Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/FrvebYHTQy13B1nC_1iky9KjHws.roa
File:                     FrvebYHTQy13B1nC_1iky9KjHws.roa (raw, json)
Hash identifier:          CvMHJKn5UCebKh+2PLHBtKST+fJzvIT8z8vWFeHjwfo=
Subject key identifier:   16:BB:DE:6D:81:D3:43:2D:77:07:59:C2:FF:58:A4:CB:D2:A3:1F:0B
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018B1E7091B9504BB679DF8E712DE4D05560
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/FrvebYHTQy13B1nC_1iky9KjHws.roa
Signing time:             Wed 11 Oct 2023 11:12:55 +0000
ROA not before:           Wed 11 Oct 2023 11:12:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/24 maxlen: 24
                          185.199.213.0/24 maxlen: 24
                          185.199.214.0/23 maxlen: 24
                          45.157.211.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          185.250.25.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          185.226.181.0/24 maxlen: 24
                          194.146.92.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.171.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          79.98.246.0/23 maxlen: 24
                          185.221.24.0/24 maxlen: 24
                          185.221.25.0/24 maxlen: 24
                          176.125.250.0/24 maxlen: 24
                          176.125.251.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 13 Oct 2023 10:21:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:1e:70:91:b9:50:4b:b6:79:df:8e:71:2d:e4:d0:55:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Oct 11 11:12:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=16bbde6d81d3432d770759c2ff58a4cbd2a31f0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:be:9a:3b:2c:7e:50:80:d8:38:d6:58:e5:82:
                    44:04:11:4e:1f:95:28:86:12:31:6e:7a:32:eb:14:
                    90:d7:0e:c6:51:9d:35:2c:43:aa:84:02:d9:67:83:
                    21:54:ea:9a:27:52:83:93:f6:04:2f:50:3c:cb:65:
                    c0:e1:98:c4:f2:1a:b4:50:18:d9:c1:03:4a:bc:26:
                    ad:59:05:f9:3b:b4:79:e4:b5:17:e4:6c:43:14:4b:
                    31:64:93:a0:3f:4f:0f:84:af:67:c4:7c:f7:86:c5:
                    81:49:43:19:8b:79:7b:3c:de:6d:ff:51:d0:39:31:
                    47:6b:b6:f8:86:c1:80:37:4d:c5:80:46:58:72:11:
                    1d:34:ae:fa:07:4a:29:51:d4:cb:98:c0:4e:7e:5c:
                    92:7c:72:1c:65:1a:69:25:45:1f:c7:db:f9:b9:88:
                    10:3b:a4:1e:af:63:fc:78:d6:c8:4c:ce:ce:2f:6b:
                    57:6e:0c:f3:7b:0a:37:de:ff:03:ff:ef:30:7f:e1:
                    07:fc:8a:86:6a:0d:3b:a9:73:57:b6:9b:7a:e4:10:
                    98:d3:15:86:cb:f3:3c:cf:52:85:cd:20:4b:37:af:
                    f2:c2:2d:2d:0d:2d:ac:40:72:06:c9:cb:28:2d:70:
                    48:3f:91:60:e3:f1:9d:e8:62:68:8b:bb:8b:d4:93:
                    57:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:BB:DE:6D:81:D3:43:2D:77:07:59:C2:FF:58:A4:CB:D2:A3:1F:0B
