Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/gvQdu3mlbZ70cgF6cGWPHhorl2E.roa
File:                     gvQdu3mlbZ70cgF6cGWPHhorl2E.roa (raw, json)
Hash identifier:          8vfsbyAOQhfO7LGNZTmoSksvilDEMEwwm7fTOiIUFC8=
Subject key identifier:   82:F4:1D:BB:79:A5:6D:9E:F4:72:01:7A:70:65:8F:1E:1A:2B:97:61
Certificate issuer:       /CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
Certificate serial:       0189AE12FD8536ECF8E1B7B57A5AABE09C55
Authority key identifier: E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/gvQdu3mlbZ70cgF6cGWPHhorl2E.roa
Signing time:             Mon 31 Jul 2023 22:30:27 +0000
ROA not before:           Mon 31 Jul 2023 22:30:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59729
IP address blocks:        45.140.7.0/24 maxlen: 24
                          176.118.188.0/24 maxlen: 24
                          176.118.189.0/24 maxlen: 24
                          91.245.239.0/24 maxlen: 24
                          88.218.239.0/24 maxlen: 24
                          194.28.158.0/24 maxlen: 24
                          194.28.159.0/24 maxlen: 24
                          194.28.156.0/24 maxlen: 24
                          194.104.6.0/24 maxlen: 24
                          194.104.5.0/24 maxlen: 24
                          185.177.76.0/23 maxlen: 24
                          212.69.132.0/24 maxlen: 24
                          95.214.92.0/24 maxlen: 24
                          84.252.66.0/24 maxlen: 24
                          212.69.134.0/24 maxlen: 24
                          84.252.67.0/24 maxlen: 24
                          77.83.20.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ae:12:fd:85:36:ec:f8:e1:b7:b5:7a:5a:ab:e0:9c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c2b834fbc91af0ec6b1d34fd64054d2269a1fd
        Validity
            Not Before: Jul 31 22:30:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=82f41dbb79a56d9ef472017a70658f1e1a2b9761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:53:09:d3:50:ca:ac:07:c5:53:31:19:b4:e8:
                    6a:92:dd:1c:d1:f5:03:e3:c3:d5:c6:a5:94:8c:71:
                    c6:fc:f2:25:5f:3e:a3:25:46:fd:d7:e8:00:e1:57:
                    b9:ca:1a:e7:ec:08:dd:c1:3a:a4:57:44:fb:be:bb:
                    b9:79:c6:6c:d4:d2:60:d0:62:77:11:2a:05:c8:21:
                    4a:99:5c:ef:a8:06:9e:28:23:a0:41:ae:ee:0d:35:
                    82:2c:52:63:d4:29:a5:dc:5c:bc:31:32:b4:b2:94:
                    14:e2:0a:c6:e5:40:f0:14:95:59:aa:86:39:16:ac:
                    05:48:29:36:3c:dc:17:c0:56:db:b8:2b:0c:b4:b5:
                    03:7a:5d:34:bb:e6:b5:55:c2:94:30:45:e1:c3:87:
                    c8:53:3b:26:81:bf:ab:2a:fc:34:21:d2:55:b5:ba:
                    99:f9:95:21:80:e5:10:e4:84:51:55:68:ac:b3:56:
                    f3:eb:52:52:2f:57:0f:0a:a6:47:32:c1:d3:ac:29:
                    55:0a:fb:60:90:10:2a:28:82:d1:55:65:6b:48:dc:
                    c3:4b:29:80:f0:e2:23:1f:ea:96:b0:25:9c:46:ee:
                    16:ba:c4:85:df:d3:6e:c8:3c:7b:4d:9d:7d:5f:59:
                    df:46:d6:96:83:fb:41:97:28:71:de:16:8b:ed:12:
                    a7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:F4:1D:BB:79:A5:6D:9E:F4:72:01:7A:70:65:8F:1E:1A:2B:97:61
            X509v3 Authority Key Identifier:
                keyid:E2:C2:B8:34:FB:C9:1A:F0:EC:6B:1D:34:FD:64:05:4D:22:69:A1:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sK4NPvJGvDsax00_WQFTSJpof0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/gvQdu3mlbZ70cgF6cGWPHhorl2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/3f249b-e836-41b4-9a3a-994806f081f0/1/4sK4NPvJGvDsax00_WQFTSJpof0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.7.0/24
                  77.83.20.0/22
                  84.252.66.0/23
                  88.218.239.0/24
                  91.245.239.0/24
                  95.214.92.0/24
                  176.118.188.0/23
                  185.177.76.0/23
                  194.28.156.0/24
                  194.28.158.0/23
                  194.104.5.0-194.104.6.255
                  212.69.132.0/24
                  212.69.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:7f:4b:c7:8f:7a:0c:c7:4e:2b:72:fc:53:5f:d6:6e:eb:36:
         e5:38:8b:25:9e:39:9d:4b:35:f6:c6:f1:e9:01:0e:16:40:21:
         01:94:34:cb:68:a8:f0:b4:83:72:54:7e:a7:e8:8c:8e:c9:52:
         76:a7:78:bb:5b:fd:e8:eb:77:c6:14:ca:7b:db:fa:ec:cd:b2:
         3b:9c:99:54:89:da:13:68:2d:47:21:dc:33:30:60:ae:15:7e:
         a2:7a:42:a2:2e:7c:f4:70:b5:be:6c:88:b6:30:eb:d6:c3:da:
         7d:c9:4c:81:25:15:8a:1c:e7:c2:d6:c2:3b:57:ba:c1:05:3e:
         9c:82:1b:9d:bb:30:0a:4c:50:9f:63:9b:8d:3b:82:7e:65:72:
         8a:26:46:c4:56:53:bf:c4:0a:ee:6a:a7:5b:4e:f1:67:c3:bc:
         91:b3:66:51:ca:41:f1:a1:01:50:35:aa:3b:eb:ac:0c:cf:d8:
         7a:d6:61:35:48:f4:41:60:4d:a9:36:ad:bd:8c:7e:b1:c3:5f:
         df:f0:14:6b:a1:5c:49:8a:5f:49:3a:51:92:57:8d:5a:be:f3:
         e5:7d:25:d1:26:62:24:b1:8a:b8:f9:63:2d:da:88:39:7a:35:
         10:15:91:51:b2:de:f9:df:ce:29:e1:7b:1e:c4:d5:31:7c:63:
         cc:0a:6a:82
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYmuEv2FNuz44be1elqr4JxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzJiODM0ZmJjOTFhZjBlYzZiMWQzNGZkNjQwNTRkMjI2
OWExZmQwHhcNMjMwNzMxMjIzMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmY0MWRiYjc5YTU2ZDllZjQ3MjAxN2E3MDY1OGYxZTFhMmI5NzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVMJ01DKrAfFUzEZtOhqkt0c0fUD
48PVxqWUjHHG/PIlXz6jJUb91+gA4Ve5yhrn7AjdwTqkV0T7vru5ecZs1NJg0GJ3
ESoFyCFKmVzvqAaeKCOgQa7uDTWCLFJj1Cml3Fy8MTK0spQU4grG5UDwFJVZqoY5
FqwFSCk2PNwXwFbbuCsMtLUDel00u+a1VcKUMEXhw4fIUzsmgb+rKvw0IdJVtbqZ
+ZUhgOUQ5IRRVWiss1bz61JSL1cPCqZHMsHTrClVCvtgkBAqKILRVWVrSNzDSymA
8OIjH+qWsCWcRu4WusSF39NuyDx7TZ19X1nfRtaWg/tBlyhx3haL7RKnEwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFIL0Hbt5pW2e9HIBenBljx4aK5dhMB8GA1UdIwQY
MBaAFOLCuDT7yRrw7GsdNP1kBU0iaaH9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2Et
OTk0ODA2ZjA4MWYwLzEvZ3ZRZHUzbWxiWjcwY2dGNmNHV1BIaG9ybDJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zZjI0OWItZTgzNi00MWI0LTlhM2EtOTk0ODA2ZjA4MWYw
LzEvNHNLNE5QdkpHdkRzYXgwMF9XUUZUU0pwb2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALYwHAwQC
TVMUAwQBVPxCAwQAWNrvAwQAW/XvAwQAX9ZcAwQBsHa8AwQBubFMAwQAwhycAwQB
whyeMAwDBADCaAUDBADCaAYDBADURYQDBADURYYwDQYJKoZIhvcNAQELBQADggEB
AAN/S8ePegzHTity/FNf1m7rNuU4iyWeOZ1LNfbG8ekBDhZAIQGUNMtoqPC0g3JU
fqfojI7JUnaneLtb/ejrd8YUynvb+uzNsjucmVSJ2hNoLUch3DMwYK4VfqJ6QqIu
fPRwtb5siLYw69bD2n3JTIElFYoc58LWwjtXusEFPpyCG527MApMUJ9jm407gn5l
coomRsRWU7/ECu5qp1tO8WfDvJGzZlHKQfGhAVA1qjvrrAzP2HrWYTVI9EFgTak2
rb2MfrHDX9/wFGuhXEmKX0k6UZJXjVq+8+V9JdEmYiSxirj5Yy3aiDl6NRAVkVGy
3vnfzinhex7E1TF8Y8wKaoI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:37 2024 by rpki-client on console-fra.rpki-client.org