Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/xESBGdK6rNkeuXMuzO9I3F9VhKQ.roa
File:                     xESBGdK6rNkeuXMuzO9I3F9VhKQ.roa (raw, json)
Hash identifier:          53vSlF8m5ZppdHtN/7rm2DpN7M35zASrAjPC2YQABvY=
Subject key identifier:   C4:44:81:19:D2:BA:AC:D9:1E:B9:73:2E:CC:EF:48:DC:5F:55:84:A4
Certificate issuer:       /CN=a8e4918fc7fdfb73bba8cf58d4cb5fe449cf83f6
Certificate serial:       018EC7C619FA9966D67EACD17D498687A02A
Authority key identifier: A8:E4:91:8F:C7:FD:FB:73:BB:A8:CF:58:D4:CB:5F:E4:49:CF:83:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/xESBGdK6rNkeuXMuzO9I3F9VhKQ.roa
Signing time:             Wed 10 Apr 2024 11:30:32 +0000
ROA not before:           Wed 10 Apr 2024 11:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20773
IP address blocks:        37.61.212.0/24 maxlen: 24
                          37.61.214.0/24 maxlen: 24
                          37.61.215.0/24 maxlen: 24
                          37.61.221.0/24 maxlen: 24
                          37.61.223.0/24 maxlen: 24
                          85.195.75.0/24 maxlen: 24
                          85.195.76.0/24 maxlen: 24
                          85.195.82.0/24 maxlen: 24
                          85.195.83.0/24 maxlen: 24
                          85.195.85.0/24 maxlen: 24
                          85.195.86.0/24 maxlen: 24
                          85.195.88.0/24 maxlen: 24
                          85.195.89.0/24 maxlen: 24
                          85.195.90.0/24 maxlen: 24
                          85.195.91.0/24 maxlen: 24
                          85.195.92.0/24 maxlen: 24
                          85.195.93.0/24 maxlen: 24
                          85.195.95.0/24 maxlen: 24
                          85.195.96.0/24 maxlen: 24
                          85.195.98.0/24 maxlen: 24
                          85.195.99.0/24 maxlen: 24
                          85.195.100.0/24 maxlen: 24
                          85.195.102.0/24 maxlen: 24
                          85.195.103.0/24 maxlen: 24
                          85.195.107.0/24 maxlen: 24
                          85.195.109.0/24 maxlen: 24
                          85.195.110.0/24 maxlen: 24
                          85.195.114.0/24 maxlen: 24
                          85.195.115.0/24 maxlen: 24
                          85.195.116.0/24 maxlen: 24
                          85.195.119.0/24 maxlen: 24
                          85.195.120.0/24 maxlen: 24
                          85.195.124.0/24 maxlen: 24
                          85.195.127.0/24 maxlen: 24
                          92.204.162.0/24 maxlen: 24
                          92.204.186.0/24 maxlen: 24
                          92.204.194.0/23 maxlen: 23
                          146.0.226.0/24 maxlen: 24
                          146.0.227.0/24 maxlen: 24
                          146.0.228.0/24 maxlen: 24
                          146.0.230.0/24 maxlen: 24
                          146.0.232.0/24 maxlen: 24
                          146.0.234.0/24 maxlen: 24
                          146.0.235.0/24 maxlen: 24
                          146.0.236.0/24 maxlen: 24
                          146.0.237.0/24 maxlen: 24
                          146.0.245.0/24 maxlen: 24
                          146.0.247.0/24 maxlen: 24
