Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/tJEjrGh198Z7q4cmo7S39UD4h5w.roa
File:                     tJEjrGh198Z7q4cmo7S39UD4h5w.roa (raw, json)
Hash identifier:          1B46XfzYLRVKla4EZMweB9C6X/5GxKs/6AXJMFl5RG0=
Subject key identifier:   B4:91:23:AC:68:75:F7:C6:7B:AB:87:26:A3:B4:B7:F5:40:F8:87:9C
Certificate issuer:       /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial:       018DCCB67E980DE51B1B3F09C839DDDEBD28
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/tJEjrGh198Z7q4cmo7S39UD4h5w.roa
Signing time:             Wed 21 Feb 2024 17:28:48 +0000
ROA not before:           Wed 21 Feb 2024 17:28:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8903
IP address blocks:        84.18.0.0/19 maxlen: 19
                          92.60.160.0/20 maxlen: 20
                          92.60.170.0/24 maxlen: 24
                          92.60.173.0/24 maxlen: 24
                          92.60.174.0/24 maxlen: 24
                          185.66.60.0/22 maxlen: 22
                          185.66.60.0/24 maxlen: 24
                          185.66.61.0/24 maxlen: 24
                          185.66.62.0/24 maxlen: 24
                          212.49.128.0/18 maxlen: 18
                          212.49.129.0/24 maxlen: 24
                          212.49.189.0/24 maxlen: 24
                          212.66.161.0/24 maxlen: 24
                          212.66.162.0/23 maxlen: 23
                          212.66.163.0/24 maxlen: 24
                          212.66.164.0/22 maxlen: 22
                          212.66.168.0/21 maxlen: 21
                          212.66.176.0/20 maxlen: 20
                          212.163.0.0/16 maxlen: 16
                          212.163.1.0/24 maxlen: 24
                          212.163.5.0/24 maxlen: 24
                          212.163.31.0/24 maxlen: 24
                          212.163.48.0/24 maxlen: 24
                          212.163.91.0/24 maxlen: 24
                          212.163.92.0/24 maxlen: 24
                          212.163.94.0/24 maxlen: 24
                          212.163.130.0/24 maxlen: 24
                          212.163.185.0/24 maxlen: 24
                          212.163.193.0/24 maxlen: 24
                          212.163.216.0/22 maxlen: 22
                          212.163.220.0/22 maxlen: 22
                          212.163.225.0/24 maxlen: 24
                          212.163.226.0/24 maxlen: 24
                          212.163.227.0/24 maxlen: 24
                          212.163.235.0/24 maxlen: 24
                          212.163.240.0/20 maxlen: 20
                          213.9.128.0/17 maxlen: 17
                          213.9.142.0/23 maxlen: 23
                          213.9.144.0/24 maxlen: 24
                          213.9.162.0/23 maxlen: 23
                          213.9.182.0/24 maxlen: 24
                          213.9.185.0/24 maxlen: 24
                          213.9.186.0/24 maxlen: 24
                          213.9.190.0/23 maxlen: 23
                          213.9.217.0/24 maxlen: 24
                          213.9.240.0/23 maxlen: 23
                          213.9.244.0/24 maxlen: 24
                          213.9.245.0/24 maxlen: 24
