Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/5_SK9R5p26HEsOV31aM1rR8yrtE.roa
File:                     5_SK9R5p26HEsOV31aM1rR8yrtE.roa (raw, json)
Hash identifier:          9JJTgzG4xGggd5V5OPcVwBm+SD4f192d2gBFNi40fGc=
Subject key identifier:   E7:F4:8A:F5:1E:69:DB:A1:C4:B0:E5:77:D5:A3:35:AD:1F:32:AE:D1
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       0187953D64E248480818733CE4F6A5212E8E
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/5_SK9R5p26HEsOV31aM1rR8yrtE.roa
Signing time:             Tue 18 Apr 2023 16:40:41 +0000
ROA not before:           Tue 18 Apr 2023 16:40:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42337
IP address blocks:        2.188.225.0/24 maxlen: 24
                          2.188.224.0/20 maxlen: 24
                          2.188.232.0/23 maxlen: 23
                          2.188.234.0/24 maxlen: 24
                          2.188.236.0/23 maxlen: 23
                          2.188.240.0/20 maxlen: 24
                          2.188.40.0/21 maxlen: 24
                          2.188.164.0/22 maxlen: 22
                          2.188.160.0/22 maxlen: 22
                          2.188.165.0/24 maxlen: 24
                          2.188.161.0/24 maxlen: 24
                          2.188.160.0/21 maxlen: 24
                          2.188.176.0/23 maxlen: 23
                          2.188.192.0/19 maxlen: 24
                          2.189.160.0/21 maxlen: 24
                          2.189.168.0/21 maxlen: 24
                          2.189.80.0/21 maxlen: 24
                          2.189.88.0/21 maxlen: 24
                          2.188.60.0/22 maxlen: 24
                          2.188.72.0/22 maxlen: 24
                          2.189.48.0/21 maxlen: 24

Validation:               Failed, certificate revoked on Mon 24 Apr 2023 20:37:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:95:3d:64:e2:48:48:08:18:73:3c:e4:f6:a5:21:2e:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Apr 18 16:40:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e7f48af51e69dba1c4b0e577d5a335ad1f32aed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d5:0a:03:30:ee:93:c4:32:9e:7c:18:64:18:
                    63:46:d8:06:d3:ef:0e:58:86:38:15:99:f6:b8:65:
                    70:eb:d1:5e:16:3d:bc:1c:25:1a:d5:97:1b:f5:8e:
                    e6:f6:cc:4a:0a:39:e3:45:ba:c5:d8:07:d1:58:55:
                    9a:cd:5e:53:8a:04:9d:35:f2:c6:04:90:79:8f:eb:
                    44:a7:3d:31:cc:d0:ec:44:e8:7f:76:35:d2:5e:37:
                    e2:ed:94:6d:43:67:15:a6:cc:75:8e:a6:74:c2:62:
                    60:05:c5:b2:a0:ab:5d:37:42:19:85:3c:91:f3:0c:
                    08:54:4c:29:ca:d2:e6:a0:f3:2c:71:4b:54:21:ab:
                    a2:d2:46:5d:91:74:0a:a1:fa:27:80:eb:b0:5a:9f:
                    3e:ba:79:09:36:74:14:2d:2c:ab:94:af:c3:27:d8:
                    9d:43:f6:eb:08:a6:37:2a:c7:75:c8:50:77:5d:4e:
                    28:c7:01:75:39:16:8c:b6:1e:3e:60:e1:79:a9:fc:
                    02:50:1c:a6:08:34:6b:14:4e:8c:47:ea:62:5b:70:
                    41:b5:aa:8b:4b:5d:a5:94:e8:bf:82:b8:9b:d3:81:
