Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/Xxq-6d6_rax37Wb2mxpFDeZfzb0.roa
File:                     Xxq-6d6_rax37Wb2mxpFDeZfzb0.roa (raw, json)
Hash identifier:          a6JOfyD+xoJs0pIUyqWtqSqi+uBdivWyTMVMwWBMd9A=
Subject key identifier:   5F:1A:BE:E9:DE:BF:AD:AC:77:ED:66:F6:9B:1A:45:0D:E6:5F:CD:BD
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018BDE037C6264720CB7A774C742B3BF67A7
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/Xxq-6d6_rax37Wb2mxpFDeZfzb0.roa
Signing time:             Fri 17 Nov 2023 16:00:52 +0000
ROA not before:           Fri 17 Nov 2023 16:00:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44486
IP address blocks:        185.14.94.0/24 maxlen: 24
                          185.14.95.0/24 maxlen: 24
                          37.114.36.0/24 maxlen: 24
                          37.114.33.0/24 maxlen: 24
                          37.114.35.0/24 maxlen: 24
                          37.114.34.0/24 maxlen: 24
                          37.114.32.0/24 maxlen: 24
                          37.114.38.0/23 maxlen: 24
                          37.114.43.0/24 maxlen: 24
                          37.114.42.0/24 maxlen: 24
                          37.114.51.0/24 maxlen: 24
                          37.114.50.0/24 maxlen: 24
                          37.114.47.0/24 maxlen: 24
                          37.114.49.0/24 maxlen: 24
                          37.114.48.0/24 maxlen: 24
                          37.114.53.0/24 maxlen: 24
                          37.114.52.0/24 maxlen: 24
                          37.114.57.0/24 maxlen: 24
                          37.114.56.0/24 maxlen: 24
                          37.114.55.0/24 maxlen: 24
                          103.252.88.0/22 maxlen: 22
                          37.114.61.0/24 maxlen: 24
                          37.114.60.0/24 maxlen: 24
                          37.114.62.0/24 maxlen: 24
                          37.114.59.0/24 maxlen: 24
                          43.251.162.0/23 maxlen: 23
                          176.100.33.0/24 maxlen: 24
                          176.100.32.0/24 maxlen: 24
                          176.100.34.0/24 maxlen: 24
                          176.100.35.0/24 maxlen: 24
                          2a00:ccc1:100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:de:03:7c:62:64:72:0c:b7:a7:74:c7:42:b3:bf:67:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Nov 17 16:00:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f1abee9debfadac77ed66f69b1a450de65fcdbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f7:1f:ce:65:1e:7c:a6:9b:ce:0b:ad:3e:a1:
                    37:d5:d3:d9:96:b8:0d:48:25:82:f1:36:09:1f:4b:
                    7a:13:0f:ae:fe:e6:ab:d2:39:86:c0:e7:43:89:0c:
                    17:75:ad:63:37:50:08:4a:96:2a:4b:2d:3b:4b:a9:
                    1d:95:63:b0:95:5b:46:6b:e5:b1:31:cd:25:55:44:
                    b3:18:5e:28:93:db:d8:43:f8:3b:bd:ec:9b:9d:79:
                    11:02:84:72:72:d9:d0:e7:dc:0e:5a:1c:17:53:b3:
                    7d:fc:3d:d9:f2:1f:10:9d:4f:e4:fc:09:bf:7f:67:
                    dc:75:44:ff:48:a5:b4:35:e7:43:e6:0c:0e:3c:98:
                    16:6d:c0:62:60:46:b8:f2:bf:99:4f:c2:7b:49:67:
                    c5:ee:1d:4a:81:60:c6:e9:61:34:64:98:86:8f:1b:
                    52:77:85:c9:92:e9:fe:90:15:d0:43:1a:b4:9c:39:
                    fc:dd:04:8d:bf:65:ac:95:5f:73:5b:21:2a:e0:0b:
                    cf:56:87:b0:53:0b:bc:b9:0a:6c:a7:3b:78:58:3d:
                    ff:5b:4c:dd:c8:bc:fe:0d:8e:0c:45:5b:ac:37:59:
                    ff:58:62:b2:93:be:46:41:fb:0f:fb:e7:b2:dd:6b:
                    f6:61:94:a7:5c:1a:63:a9:3d:b7:8f:db:80:a9:87:
                    bc:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:1A:BE:E9:DE:BF:AD:AC:77:ED:66:F6:9B:1A:45:0D:E6:5F:CD:BD
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/Xxq-6d6_rax37Wb2mxpFDeZfzb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0-37.114.36.255
                  37.114.38.0/23
                  37.114.42.0/23
                  37.114.47.0-37.114.53.255
                  37.114.55.0-37.114.57.255
                  37.114.59.0-37.114.62.255
                  43.251.162.0/23
                  103.252.88.0/22
                  176.100.32.0/22
                  185.14.94.0/23
                IPv6:
                  2a00:ccc1:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         14:b1:36:74:f3:24:da:c8:3c:7f:a0:63:25:6e:8a:51:65:b2:
         b1:c5:af:de:80:cf:74:a0:2b:62:0f:bc:7d:79:a3:53:95:cf:
         4d:1a:2f:f3:56:66:a9:16:3d:d0:1d:27:fb:09:d7:8e:8c:9b:
         cb:b6:17:36:99:42:12:4c:92:14:c0:0f:99:3d:90:75:47:7b:
         e0:28:36:4e:46:73:8d:d1:3d:fc:4f:f5:39:7a:6b:47:b5:38:
         7f:17:60:8b:35:d8:01:22:e0:e8:27:ec:0b:8e:ee:a3:fb:c5:
         38:ba:d9:a7:31:be:53:94:ce:c6:22:ac:04:c6:b6:49:a3:eb:
         f8:0c:bf:b1:d4:de:16:76:dd:5f:d7:9d:b1:34:e9:de:c2:53:
         fd:8d:e1:92:3d:6c:35:bc:65:61:f9:8e:69:d1:99:e8:e9:cd:
         ae:ad:37:10:0a:8e:dc:86:92:89:99:4b:95:1b:52:d6:b2:b4:
         ee:68:5d:e4:e6:a7:fd:36:55:22:74:18:01:46:04:99:0c:39:
         07:25:2c:bb:50:42:ae:fc:27:a9:c6:ed:18:76:35:ba:6c:f1:
         9c:8a:ca:6b:14:69:2f:84:0f:34:de:10:81:fb:4e:83:ab:15:
         fc:be:9a:c0:ae:46:c1:ca:71:61:b2:43:67:36:1c:80:5c:38:
         62:bc:84:50
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYveA3xiZHIMt6d0x0Kzv2enMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjMxMTE3MTYwMDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjFhYmVlOWRlYmZhZGFjNzdlZDY2ZjY5YjFhNDUwZGU2NWZjZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfcfzmUefKabzgutPqE31dPZlrgN
SCWC8TYJH0t6Ew+u/uar0jmGwOdDiQwXda1jN1AISpYqSy07S6kdlWOwlVtGa+Wx
Mc0lVUSzGF4ok9vYQ/g7veybnXkRAoRyctnQ59wOWhwXU7N9/D3Z8h8QnU/k/Am/
f2fcdUT/SKW0NedD5gwOPJgWbcBiYEa48r+ZT8J7SWfF7h1KgWDG6WE0ZJiGjxtS
d4XJkun+kBXQQxq0nDn83QSNv2WslV9zWyEq4AvPVoewUwu8uQpspzt4WD3/W0zd
yLz+DY4MRVusN1n/WGKyk75GQfsP++ey3Wv2YZSnXBpjqT23j9uAqYe8EwIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFF8avunev62sd+1m9psaRQ3mX829MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvWHhxLTZkNl9yYXgzN1diMm14cEZEZVpmemIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwYgQCAAEwXDAMAwQFJXIg
AwQAJXIkAwQBJXImAwQBJXIqMAwDBAAlci8DBAElcjQwDAMEACVyNwMEASVyODAM
AwQAJXI7AwQAJXI+AwQBK/uiAwQCZ/xYAwQCsGQgAwQBuQ5eMA4EAgACMAgDBgAq
AMzBATANBgkqhkiG9w0BAQsFAAOCAQEAFLE2dPMk2sg8f6BjJW6KUWWyscWv3oDP
dKArYg+8fXmjU5XPTRov81ZmqRY90B0n+wnXjoyby7YXNplCEkySFMAPmT2QdUd7
4Cg2TkZzjdE9/E/1OXprR7U4fxdgizXYASLg6CfsC47uo/vFOLrZpzG+U5TOxiKs
BMa2SaPr+Ay/sdTeFnbdX9edsTTp3sJT/Y3hkj1sNbxlYfmOadGZ6OnNrq03EAqO
3IaSiZlLlRtS1rK07mhd5Oan/TZVInQYAUYEmQw5ByUsu1BCrvwnqcbtGHY1umzx
nIrKaxRpL4QPNN4QgftOg6sV/L6awK5GwcpxYbJDZzYcgFw4YryEUA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:18 2024 by rpki-client on console-ams.rpki-client.org