Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/x58Q4tbREdJXlZiEr4LFwzLZNqE.roa
File:                     x58Q4tbREdJXlZiEr4LFwzLZNqE.roa (raw, json)
Hash identifier:          72xbIrItaIiFbmKCeeLUrFvK1JvXfrQdhIzowxRDS3g=
Subject key identifier:   C7:9F:10:E2:D6:D1:11:D2:57:95:98:84:AF:82:C5:C3:32:D9:36:A1
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018CC5013E046ED7608C64A8BCABB178311A
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/x58Q4tbREdJXlZiEr4LFwzLZNqE.roa
Signing time:             Mon 01 Jan 2024 12:30:42 +0000
ROA not before:           Mon 01 Jan 2024 12:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     33922
IP address blocks:        88.216.164.0/24 maxlen: 24
                          88.216.165.0/24 maxlen: 24
                          88.216.166.0/24 maxlen: 24
                          88.216.167.0/24 maxlen: 24
                          88.216.148.0/24 maxlen: 24
                          88.216.68.0/22 maxlen: 24
                          84.32.182.0/24 maxlen: 24
                          84.32.183.0/24 maxlen: 24
                          88.216.76.0/22 maxlen: 24
                          84.32.180.0/24 maxlen: 24
                          84.32.181.0/24 maxlen: 24
                          84.32.116.0/23 maxlen: 24
                          84.32.114.0/23 maxlen: 24
                          88.216.24.0/23 maxlen: 24
                          88.216.26.0/23 maxlen: 24
                          88.216.28.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 Apr 2024 18:52:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3e:04:6e:d7:60:8c:64:a8:bc:ab:b1:78:31:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Jan  1 12:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c79f10e2d6d111d257959884af82c5c332d936a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f4:82:c2:41:49:16:f2:e3:33:67:40:c8:97:
                    5f:ee:68:8f:fc:43:bd:46:9b:02:48:83:62:7f:0f:
                    e6:95:fe:89:cf:e1:84:05:0e:b6:55:c0:30:1d:cb:
                    f0:77:e7:ea:d4:21:b4:30:22:d1:ca:d9:b4:9d:a2:
                    4b:3d:88:ee:5f:d5:cc:34:bd:88:1a:cc:3f:7a:60:
                    83:ee:53:fc:78:5b:ad:22:cf:92:81:df:11:f2:b5:
                    ab:d6:af:a1:df:76:35:ac:70:3c:2a:7d:54:fd:f9:
                    40:80:ae:64:13:8a:bc:2a:f1:63:45:26:c4:e0:02:
                    3a:3a:5b:a6:cc:ac:29:6b:ec:9f:5d:7f:05:b9:c1:
                    d4:91:df:b8:29:68:63:a6:ef:40:8a:84:6d:27:99:
                    ea:d1:d3:c0:e8:2c:0e:75:f2:24:1a:ea:16:bc:9f:
                    e4:f1:8c:d0:3b:50:f2:b0:f0:47:b3:dd:ad:dd:cf:
                    ae:1d:bb:f4:c5:74:aa:fb:bb:56:70:41:22:e1:9a:
                    a4:ad:66:88:4a:02:2c:93:d4:60:07:fd:b7:a2:af:
                    dd:22:fc:88:cb:e1:53:08:9e:69:c7:45:f1:a0:3d:
                    d7:d7:48:22:e8:44:53:f3:47:ea:2b:e4:34:d9:f6:
