Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/efn7DtETcEPA3_R5zmdB2sabUp4.roa
File:                     efn7DtETcEPA3_R5zmdB2sabUp4.roa (raw, json)
Hash identifier:          rZzntxlVXx9AFngYzSme4+J8vOp7BV7z3gap6QVyt5g=
Subject key identifier:   79:F9:FB:0E:D1:13:70:43:C0:DF:F4:79:CE:67:41:DA:C6:9B:52:9E
Certificate issuer:       /CN=5484b53ec069e302623596fb3aa79f5d782c09f9
Certificate serial:       018570B98757C1739E8C42938B5257D47117
Authority key identifier: 54:84:B5:3E:C0:69:E3:02:62:35:96:FB:3A:A7:9F:5D:78:2C:09:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VIS1PsBp4wJiNZb7OqefXXgsCfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/efn7DtETcEPA3_R5zmdB2sabUp4.roa
Signing time:             Mon 02 Jan 2023 04:24:44 +0000
ROA not before:           Mon 02 Jan 2023 04:24:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34949
IP address blocks:        185.60.24.0/23 maxlen: 23
                          185.60.24.0/24 maxlen: 24
                          185.60.25.0/24 maxlen: 24
                          185.60.26.0/23 maxlen: 23
                          185.60.26.0/24 maxlen: 24
                          185.85.227.0/24 maxlen: 24
                          159.100.35.0/24 maxlen: 24
                          159.100.34.0/23 maxlen: 23
                          159.100.34.0/24 maxlen: 24
                          159.100.32.0/24 maxlen: 24
                          159.100.32.0/23 maxlen: 23
                          159.100.33.0/24 maxlen: 24
                          159.100.38.0/24 maxlen: 24
                          159.100.38.0/23 maxlen: 23
                          159.100.39.0/24 maxlen: 24
                          159.100.40.0/24 maxlen: 24
                          159.100.40.0/23 maxlen: 23
                          217.112.58.0/24 maxlen: 24
                          217.112.52.0/24 maxlen: 24
                          217.112.52.0/23 maxlen: 23
                          217.112.53.0/24 maxlen: 24
                          217.112.58.0/23 maxlen: 23
                          217.112.57.0/24 maxlen: 24
                          217.112.54.0/24 maxlen: 24
                          217.112.54.0/23 maxlen: 23
                          217.112.56.0/24 maxlen: 24
                          217.112.56.0/23 maxlen: 23
                          217.112.55.0/24 maxlen: 24
                          217.112.59.0/24 maxlen: 24
                          217.112.61.0/24 maxlen: 24
                          217.112.60.0/23 maxlen: 23
                          217.112.60.0/24 maxlen: 24
                          217.112.63.0/24 maxlen: 24
                          217.112.62.0/23 maxlen: 24
                          217.112.50.0/23 maxlen: 23
                          217.112.51.0/24 maxlen: 24
                          217.112.50.0/24 maxlen: 24
                          217.112.49.0/24 maxlen: 24
                          217.112.48.0/23 maxlen: 24
                          185.85.224.0/24 maxlen: 24
                          185.85.224.0/23 maxlen: 23
                          185.85.226.0/24 maxlen: 24
