Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/gdiW4tL-8GUlrhD0s0BQpVMMmzY.roa
File:                     gdiW4tL-8GUlrhD0s0BQpVMMmzY.roa (raw, json)
Hash identifier:          sY5PgzUHRs9a8AHDNT5VImELSbAj82UxPbzVx1IDyBk=
Subject key identifier:   81:D8:96:E2:D2:FE:F0:65:25:AE:10:F4:B3:40:50:A5:53:0C:9B:36
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018723F253FDF6A42E56171C17F71D7B60E9
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/gdiW4tL-8GUlrhD0s0BQpVMMmzY.roa
Signing time:             Mon 27 Mar 2023 16:41:36 +0000
ROA not before:           Mon 27 Mar 2023 16:41:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8641
IP address blocks:        213.208.160.0/21 maxlen: 21
                          213.208.168.0/23 maxlen: 23
                          213.208.170.0/24 maxlen: 24
                          213.208.172.0/22 maxlen: 22
                          213.208.172.0/23 maxlen: 23
                          213.208.174.0/23 maxlen: 23
                          213.208.176.0/21 maxlen: 21
                          213.208.186.0/23 maxlen: 23
                          213.208.184.0/24 maxlen: 24
                          213.208.188.0/22 maxlen: 22
                          81.26.144.0/21 maxlen: 21
                          81.26.144.0/24 maxlen: 24
                          81.26.152.0/22 maxlen: 22
                          81.26.155.0/24 maxlen: 24
                          185.106.107.0/24 maxlen: 24
                          77.94.162.0/24 maxlen: 24
                          77.94.160.0/19 maxlen: 19
                          84.47.128.0/22 maxlen: 22
                          77.94.175.0/24 maxlen: 24
                          84.47.135.0/24 maxlen: 24
                          84.47.134.0/23 maxlen: 23
                          84.47.136.0/24 maxlen: 24
                          84.47.140.0/22 maxlen: 22
                          84.47.144.0/23 maxlen: 23
                          84.47.152.0/23 maxlen: 23
                          85.91.96.0/21 maxlen: 21
                          84.47.147.0/24 maxlen: 24
                          77.94.189.0/24 maxlen: 24
                          84.47.148.0/22 maxlen: 22
                          84.47.156.0/22 maxlen: 22
                          84.47.160.0/24 maxlen: 24
                          84.47.161.0/24 maxlen: 24
                          84.47.162.0/24 maxlen: 24
                          84.47.163.0/24 maxlen: 24
                          84.47.160.0/22 maxlen: 22
                          85.91.112.0/22 maxlen: 22
                          84.47.164.0/23 maxlen: 23
                          84.47.168.0/21 maxlen: 21
                          85.91.118.0/23 maxlen: 23
                          213.135.64.0/22 maxlen: 22
                          213.135.70.0/24 maxlen: 24
                          84.47.178.0/24 maxlen: 24
                          85.91.122.0/24 maxlen: 24
                          84.47.176.0/24 maxlen: 24
                          213.135.69.0/24 maxlen: 24
