Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/6aq2KVHjB_mGkoINcEKsDtT7p9o.roa
File:                     6aq2KVHjB_mGkoINcEKsDtT7p9o.roa (raw, json)
Hash identifier:          WJ7/s9rGVzcBgTT3lShYBaspV/HZ415jFdHo02MN6kM=
Subject key identifier:   E9:AA:B6:29:51:E3:07:F9:86:92:82:0D:70:42:AC:0E:D4:FB:A7:DA
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       018B5C82C66049F0E75D6964247C2199F68C
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/6aq2KVHjB_mGkoINcEKsDtT7p9o.roa
Signing time:             Mon 23 Oct 2023 12:29:16 +0000
ROA not before:           Mon 23 Oct 2023 12:29:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     42337
IP address blocks:        2.188.40.0/21 maxlen: 24
                          78.39.155.0/24 maxlen: 24
                          78.39.156.0/24 maxlen: 24
                          78.39.153.0/24 maxlen: 24
                          2.181.191.0/24 maxlen: 24
                          2.188.72.0/22 maxlen: 24
                          78.38.246.0/24 maxlen: 24
                          78.38.243.0/24 maxlen: 24
                          78.38.250.0/24 maxlen: 24
                          78.38.251.0/24 maxlen: 24
                          78.38.248.0/24 maxlen: 24
                          78.38.254.0/24 maxlen: 24
                          78.39.40.0/24 maxlen: 24
                          78.39.43.0/24 maxlen: 24
                          78.39.50.0/24 maxlen: 24
                          78.39.46.0/24 maxlen: 24
                          78.39.49.0/24 maxlen: 24
                          78.39.48.0/24 maxlen: 24
                          78.39.51.0/24 maxlen: 24
                          78.39.47.0/24 maxlen: 24
                          78.39.58.0/24 maxlen: 24
                          78.39.54.0/24 maxlen: 24
                          78.39.57.0/24 maxlen: 24
                          78.39.53.0/24 maxlen: 24
                          78.39.56.0/24 maxlen: 24
                          78.39.55.0/24 maxlen: 24
                          78.39.62.0/23 maxlen: 24
                          78.39.59.0/24 maxlen: 24
                          78.38.25.0/24 maxlen: 24
                          2.189.160.0/21 maxlen: 24
                          2.189.168.0/21 maxlen: 24
                          2.188.225.0/24 maxlen: 24
                          2.188.224.0/20 maxlen: 24
                          2.188.232.0/23 maxlen: 23
                          2.188.234.0/24 maxlen: 24
                          2.188.236.0/23 maxlen: 23
                          2.188.240.0/20 maxlen: 24
                          2.188.164.0/22 maxlen: 22
                          2.188.160.0/22 maxlen: 22
                          2.188.165.0/24 maxlen: 24
                          2.188.161.0/24 maxlen: 24
                          2.188.160.0/21 maxlen: 24
                          2.188.176.0/23 maxlen: 23
                          2.188.192.0/19 maxlen: 24
                          2.189.80.0/21 maxlen: 24
                          2.189.88.0/21 maxlen: 24
                          2.182.172.0/24 maxlen: 24
                          2.189.48.0/21 maxlen: 24
                          2.189.64.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 09 Nov 2023 00:24:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:5c:82:c6:60:49:f0:e7:5d:69:64:24:7c:21:99:f6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Oct 23 12:29:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e9aab62951e307f98692820d7042ac0ed4fba7da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:54:aa:6e:f8:2c:05:b5:4b:7d:af:ff:64:38:
                    74:1b:b5:6d:4f:a2:74:4c:64:e2:fe:d7:22:99:d3:
                    67:2c:57:79:4c:df:74:77:c8:07:ab:7f:13:a0:e6:
                    43:e3:67:cf:ff:35:4f:75:3a:43:56:1a:a1:c0:0a:
                    d6:18:2e:59:58:ef:ba:1a:91:fe:4f:d4:e6:45:d0:
                    31:cb:69:78:2e:90:05:cf:01:0d:98:26:17:e3:88:
                    b1:97:5e:0b:0d:ee:47:33:b2:8f:5e:91:12:fb:74:
                    7c:b2:ba:19:68:92:5a:c2:2b:e8:c2:0f:27:61:96:
                    94:d0:c1:d0:2a:fe:ab:ca:de:8e:19:d4:15:5b:c9:
                    a4:a8:d1:52:0c:cb:0a:57:c6:b2:57:38:45:cc:ce:
                    cb:77:b4:b7:7b:80:70:95:a1:ee:a4:cd:4b:3c:30:
                    bd:48:22:cd:42:c5:20:84:4a:77:d7:3f:59:c4:b7:
                    4c:cf:f6:3e:11:16:2c:33:64:6b:d8:ca:47:24:40:
                    f3:f1:39:67:5f:33:9f:81:89:26:1a:1b:03:38:c9:
                    e4:d9:0b:49:36:ef:ff:3b:11:db:bc:26:5f:44:ea:
                    f5:b3:53:de:40:e7:3c:8a:7e:df:4d:0a:d0:0e:b5:
                    25:ab:d0:ba:13:bc:22:ee:2f:b5:54:ed:e2:bb:97:
                    4b:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:AA:B6:29:51:E3:07:F9:86:92:82:0D:70:42:AC:0E:D4:FB:A7:DA
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/6aq2KVHjB_mGkoINcEKsDtT7p9o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.181.191.0/24
                  2.182.172.0/24
                  2.188.40.0/21
                  2.188.72.0/22
                  2.188.160.0/21
                  2.188.176.0/23
                  2.188.192.0/18
                  2.189.48.0/21
                  2.189.64.0/22
                  2.189.80.0/20
                  2.189.160.0/20
                  78.38.25.0/24
                  78.38.243.0/24
                  78.38.246.0/24
                  78.38.248.0/24
                  78.38.250.0/23
                  78.38.254.0/24
                  78.39.40.0/24
                  78.39.43.0/24
                  78.39.46.0-78.39.51.255
                  78.39.53.0-78.39.59.255
                  78.39.62.0/23
                  78.39.153.0/24
                  78.39.155.0-78.39.156.255

    Signature Algorithm: sha256WithRSAEncryption
         83:53:7f:c2:b9:fd:88:d4:ca:21:aa:66:6d:94:cf:d7:9a:3a:
         58:8d:11:c4:2b:ab:0f:ee:dc:4e:ee:12:7c:ef:73:b4:21:56:
         d9:ea:71:3a:cf:98:eb:f6:bf:7b:85:0e:34:4a:de:3b:78:b0:
         2e:fd:e4:d0:2e:fe:24:09:f6:40:1f:72:f6:ac:e5:be:1f:72:
         f0:cf:ce:c0:a8:ff:af:da:c6:0c:0c:81:cd:b8:f8:72:38:7e:
         ac:e1:a1:aa:dd:ca:5d:77:70:cd:6e:76:36:60:ec:26:c7:35:
         40:b4:95:0d:3c:c3:2c:bb:1a:82:1f:67:05:1d:f2:d6:90:5b:
         3c:e0:46:41:92:0a:31:b8:bd:7a:00:eb:c9:25:ef:af:52:21:
         60:dc:81:71:a8:43:d0:91:ec:da:1c:64:6b:ff:3d:e6:49:f7:
         08:fc:bb:c9:a2:84:2c:99:c0:62:a1:23:a6:5e:51:bc:1e:88:
         03:bc:66:d8:8e:3f:60:0a:e7:91:7f:0c:a6:b2:fd:6e:dc:93:
         87:c9:0d:81:54:6a:a9:a6:b1:de:15:81:bb:2c:d6:26:7e:e8:
         57:b7:9b:e5:52:0b:0b:12:7a:63:e3:0f:df:4d:62:5e:83:dc:
         cb:ea:ad:d8:a5:19:c6:bf:0a:38:86:d3:ba:7e:b6:79:6e:99:
         56:37:82:0b
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAYtcgsZgSfDnXWlkJHwhmfaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMxMDIzMTIyOTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWFhYjYyOTUxZTMwN2Y5ODY5MjgyMGQ3MDQyYWMwZWQ0ZmJhN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1SqbvgsBbVLfa//ZDh0G7VtT6J0
TGTi/tcimdNnLFd5TN90d8gHq38ToOZD42fP/zVPdTpDVhqhwArWGC5ZWO+6GpH+
T9TmRdAxy2l4LpAFzwENmCYX44ixl14LDe5HM7KPXpES+3R8sroZaJJawivowg8n
YZaU0MHQKv6ryt6OGdQVW8mkqNFSDMsKV8ayVzhFzM7Ld7S3e4BwlaHupM1LPDC9
SCLNQsUghEp31z9ZxLdMz/Y+ERYsM2Rr2MpHJEDz8TlnXzOfgYkmGhsDOMnk2QtJ
Nu//OxHbvCZfROr1s1PeQOc8in7fTQrQDrUlq9C6E7wi7i+1VO3iu5dL7QIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFOmqtilR4wf5hpKCDXBCrA7U+6faMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvNmFxMktWSGpCX21Ha29JTmNFS3NEdFQ3cDlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAAC
tb8DBAACtqwDBAMCvCgDBAICvEgDBAMCvKADBAECvLADBAYCvMADBAMCvTADBAIC
vUADBAQCvVADBAQCvaADBABOJhkDBABOJvMDBABOJvYDBABOJvgDBAFOJvoDBABO
Jv4DBABOJygDBABOJyswDAMEAU4nLgMEAk4nMDAMAwQATic1AwQCTic4AwQBTic+
AwQATieZMAwDBABOJ5sDBABOJ5wwDQYJKoZIhvcNAQELBQADggEBAINTf8K5/YjU
yiGqZm2Uz9eaOliNEcQrqw/u3E7uEnzvc7QhVtnqcTrPmOv2v3uFDjRK3jt4sC79
5NAu/iQJ9kAfcvas5b4fcvDPzsCo/6/axgwMgc24+HI4fqzhoardyl13cM1udjZg
7CbHNUC0lQ08wyy7GoIfZwUd8taQWzzgRkGSCjG4vXoA68kl769SIWDcgXGoQ9CR
7NocZGv/PeZJ9wj8u8mihCyZwGKhI6ZeUbweiAO8ZtiOP2AK55F/DKay/W7ck4fJ
DYFUaqmmsd4Vgbss1iZ+6Fe3m+VSCwsSemPjD99NYl6D3MvqrdilGca/CjiG07p+
tnlumVY3ggs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:52 2024 by rpki-client on console-ams.rpki-client.org