Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/2c2e61-7279-483c-8475-9bf19d84220f/1/RLFJ9qbVK18ILwd79JreGZ_7m3I.roa
File:                     RLFJ9qbVK18ILwd79JreGZ_7m3I.roa (raw, json)
Hash identifier:          JYq5QBxA7/J8PZsUUZSEJ1ZJ5X3boM2TnNQ8j/azilY=
Subject key identifier:   44:B1:49:F6:A6:D5:2B:5F:08:2F:07:7B:F4:9A:DE:19:9F:FB:9B:72
Certificate issuer:       /CN=f899aea56f50ff8f4342cbee2af2f288a168c930
Certificate serial:       0185701ED8DF613520F1EB75D56ED7B08275
Authority key identifier: F8:99:AE:A5:6F:50:FF:8F:43:42:CB:EE:2A:F2:F2:88:A1:68:C9:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-JmupW9Q_49DQsvuKvLyiKFoyTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/2c2e61-7279-483c-8475-9bf19d84220f/1/RLFJ9qbVK18ILwd79JreGZ_7m3I.roa
Signing time:             Mon 02 Jan 2023 01:35:47 +0000
ROA not before:           Mon 02 Jan 2023 01:35:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62412
IP address blocks:        185.183.220.0/22 maxlen: 24
                          193.202.122.0/24 maxlen: 24
                          193.31.68.0/22 maxlen: 24
                          45.150.216.0/22 maxlen: 24
                          188.214.240.0/23 maxlen: 24
                          185.36.208.0/23 maxlen: 24
                          2a0b:1f80::/29 maxlen: 64
                          2a0b:2f80::/29 maxlen: 64
                          2a0f:4f00::/29 maxlen: 64
                          2a0f:f940::/29 maxlen: 64
                          2a0d:5fc0::/29 maxlen: 64
                          2a04:6c00::/29 maxlen: 64

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:1e:d8:df:61:35:20:f1:eb:75:d5:6e:d7:b0:82:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f899aea56f50ff8f4342cbee2af2f288a168c930
        Validity
            Not Before: Jan  2 01:35:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=44b149f6a6d52b5f082f077bf49ade199ffb9b72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:87:bf:63:48:cf:67:05:22:06:a5:f1:20:df:
                    2d:9a:f2:73:30:9a:00:f2:0d:0b:00:6e:b5:b2:9f:
                    49:4f:a2:82:8f:fe:15:0c:58:93:27:5b:24:e3:7e:
                    6e:a7:de:d9:57:94:3c:fc:ac:85:cd:e8:a1:7d:2c:
                    f0:60:ad:21:d1:47:a8:84:f7:a2:7b:52:30:c5:eb:
                    09:d7:a7:c0:b7:fb:0b:fb:1a:4c:22:e8:93:72:4b:
                    91:ea:72:f8:80:3c:cd:51:8b:f9:ed:2e:82:51:ec:
                    b2:cb:5d:27:b6:54:57:69:f8:ae:f6:8d:4a:7e:41:
                    f9:0b:5e:5f:38:85:fd:bf:8e:4c:5c:e0:83:55:e6:
                    f9:84:56:3b:21:e2:be:82:24:8b:9a:7d:7e:0c:22:
                    7c:09:6e:7b:54:68:05:51:ab:63:ab:f3:f7:a3:b0:
                    b3:8c:59:51:af:69:02:58:05:fa:f4:a6:6a:57:27:
                    f2:ca:8c:9c:8d:59:97:95:5c:19:9f:e6:c1:6d:e0:
                    1b:91:d1:e8:01:ac:30:ca:59:36:46:49:92:72:60:
                    e7:15:b3:f2:38:dc:66:8c:58:3b:34:b7:18:2a:44:
                    3b:b6:30:c4:e1:18:3c:21:0b:b4:22:7a:2f:c1:d6:
                    15:33:2b:08:26:8b:61:9e:65:c7:04:f7:9d:24:c1:
                    7c:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:B1:49:F6:A6:D5:2B:5F:08:2F:07:7B:F4:9A:DE:19:9F:FB:9B:72
            X509v3 Authority Key Identifier:
                keyid:F8:99:AE:A5:6F:50:FF:8F:43:42:CB:EE:2A:F2:F2:88:A1:68:C9:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-JmupW9Q_49DQsvuKvLyiKFoyTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/2c2e61-7279-483c-8475-9bf19d84220f/1/RLFJ9qbVK18ILwd79JreGZ_7m3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/2c2e61-7279-483c-8475-9bf19d84220f/1/1-JmupW9Q_49DQsvuKvLyiKFoyTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.216.0/22