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/FrvebYHTQy13B1nC_1iky9KjHws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  45.157.211.0/24
                  79.98.246.0/23
                  176.125.250.0/23
                  185.199.151.0/24
                  185.199.212.0/22
                  185.221.24.0/23
                  185.225.168.0/22
                  185.226.181.0/24
                  185.250.25.0-185.250.26.255
                  194.146.92.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:88:50:94:bf:07:62:f3:bc:86:2a:e9:d0:bf:ae:64:53:db:
         61:a8:c3:c6:72:a6:5c:8e:01:5a:df:dd:8e:f8:f5:fd:75:01:
         a5:99:50:27:60:13:1e:96:fc:f7:ae:6b:29:14:ff:d2:01:12:
         a1:0a:60:25:b7:3f:6a:a5:ec:85:ad:b7:eb:47:17:8c:9a:b7:
         8b:6b:28:3d:dd:c6:2e:64:74:27:42:7d:20:2b:19:e8:bb:f8:
         10:38:78:2e:ca:ed:bb:d5:41:1d:e9:a8:0d:d4:ad:5f:09:20:
         87:93:aa:d5:45:2e:7f:09:24:55:bd:11:6c:56:63:54:20:5a:
         3e:59:19:6c:94:e9:51:e6:48:b1:1c:4c:65:f4:a9:1a:63:0e:
         e6:52:9c:8f:7b:ce:b0:bf:61:99:05:f8:76:bb:ee:cc:f1:cc:
         fd:32:40:bf:a0:42:f5:db:dc:50:22:c8:b7:85:46:39:69:55:
         1e:b5:46:1d:77:f1:be:fc:3b:0e:14:89:de:e6:27:46:74:0e:
         c3:cf:63:6c:16:2c:eb:0e:3c:4c:6a:ae:48:d8:bd:32:c3:9c:
         16:a4:37:04:b5:eb:c7:f4:e5:1f:81:4f:27:54:89:a5:93:92:
         fb:f2:d6:c7:61:a4:9e:70:69:83:ce:7b:63:96:7c:f0:b9:f3:
         95:12:72:6f
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYsecJG5UEu2ed+OcS3k0FVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMxMDExMTExMjU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmJiZGU2ZDgxZDM0MzJkNzcwNzU5YzJmZjU4YTRjYmQyYTMxZjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgb6aOyx+UIDYONZY5YJEBBFOH5Uo
hhIxbnoy6xSQ1w7GUZ01LEOqhALZZ4MhVOqaJ1KDk/YEL1A8y2XA4ZjE8hq0UBjZ
wQNKvCatWQX5O7R55LUX5GxDFEsxZJOgP08PhK9nxHz3hsWBSUMZi3l7PN5t/1HQ
OTFHa7b4hsGAN03FgEZYchEdNK76B0opUdTLmMBOflySfHIcZRppJUUfx9v5uYgQ
O6Qer2P8eNbITM7OL2tXbgzzewo33v8D/+8wf+EH/IqGag07qXNXtpt65BCY0xWG
y/M8z1KFzSBLN6/ywi0tDS2sQHIGycsoLXBIP5Fg4/Gd6GJoi7uL1JNXRwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFBa73m2B00MtdwdZwv9YpMvSox8LMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvRnJ2ZWJZSFRReTEzQjFuQ18xaWt5OUtqSHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALZv8AwQA
LZv/AwQALZ3RAwQALZ3TAwQBT2L2AwQBsH36AwQAuceXAwQCucfUAwQBud0YAwQC
ueGoAwQAueK1MAwDBAC5+hkDBAC5+hoDBAHCklwwDQYJKoZIhvcNAQELBQADggEB
AB+IUJS/B2LzvIYq6dC/rmRT22Gow8ZyplyOAVrf3Y749f11AaWZUCdgEx6W/Peu
aykU/9IBEqEKYCW3P2ql7IWtt+tHF4yat4trKD3dxi5kdCdCfSArGei7+BA4eC7K
7bvVQR3pqA3UrV8JIIeTqtVFLn8JJFW9EWxWY1QgWj5ZGWyU6VHmSLEcTGX0qRpj
DuZSnI97zrC/YZkF+Ha77szxzP0yQL+gQvXb3FAiyLeFRjlpVR61Rh138b78Ow4U
id7mJ0Z0DsPPY2wWLOsOPExqrkjYvTLDnBakNwS168f05R+BTydUiaWTkvvy1sdh
pJ5waYPOe2OWfPC585UScm8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:35 2024 by rpki-client on console-ams.rpki-client.org