Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/zxzSoXz5Hhx7BdR1nhRMP8FBkzs.roa
File:                     zxzSoXz5Hhx7BdR1nhRMP8FBkzs.roa (raw, json)
Hash identifier:          Ba+WuZbvCb+ny3gl4L2+/H+BaSD0trqS2s+mFTT+qgI=
Subject key identifier:   CF:1C:D2:A1:7C:F9:1E:1C:7B:05:D4:75:9E:14:4C:3F:C1:41:93:3B
Certificate issuer:       /CN=d94bddafb5df098419020a8fbc7a90b16e341d63
Certificate serial:       0186C60B260BC041AB98E2636ACAFD497813
Authority key identifier: D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/zxzSoXz5Hhx7BdR1nhRMP8FBkzs.roa
Signing time:             Thu 09 Mar 2023 11:04:24 +0000
ROA not before:           Thu 09 Mar 2023 11:04:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     58073
IP address blocks:        45.145.252.0/22 maxlen: 22
                          193.104.186.0/24 maxlen: 24
                          45.152.192.0/22 maxlen: 22
                          37.220.32.0/21 maxlen: 24
                          45.10.116.0/22 maxlen: 22
                          45.129.176.0/22 maxlen: 22
                          185.38.12.0/22 maxlen: 24
                          2.58.23.0/24 maxlen: 24
                          2.58.20.0/22 maxlen: 22
                          45.82.44.0/22 maxlen: 22
                          45.88.16.0/22 maxlen: 22
                          45.93.32.0/22 maxlen: 22
                          46.182.104.0/24 maxlen: 24
                          46.182.105.0/24 maxlen: 24
                          46.182.106.0/24 maxlen: 24
                          46.182.107.0/24 maxlen: 24
                          46.182.111.0/24 maxlen: 24
                          46.182.109.0/24 maxlen: 24
                          46.182.110.0/24 maxlen: 24
                          2a02:2a38::/32 maxlen: 32
                          2a02:2a38:37::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:33:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:c6:0b:26:0b:c0:41:ab:98:e2:63:6a:ca:fd:49:78:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d94bddafb5df098419020a8fbc7a90b16e341d63
        Validity
            Not Before: Mar  9 11:04:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cf1cd2a17cf91e1c7b05d4759e144c3fc141933b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d3:24:ab:31:9b:a6:69:0e:07:bc:14:50:a9:
                    1d:40:bc:d7:7a:b0:c9:99:75:f1:cd:29:eb:9f:a3:
                    2b:17:49:ed:96:25:2f:65:4e:5d:82:17:9b:27:4e:
                    34:8a:79:74:2f:37:6d:52:df:05:0e:a7:76:76:ae:
                    95:23:f1:0f:4a:5a:fd:e5:16:de:37:41:db:90:62:
                    f2:ad:a9:43:6f:6c:ca:a6:b3:0c:cc:ea:6b:d7:d2:
                    ae:35:4f:ee:c0:c9:2d:6c:0c:c6:2c:2f:8e:2e:b4:
                    91:64:6d:51:28:61:ee:2d:bf:16:91:99:45:46:20:
                    9b:71:c8:64:95:5a:0b:1f:7e:31:91:53:d5:5a:7f:
                    01:51:5f:9f:e7:fc:fa:49:f8:37:91:9d:e3:b8:2a:
                    74:23:56:11:e7:ab:94:0c:d6:7f:8b:e6:57:13:e9:
                    8d:21:a5:9d:fb:06:f5:d2:82:77:b7:57:90:9f:f6:
                    b1:38:59:84:d3:a9:d9:f6:d7:0c:d7:49:ae:97:0f:
                    d0:87:c0:40:d0:1e:3a:bc:3d:9b:90:04:11:51:c8:
                    60:fe:bf:69:6d:b0:7b:f7:f5:b5:f3:e9:8f:ab:6f:
                    fc:99:cd:17:5f:5a:2d:c0:63:a7:8a:d5:a6:97:f1:
                    03:14:96:35:54:53:b7:09:4f:7a:b0:84:72:3f:d8:
                    a3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:1C:D2:A1:7C:F9:1E:1C:7B:05:D4:75:9E:14:4C:3F:C1:41:93:3B
            X509v3 Authority Key Identifier:
                keyid:D9:4B:DD:AF:B5:DF:09:84:19:02:0A:8F:BC:7A:90:B1:6E:34:1D:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Uvdr7XfCYQZAgqPvHqQsW40HWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/zxzSoXz5Hhx7BdR1nhRMP8FBkzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/cde757-7672-4720-8ce1-6e26b91f6910/1/2Uvdr7XfCYQZAgqPvHqQsW40HWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.20.0/22
                  37.220.32.0/21
                  45.10.116.0/22
                  45.82.44.0/22
                  45.88.16.0/22
                  45.93.32.0/22
                  45.129.176.0/22
                  45.145.252.0/22
                  45.152.192.0/22
                  46.182.104.0/22
                  46.182.109.0-46.182.111.255
                  185.38.12.0/22
                  193.104.186.0/24
                IPv6:
                  2a02:2a38::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:1c:30:83:8d:4e:f7:4f:a1:57:57:13:5a:59:42:82:70:b0:
         6f:2a:0b:d8:b3:b1:c2:1f:80:be:e5:25:6b:97:61:af:a2:ac:
         18:4b:cb:2f:ca:eb:18:bb:14:7f:f1:51:60:8b:08:f7:79:ef:
         10:24:e2:5a:72:4c:33:5d:8e:e7:36:05:f4:82:4b:ae:63:82:
         d8:d5:73:26:d5:3b:4a:e6:5a:58:d4:60:38:d2:62:6e:c9:ea:
         a9:6d:f5:6e:ad:d1:79:08:da:8c:59:71:18:5a:6b:35:f5:57:
         83:7d:86:69:be:43:dd:7b:1a:9b:e1:aa:f4:dc:c8:ea:d5:7f:
         12:76:cb:6c:3b:7c:f4:14:4a:84:83:19:3a:ce:c8:d3:eb:5a:
         b4:5b:0e:06:c0:99:58:b2:0c:6d:27:c5:55:8b:d7:e3:17:63:
         80:80:3f:e1:e6:20:a3:76:3a:8a:9c:53:62:56:f7:41:f5:cd:
         09:de:cb:7f:ba:ad:03:93:38:9e:af:ec:f7:ec:64:44:cf:a8:
         65:22:c1:ce:b0:1c:55:93:fc:4c:3a:6f:6a:57:c0:38:5d:4b:
         54:76:e7:a8:32:a9:31:0b:20:08:83:72:90:80:ff:4f:ea:c3:
         30:9c:a5:43:91:5d:b2:12:30:b0:10:bd:4b:f8:cb:a1:a0:78:
         51:c8:85:f2
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYbGCyYLwEGrmOJjasr9SXgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NGJkZGFmYjVkZjA5ODQxOTAyMGE4ZmJjN2E5MGIxNmUz
NDFkNjMwHhcNMjMwMzA5MTEwNDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjFjZDJhMTdjZjkxZTFjN2IwNWQ0NzU5ZTE0NGMzZmMxNDE5MzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9MkqzGbpmkOB7wUUKkdQLzXerDJ
mXXxzSnrn6MrF0ntliUvZU5dghebJ040inl0LzdtUt8FDqd2dq6VI/EPSlr95Rbe
N0HbkGLyralDb2zKprMMzOpr19KuNU/uwMktbAzGLC+OLrSRZG1RKGHuLb8WkZlF
RiCbcchklVoLH34xkVPVWn8BUV+f5/z6Sfg3kZ3juCp0I1YR56uUDNZ/i+ZXE+mN
IaWd+wb10oJ3t1eQn/axOFmE06nZ9tcM10mulw/Qh8BA0B46vD2bkAQRUchg/r9p
bbB79/W18+mPq2/8mc0XX1otwGOnitWml/EDFJY1VFO3CU96sIRyP9ijtwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFM8c0qF8+R4cewXUdZ4UTD/BQZM7MB8GA1UdIwQY
MBaAFNlL3a+13wmEGQIKj7x6kLFuNB1jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEt
NmUyNmI5MWY2OTEwLzEvenh6U29YejVIaHg3QmRSMW5oUk1QOEZCa3pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jZGU3NTctNzY3Mi00NzIwLThjZTEtNmUyNmI5MWY2OTEw
LzEvMlV2ZHI3WGZDWVFaQWdxUHZIcVFzVzQwSFdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWAwQCAjoUAwQD
JdwgAwQCLQp0AwQCLVIsAwQCLVgQAwQCLV0gAwQCLYGwAwQCLZH8AwQCLZjAAwQC
LrZoMAwDBAAutm0DBAQutmADBAK5JgwDBADBaLowDQQCAAIwBwMFACoCKjgwDQYJ
KoZIhvcNAQELBQADggEBAF4cMIONTvdPoVdXE1pZQoJwsG8qC9izscIfgL7lJWuX
Ya+irBhLyy/K6xi7FH/xUWCLCPd57xAk4lpyTDNdjuc2BfSCS65jgtjVcybVO0rm
WljUYDjSYm7J6qlt9W6t0XkI2oxZcRhaazX1V4N9hmm+Q917GpvhqvTcyOrVfxJ2
y2w7fPQUSoSDGTrOyNPrWrRbDgbAmViyDG0nxVWL1+MXY4CAP+HmIKN2OoqcU2JW
90H1zQney3+6rQOTOJ6v7PfsZETPqGUiwc6wHFWT/Ew6b2pXwDhdS1R256gyqTEL
IAiDcpCA/0/qwzCcpUORXbISMLAQvUv4y6GgeFHIhfI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:34 2024 by rpki-client on console-fra.rpki-client.org