                    d3:78:56:e2:58:47:58:9c:ef:91:6a:a5:cb:aa:fb:
                    ce:06:52:8d:64:f2:7e:b4:05:a9:ac:a9:0b:40:d5:
                    f0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:F4:8A:F5:1E:69:DB:A1:C4:B0:E5:77:D5:A3:35:AD:1F:32:AE:D1
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/5_SK9R5p26HEsOV31aM1rR8yrtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.188.40.0/21
                  2.188.60.0/22
                  2.188.72.0/22
                  2.188.160.0/21
                  2.188.176.0/23
                  2.188.192.0/18
                  2.189.48.0/21
                  2.189.80.0/20
                  2.189.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         4e:64:99:b2:e4:97:74:58:dc:f5:15:c3:9c:1e:e3:54:b9:90:
         2b:37:3e:3c:2e:4a:82:37:9d:61:f1:9b:77:ef:0a:de:31:25:
         17:e8:b4:44:cf:89:af:dd:5e:f8:bd:ae:f4:5c:1a:eb:eb:a8:
         f7:38:84:0b:7f:25:d6:3b:aa:90:87:10:d6:24:d7:b3:ed:1c:
         2e:2c:3b:6f:bd:33:b8:d9:2c:10:70:eb:5e:2f:14:79:d2:3b:
         82:7c:dc:72:4f:e3:60:98:a2:9a:fa:cc:c7:04:39:86:ba:c4:
         a2:53:cb:ee:2c:cc:58:e6:f3:39:bf:6a:0f:04:d5:e9:12:f7:
         35:bd:55:b9:5c:09:05:49:d8:78:51:27:9f:00:ad:46:c0:e3:
         27:ef:6a:67:47:ef:c7:d0:d9:90:54:5c:5a:39:8c:5f:3a:3d:
         9f:c7:d7:70:51:2d:06:53:f2:9c:38:fc:3f:e5:c3:74:83:01:
         81:00:16:ed:19:ce:ef:98:c3:ac:05:19:b9:38:95:20:f7:28:
         50:7a:85:7a:c0:e6:e7:7c:e2:63:3f:3c:c9:42:3d:5a:5f:dd:
         e9:46:86:02:d9:d2:f4:37:82:81:67:a7:36:f5:ab:04:ac:df:
         b1:81:01:f0:2d:fe:dc:8c:91:97:f2:de:24:9c:b8:ff:d3:f3:
         b8:b3:33:aa
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYeVPWTiSEgIGHM85PalIS6OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMwNDE4MTY0MDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2Y0OGFmNTFlNjlkYmExYzRiMGU1NzdkNWEzMzVhZDFmMzJhZWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdUKAzDuk8QynnwYZBhjRtgG0+8O
WIY4FZn2uGVw69FeFj28HCUa1Zcb9Y7m9sxKCjnjRbrF2AfRWFWazV5TigSdNfLG
BJB5j+tEpz0xzNDsROh/djXSXjfi7ZRtQ2cVpsx1jqZ0wmJgBcWyoKtdN0IZhTyR
8wwIVEwpytLmoPMscUtUIaui0kZdkXQKofongOuwWp8+unkJNnQULSyrlK/DJ9id
Q/brCKY3Ksd1yFB3XU4oxwF1ORaMth4+YOF5qfwCUBymCDRrFE6MR+piW3BBtaqL
S12llOi/grib04HTeFbiWEdYnO+RaqXLqvvOBlKNZPJ+tAWprKkLQNXwkQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFOf0ivUeaduhxLDld9WjNa0fMq7RMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvNV9TSzlSNXAyNkhFc09WMzFhTTFyUjh5cnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDArwoAwQC
Arw8AwQCArxIAwQDArygAwQBArywAwQGArzAAwQDAr0wAwQEAr1QAwQEAr2gMA0G
CSqGSIb3DQEBCwUAA4IBAQBOZJmy5Jd0WNz1FcOcHuNUuZArNz48LkqCN51h8Zt3
7wreMSUX6LREz4mv3V74va70XBrr66j3OIQLfyXWO6qQhxDWJNez7RwuLDtvvTO4
2SwQcOteLxR50juCfNxyT+NgmKKa+szHBDmGusSiU8vuLMxY5vM5v2oPBNXpEvc1
vVW5XAkFSdh4USefAK1GwOMn72pnR+/H0NmQVFxaOYxfOj2fx9dwUS0GU/KcOPw/
5cN0gwGBABbtGc7vmMOsBRm5OJUg9yhQeoV6wObnfOJjPzzJQj1aX93pRoYC2dL0
N4KBZ6c29asErN+xgQHwLf7cjJGX8t4knLj/0/O4szOq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:47 2024 by rpki-client on console-fra.rpki-client.org