Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/SdRAF3gKgyZrPFPeWtfQMelzDyo.roa
File:                     SdRAF3gKgyZrPFPeWtfQMelzDyo.roa (raw, json)
Hash identifier:          h6J4Uvs8jrha3NOPFXbAnAooGQ6Dp9P4BZK2i3ea9gk=
Subject key identifier:   49:D4:40:17:78:0A:83:26:6B:3C:53:DE:5A:D7:D0:31:E9:73:0F:2A
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       01875CAF42178A2724DF3496EC63442432CE
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/SdRAF3gKgyZrPFPeWtfQMelzDyo.roa
Signing time:             Fri 07 Apr 2023 17:06:42 +0000
ROA not before:           Fri 07 Apr 2023 17:06:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57433
IP address blocks:        185.14.92.0/24 maxlen: 24
                          185.14.93.0/24 maxlen: 24
                          94.154.51.0/24 maxlen: 24
                          94.154.49.0/24 maxlen: 24
                          94.154.50.0/24 maxlen: 24
                          94.154.48.0/24 maxlen: 24
                          94.154.48.0/21 maxlen: 24
                          94.154.52.0/24 maxlen: 24
                          94.154.53.0/24 maxlen: 24
                          94.154.54.0/24 maxlen: 24
                          94.154.55.0/24 maxlen: 24
                          37.114.32.0/19 maxlen: 24
                          37.114.37.0/24 maxlen: 24
                          37.114.32.0/24 maxlen: 24
                          43.251.161.0/24 maxlen: 24
                          43.251.162.0/24 maxlen: 24
                          43.251.160.0/24 maxlen: 24
                          43.251.163.0/24 maxlen: 24
                          176.100.32.0/21 maxlen: 21
                          176.100.32.0/24 maxlen: 24
                          176.100.39.0/24 maxlen: 24
                          2a00:ccc1::/32 maxlen: 48
                          2a00:ccc1::/48 maxlen: 48
                          2a00:ccc0::/32 maxlen: 32
                          2a00:ccc1:4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:5c:af:42:17:8a:27:24:df:34:96:ec:63:44:24:32:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Apr  7 17:06:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=49d44017780a83266b3c53de5ad7d031e9730f2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f6:d6:bc:47:b5:e7:61:ba:fa:4e:90:c0:de:
                    35:4f:10:e5:f8:fd:c6:4a:14:46:ce:ed:6a:7f:b0:
                    b4:77:be:80:63:e4:ab:48:29:b0:e0:c5:5f:2b:b5:
                    77:88:2a:9c:4e:f7:69:dc:71:8f:8a:cb:6f:36:63:
                    33:67:b1:76:23:fa:57:87:16:61:c4:ab:31:2a:38:
                    05:07:ba:c7:ba:33:31:d7:ee:3b:eb:21:30:53:e4:
                    d0:98:02:37:98:73:3f:33:57:e2:2d:37:83:41:9c:
                    3c:7f:77:10:5a:67:0c:83:de:01:25:62:2d:d3:90:
                    ba:f7:97:5b:c5:ac:10:1f:1b:19:4f:8d:1e:5b:4b:
                    27:28:f7:e3:b5:07:f5:50:03:fa:56:7a:9a:69:70:
                    85:2d:08:aa:53:3e:a0:47:1b:60:72:f7:54:26:5b:
                    94:b4:cd:88:fc:b9:b0:a9:3d:c0:a8:b8:b4:89:0f:
                    0e:e1:da:4b:8a:04:97:e0:9c:b1:01:74:c2:36:e4:
                    df:3a:f7:63:dd:48:4e:5c:87:59:06:05:ac:c5:30:
                    5c:11:3e:1f:b1:67:6b:0f:85:34:a0:2b:bf:56:ef:
                    8c:47:84:3b:c2:e8:0e:82:cc:41:23:74:8a:8f:a0:
                    93:6c:51:eb:dd:35:ba:6e:03:9d:1e:59:ad:cb:d5:
                    b2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:D4:40:17:78:0A:83:26:6B:3C:53:DE:5A:D7:D0:31:E9:73:0F:2A
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/SdRAF3gKgyZrPFPeWtfQMelzDyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/19
                  43.251.160.0/22
                  94.154.48.0/21
                  176.100.32.0/21
                  185.14.92.0/23
                IPv6:
                  2a00:ccc0::/31

    Signature Algorithm: sha256WithRSAEncryption
         6a:16:fb:91:9a:ab:ab:72:23:ce:b8:7f:2b:e1:cb:c8:a2:b7:
         75:c2:42:bc:80:b8:b1:71:25:bf:6e:72:2f:f0:a6:53:c2:9a:
         42:0c:da:da:9c:de:28:12:69:b5:ce:f1:a5:8a:7a:51:07:65:
         a9:9c:37:a6:43:df:66:ce:1c:41:61:59:80:cb:4b:81:20:ba:
         03:84:60:53:81:38:72:bd:e9:99:72:0f:75:85:b4:c9:e8:9d:
         84:bd:9d:9b:a0:9d:87:4b:82:9e:ee:1c:f3:fd:80:14:72:e0:
         93:97:63:7f:71:cb:70:4d:58:65:d1:92:39:ba:a2:a0:b1:6d:
         95:48:31:9c:9e:c0:b4:3c:76:79:07:e6:4e:f3:b5:cc:1e:45:
         28:e6:66:aa:a4:cd:3f:02:51:2e:ed:11:3f:76:fe:5d:66:37:
         2c:8a:79:f3:8e:56:0c:c7:97:39:f9:fb:77:16:3c:6e:dc:b3:
         5d:3b:37:98:d9:90:84:54:38:4e:14:75:b3:3d:b4:aa:da:e6:
         c3:36:54:58:32:6f:d1:1d:8b:3c:61:ba:91:13:75:bf:1b:06:
         8d:13:0c:8b:17:43:35:5e:86:ec:4f:2c:86:a5:77:f7:5b:fa:
         5b:42:26:4e:73:b8:e4:e0:bc:af:4a:6e:23:d3:9b:e4:f2:ee:
         7e:f0:8b:4a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYdcr0IXiick3zSW7GNEJDLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjMwNDA3MTcwNjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWQ0NDAxNzc4MGE4MzI2NmIzYzUzZGU1YWQ3ZDAzMWU5NzMwZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPbWvEe152G6+k6QwN41TxDl+P3G
ShRGzu1qf7C0d76AY+SrSCmw4MVfK7V3iCqcTvdp3HGPistvNmMzZ7F2I/pXhxZh
xKsxKjgFB7rHujMx1+476yEwU+TQmAI3mHM/M1fiLTeDQZw8f3cQWmcMg94BJWIt
05C695dbxawQHxsZT40eW0snKPfjtQf1UAP6VnqaaXCFLQiqUz6gRxtgcvdUJluU
tM2I/LmwqT3AqLi0iQ8O4dpLigSX4JyxAXTCNuTfOvdj3UhOXIdZBgWsxTBcET4f
sWdrD4U0oCu/Vu+MR4Q7wugOgsxBI3SKj6CTbFHr3TW6bgOdHlmty9WyywIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFEnUQBd4CoMmazxT3lrX0DHpcw8qMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvU2RSQUYzZ0tneVpyUEZQZVd0ZlFNZWx6RHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFJXIgAwQC
K/ugAwQDXpowAwQDsGQgAwQBuQ5cMA0EAgACMAcDBQEqAMzAMA0GCSqGSIb3DQEB
CwUAA4IBAQBqFvuRmqurciPOuH8r4cvIord1wkK8gLixcSW/bnIv8KZTwppCDNra
nN4oEmm1zvGlinpRB2WpnDemQ99mzhxBYVmAy0uBILoDhGBTgThyvemZcg91hbTJ
6J2EvZ2boJ2HS4Ke7hzz/YAUcuCTl2N/cctwTVhl0ZI5uqKgsW2VSDGcnsC0PHZ5
B+ZO87XMHkUo5maqpM0/AlEu7RE/dv5dZjcsinnzjlYMx5c5+ft3Fjxu3LNdOzeY
2ZCEVDhOFHWzPbSq2ubDNlRYMm/RHYs8YbqRE3W/GwaNEwyLF0M1XobsTyyGpXf3
W/pbQiZOc7jk4LyvSm4j05vk8u5+8ItK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:57 2024 by rpki-client on console-fra.rpki-client.org