Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cmJLqh6rpTcdMdK89zn6DAYekz4.roa
File:                     cmJLqh6rpTcdMdK89zn6DAYekz4.roa (raw, json)
Hash identifier:          PFBRnl+DAH8ftCo/OojtujaVq47mqRQXifzF9dsMWvI=
Subject key identifier:   72:62:4B:AA:1E:AB:A5:37:1D:31:D2:BC:F7:39:FA:0C:06:1E:93:3E
Certificate issuer:       /CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
Certificate serial:       01856D7898CE2F03FE28F5B71947649B2691
Authority key identifier: 70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cmJLqh6rpTcdMdK89zn6DAYekz4.roa
Signing time:             Sun 01 Jan 2023 13:14:58 +0000
ROA not before:           Sun 01 Jan 2023 13:14:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43824
IP address blocks:        78.40.179.0/24 maxlen: 24
                          78.40.178.0/24 maxlen: 24
                          78.40.177.0/24 maxlen: 24
                          78.40.176.0/24 maxlen: 24
                          78.40.183.0/24 maxlen: 24
                          78.40.182.0/24 maxlen: 24
                          78.40.181.0/24 maxlen: 24
                          78.40.180.0/24 maxlen: 24
                          185.160.226.0/24 maxlen: 24
                          185.160.225.0/24 maxlen: 24
                          185.160.224.0/24 maxlen: 24
                          185.160.227.0/24 maxlen: 24
                          185.87.171.0/24 maxlen: 24
                          185.87.170.0/24 maxlen: 24
                          185.87.168.0/24 maxlen: 24
                          2a0b:8e80:1::/48 maxlen: 48
                          2a0b:8e80::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:78:98:ce:2f:03:fe:28:f5:b7:19:47:64:9b:26:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706b7fea8ad35111ca687a9cd00a49f9a4f0459b
        Validity
            Not Before: Jan  1 13:14:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72624baa1eaba5371d31d2bcf739fa0c061e933e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:89:57:6b:69:3f:4d:ac:48:8d:ca:82:a2:f4:
                    47:ca:80:a2:52:c8:3e:8b:ec:19:64:33:12:4f:46:
                    7d:a3:81:e3:55:d4:fa:0d:a2:16:92:4f:de:85:28:
                    e4:ba:ce:dd:85:b0:fb:66:e3:7c:cb:c3:97:8b:92:
                    f6:a2:e9:91:e3:75:6e:a1:fc:77:05:43:d7:8f:53:
                    9b:f5:8b:c9:4d:ad:91:08:bc:26:77:36:ec:35:41:
                    42:7c:4e:77:48:9c:ed:0d:da:ab:d2:fe:75:1b:10:
                    4a:7c:9b:04:a0:65:00:80:2a:63:2b:61:dc:b7:2b:
                    cd:11:f0:8b:dc:23:27:67:fd:c4:e8:80:38:3a:e2:
                    54:e6:9e:d2:39:0f:5d:fc:14:39:a5:c6:92:b8:86:
                    f9:0c:71:3e:c3:81:b4:6a:2c:11:77:3e:5c:a6:36:
                    b0:dc:22:c7:76:7e:a6:99:e7:df:e2:85:23:e0:80:
                    4d:be:ef:9d:44:bb:8e:12:e6:b6:8f:8f:b9:ef:9f:
                    de:a5:f9:e6:0b:78:68:f9:0f:a5:80:3a:42:a0:dc:
                    72:9b:3c:1d:cc:09:f4:e4:a9:be:c8:a9:96:25:1f:
                    5c:eb:8a:b6:87:ce:1e:65:6b:88:f2:6d:ef:ca:68:
                    69:7d:e0:49:e9:fa:5b:19:ef:10:fa:7c:b0:0a:4f:
                    6e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:62:4B:AA:1E:AB:A5:37:1D:31:D2:BC:F7:39:FA:0C:06:1E:93:3E