                          146.0.249.0/24 maxlen: 24
                          146.0.250.0/24 maxlen: 24
                          146.0.251.0/24 maxlen: 24
                          146.0.255.0/24 maxlen: 24
                          185.19.216.0/24 maxlen: 24
                          185.19.217.0/24 maxlen: 24
                          185.19.218.0/24 maxlen: 24
                          185.19.219.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 16 Apr 2024 15:48:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:c6:19:fa:99:66:d6:7e:ac:d1:7d:49:86:87:a0:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8e4918fc7fdfb73bba8cf58d4cb5fe449cf83f6
        Validity
            Not Before: Apr 10 11:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4448119d2baacd91eb9732eccef48dc5f5584a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e5:b7:83:f9:55:88:0b:10:f6:7d:2b:15:23:
                    da:f1:31:67:39:fd:1b:b6:c9:20:c3:31:78:22:94:
                    cd:cf:31:5a:02:cb:eb:13:0c:a0:c7:aa:30:ac:b0:
                    58:7a:b0:95:94:d1:f6:82:5f:67:f8:c9:d1:8b:08:
                    78:eb:46:cf:94:da:3a:4b:07:64:94:18:23:82:f9:
                    21:66:a0:07:8f:a3:3e:3d:de:be:f3:74:c1:5c:c7:
                    ce:0e:0c:16:96:54:07:da:a3:26:2d:a0:4b:da:f0:
                    1a:4f:06:bc:b9:8e:ae:72:bd:4e:91:31:5c:e5:49:
                    bc:37:ce:6d:ab:91:a4:bb:98:2e:1c:24:3f:25:25:
                    b4:c6:45:8e:5e:bc:d8:6a:16:4f:a3:1e:68:fb:e0:
                    45:ab:f0:e9:e5:e9:30:eb:5a:f6:25:6f:fe:d1:1b:
                    60:fb:b2:bc:a5:cd:6d:3f:c8:05:a7:89:9a:d0:34:
                    af:31:a7:0b:2b:6a:37:d2:ca:64:2d:b3:fe:1e:d2:
                    cb:bd:9c:49:4e:72:a7:cb:57:75:89:a8:e8:e5:88:
                    43:35:fb:14:bb:a3:7f:98:6d:ed:f1:b8:30:e4:02:
                    51:16:c7:9c:36:96:3d:2b:db:7d:37:74:b3:4d:98:
                    60:9b:44:4d:53:a1:fe:07:ad:07:ec:a1:6e:7d:6f:
                    2e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:44:81:19:D2:BA:AC:D9:1E:B9:73:2E:CC:EF:48:DC:5F:55:84:A4
            X509v3 Authority Key Identifier:
                keyid:A8:E4:91:8F:C7:FD:FB:73:BB:A8:CF:58:D4:CB:5F:E4:49:CF:83:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/xESBGdK6rNkeuXMuzO9I3F9VhKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/185eb3-2ab2-45b5-aa33-015ea5019520/1/qOSRj8f9-3O7qM9Y1Mtf5EnPg_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.212.0/24
                  37.61.214.0/23
                  37.61.221.0/24
                  37.61.223.0/24
                  85.195.75.0-85.195.76.255
                  85.195.82.0/23
                  85.195.85.0-85.195.86.255
                  85.195.88.0-85.195.93.255
                  85.195.95.0-85.195.96.255
                  85.195.98.0-85.195.100.255
                  85.195.102.0/23
                  85.195.107.0/24
                  85.195.109.0-85.195.110.255
                  85.195.114.0-85.195.116.255
                  85.195.119.0-85.195.120.255
                  85.195.124.0/24
                  85.195.127.0/24
                  92.204.162.0/24
                  92.204.186.0/24
                  92.204.194.0/23
                  146.0.226.0-146.0.228.255
                  146.0.230.0/24