                          185.85.225.0/24 maxlen: 24
                          185.85.226.0/23 maxlen: 23
                          109.239.112.0/24 maxlen: 24
                          109.239.112.0/23 maxlen: 23
                          109.239.114.0/23 maxlen: 24
                          109.239.113.0/24 maxlen: 24
                          109.239.118.0/23 maxlen: 23
                          109.239.118.0/24 maxlen: 24
                          109.239.116.0/24 maxlen: 24
                          109.239.116.0/23 maxlen: 23
                          109.239.117.0/24 maxlen: 24
                          109.239.119.0/24 maxlen: 24
                          109.239.125.0/24 maxlen: 24
                          109.239.122.0/23 maxlen: 23
                          109.239.122.0/24 maxlen: 24
                          109.239.123.0/24 maxlen: 24
                          109.239.124.0/23 maxlen: 23
                          109.239.126.0/24 maxlen: 24
                          109.239.126.0/23 maxlen: 23
                          109.239.127.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:34:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:b9:87:57:c1:73:9e:8c:42:93:8b:52:57:d4:71:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5484b53ec069e302623596fb3aa79f5d782c09f9
        Validity
            Not Before: Jan  2 04:24:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=79f9fb0ed1137043c0dff479ce6741dac69b529e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:69:a0:b9:80:29:33:18:9d:ab:fe:4b:f8:6d:
                    47:ae:c5:56:9f:1d:32:d8:9f:24:e0:34:0e:44:f0:
                    75:28:e0:9d:5e:a1:65:de:fe:f7:98:2b:9a:e7:a8:
                    20:d6:bf:24:de:da:8b:b1:eb:4d:37:2c:92:7f:bd:
                    21:d9:50:9e:48:57:b3:48:22:bb:fa:52:56:16:9f:
                    9a:85:f0:53:88:6c:2f:b9:c8:0e:24:fa:70:b2:f6:
                    79:07:85:32:ad:6b:24:b0:84:c1:88:53:13:a5:c2:
                    83:fd:19:ee:7f:85:9b:16:a5:14:18:26:c1:f0:ad:
                    7d:86:bb:86:c2:95:2e:de:e6:29:e9:74:a3:bd:6e:
                    70:61:6f:e0:80:f7:9a:15:09:50:97:e8:44:9c:3f:
                    ba:53:10:1b:f9:27:84:3a:cd:e8:6d:71:8a:93:99:
                    23:19:ad:ae:53:57:5c:4e:41:5b:c3:4d:ed:0c:4e:
                    02:5e:7e:65:b9:54:6f:67:7a:a6:66:42:51:cd:c5:
                    14:9a:d1:82:0f:d3:ce:2d:d1:47:d9:bc:de:cb:5b:
                    f9:30:c9:a7:69:cb:e6:49:8e:31:12:19:7f:67:3b:
                    0b:a8:dd:1e:57:6f:a4:6b:39:b8:67:57:00:e1:52:
                    ec:cd:4d:df:a0:3b:3f:06:a5:f4:dd:d2:b5:48:8d:
                    fc:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:F9:FB:0E:D1:13:70:43:C0:DF:F4:79:CE:67:41:DA:C6:9B:52:9E
            X509v3 Authority Key Identifier:
                keyid:54:84:B5:3E:C0:69:E3:02:62:35:96:FB:3A:A7:9F:5D:78:2C:09:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VIS1PsBp4wJiNZb7OqefXXgsCfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/efn7DtETcEPA3_R5zmdB2sabUp4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/ca618c-35ce-4d31-bb89-ce8dd6898b27/1/VIS1PsBp4wJiNZb7OqefXXgsCfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.239.112.0/21