            X509v3 Authority Key Identifier:
                keyid:70:6B:7F:EA:8A:D3:51:11:CA:68:7A:9C:D0:0A:49:F9:A4:F0:45:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGt_6orTURHKaHqc0ApJ-aTwRZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cmJLqh6rpTcdMdK89zn6DAYekz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d2974f-7efa-4611-8827-260c377a314a/1/cGt_6orTURHKaHqc0ApJ-aTwRZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.40.176.0/21
                  185.87.168.0/24
                  185.87.170.0/23
                  185.160.224.0/22
                IPv6:
                  2a0b:8e80::/47

    Signature Algorithm: sha256WithRSAEncryption
         1f:51:ed:e0:54:07:1f:9f:f3:12:c0:ce:36:3e:7b:c7:06:0c:
         1a:6e:ff:c8:32:ae:19:23:ee:ad:57:fd:fa:7e:6d:1d:24:64:
         ca:b1:c6:1b:c5:85:c1:39:f1:5d:29:45:48:76:24:f3:5b:03:
         c0:27:52:43:3f:87:b5:38:72:2a:a2:86:a9:d4:09:1f:1b:e6:
         84:f2:d9:49:9a:9a:bf:95:0e:f6:55:e6:9b:2b:29:c6:6e:18:
         4f:ee:c9:49:13:e5:21:50:8a:b4:64:2e:aa:c6:21:dc:12:ea:
         ed:1e:0c:40:d0:ab:18:74:2b:42:88:a3:38:da:a4:15:63:3c:
         5e:12:66:76:72:08:26:2e:16:c6:84:02:7e:9b:60:51:99:9b:
         d7:1c:89:9d:8e:b5:1e:c7:1e:97:d5:5b:57:56:7d:6c:ae:36:
         e7:c0:7a:56:1b:2d:f4:9a:61:6f:d5:8c:e1:65:78:09:96:a0:
         2d:98:c6:2d:f3:3e:24:47:29:a6:ff:30:b1:46:c6:7c:6a:89:
         fb:c9:e5:8f:12:76:da:e8:fd:ae:17:68:70:cc:a9:b5:3e:5c:
         7b:50:5b:04:69:2f:0d:25:c8:64:2d:29:ae:31:b2:09:fa:98:
         85:a4:8c:9c:50:5f:5d:39:f4:bc:60:95:37:4f:b6:fa:1d:73:
         b6:ab:8b:59
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYVteJjOLwP+KPW3GUdkmyaRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmI3ZmVhOGFkMzUxMTFjYTY4N2E5Y2QwMGE0OWY5YTRm
MDQ1OWIwHhcNMjMwMTAxMTMxNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjYyNGJhYTFlYWJhNTM3MWQzMWQyYmNmNzM5ZmEwYzA2MWU5MzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYlXa2k/TaxIjcqCovRHyoCiUsg+
i+wZZDMST0Z9o4HjVdT6DaIWkk/ehSjkus7dhbD7ZuN8y8OXi5L2oumR43Vuofx3
BUPXj1Ob9YvJTa2RCLwmdzbsNUFCfE53SJztDdqr0v51GxBKfJsEoGUAgCpjK2Hc
tyvNEfCL3CMnZ/3E6IA4OuJU5p7SOQ9d/BQ5pcaSuIb5DHE+w4G0aiwRdz5cpjaw
3CLHdn6mmeff4oUj4IBNvu+dRLuOEua2j4+575/epfnmC3ho+Q+lgDpCoNxymzwd
zAn05Km+yKmWJR9c64q2h84eZWuI8m3vymhpfeBJ6fpbGe8Q+nywCk9uvwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFHJiS6oeq6U3HTHSvPc5+gwGHpM+MB8GA1UdIwQY
MBaAFHBrf+qK01ERymh6nNAKSfmk8EWbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4Mjct
MjYwYzM3N2EzMTRhLzEvY21KTHFoNnJwVGNkTWRLODl6bjZEQVlla3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMjk3NGYtN2VmYS00NjExLTg4MjctMjYwYzM3N2EzMTRh
LzEvY0d0XzZvclRVUkhLYUhxYzBBcEotYVR3UlpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQDTiiwAwQA
uVeoAwQBuVeqAwQCuaDgMA8EAgACMAkDBwEqC46AAAAwDQYJKoZIhvcNAQELBQAD
ggEBAB9R7eBUBx+f8xLAzjY+e8cGDBpu/8gyrhkj7q1X/fp+bR0kZMqxxhvFhcE5
8V0pRUh2JPNbA8AnUkM/h7U4ciqihqnUCR8b5oTy2Umamr+VDvZV5psrKcZuGE/u
yUkT5SFQirRkLqrGIdwS6u0eDEDQqxh0K0KIozjapBVjPF4SZnZyCCYuFsaEAn6b
YFGZm9cciZ2OtR7HHpfVW1dWfWyuNufAelYbLfSaYW/VjOFleAmWoC2Yxi3zPiRH
Kab/MLFGxnxqifvJ5Y8Sdtro/a4XaHDMqbU+XHtQWwRpLw0lyGQtKa4xsgn6mIWk
jJxQX1059LxglTdPtvodc7ari1k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:15 2024 by rpki-client on console-ams.rpki-client.org