                          213.9.246.0/24 maxlen: 24
                          213.9.247.0/24 maxlen: 24
                          213.9.248.0/24 maxlen: 24
                          213.192.192.0/18 maxlen: 18
                          213.192.193.0/24 maxlen: 24
                          213.192.200.0/22 maxlen: 22
                          213.192.203.0/24 maxlen: 24
                          213.192.206.0/23 maxlen: 23
                          213.192.212.0/22 maxlen: 22
                          213.192.213.0/24 maxlen: 24
                          213.192.216.0/21 maxlen: 21
                          213.192.224.0/22 maxlen: 22
                          213.192.228.0/23 maxlen: 23
                          213.192.232.0/22 maxlen: 22
                          213.192.238.0/24 maxlen: 24
                          213.192.239.0/24 maxlen: 24
                          213.192.240.0/24 maxlen: 24
                          213.192.241.0/24 maxlen: 24
                          213.192.242.0/23 maxlen: 23
                          213.192.244.0/23 maxlen: 23
                          213.192.246.0/24 maxlen: 24
                          213.192.247.0/24 maxlen: 24
                          213.192.248.0/21 maxlen: 21
                          213.192.249.0/24 maxlen: 24
                          213.192.251.0/24 maxlen: 24
                          213.192.252.0/23 maxlen: 23
                          213.192.253.0/24 maxlen: 24
                          213.192.254.0/24 maxlen: 24
                          213.192.255.0/24 maxlen: 24
                          2001:ac0::/29 maxlen: 29
                          2001:ac0::/32 maxlen: 32
                          2001:ac0:30fd::/48 maxlen: 48
                          2001:ac0:c040::/44 maxlen: 44
                          2001:ac0:c0c0::/44 maxlen: 44
                          2001:ac0:c880::/44 maxlen: 44

Validation:               Failed, certificate revoked on Wed 21 Feb 2024 23:28:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:cc:b6:7e:98:0d:e5:1b:1b:3f:09:c8:39:dd:de:bd:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
        Validity
            Not Before: Feb 21 17:28:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b49123ac6875f7c67bab8726a3b4b7f540f8879c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:7f:58:90:ea:02:6d:bc:13:a7:04:04:7f:90:
                    f6:e3:03:1f:17:f5:16:59:b2:f7:65:db:a3:7d:22:
                    59:31:9e:8c:51:41:f6:8c:d2:8e:2f:85:ba:bf:6a:
                    ca:c8:70:34:18:23:04:b3:5f:38:3b:7d:a8:ee:f8:
                    bd:91:da:2c:79:a3:d3:8c:79:ee:10:82:b3:48:2a:
                    e3:6a:c4:65:0f:7d:cb:de:e6:91:0e:26:8d:4b:ac:
                    58:2f:d5:bf:c1:42:58:88:ab:5b:07:7f:79:af:bd:
                    42:06:33:01:04:6e:c6:ee:2e:ce:ee:2d:9f:7e:49:
                    c9:30:ca:2c:a3:51:07:46:80:1f:ec:a8:4b:fe:78:
                    b7:41:7b:cc:fb:e3:0f:86:6e:2c:61:55:0c:28:de:
                    0c:1a:e6:a0:5a:6b:d9:61:a4:d7:4f:6f:f8:db:e4:
                    35:47:5a:b6:1b:90:45:ad:01:cd:5d:8a:34:34:c4:
                    04:07:51:0f:b1:7b:08:fb:a1:3d:4f:82:23:17:a0:
                    2b:43:32:6c:87:05:95:54:71:a5:f0:48:2d:54:87:
                    cb:d5:cd:56:2a:2a:5a:a8:4e:c9:d1:38:e9:d2:9a:
                    05:11:05:4c:9b:8e:c2:2a:25:18:d7:7c:dc:19:9d:
                    d5:36:1b:c9:f3:86:c4:a6:37:d1:7e:25:56:33:b1:
                    40:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:91:23:AC:68:75:F7:C6:7B:AB:87:26:A3:B4:B7:F5:40:F8:87:9C
            X509v3 Authority Key Identifier:
                keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/tJEjrGh198Z7q4cmo7S39UD4h5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.18.0.0/19
                  92.60.160.0/20
                  185.66.60.0/22
                  212.49.128.0/18
                  212.66.161.0-212.66.191.255
                  212.163.0.0/16
                  213.9.128.0/17
                  213.192.192.0/18
                IPv6:
                  2001:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:c6:5c:85:ad:47:40:7b:47:27:2b:3d:07:ad:e9:63:1a:82:
         e6:a5:2c:2d:28:4a:7c:d5:14:fc:e2:6f:3c:4c:0e:a2:d9:38:
         35:67:62:88:96:d1:41:4a:b6:c3:83:bd:59:d2:35:62:87:a7:
         ff:1f:f6:c9:8c:08:86:d6:24:64:d1:a9:a6:94:b5:87:84:d7:
         62:1f:c8:bd:9c:b1:ed:3b:6f:ae:a3:0e:2d:b4:78:37:1a:59:
         f5:8f:ce:b8:e8:39:b4:ca:2a:99:c5:9f:b6:78:f7:98:21:06:
         f2:7c:7d:d1:75:45:b1:e4:58:12:0e:fc:36:d4:73:b5:33:21:
         b5:31:7c:4c:17:c1:6e:56:3f:d4:02:03:f1:24:04:5e:fb:8c:
         a3:1e:32:91:ca:56:c8:d3:42:68:a5:c6:16:e0:5e:f1:84:3a:
         bd:81:27:d7:c1:52:42:1c:a1:ca:4a:2b:c9:c7:b6:14:44:29:
         0d:7b:b1:29:56:93:d2:bc:8a:f6:b0:b0:b9:d0:11:a1:8b:9a:
         41:fc:11:39:a7:31:bc:c6:c3:a6:56:ab:a3:12:e2:81:b4:f4:
         2c:cf:23:28:02:ac:67:b7:82:e0:10:b1:89:ff:7f:d5:b0:0b:
         24:61:c8:1d:ad:be:6b:fa:c0:c5:a8:70:7d:f3:c0:95:68:85:
         5f:04:a6:27
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY3Mtn6YDeUbGz8JyDnd3r0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMjIxMTcyODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDkxMjNhYzY4NzVmN2M2N2JhYjg3MjZhM2I0YjdmNTQwZjg4NzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnn9YkOoCbbwTpwQEf5D24wMfF/UW
WbL3ZdujfSJZMZ6MUUH2jNKOL4W6v2rKyHA0GCMEs184O32o7vi9kdoseaPTjHnu
EIKzSCrjasRlD33L3uaRDiaNS6xYL9W/wUJYiKtbB395r71CBjMBBG7G7i7O7i2f
fknJMMoso1EHRoAf7KhL/ni3QXvM++MPhm4sYVUMKN4MGuagWmvZYaTXT2/42+Q1
R1q2G5BFrQHNXYo0NMQEB1EPsXsI+6E9T4IjF6ArQzJshwWVVHGl8EgtVIfL1c1W
KipaqE7J0Tjp0poFEQVMm47CKiUY13zcGZ3VNhvJ84bEpjfRfiVWM7FASwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFLSRI6xodffGe6uHJqO0t/VA+IecMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvdEpFanJHaDE5OFo3cTRjbW83UzM5VUQ0aDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwQFVBIAAwQE
XDygAwQCuUI8AwQG1DGAMAwDBADUQqEDBAbUQoADAwDUowMEB9UJgAMEBtXAwDAN
BAIAAjAHAwUDIAEKwDANBgkqhkiG9w0BAQsFAAOCAQEAHcZcha1HQHtHJys9B63p
YxqC5qUsLShKfNUU/OJvPEwOotk4NWdiiJbRQUq2w4O9WdI1Yoen/x/2yYwIhtYk
ZNGpppS1h4TXYh/IvZyx7TtvrqMOLbR4NxpZ9Y/OuOg5tMoqmcWftnj3mCEG8nx9
0XVFseRYEg78NtRztTMhtTF8TBfBblY/1AID8SQEXvuMox4ykcpWyNNCaKXGFuBe
8YQ6vYEn18FSQhyhykoryce2FEQpDXuxKVaT0ryK9rCwudARoYuaQfwROacxvMbD
plaroxLigbT0LM8jKAKsZ7eC4BCxif9/1bALJGHIHa2+a/rAxahwffPAlWiFXwSm
Jw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:57 2024 by rpki-client on console-ams.rpki-client.org