Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/7lQKooe73W0yQD4eN6Rb9PvuXSU.roa
File:                     7lQKooe73W0yQD4eN6Rb9PvuXSU.roa (raw, json)
Hash identifier:          DASpqkitCR8sge+QYpKjSqBNvPV1SLG1A5vXnxXylRM=
Subject key identifier:   EE:54:0A:A2:87:BB:DD:6D:32:40:3E:1E:37:A4:5B:F4:FB:EE:5D:25
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0186743F192412FEB93C19D5ADD817C6D2B6
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/7lQKooe73W0yQD4eN6Rb9PvuXSU.roa
Signing time:             Tue 21 Feb 2023 13:52:17 +0000
ROA not before:           Tue 21 Feb 2023 13:52:17 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3257
IP address blocks:        62.132.114.0/23 maxlen: 23
                          62.132.116.0/23 maxlen: 23
                          62.132.132.0/23 maxlen: 23
                          62.41.160.0/24 maxlen: 24
                          46.33.64.0/19 maxlen: 24
                          62.41.80.0/22 maxlen: 24
                          62.41.84.0/23 maxlen: 24
                          62.41.102.0/24 maxlen: 24
                          212.115.128.0/18 maxlen: 24
                          213.200.64.0/18 maxlen: 18
                          195.143.0.0/16 maxlen: 24
                          141.136.96.0/20 maxlen: 20
                          194.121.52.0/22 maxlen: 22
                          89.149.128.0/18 maxlen: 24
                          77.67.0.0/17 maxlen: 24
                          87.119.64.0/18 maxlen: 24
                          134.222.0.0/16 maxlen: 16
                          212.222.0.0/16 maxlen: 24
                          212.221.0.0/17 maxlen: 24
                          77.77.128.0/18 maxlen: 24
                          213.251.0.0/18 maxlen: 24
                          185.160.40.0/22 maxlen: 22
                          62.41.16.0/21 maxlen: 24
                          62.132.0.0/22 maxlen: 22
                          62.41.24.0/22 maxlen: 24
                          62.132.16.0/22 maxlen: 22
                          62.132.24.0/23 maxlen: 23
                          62.41.32.0/24 maxlen: 24
                          62.41.37.0/24 maxlen: 24
                          62.132.28.0/24 maxlen: 24
                          62.132.42.0/23 maxlen: 23
                          62.41.56.0/21 maxlen: 24
                          62.41.64.0/20 maxlen: 24
                          213.254.192.0/18 maxlen: 24
                          62.41.0.0/20 maxlen: 24
                          2a00:1750::/32 maxlen: 32
                          2001:668::/29 maxlen: 64

Validation:               Failed, certificate revoked on Tue 21 Feb 2023 16:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:74:3f:19:24:12:fe:b9:3c:19:d5:ad:d8:17:c6:d2:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Feb 21 13:52:17 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ee540aa287bbdd6d32403e1e37a45bf4fbee5d25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:14:f5:f0:a3:6c:90:ed:3d:36:56:d3:7f:1a:
                    be:96:c1:19:a5:65:c0:5c:cd:38:46:9f:79:ef:14:
                    ba:56:aa:e3:18:89:18:20:07:24:77:7b:a7:66:28:
                    7c:c6:f1:16:83:da:28:93:ac:62:4f:11:cd:80:2c:
                    fb:a4:c3:1d:8b:de:4d:40:38:f4:ca:0b:3e:bc:1b:
                    c2:60:c5:2e:c3:10:ea:13:8b:4d:58:3e:49:53:c3:
                    8d:c9:a3:1e:c6:3a:43:c3:02:ae:01:ad:64:5a:f3:
                    20:21:be:95:53:42:ad:7a:3d:8d:b0:5f:9a:38:30:
                    87:1e:fa:4d:2a:b6:85:d7:b4:95:58:1c:40:46:21:
                    2f:2d:9f:d7:3c:2a:06:4e:6f:c6:61:0b:d8:a0:59:
                    47:2c:ed:47:f8:56:a3:37:b3:c7:05:ee:6d:ba:b7:
                    18:b0:a5:42:54:23:77:21:64:da:08:05:6a:5f:37:
                    b2:8c:d7:69:02:39:7f:84:01:40:1e:90:7e:ea:8d:
                    b8:4e:a8:5d:3c:26:eb:72:15:7e:a8:b1:2c:d1:28:
                    d1:fa:cf:b6:50:6b:ee:82:1b:05:95:be:f7:34:be:
                    1e:4f:28:c9:a3:4a:ff:42:27:bc:7e:ca:eb:03:e1:
                    01:c1:7c:52:34:a6:83:4b:8f:31:7c:1d:79:7c:5d:
                    49:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:54:0A:A2:87:BB:DD:6D:32:40:3E:1E:37:A4:5B:F4:FB:EE:5D:25
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/7lQKooe73W0yQD4eN6Rb9PvuXSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.64.0/19
                  62.41.0.0-62.41.27.255
                  62.41.32.0/24
                  62.41.37.0/24
                  62.41.56.0-62.41.85.255
                  62.41.102.0/24
                  62.41.160.0/24
                  62.132.0.0/22
                  62.132.16.0/22
                  62.132.24.0/23
                  62.132.28.0/24
                  62.132.42.0/23
                  62.132.114.0-62.132.117.255
                  62.132.132.0/23
                  77.67.0.0/17
                  77.77.128.0/18
                  87.119.64.0/18
                  89.149.128.0/18
                  134.222.0.0/16
                  141.136.96.0/20
                  185.160.40.0/22
                  194.121.52.0/22
                  195.143.0.0/16
                  212.115.128.0/18
                  212.221.0.0/17
                  212.222.0.0/16
                  213.200.64.0/18
                  213.251.0.0/18
                  213.254.192.0/18
                IPv6:
                  2001:668::/29
                  2a00:1750::/32

    Signature Algorithm: sha256WithRSAEncryption
         e5:7d:0f:48:2b:3d:70:54:0e:29:4d:9c:50:8e:bf:60:16:ea:
         4e:5e:6e:4f:d9:99:37:8e:f1:c9:f8:84:d7:23:00:47:3c:d2:
         9d:a0:01:9c:87:83:43:54:0c:f8:8c:50:a6:8f:cc:d2:f2:18:
         0f:87:61:39:06:41:85:ab:53:d6:aa:b1:d9:5c:4e:c6:65:95:
         b2:9c:91:03:c5:a1:ca:dd:ba:b0:70:2d:2a:9e:35:28:62:c3:
         0e:7d:7e:4c:01:01:44:4e:77:06:76:1d:9d:61:b5:1a:06:46:
         fa:75:8f:60:d2:b9:13:d2:92:5a:2d:63:dd:65:b8:12:c9:41:
         e2:89:fe:c9:7c:f7:c6:11:7a:29:1e:67:ea:bd:4f:f8:e4:62:
         6a:32:ed:87:36:82:cb:f6:e8:bb:9c:2f:dd:bf:c3:09:5c:a9:
         4a:e4:c7:03:d4:fc:18:fb:64:68:23:ac:7c:f1:ac:5e:cd:ee:
         f5:3a:b8:a8:d2:fb:2a:d7:96:90:e0:d8:24:9e:c4:67:88:15:
         46:f2:cc:ab:cd:d4:3e:94:19:e8:a0:1f:fe:3d:6c:9d:f2:90:
         9b:84:27:fa:26:91:28:ba:02:1d:a7:89:19:0f:42:2d:82:38:
         9d:7a:f3:68:80:af:76:91:29:c2:56:b2:d7:b0:dc:71:8f:ff:
         19:e8:16:44
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgISAYZ0PxkkEv65PBnVrdgXxtK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjMwMjIxMTM1MjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTU0MGFhMjg3YmJkZDZkMzI0MDNlMWUzN2E0NWJmNGZiZWU1ZDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRT18KNskO09NlbTfxq+lsEZpWXA
XM04Rp957xS6VqrjGIkYIAckd3unZih8xvEWg9ook6xiTxHNgCz7pMMdi95NQDj0
ygs+vBvCYMUuwxDqE4tNWD5JU8ONyaMexjpDwwKuAa1kWvMgIb6VU0Ktej2NsF+a
ODCHHvpNKraF17SVWBxARiEvLZ/XPCoGTm/GYQvYoFlHLO1H+FajN7PHBe5turcY
sKVCVCN3IWTaCAVqXzeyjNdpAjl/hAFAHpB+6o24TqhdPCbrchV+qLEs0SjR+s+2
UGvughsFlb73NL4eTyjJo0r/Qie8fsrrA+EBwXxSNKaDS48xfB15fF1JBwIDAQAB
o4IC4DCCAtwwHQYDVR0OBBYEFO5UCqKHu91tMkA+HjekW/T77l0lMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvN2xRS29vZTczVzB5UUQ0ZU42UmI5UHZ1WFNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH1BggrBgEFBQcBBwEB/wSB5TCB4jCByQQCAAEwgcIDBAUu
IUAwCwMDAD4pAwQCPikYAwQAPikgAwQAPiklMAwDBAM+KTgDBAE+KVQDBAA+KWYD
BAA+KaADBAI+hAADBAI+hBADBAE+hBgDBAA+hBwDBAE+hCowDAMEAT6EcgMEAT6E
dAMEAT6EhAMEB01DAAMEBk1NgAMEBld3QAMEBlmVgAMDAIbeAwQEjYhgAwQCuaAo
AwQCwnk0AwMAw48DBAbUc4ADBAfU3QADAwDU3gMEBtXIQAMEBtX7AAMEBtX+wDAU
BAIAAjAOAwUDIAEGaAMFACoAF1AwDQYJKoZIhvcNAQELBQADggEBAOV9D0grPXBU
DilNnFCOv2AW6k5ebk/ZmTeO8cn4hNcjAEc80p2gAZyHg0NUDPiMUKaPzNLyGA+H
YTkGQYWrU9aqsdlcTsZllbKckQPFocrdurBwLSqeNShiww59fkwBAUROdwZ2HZ1h
tRoGRvp1j2DSuRPSklotY91luBLJQeKJ/sl898YReikeZ+q9T/jkYmoy7Yc2gsv2
6LucL92/wwlcqUrkxwPU/Bj7ZGgjrHzxrF7N7vU6uKjS+yrXlpDg2CSexGeIFUby
zKvN1D6UGeigH/49bJ3ykJuEJ/omkSi6Ah2niRkPQi2COJ1682iAr3aRKcJWstew
3HGP/xnoFkQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:34 2024 by rpki-client on console-ams.rpki-client.org