Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/iWHXBVpsFYYgtY19SebVynD2ygo.roa
File:                     iWHXBVpsFYYgtY19SebVynD2ygo.roa (raw, json)
Hash identifier:          /GoNscSL3e2vuVTQ59FG81V+KdH4RpDCuOT763+Q6uw=
Subject key identifier:   89:61:D7:05:5A:6C:15:86:20:B5:8D:7D:49:E6:D5:CA:70:F6:CA:0A
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01895EB7CF7402E309E43C908E5BC431A215
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/iWHXBVpsFYYgtY19SebVynD2ygo.roa
Signing time:             Sun 16 Jul 2023 12:40:51 +0000
ROA not before:           Sun 16 Jul 2023 12:40:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        45.155.255.0/24 maxlen: 24
                          185.199.212.0/24 maxlen: 24
                          45.157.211.0/24 maxlen: 24
                          45.157.209.0/24 maxlen: 24
                          185.199.151.0/24 maxlen: 24
                          185.250.26.0/24 maxlen: 24
                          45.155.252.0/24 maxlen: 24
                          194.146.93.0/24 maxlen: 24
                          185.225.170.0/24 maxlen: 24
                          185.225.171.0/24 maxlen: 24
                          185.225.168.0/24 maxlen: 24
                          185.225.169.0/24 maxlen: 24
                          79.98.245.0/24 maxlen: 24
                          79.98.246.0/24 maxlen: 24
                          79.98.244.0/24 maxlen: 24
                          79.98.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 19 Jul 2023 08:12:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:5e:b7:cf:74:02:e3:09:e4:3c:90:8e:5b:c4:31:a2:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jul 16 12:40:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8961d7055a6c158620b58d7d49e6d5ca70f6ca0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fe:84:fe:1c:d1:e4:81:32:6e:c7:5e:3c:e4:
                    1b:00:36:dd:74:54:42:21:05:c5:f8:8a:f3:4a:cc:
                    ef:6c:55:b1:da:58:6c:7d:f9:a9:46:91:1c:50:b8:
                    f7:43:f7:96:be:4c:fa:15:21:c7:7f:13:bd:6c:c0:
                    6b:4e:ea:b7:78:c5:d7:ad:56:35:ed:07:2c:0b:db:
                    a5:85:12:d2:fb:50:ff:6b:18:f5:6e:ed:84:2f:bb:
                    89:aa:6e:fe:62:d5:b3:30:51:d8:c3:48:92:8a:69:
                    08:0d:5f:a6:0b:59:ad:7b:74:af:d1:1a:bb:48:da:
                    b0:0d:2f:4a:37:55:60:9d:a6:21:f6:2e:42:e1:7e:
                    3e:39:bc:b5:9e:81:c5:69:5b:25:60:d2:0e:8c:17:
                    ef:5a:14:ef:54:94:48:f0:f9:06:08:b9:21:4f:10:
                    ff:69:30:e6:04:27:f3:30:1d:6d:33:ff:d4:65:a0:
                    09:4d:6f:6d:93:05:67:d3:75:b5:36:cf:eb:a6:76:
                    5c:5d:15:1a:52:a0:32:0d:32:e5:a3:c3:31:3e:1e:
                    c6:98:54:ba:2a:15:f5:da:cb:60:c6:e2:20:6d:9e:
                    eb:d9:55:6a:8a:c4:f4:67:0a:27:fc:89:3d:d8:5c:
                    72:a7:7d:d7:d7:76:f2:f0:28:8e:9a:6a:5c:7c:cc:
                    99:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:61:D7:05:5A:6C:15:86:20:B5:8D:7D:49:E6:D5:CA:70:F6:CA:0A
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/iWHXBVpsFYYgtY19SebVynD2ygo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.252.0/24
                  45.155.255.0/24
                  45.157.209.0/24
                  45.157.211.0/24
                  79.98.244.0/22
                  185.199.151.0/24
                  185.199.212.0/24
                  185.225.168.0/22
                  185.250.26.0/24
                  194.146.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:68:9d:30:ae:23:75:14:55:aa:24:cb:37:9c:02:57:29:51:
         05:c6:c7:b0:d2:2e:6d:aa:04:50:8b:39:6b:26:18:cd:87:ed:
         93:f4:05:90:95:39:d1:0a:8f:03:27:9b:27:65:28:ce:14:7b:
         b0:70:e4:56:66:38:3f:5b:b7:64:8d:45:33:41:22:52:ee:89:
         34:7c:ca:b4:c1:06:41:fe:ad:76:f9:b1:85:bd:2d:4a:6e:84:
         e6:ef:e9:0c:5f:2b:39:40:f9:0e:41:95:63:ab:bf:d3:1e:2c:
         1c:1f:97:f8:ba:e8:b5:32:02:77:ca:e9:da:2f:e2:cc:41:09:
         2a:14:09:46:8a:b4:f7:9f:d9:44:87:b6:83:fe:79:18:b4:97:
         53:5c:ec:e1:47:91:b8:87:9e:8a:5b:ed:04:cf:ff:b3:98:77:
         25:fe:e7:e9:17:cd:70:c4:36:0e:9f:c8:4f:a9:c5:7c:eb:ce:
         49:d0:70:b2:a0:54:17:52:17:23:17:f0:79:18:68:87:c4:90:
         1b:fa:a9:01:ed:4c:e6:1b:7c:27:15:f4:98:b9:4a:e3:77:2b:
         84:25:a1:aa:a7:9d:45:16:b2:cf:b8:63:89:d0:d0:37:69:94:
         c8:66:9f:ab:14:9d:93:d8:27:99:3b:f4:66:6d:ad:72:56:78:
         62:5f:5a:ca
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYlet890AuMJ5DyQjlvEMaIVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjMwNzE2MTI0MDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTYxZDcwNTVhNmMxNTg2MjBiNThkN2Q0OWU2ZDVjYTcwZjZjYTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/6E/hzR5IEybsdePOQbADbddFRC
IQXF+IrzSszvbFWx2lhsffmpRpEcULj3Q/eWvkz6FSHHfxO9bMBrTuq3eMXXrVY1
7QcsC9ulhRLS+1D/axj1bu2EL7uJqm7+YtWzMFHYw0iSimkIDV+mC1mte3Sv0Rq7
SNqwDS9KN1VgnaYh9i5C4X4+Oby1noHFaVslYNIOjBfvWhTvVJRI8PkGCLkhTxD/
aTDmBCfzMB1tM//UZaAJTW9tkwVn03W1Ns/rpnZcXRUaUqAyDTLlo8MxPh7GmFS6
KhX12stgxuIgbZ7r2VVqisT0Zwon/Ik92Fxyp33X13by8CiOmmpcfMyZ9wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFIlh1wVabBWGILWNfUnm1cpw9soKMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvaVdIWEJWcHNGWVlndFkxOVNlYlZ5bkQyeWdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALZv8AwQA
LZv/AwQALZ3RAwQALZ3TAwQCT2L0AwQAuceXAwQAucfUAwQCueGoAwQAufoaAwQA
wpJdMA0GCSqGSIb3DQEBCwUAA4IBAQB/aJ0wriN1FFWqJMs3nAJXKVEFxsew0i5t
qgRQizlrJhjNh+2T9AWQlTnRCo8DJ5snZSjOFHuwcORWZjg/W7dkjUUzQSJS7ok0
fMq0wQZB/q12+bGFvS1KboTm7+kMXys5QPkOQZVjq7/THiwcH5f4uui1MgJ3yuna
L+LMQQkqFAlGirT3n9lEh7aD/nkYtJdTXOzhR5G4h56KW+0Ez/+zmHcl/ufpF81w
xDYOn8hPqcV8685J0HCyoFQXUhcjF/B5GGiHxJAb+qkB7UzmG3wnFfSYuUrjdyuE
JaGqp51FFrLPuGOJ0NA3aZTIZp+rFJ2T2CeZO/Rmba1yVnhiX1rK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:13 2024 by rpki-client on console-fra.rpki-client.org