                          84.47.177.0/24 maxlen: 24
                          84.47.176.0/23 maxlen: 23
                          85.91.120.0/23 maxlen: 23
                          84.47.181.0/24 maxlen: 24
                          213.135.72.0/23 maxlen: 23
                          84.47.182.0/23 maxlen: 23
                          84.47.186.0/23 maxlen: 23
                          213.135.77.0/24 maxlen: 24
                          213.135.80.0/24 maxlen: 24
                          84.47.190.0/23 maxlen: 23
                          213.135.79.0/24 maxlen: 24
                          213.135.80.0/21 maxlen: 21
                          213.135.88.0/22 maxlen: 22
                          2a02:bc8::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 05 Apr 2023 08:10:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:23:f2:53:fd:f6:a4:2e:56:17:1c:17:f7:1d:7b:60:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Mar 27 16:41:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=81d896e2d2fef06525ae10f4b34050a5530c9b36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1d:f4:eb:aa:66:f3:f9:2b:32:46:de:24:56:
                    6d:42:74:c9:71:6f:7a:8e:19:f2:4d:ce:41:8b:f5:
                    1b:0e:c0:44:56:a3:90:33:38:90:30:31:15:ab:07:
                    88:ca:81:2b:c9:fa:31:42:a2:7c:b6:43:ee:12:6b:
                    44:7b:7a:ff:85:45:a1:21:be:01:da:08:b2:a6:8e:
                    f3:1a:c6:16:f5:7d:be:be:e8:93:6d:42:97:f9:40:
                    11:c2:16:c0:18:21:0d:ff:d7:b2:8b:5a:a5:fe:f2:
                    44:2f:85:8a:b8:5f:14:07:84:03:91:c1:bd:a2:14:
                    cb:65:56:f5:77:83:2f:49:56:df:9e:eb:4e:14:41:
                    6b:23:be:ee:3c:58:d1:04:65:25:d0:96:58:ab:1a:
                    ea:13:44:1b:85:e1:26:24:22:59:21:5f:9f:ef:c7:
                    06:1d:df:be:77:3e:fa:23:aa:f7:6d:67:f7:d1:fd:
                    58:07:38:52:e9:4b:d3:ec:f5:d9:25:8a:77:ee:8c:
                    1c:bc:d6:14:d8:b8:49:ab:8f:29:bd:01:0c:41:3b:
                    20:18:27:19:e5:54:b1:dc:d8:b0:7b:6f:0d:1a:93:
                    88:3f:5a:13:5f:2e:75:cb:3c:a6:96:20:2e:2a:d2:
                    62:69:ad:47:7a:03:4c:57:7b:26:30:9b:5d:d5:05:
                    6c:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D8:96:E2:D2:FE:F0:65:25:AE:10:F4:B3:40:50:A5:53:0C:9B:36
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/gdiW4tL-8GUlrhD0s0BQpVMMmzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.94.160.0/19
                  81.26.144.0-81.26.155.255
                  84.47.128.0/22
                  84.47.134.0-84.47.136.255
                  84.47.140.0-84.47.145.255
                  84.47.147.0-84.47.153.255
                  84.47.156.0-84.47.165.255
                  84.47.168.0-84.47.178.255
                  84.47.181.0-84.47.183.255
                  84.47.186.0/23
                  84.47.190.0/23
                  85.91.96.0/21
                  85.91.112.0/22
                  85.91.118.0-85.91.122.255
                  185.106.107.0/24
                  213.135.64.0/22