                  109.239.122.0-109.239.127.255
                  159.100.32.0/22
                  159.100.38.0-159.100.41.255
                  185.60.24.0/22
                  185.85.224.0/22
                  217.112.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         91:9a:ba:29:fe:86:d5:e5:a5:2e:83:98:72:8d:59:46:98:66:
         60:b7:50:b0:69:42:69:80:87:57:f3:26:1e:b6:fb:43:a3:18:
         ac:4a:fc:15:a7:41:22:10:3a:e1:d7:11:82:d8:da:e5:86:9c:
         a7:25:b6:1f:95:28:b3:90:18:a1:67:65:d8:53:35:7c:a4:14:
         aa:7e:66:f8:33:bb:22:59:4b:cd:2c:9d:4b:cf:47:ca:12:6c:
         0e:4b:9b:01:cf:4c:59:5d:e6:6b:41:68:bb:af:d1:0f:e7:8b:
         12:57:a0:04:9c:60:d0:5e:13:1e:30:5d:ac:eb:62:ec:05:3a:
         e4:9d:ec:1c:e5:f5:b7:de:03:2b:86:f6:25:d5:42:f4:fa:d3:
         2b:19:24:fb:84:3a:be:41:08:9c:c4:dc:0a:4d:ec:ed:2a:f7:
         0c:bb:0e:73:0a:76:c9:d5:ca:3a:c1:f5:37:78:e7:00:64:07:
         df:1c:7f:81:84:33:29:de:44:ad:a2:b3:3c:e2:be:fe:ac:65:
         21:bc:ac:36:ff:63:c4:d4:e4:e1:f8:38:65:4d:18:87:64:65:
         a2:48:db:1b:cd:18:fb:72:72:a5:56:b7:a3:09:53:c6:11:83:
         1d:7b:5e:a5:34:f9:c9:d1:6d:f7:fa:e3:2f:41:60:e9:1e:19:
         e9:8f:5e:b5
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVwuYdXwXOejEKTi1JX1HEXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0ODRiNTNlYzA2OWUzMDI2MjM1OTZmYjNhYTc5ZjVkNzgy
YzA5ZjkwHhcNMjMwMTAyMDQyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWY5ZmIwZWQxMTM3MDQzYzBkZmY0NzljZTY3NDFkYWM2OWI1MjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmmguYApMxidq/5L+G1HrsVWnx0y
2J8k4DQORPB1KOCdXqFl3v73mCua56gg1r8k3tqLsetNNyySf70h2VCeSFezSCK7
+lJWFp+ahfBTiGwvucgOJPpwsvZ5B4UyrWsksITBiFMTpcKD/Rnuf4WbFqUUGCbB
8K19hruGwpUu3uYp6XSjvW5wYW/ggPeaFQlQl+hEnD+6UxAb+SeEOs3obXGKk5kj
Ga2uU1dcTkFbw03tDE4CXn5luVRvZ3qmZkJRzcUUmtGCD9POLdFH2bzey1v5MMmn
acvmSY4xEhl/ZzsLqN0eV2+kazm4Z1cA4VLszU3foDs/BqX03dK1SI38RQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFHn5+w7RE3BDwN/0ec5nQdrGm1KeMB8GA1UdIwQY
MBaAFFSEtT7AaeMCYjWW+zqnn114LAn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVklTMVBzQnA0d0ppTlpiN09xZWZYWGdzQ2ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9jYTYxOGMtMzVjZS00ZDMxLWJiODkt
Y2U4ZGQ2ODk4YjI3LzEvZWZuN0R0RVRjRVBBM19SNXptZEIyc2FiVXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9jYTYxOGMtMzVjZS00ZDMxLWJiODktY2U4ZGQ2ODk4YjI3
LzEvVklTMVBzQnA0d0ppTlpiN09xZWZYWGdzQ2ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQDbe9wMAwD
BAFt73oDBAdt7wADBAKfZCAwDAMEAZ9kJgMEAZ9kKAMEArk8GAMEArlV4AMEBNlw
MDANBgkqhkiG9w0BAQsFAAOCAQEAkZq6Kf6G1eWlLoOYco1ZRphmYLdQsGlCaYCH
V/MmHrb7Q6MYrEr8FadBIhA64dcRgtja5YacpyW2H5Uos5AYoWdl2FM1fKQUqn5m
+DO7IllLzSydS89HyhJsDkubAc9MWV3ma0Fou6/RD+eLElegBJxg0F4THjBdrOti
7AU65J3sHOX1t94DK4b2JdVC9PrTKxkk+4Q6vkEInMTcCk3s7Sr3DLsOcwp2ydXK
OsH1N3jnAGQH3xx/gYQzKd5EraKzPOK+/qxlIbysNv9jxNTk4fg4ZU0Yh2Rlokjb
G80Y+3JypVa3owlTxhGDHXtepTT5ydFt9/rjL0Fg6R4Z6Y9etQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:07 2024 by rpki-client on console-ams.rpki-client.org