                    77:5f:32:7a:70:ee:ec:81:3e:94:dd:fe:7b:36:18:
                    a7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:9F:10:E2:D6:D1:11:D2:57:95:98:84:AF:82:C5:C3:32:D9:36:A1
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/x58Q4tbREdJXlZiEr4LFwzLZNqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.114.0-84.32.117.255
                  84.32.180.0/22
                  88.216.24.0/21
                  88.216.68.0/22
                  88.216.76.0/22
                  88.216.148.0/24
                  88.216.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:15:62:46:d6:42:04:80:5c:4d:14:95:80:8c:ea:ae:a4:0f:
         ad:fe:aa:e7:ff:be:e4:36:f3:1f:6c:35:68:6f:5c:9a:3b:f3:
         d7:93:d8:4a:26:3f:db:27:d6:a1:6a:64:35:b1:e4:ac:41:40:
         13:12:e8:4e:7c:d6:08:11:25:d5:02:69:d3:36:75:e3:54:e9:
         5f:54:96:00:04:dc:28:2d:9f:bb:db:39:9e:5b:15:f1:66:a6:
         c9:1c:a4:ea:a4:9d:16:92:66:30:13:89:95:3a:e6:09:ee:66:
         24:7c:dc:59:f6:62:a4:7d:91:54:51:13:73:42:92:68:05:64:
         b9:d9:72:7d:35:ec:89:6e:88:c1:81:39:ca:ca:e6:20:6b:db:
         a8:f6:8c:8f:2b:4c:74:07:f7:84:3c:4c:24:88:c5:9f:b3:2c:
         8b:59:96:f5:45:0a:fc:c7:25:50:ab:26:00:a6:0b:bb:91:54:
         c2:36:68:95:e5:84:ee:ba:b9:25:55:86:99:cf:8b:20:c9:62:
         ae:c7:06:1c:2e:21:78:f6:07:88:f4:1f:78:9b:c8:a5:dd:14:
         e6:b5:f3:7d:61:33:91:25:5a:dc:0b:6b:0a:40:a5:2d:ad:91:
         89:96:f9:63:31:da:72:08:78:59:17:d7:2d:53:0d:d3:f2:87:
         ae:bb:16:58
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzFAT4EbtdgjGSovKuxeDEaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMTAxMTIzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzlmMTBlMmQ2ZDExMWQyNTc5NTk4ODRhZjgyYzVjMzMyZDkzNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfSCwkFJFvLjM2dAyJdf7miP/EO9
RpsCSINifw/mlf6Jz+GEBQ62VcAwHcvwd+fq1CG0MCLRytm0naJLPYjuX9XMNL2I
Gsw/emCD7lP8eFutIs+Sgd8R8rWr1q+h33Y1rHA8Kn1U/flAgK5kE4q8KvFjRSbE
4AI6OlumzKwpa+yfXX8FucHUkd+4KWhjpu9AioRtJ5nq0dPA6CwOdfIkGuoWvJ/k
8YzQO1DysPBHs92t3c+uHbv0xXSq+7tWcEEi4ZqkrWaISgIsk9RgB/23oq/dIvyI
y+FTCJ5px0XxoD3X10gi6ERT80fqK+Q02fZ3XzJ6cO7sgT6U3f57NhincQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFMefEOLW0RHSV5WYhK+CxcMy2TahMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEveDU4UTR0YlJFZEpYbFppRXI0TEZ3ekxaTnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyMAwDBAFUIHID
BAFUIHQDBAJUILQDBANY2BgDBAJY2EQDBAJY2EwDBABY2JQDBAJY2KQwDQYJKoZI
hvcNAQELBQADggEBAJYVYkbWQgSAXE0UlYCM6q6kD63+quf/vuQ28x9sNWhvXJo7
89eT2EomP9sn1qFqZDWx5KxBQBMS6E581ggRJdUCadM2deNU6V9UlgAE3Cgtn7vb
OZ5bFfFmpskcpOqknRaSZjATiZU65gnuZiR83Fn2YqR9kVRRE3NCkmgFZLnZcn01
7IluiMGBOcrK5iBr26j2jI8rTHQH94Q8TCSIxZ+zLItZlvVFCvzHJVCrJgCmC7uR
VMI2aJXlhO66uSVVhpnPiyDJYq7HBhwuIXj2B4j0H3ibyKXdFOa1831hM5ElWtwL
awpApS2tkYmW+WMx2nIIeFkX1y1TDdPyh667Flg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:36 2024 by rpki-client on console-fra.rpki-client.org