                  146.0.232.0/24
                  146.0.234.0-146.0.237.255
                  146.0.245.0/24
                  146.0.247.0/24
                  146.0.249.0-146.0.251.255
                  146.0.255.0/24
                  185.19.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:58:6d:90:85:5a:0c:f3:7d:76:de:bd:e8:db:0e:44:5a:ff:
         b8:ea:0b:19:ed:26:c7:b4:9e:e8:c8:c2:94:30:f7:f4:ef:12:
         24:04:6e:19:54:24:9d:73:ec:9e:bb:ab:32:fa:e2:36:bb:2a:
         40:b4:90:5a:42:3b:96:26:d8:cc:cc:38:6a:95:f5:d2:19:1c:
         89:ce:8b:ba:6d:81:93:63:a4:f4:9d:4a:31:16:78:a7:f9:ad:
         3d:d7:f3:68:06:20:c8:f2:59:bb:bf:5e:ca:e2:a4:85:8d:be:
         78:49:80:ba:4f:5b:1d:f6:cc:c5:26:8d:37:ad:45:fd:2e:a0:
         7f:af:70:ed:35:7a:0e:2e:3a:19:7f:67:96:74:7e:0d:11:74:
         ad:01:00:c3:8e:7c:54:7a:fd:e7:26:7f:64:ac:ec:f2:58:7e:
         e0:2e:9f:15:b9:f2:63:57:c2:2e:10:9b:d1:2b:af:53:7e:16:
         2e:1e:e1:87:d3:20:94:da:8d:6a:77:82:af:d7:99:96:4b:80:
         a1:0c:76:5b:bc:d3:08:69:7b:36:5c:ae:27:e5:84:48:44:56:
         cf:37:5e:37:67:34:24:09:b7:b3:97:c4:ef:8a:94:3e:58:cb:
         c1:07:cb:a3:b8:5c:96:f3:3e:bf:91:c9:52:57:8d:96:a8:7e:
         33:77:fc:e2
-----BEGIN CERTIFICATE-----
MIIGBzCCBO+gAwIBAgISAY7Hxhn6mWbWfqzRfUmGh6AqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4ZTQ5MThmYzdmZGZiNzNiYmE4Y2Y1OGQ0Y2I1ZmU0NDlj
ZjgzZjYwHhcNMjQwNDEwMTEzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDQ0ODExOWQyYmFhY2Q5MWViOTczMmVjY2VmNDhkYzVmNTU4NGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+W3g/lViAsQ9n0rFSPa8TFnOf0b
tskgwzF4IpTNzzFaAsvrEwygx6owrLBYerCVlNH2gl9n+MnRiwh460bPlNo6Swdk
lBgjgvkhZqAHj6M+Pd6+83TBXMfODgwWllQH2qMmLaBL2vAaTwa8uY6ucr1OkTFc
5Um8N85tq5Gku5guHCQ/JSW0xkWOXrzYahZPox5o++BFq/Dp5ekw61r2JW/+0Rtg
+7K8pc1tP8gFp4ma0DSvMacLK2o30spkLbP+HtLLvZxJTnKny1d1iajo5YhDNfsU
u6N/mG3t8bgw5AJRFsecNpY9K9t9N3SzTZhgm0RNU6H+B60H7KFufW8u8wIDAQAB
o4IDEzCCAw8wHQYDVR0OBBYEFMREgRnSuqzZHrlzLszvSNxfVYSkMB8GA1UdIwQY
MBaAFKjkkY/H/ftzu6jPWNTLX+RJz4P2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcU9TUmo4ZjktM083cU05WTFNdGY1RW5QZ19ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8xODVlYjMtMmFiMi00NWI1LWFhMzMt
MDE1ZWE1MDE5NTIwLzEveEVTQkdkSzZyTmtldVhNdXpPOUkzRjlWaEtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8xODVlYjMtMmFiMi00NWI1LWFhMzMtMDE1ZWE1MDE5NTIw
LzEvcU9TUmo4ZjktM083cU05WTFNdGY1RW5QZ19ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJwYIKwYBBQUHAQcBAf8EggEWMIIBEjCCAQ4EAgABMIIB
BgMEACU91AMEASU91gMEACU93QMEACU93zAMAwQAVcNLAwQAVcNMAwQBVcNSMAwD
BABVw1UDBABVw1YwDAMEA1XDWAMEAVXDXDAMAwQAVcNfAwQAVcNgMAwDBAFVw2ID
BABVw2QDBAFVw2YDBABVw2swDAMEAFXDbQMEAFXDbjAMAwQBVcNyAwQAVcN0MAwD
BABVw3cDBABVw3gDBABVw3wDBABVw38DBABczKIDBABczLoDBAFczMIwDAMEAZIA
4gMEAJIA5AMEAJIA5gMEAJIA6DAMAwQBkgDqAwQBkgDsAwQAkgD1AwQAkgD3MAwD
BACSAPkDBAKSAPgDBACSAP8DBAK5E9gwDQYJKoZIhvcNAQELBQADggEBAJZYbZCF
WgzzfXbevejbDkRa/7jqCxntJse0nujIwpQw9/TvEiQEbhlUJJ1z7J67qzL64ja7
KkC0kFpCO5Ym2MzMOGqV9dIZHInOi7ptgZNjpPSdSjEWeKf5rT3X82gGIMjyWbu/
XsripIWNvnhJgLpPWx32zMUmjTetRf0uoH+vcO01eg4uOhl/Z5Z0fg0RdK0BAMOO
fFR6/ecmf2Ss7PJYfuAunxW58mNXwi4Qm9Err1N+Fi4e4YfTIJTajWp3gq/XmZZL
gKEMdlu80whpezZcriflhEhEVs83XjdnNCQJt7OXxO+KlD5Yy8EHy6O4XJbzPr+R
yVJXjZaofjN3/OI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:44 2024 by rpki-client on console-fra.rpki-client.org