Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/3u_xtEZoXvWUF2cVs24CySKBSNc.roa
File:                     3u_xtEZoXvWUF2cVs24CySKBSNc.roa (raw, json)
Hash identifier:          Ixxq1uFycIoubbSjy4F4fvP+n0K79MAcgX3nn3xM7IA=
Subject key identifier:   DE:EF:F1:B4:46:68:5E:F5:94:17:67:15:B3:6E:02:C9:22:81:48:D7
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       01871A9DE1FFF05A04CCAADD345D272FC3D6
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/3u_xtEZoXvWUF2cVs24CySKBSNc.roa
Signing time:             Sat 25 Mar 2023 21:12:47 +0000
ROA not before:           Sat 25 Mar 2023 21:12:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62240
IP address blocks:        88.218.80.0/24 maxlen: 24
                          176.118.189.0/24 maxlen: 24
                          176.118.188.0/24 maxlen: 24
                          176.118.191.0/24 maxlen: 24
                          45.130.186.0/24 maxlen: 24
                          45.130.185.0/24 maxlen: 24
                          45.130.184.0/24 maxlen: 24
                          5.104.75.0/24 maxlen: 24
                          5.104.72.0/24 maxlen: 24
                          88.218.239.0/24 maxlen: 24
                          194.28.157.0/24 maxlen: 24
                          84.252.64.0/22 maxlen: 24
                          45.140.7.0/24 maxlen: 24
                          193.160.68.0/24 maxlen: 24
                          193.160.72.0/24 maxlen: 24
                          91.245.239.0/24 maxlen: 24
                          193.228.48.0/22 maxlen: 24
                          95.214.83.0/24 maxlen: 24
                          185.177.77.0/24 maxlen: 24
                          185.177.76.0/24 maxlen: 24
                          212.69.135.0/24 maxlen: 24
                          95.214.92.0/24 maxlen: 24
                          95.214.95.0/24 maxlen: 24
                          95.214.93.0/24 maxlen: 24
                          77.83.20.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sun 26 Mar 2023 19:53:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:1a:9d:e1:ff:f0:5a:04:cc:aa:dd:34:5d:27:2f:c3:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Mar 25 21:12:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=deeff1b446685ef594176715b36e02c9228148d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:db:a4:46:f5:2f:d0:16:b8:c6:15:4c:d7:8c:
                    3e:c8:44:9e:23:74:08:6d:79:8c:5e:61:32:6e:6a:
                    3e:62:10:f5:a2:a1:a3:8c:50:da:56:81:1c:43:4d:
                    3a:0b:7a:3d:bf:8c:f5:90:1e:ea:a6:04:0a:3f:98:
                    8c:fc:2e:25:c4:d9:6f:c5:b0:b5:15:28:7d:a5:dc:
                    ee:ce:87:51:0e:11:d3:c8:91:fc:03:89:08:4f:c6:
                    2e:a5:66:28:d7:09:35:a0:9c:33:37:1c:b8:c1:67:
                    8b:31:1e:ec:0b:64:22:77:b7:a4:4e:c4:e4:05:9e:
                    ed:40:0f:f2:62:d9:28:66:e9:51:c3:b6:f1:dd:78:
                    94:0a:b1:69:5e:82:c7:5a:4d:09:9e:cc:e1:80:7c:
                    b2:40:42:3d:98:eb:f5:b9:af:c0:4e:45:94:24:8d:
                    fa:70:39:33:00:6d:35:36:62:f1:fe:00:4c:64:4b:
                    c4:05:f7:fb:0e:98:dc:05:5e:1c:68:e4:1d:2d:43:
                    7f:51:5a:6d:18:64:ef:1c:11:e0:98:17:1c:65:21:
                    29:57:8c:3a:e8:e0:01:45:5a:a6:aa:6d:0d:a2:15:
                    f2:ba:3d:a6:71:2f:a5:f8:67:b5:29:2b:82:14:5c:
                    ad:9d:e6:8d:54:b0:f1:ca:ed:97:e3:74:27:12:61:
                    d1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EF:F1:B4:46:68:5E:F5:94:17:67:15:B3:6E:02:C9:22:81:48:D7
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/3u_xtEZoXvWUF2cVs24CySKBSNc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.104.72.0/24
                  5.104.75.0/24
                  45.130.184.0-45.130.186.255
                  45.140.7.0/24
                  77.83.20.0/22
                  84.252.64.0/22
                  88.218.80.0/24
                  88.218.239.0/24
                  91.245.239.0/24
                  95.214.83.0/24
                  95.214.92.0/23
                  95.214.95.0/24
                  176.118.188.0/23
                  176.118.191.0/24
                  185.177.76.0/23
                  193.160.68.0/24
                  193.160.72.0/24
                  193.228.48.0/22
                  194.28.157.0/24
                  212.69.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:df:cd:8a:99:7d:b0:e9:57:15:45:b2:99:2e:c5:b5:22:e4:
         f1:1e:25:ee:f0:ee:89:42:43:7f:b8:e7:05:16:b1:9c:4f:34:
         28:10:4f:0c:55:89:0d:ef:91:8e:77:f5:cd:44:08:c4:3a:7e:
         15:2d:a1:a2:2e:21:df:35:cb:34:2b:f5:41:0a:3a:e3:b5:99:
         ba:8c:36:c4:fc:28:6f:b4:2c:2b:ee:db:e3:e2:ea:6d:f0:8d:
         bd:e2:6c:d2:10:97:ce:27:13:95:c3:b9:9d:89:b3:05:9d:dd:
         a2:98:f1:1e:58:6c:df:73:9d:b8:29:e7:0e:fc:a3:8e:ba:4e:
         8f:ee:26:0c:21:4d:9c:d8:13:46:df:cd:1c:41:e4:a6:0f:bf:
         76:16:b3:db:9e:67:2a:f0:6a:6c:d1:9d:52:23:e9:40:ce:f4:
         34:f1:46:89:c9:64:b8:62:b3:02:d2:cc:a9:a0:23:77:cc:6e:
         b8:19:74:1a:0d:8e:8a:a2:97:46:f3:07:d7:2f:8e:bb:51:c3:
         ba:1a:5f:73:d3:b1:f0:35:59:70:85:98:da:37:26:f4:44:6a:
         60:16:c0:3b:a4:26:a8:bd:cb:01:69:a9:33:d6:98:ea:d4:00:
         8c:6b:0b:07:0c:52:6e:93:6c:81:32:b4:85:bb:d7:a9:51:b6:
         f6:9b:52:6f
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAYcaneH/8FoEzKrdNF0nL8PWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjMwMzI1MjExMjQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWVmZjFiNDQ2Njg1ZWY1OTQxNzY3MTViMzZlMDJjOTIyODE0OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9ukRvUv0Ba4xhVM14w+yESeI3QI
bXmMXmEybmo+YhD1oqGjjFDaVoEcQ006C3o9v4z1kB7qpgQKP5iM/C4lxNlvxbC1
FSh9pdzuzodRDhHTyJH8A4kIT8YupWYo1wk1oJwzNxy4wWeLMR7sC2Qid7ekTsTk
BZ7tQA/yYtkoZulRw7bx3XiUCrFpXoLHWk0JnszhgHyyQEI9mOv1ua/ATkWUJI36
cDkzAG01NmLx/gBMZEvEBff7DpjcBV4caOQdLUN/UVptGGTvHBHgmBccZSEpV4w6
6OABRVqmqm0NohXyuj2mcS+l+Ge1KSuCFFytneaNVLDxyu2X43QnEmHRmwIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFN7v8bRGaF71lBdnFbNuAskigUjXMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvM3VfeHRFWm9YdldVRjJjVnMyNEN5U0tCU05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAAF
aEgDBAAFaEswDAMEAy2CuAMEAC2CugMEAC2MBwMEAk1TFAMEAlT8QAMEAFjaUAME
AFja7wMEAFv17wMEAF/WUwMEAV/WXAMEAF/WXwMEAbB2vAMEALB2vwMEAbmxTAME
AMGgRAMEAMGgSAMEAsHkMAMEAMIcnQMEANRFhzANBgkqhkiG9w0BAQsFAAOCAQEA
It/Nipl9sOlXFUWymS7FtSLk8R4l7vDuiUJDf7jnBRaxnE80KBBPDFWJDe+Rjnf1
zUQIxDp+FS2hoi4h3zXLNCv1QQo647WZuow2xPwob7QsK+7b4+LqbfCNveJs0hCX
zicTlcO5nYmzBZ3dopjxHlhs33OduCnnDvyjjrpOj+4mDCFNnNgTRt/NHEHkpg+/
dhaz255nKvBqbNGdUiPpQM70NPFGiclkuGKzAtLMqaAjd8xuuBl0Gg2OiqKXRvMH
1y+Ou1HDuhpfc9Ox8DVZcIWY2jcm9ERqYBbAO6QmqL3LAWmpM9aY6tQAjGsLBwxS
bpNsgTK0hbvXqVG29ptSbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:37 2024 by rpki-client on console-fra.rpki-client.org