Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/m8O9kZT69vK8IHDGxgDadzcyu7I.roa
File:                     m8O9kZT69vK8IHDGxgDadzcyu7I.roa (raw, json)
Hash identifier:          tVoh+36qq03VVr1qG9H5bObCOK+MzM0berSQbql+bns=
Subject key identifier:   9B:C3:BD:91:94:FA:F6:F2:BC:20:70:C6:C6:00:DA:77:37:32:BB:B2
Certificate issuer:       /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial:       018C40D909A67751DCA2990B0E92C5057AE2
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/m8O9kZT69vK8IHDGxgDadzcyu7I.roa
Signing time:             Wed 06 Dec 2023 20:36:54 +0000
ROA not before:           Wed 06 Dec 2023 20:36:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8359
IP address blocks:        212.188.0.0/17 maxlen: 17
                          213.87.0.0/16 maxlen: 16
                          178.141.0.0/16 maxlen: 16
                          213.87.105.0/24 maxlen: 24
                          213.87.104.0/24 maxlen: 24
                          213.87.100.0/24 maxlen: 24
                          213.87.106.0/23 maxlen: 23
                          89.175.0.0/16 maxlen: 16
                          213.87.128.0/19 maxlen: 19
                          213.87.64.0/22 maxlen: 22
                          81.195.0.0/16 maxlen: 24
                          213.87.70.0/23 maxlen: 23
                          213.87.76.0/23 maxlen: 23
                          80.83.237.0/24 maxlen: 24
                          213.87.80.0/20 maxlen: 20
                          85.140.0.0/15 maxlen: 24
                          91.76.0.0/14 maxlen: 14
                          82.96.192.0/18 maxlen: 18
                          83.237.0.0/16 maxlen: 16
                          217.74.244.0/22 maxlen: 22
                          217.74.248.0/21 maxlen: 21
                          213.87.200.0/22 maxlen: 22
                          213.87.204.0/22 maxlen: 22
                          213.87.208.0/23 maxlen: 23
                          195.34.0.0/19 maxlen: 19
                          213.87.240.0/22 maxlen: 22
                          213.87.246.0/24 maxlen: 24
                          195.34.15.0/24 maxlen: 24
                          213.87.244.0/23 maxlen: 23
                          213.87.248.0/22 maxlen: 22
                          178.155.0.0/17 maxlen: 17
                          213.87.160.0/22 maxlen: 22
                          62.118.0.0/16 maxlen: 24
                          89.175.248.0/21 maxlen: 21
                          195.34.38.0/24 maxlen: 24
                          195.34.32.0/19 maxlen: 19
                          195.34.36.0/24 maxlen: 24
                          195.34.42.0/24 maxlen: 24
                          2a00:1fa0:8000::/33 maxlen: 33
                          2a00:1fa0::/33 maxlen: 33
                          2a00:1fa2::/33 maxlen: 33
                          2a00:1fa0::/29 maxlen: 29
                          2a02:28:a::/48 maxlen: 48
                          2a02:29::/36 maxlen: 36
                          2a02:28:1::/48 maxlen: 48
                          2a02:28::/29 maxlen: 29
                          2a00:1fa3::/33 maxlen: 33
                          2a00:1fa3:8000::/40 maxlen: 40
                          2a02:28::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:40:d9:09:a6:77:51:dc:a2:99:0b:0e:92:c5:05:7a:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
        Validity
            Not Before: Dec  6 20:36:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9bc3bd9194faf6f2bc2070c6c600da773732bbb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fc:4b:40:41:cd:20:6c:49:17:fe:a7:fa:62:26:
                    28:f5:28:1f:77:c3:b7:4c:a2:23:c4:b4:20:db:92:
                    ae:c1:d1:49:3b:55:99:8f:cf:61:50:59:50:50:02:
                    7f:47:d2:b7:80:92:bd:dc:f5:2d:0f:41:97:bc:93:
                    6a:e4:c0:95:79:08:8c:6d:cf:51:f5:3a:88:ca:ed:
                    7e:08:99:e7:c1:31:ba:d7:a9:98:0e:6d:e6:07:78:
                    4e:54:72:2b:af:7c:bd:32:82:49:7e:84:88:b0:44:
                    e1:a4:22:ba:52:91:35:71:3a:c4:82:bc:60:38:6c:
                    b2:cf:a1:bd:b5:9b:b6:a5:98:d9:9a:57:8a:e4:58:
                    fd:fe:04:a7:07:1b:8f:81:25:fa:51:4e:95:1e:3a:
                    8e:e1:83:70:a8:88:e2:e0:61:c1:57:10:59:30:47:
                    0a:ad:01:02:45:3d:67:af:6f:fd:8c:f6:cd:0a:47:
                    28:44:79:14:5a:df:64:85:aa:57:72:8a:73:01:51:
                    96:2c:9e:d2:63:ac:4c:39:0a:cf:13:d9:22:3b:f7:
                    a5:2f:75:06:e0:c2:36:b9:63:4a:fa:8b:15:62:e1:
                    2f:66:41:6f:7c:de:12:fc:d1:b6:bc:87:dc:b4:73:
                    c2:61:c7:6f:5e:ad:ac:d0:f3:22:5e:cb:86:e1:89:
                    5b:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C3:BD:91:94:FA:F6:F2:BC:20:70:C6:C6:00:DA:77:37:32:BB:B2
            X509v3 Authority Key Identifier:
                keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/m8O9kZT69vK8IHDGxgDadzcyu7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.118.0.0/16
                  80.83.237.0/24
                  81.195.0.0/16
                  82.96.192.0/18
                  83.237.0.0/16
                  85.140.0.0/15
                  89.175.0.0/16
                  91.76.0.0/14
                  178.141.0.0/16
                  178.155.0.0/17
                  195.34.0.0/18
                  212.188.0.0/17
                  213.87.0.0/16
                  217.74.244.0-217.74.255.255
                IPv6:
                  2a00:1fa0::/29
                  2a02:28::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:1a:e5:de:c8:b2:ec:7c:ff:0b:f6:a2:36:7b:b7:d6:0d:bd:
         3e:fe:25:bb:04:ba:35:85:1d:cb:d5:27:f0:88:0b:3b:05:52:
         10:04:f7:5a:86:39:5c:db:7a:5c:39:15:6b:47:89:b0:ab:af:
         70:ba:34:92:74:4d:27:7f:9d:7d:9e:7b:28:66:0d:55:5e:5e:
         90:e3:e9:75:f1:27:38:02:92:91:74:3c:4e:81:a3:00:d2:96:
         b4:3c:57:ba:07:05:30:82:77:8b:88:dc:14:0c:90:00:db:1f:
         78:4e:b2:34:20:23:c3:02:eb:2e:b9:d0:10:32:6d:49:c5:e8:
         bf:23:1e:0a:82:e6:af:9f:31:b6:f9:6e:af:b1:e2:94:2f:be:
         73:46:e3:6c:bc:8b:8a:63:48:1c:b1:39:9a:2a:92:a7:11:2e:
         67:73:57:d0:f2:bc:06:30:98:ed:bc:8a:39:af:04:f1:4c:b2:
         29:b5:02:33:5f:35:33:89:f8:1b:9e:2f:35:91:59:9c:26:f8:
         c2:f3:c3:74:b2:a5:6b:bb:04:d8:d5:b2:9c:04:73:90:fd:37:
         f1:78:2b:61:08:5f:a9:52:76:eb:3b:a0:4f:39:3e:6b:1e:b4:
         9e:a5:f1:ab:c2:59:fd:b9:01:e4:56:c0:89:6a:9b:c7:94:15:
         cf:5a:d8:d2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYxA2Qmmd1HcopkLDpLFBXriMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjMxMjA2MjAzNjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmMzYmQ5MTk0ZmFmNmYyYmMyMDcwYzZjNjAwZGE3NzM3MzJiYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/EtAQc0gbEkX/qf6YiYo9Sgfd8O3
TKIjxLQg25KuwdFJO1WZj89hUFlQUAJ/R9K3gJK93PUtD0GXvJNq5MCVeQiMbc9R
9TqIyu1+CJnnwTG616mYDm3mB3hOVHIrr3y9MoJJfoSIsEThpCK6UpE1cTrEgrxg
OGyyz6G9tZu2pZjZmleK5Fj9/gSnBxuPgSX6UU6VHjqO4YNwqIji4GHBVxBZMEcK
rQECRT1nr2/9jPbNCkcoRHkUWt9khapXcopzAVGWLJ7SY6xMOQrPE9kiO/elL3UG
4MI2uWNK+osVYuEvZkFvfN4S/NG2vIfctHPCYcdvXq2s0PMiXsuG4YlbhwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFJvDvZGU+vbyvCBwxsYA2nc3MruyMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvbThPOWtaVDY5dks4SUhER3hnRGFkemN5dTdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwWQQCAAEwUwMDAD52AwQA
UFPtAwMAUcMDBAZSYMADAwBT7QMDAVWMAwMAWa8DAwJbTAMDALKNAwQHspsAAwQG
wyIAAwQH1LwAAwMA1VcwCwMEAtlK9AMDANlKMBQEAgACMA4DBQMqAB+gAwUDKgIA
KDANBgkqhkiG9w0BAQsFAAOCAQEAjRrl3siy7Hz/C/aiNnu31g29Pv4luwS6NYUd
y9Un8IgLOwVSEAT3WoY5XNt6XDkVa0eJsKuvcLo0knRNJ3+dfZ57KGYNVV5ekOPp
dfEnOAKSkXQ8ToGjANKWtDxXugcFMIJ3i4jcFAyQANsfeE6yNCAjwwLrLrnQEDJt
ScXovyMeCoLmr58xtvlur7HilC++c0bjbLyLimNIHLE5miqSpxEuZ3NX0PK8BjCY
7byKOa8E8UyyKbUCM181M4n4G54vNZFZnCb4wvPDdLKla7sE2NWynARzkP038Xgr
YQhfqVJ26zugTzk+ax60nqXxq8JZ/bkB5FbAiWqbx5QVz1rY0g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:45 2024 by rpki-client on console-fra.rpki-client.org