                  213.135.69.0-213.135.70.255
                  213.135.72.0/23
                  213.135.77.0/24
                  213.135.79.0-213.135.91.255
                  213.208.160.0-213.208.170.255
                  213.208.172.0-213.208.184.255
                  213.208.186.0-213.208.191.255
                IPv6:
                  2a02:bc8::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:0e:54:bf:94:a6:d0:b2:99:13:01:11:77:f0:dc:3e:37:fb:
         cf:20:33:65:2a:ec:ea:b5:93:f9:62:97:72:82:ae:e4:1f:a2:
         ea:17:c7:15:c0:ff:a6:25:cb:f3:56:5a:99:e4:61:61:ac:a1:
         c6:a4:8c:99:dc:6d:0d:45:c4:f1:a8:14:74:86:e0:1a:60:6d:
         4f:80:c3:a8:3c:9b:4f:e9:65:0e:04:f6:e9:bf:70:4f:09:84:
         c9:bf:a2:8a:74:84:1f:74:cc:e7:f4:94:6c:95:76:04:9a:2f:
         0e:30:83:15:1b:69:31:cc:06:d5:f3:cf:89:cf:01:11:ff:d5:
         28:a8:40:11:f6:0c:40:b3:0f:27:a6:5a:48:af:02:3f:98:3a:
         00:0b:8d:10:b2:8d:cf:6d:2d:9d:42:f8:b1:f2:0d:76:ec:30:
         03:43:a0:f5:e7:7f:0f:07:4a:f0:aa:c9:d9:56:3d:0c:59:0e:
         61:95:df:42:21:f7:c2:68:bb:e7:a4:3b:25:33:a7:00:c7:57:
         ef:f9:53:d8:d5:d1:74:95:9c:f1:74:31:81:6b:77:9e:89:a4:
         f4:d3:ff:34:2e:26:88:c4:e7:92:e3:db:04:9b:ff:91:57:4c:
         30:35:c9:3b:d2:47:77:d9:c9:04:cf:96:b0:45:34:97:aa:a5:
         c5:71:53:7e
-----BEGIN CERTIFICATE-----
MIIGADCCBOigAwIBAgISAYcj8lP99qQuVhccF/cde2DpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjMwMzI3MTY0MTM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWQ4OTZlMmQyZmVmMDY1MjVhZTEwZjRiMzQwNTBhNTUzMGM5YjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx3066pm8/krMkbeJFZtQnTJcW96
jhnyTc5Bi/UbDsBEVqOQMziQMDEVqweIyoEryfoxQqJ8tkPuEmtEe3r/hUWhIb4B
2giypo7zGsYW9X2+vuiTbUKX+UARwhbAGCEN/9eyi1ql/vJEL4WKuF8UB4QDkcG9
ohTLZVb1d4MvSVbfnutOFEFrI77uPFjRBGUl0JZYqxrqE0QbheEmJCJZIV+f78cG
Hd++dz76I6r3bWf30f1YBzhS6UvT7PXZJYp37owcvNYU2LhJq48pvQEMQTsgGCcZ
5VSx3Niwe28NGpOIP1oTXy51yzymliAuKtJiaa1HegNMV3smMJtd1QVsBwIDAQAB
o4IDDDCCAwgwHQYDVR0OBBYEFIHYluLS/vBlJa4Q9LNAUKVTDJs2MB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvZ2RpVzR0TC04R1VscmhEMHMwQlFwVk1NbXpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIAYIKwYBBQUHAQcBAf8EggEPMIIBCzCB+QQCAAEwgfID
BAVNXqAwDAMEBFEakAMEAlEamAMEAlQvgDAMAwQBVC+GAwQAVC+IMAwDBAJUL4wD
BAFUL5AwDAMEAFQvkwMEAVQvmDAMAwQCVC+cAwQBVC+kMAwDBANUL6gDBABUL7Iw
DAMEAFQvtQMEA1QvsAMEAVQvugMEAVQvvgMEA1VbYAMEAlVbcDAMAwQBVVt2AwQA
VVt6AwQAuWprAwQC1YdAMAwDBADVh0UDBADVh0YDBAHVh0gDBADVh00wDAMEANWH
TwMEAtWHWDAMAwQF1dCgAwQA1dCqMAwDBALV0KwDBADV0LgwDAMEAdXQugMEBtXQ
gDANBAIAAjAHAwUDKgILyDANBgkqhkiG9w0BAQsFAAOCAQEAdA5Uv5Sm0LKZEwER
d/DcPjf7zyAzZSrs6rWT+WKXcoKu5B+i6hfHFcD/piXL81ZameRhYayhxqSMmdxt
DUXE8agUdIbgGmBtT4DDqDybT+llDgT26b9wTwmEyb+iinSEH3TM5/SUbJV2BJov
DjCDFRtpMcwG1fPPic8BEf/VKKhAEfYMQLMPJ6ZaSK8CP5g6AAuNELKNz20tnUL4
sfINduwwA0Og9ed/DwdK8KrJ2VY9DFkOYZXfQiH3wmi756Q7JTOnAMdX7/lT2NXR
dJWc8XQxgWt3nomk9NP/NC4miMTnkuPbBJv/kVdMMDXJO9JHd9nJBM+WsEU0l6ql
xXFTfg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:05 2024 by rpki-client on console-ams.rpki-client.org