:45:de:88:98:a1:fc:a8:6b:ac:0e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan 26 19:26:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5c4fac85cf4149ee6d9f2f7e2acaf547b2519846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:64:eb:14:ca:87:6d:e8:33:5b:e2:18:b3:e3:
                    64:27:57:44:8b:82:f1:8f:80:87:e9:fe:38:50:57:
                    7b:df:cb:08:d5:b5:a4:56:c4:83:f4:c3:73:35:46:
                    4b:19:07:d4:fa:47:82:68:ba:54:83:9f:f8:11:62:
                    0a:f0:e0:8d:ac:0e:ef:2d:f5:2d:5f:f7:d2:a9:5d:
                    fc:08:9a:0a:66:15:cb:0d:de:19:3a:30:55:aa:26:
                    68:e7:7a:67:5d:26:87:e7:87:b6:48:e3:c0:8f:a3:
                    50:6e:9c:8f:14:bf:08:2d:f6:19:e3:c9:06:f3:ee:
                    dc:ce:51:cc:77:4e:99:97:d4:91:9c:be:b0:32:16:
                    06:b7:03:af:c6:3e:84:35:cc:03:c7:7f:01:40:f0:
                    f3:12:a2:46:48:68:49:9c:31:31:70:66:b4:fb:d5:
                    0d:9a:de:dc:0c:ed:9f:ac:77:68:e3:35:be:a9:51:
                    55:a2:af:c1:a2:08:bf:50:d7:d6:43:38:63:25:43:
                    67:3a:bf:d5:80:ac:89:fd:2e:cc:b9:ac:e5:72:74:
                    3c:e1:21:c4:1b:9c:76:d0:7c:53:c2:b4:16:cd:d8:
                    3c:44:87:3d:9c:e8:c5:22:2b:e3:0c:ce:56:59:e0:
                    99:55:4f:4e:08:fd:3a:0c:44:01:14:ef:20:17:98:
                    44:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:4F:AC:85:CF:41:49:EE:6D:9F:2F:7E:2A:CA:F5:47:B2:51:98:46
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XE-shc9BSe5tny9-Ksr1R7JRmEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.125.0/24
                  85.204.127.0/24
                  86.106.80.0/24
                  89.33.163.0/24
                  89.34.8.0/21
                  89.37.136.0/24
                  89.39.252.0/24
                  89.43.40.0-89.43.42.255
                  89.43.44.0/24
                  89.43.73.0/24
                  93.113.158.0/24
                  93.114.55.0/24
                  93.114.99.0/24
                  93.114.187.0/24
                  188.213.18.0/24
                  188.215.72.0/23
                  188.240.14.0/24
                IPv6:
                  2a05:b680:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:65:f5:5d:c2:9c:f5:bd:0b:6b:b9:4d:b5:78:18:be:7c:a2:
         08:8a:3f:ac:0b:54:88:82:5b:ed:73:9c:50:a6:7a:6a:07:6b:
         4d:41:c6:6e:26:23:89:90:b3:7d:7b:ae:0c:cb:4e:e0:ae:5b:
         2a:d1:4e:9e:ae:f9:c6:5a:53:e2:1a:34:67:5f:50:6e:8e:57:
         1d:e5:ff:d8:3d:8b:c0:5a:cd:f7:00:f6:cc:89:d8:5d:46:5f:
         d8:5c:95:53:ea:d5:84:0e:78:bc:58:1b:af:5a:ff:a3:4f:f5:
         0f:c2:91:da:c0:14:f5:1e:fd:38:86:bd:37:b6:d4:77:4a:08:
         c3:97:84:ca:27:b2:bc:07:b6:65:f6:c4:d5:59:54:d0:8c:e8:
         b8:f5:64:91:1c:5e:76:3d:6d:b7:2c:c5:3b:5b:e5:bc:e3:22:
         fa:09:8b:f0:22:30:50:6d:91:49:02:89:7a:32:35:2d:c0:32:
         e2:f9:dd:47:05:63:87:e8:1d:44:23:5c:8c:d7:da:64:b1:b0:
         e6:3f:6e:6a:2a:bb:36:cc:4e:f6:65:b8:3e:12:00:e2:6a:d5:
         46:15:88:e5:72:9a:12:ec:a1:03:e1:64:22:43:ce:d5:4a:36:
         24:9a:d4:8c:6a:dd:00:e2:3f:be:96:74:71:03:76:cc:06:7e:
         0d:36:90:4a
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYXvjAIyx0XeiJih/KhrrA4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjMwMTI2MTkyNjQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzRmYWM4NWNmNDE0OWVlNmQ5ZjJmN2UyYWNhZjU0N2IyNTE5ODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GTrFMqHbegzW+IYs+NkJ1dEi4Lx
j4CH6f44UFd738sI1bWkVsSD9MNzNUZLGQfU+keCaLpUg5/4EWIK8OCNrA7vLfUt
X/fSqV38CJoKZhXLDd4ZOjBVqiZo53pnXSaH54e2SOPAj6NQbpyPFL8ILfYZ48kG
8+7czlHMd06Zl9SRnL6wMhYGtwOvxj6ENcwDx38BQPDzEqJGSGhJnDExcGa0+9UN
mt7cDO2frHdo4zW+qVFVoq/Bogi/UNfWQzhjJUNnOr/VgKyJ/S7MuazlcnQ84SHE
G5x20HxTwrQWzdg8RIc9nOjFIivjDM5WWeCZVU9OCP06DEQBFO8gF5hEHwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFFxPrIXPQUnubZ8vfirK9UeyUZhGMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvWEUtc2hjOUJTZTV0bnk5LUtzcjFSN0pSbUVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzB0BAIAATBuAwQAVcx9
AwQAVcx/AwQAVmpQAwQAWSGjAwQDWSIIAwQAWSWIAwQAWSf8MAwDBANZKygDBABZ
KyoDBABZKywDBABZK0kDBABdcZ4DBABdcjcDBABdcmMDBABdcrsDBAC81RIDBAG8
10gDBAC88A4wDwQCAAIwCQMHACoFtoAAATANBgkqhkiG9w0BAQsFAAOCAQEAfGX1
XcKc9b0La7lNtXgYvnyiCIo/rAtUiIJb7XOcUKZ6agdrTUHGbiYjiZCzfXuuDMtO
4K5bKtFOnq75xlpT4ho0Z19Qbo5XHeX/2D2LwFrN9wD2zInYXUZf2FyVU+rVhA54
vFgbr1r/o0/1D8KR2sAU9R79OIa9N7bUd0oIw5eEyieyvAe2ZfbE1VlU0IzouPVk
kRxedj1ttyzFO1vlvOMi+gmL8CIwUG2RSQKJejI1LcAy4vndRwVjh+gdRCNcjNfa
ZLGw5j9uaiq7NsxO9mW4PhIA4mrVRhWI5XKaEuyhA+FkIkPO1Uo2JJrUjGrdAOI/
vpZ0cQN2zAZ+DTaQSg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:29 2024 by rpki-client on console-fra.rpki-client.org