                  185.36.208.0/23
                  185.183.220.0/22
                  188.214.240.0/23
                  193.31.68.0/22
                  193.202.122.0/24
                IPv6:
                  2a04:6c00::/29
                  2a0b:1f80::/29
                  2a0b:2f80::/29
                  2a0d:5fc0::/29
                  2a0f:4f00::/29
                  2a0f:f940::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:7b:10:e8:21:c6:41:24:38:1a:d4:7a:aa:bd:3e:4d:90:5a:
         08:ee:29:f1:0a:1c:16:0b:b5:66:e9:2a:ef:2e:dc:40:a1:ab:
         dd:50:99:3d:f3:18:9d:3a:0f:13:2f:3f:bf:d0:52:17:67:83:
         10:58:e2:36:48:83:61:3f:aa:a3:c2:6b:fc:89:85:a8:d8:5b:
         ca:05:96:f5:9e:44:6e:68:ae:98:cf:cc:78:72:ea:07:88:ed:
         6f:71:a6:e3:e6:cc:5d:9f:60:96:6a:af:9d:3e:e7:7c:9c:32:
         e6:22:8d:d9:e5:c3:8b:84:af:d1:5b:2f:09:36:79:21:12:86:
         48:b7:31:6a:ff:1d:f1:98:1b:c3:5c:d0:3e:cc:3f:7d:cb:87:
         c0:cd:88:10:7a:ea:5d:66:46:69:1d:d2:b8:c4:c4:28:07:4c:
         37:1d:92:76:bd:5c:42:b0:b8:b8:69:ee:5b:eb:b6:22:07:d3:
         c9:44:c4:cc:cf:a8:51:d1:d3:12:c9:d5:b3:76:e5:a2:c7:d6:
         20:09:3c:ce:fc:52:cf:37:8c:00:60:bc:de:f0:a2:53:6b:21:
         45:b4:da:fc:b8:0e:4b:53:10:2b:4d:3f:65:b8:f4:4a:23:9b:
         14:29:16:69:06:6f:54:21:02:c2:7f:a8:e8:7f:29:26:4f:73:
         22:c8:ec:63
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYVwHtjfYTUg8et11W7XsIJ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OTlhZWE1NmY1MGZmOGY0MzQyY2JlZTJhZjJmMjg4YTE2
OGM5MzAwHhcNMjMwMTAyMDEzNTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGIxNDlmNmE2ZDUyYjVmMDgyZjA3N2JmNDlhZGUxOTlmZmI5YjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioe/Y0jPZwUiBqXxIN8tmvJzMJoA
8g0LAG61sp9JT6KCj/4VDFiTJ1sk435up97ZV5Q8/KyFzeihfSzwYK0h0UeohPei
e1IwxesJ16fAt/sL+xpMIuiTckuR6nL4gDzNUYv57S6CUeyyy10ntlRXafiu9o1K
fkH5C15fOIX9v45MXOCDVeb5hFY7IeK+giSLmn1+DCJ8CW57VGgFUatjq/P3o7Cz
jFlRr2kCWAX69KZqVyfyyoycjVmXlVwZn+bBbeAbkdHoAawwylk2RkmScmDnFbPy
ONxmjFg7NLcYKkQ7tjDE4Rg8IQu0InovwdYVMysIJothnmXHBPedJMF8WwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFESxSfam1StfCC8He/Sa3hmf+5tyMB8GA1UdIwQY
MBaAFPiZrqVvUP+PQ0LL7iry8oihaMkwMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1KbXVwVzlRXzQ5RFFzdnVLdkx5aUtGb3lUQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYvMmMyZTYxLTcyNzktNDgzYy04NDc1
LTliZjE5ZDg0MjIwZi8xL1JMRko5cWJWSzE4SUx3ZDc5SnJlR1pfN20zSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDYvMmMyZTYxLTcyNzktNDgzYy04NDc1LTliZjE5ZDg0MjIw
Zi8xLzEtSm11cFc5UV80OURRc3Z1S3ZMeWlLRm95VEEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwbwYIKwYBBQUHAQcBAf8EYDBeMCoEAgABMCQDBAItltgD
BAG5JNADBAK5t9wDBAG81vADBALBH0QDBADBynowMAQCAAIwKgMFAyoEbAADBQMq
Cx+AAwUDKgsvgAMFAyoNX8ADBQMqD08AAwUDKg/5QDANBgkqhkiG9w0BAQsFAAOC
AQEAbnsQ6CHGQSQ4GtR6qr0+TZBaCO4p8QocFgu1Zukq7y7cQKGr3VCZPfMYnToP
Ey8/v9BSF2eDEFjiNkiDYT+qo8Jr/ImFqNhbygWW9Z5EbmiumM/MeHLqB4jtb3Gm
4+bMXZ9glmqvnT7nfJwy5iKN2eXDi4Sv0VsvCTZ5IRKGSLcxav8d8Zgbw1zQPsw/
fcuHwM2IEHrqXWZGaR3SuMTEKAdMNx2Sdr1cQrC4uGnuW+u2IgfTyUTEzM+oUdHT
EsnVs3blosfWIAk8zvxSzzeMAGC83vCiU2shRbTa/LgOS1MQK00/Zbj0SiObFCkW
aQZvVCECwn+o6H8pJk9zIsjsYw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:38 2024 by rpki-client on console-fra.rpki-client.org