Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/yzIPsa85Ud74ZkQQO1a7Ki3qO7Q.roa
File:                     yzIPsa85Ud74ZkQQO1a7Ki3qO7Q.roa (raw, json)
Hash identifier:          V1k7Xl1OqPouzrm+e4IHHWnLWzsphHtOHMKWgXxEgrs=
Subject key identifier:   CB:32:0F:B1:AF:39:51:DE:F8:66:44:10:3B:56:BB:2A:2D:EA:3B:B4
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018CC94E137A2D62BA957EAD874DE5B774A8
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/yzIPsa85Ud74ZkQQO1a7Ki3qO7Q.roa
Signing time:             Tue 02 Jan 2024 08:33:06 +0000
ROA not before:           Tue 02 Jan 2024 08:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60461
IP address blocks:        185.14.93.0/24 maxlen: 24
                          185.14.92.0/24 maxlen: 24
                          94.154.50.0/24 maxlen: 24
                          94.154.55.0/24 maxlen: 24
                          37.114.32.0/19 maxlen: 24
                          37.114.33.0/24 maxlen: 24
                          37.114.44.0/24 maxlen: 24
                          37.114.43.0/24 maxlen: 24
                          37.114.39.0/24 maxlen: 24
                          37.114.51.0/24 maxlen: 24
                          37.114.50.0/24 maxlen: 24
                          37.114.49.0/24 maxlen: 24
                          37.114.48.0/24 maxlen: 24
                          37.114.46.0/24 maxlen: 24
                          37.114.45.0/24 maxlen: 24
                          37.114.58.0/24 maxlen: 24
                          37.114.55.0/24 maxlen: 24
                          37.114.54.0/24 maxlen: 24
                          37.114.52.0/24 maxlen: 24
                          37.114.63.0/24 maxlen: 24
                          43.251.161.0/24 maxlen: 24
                          43.251.160.0/24 maxlen: 24
                          176.100.38.0/24 maxlen: 24
                          176.100.37.0/24 maxlen: 24
                          176.100.36.0/24 maxlen: 24
                          176.100.39.0/24 maxlen: 24
                          2a00:ccc3::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 28 May 2024 08:06:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:13:7a:2d:62:ba:95:7e:ad:87:4d:e5:b7:74:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  2 08:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb320fb1af3951def86644103b56bb2a2dea3bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:df:ab:c7:04:14:57:a9:da:e2:cc:1c:c9:47:
                    d7:39:f4:f8:23:18:61:41:48:9d:5d:55:e2:18:22:
                    3c:72:37:35:48:cb:12:4d:64:b8:8e:d5:f2:1b:71:
                    af:3a:c9:23:e1:d1:e9:b7:61:c3:d1:00:71:36:38:
                    74:db:09:e7:05:bc:4b:18:d6:00:68:f5:41:78:46:
                    b8:53:73:ce:5d:44:75:b5:f9:04:68:b9:c5:80:cc:
                    e6:b0:90:c0:03:b2:3a:3a:cc:7a:fb:62:1d:51:f5:
                    62:92:8a:8a:68:3b:a0:d7:5a:a9:e6:34:54:8a:af:
                    e8:7e:2c:21:b3:d6:74:b7:c1:5b:29:af:bb:b2:6c:
                    9c:09:6d:6d:0c:21:43:e8:a3:7f:ec:e9:70:27:f3:
                    7f:2a:71:0e:25:15:da:31:dd:ca:d2:6f:92:9e:e0:
                    a4:f5:99:72:3b:37:68:07:6a:67:0e:3b:7d:8b:97:
                    06:59:8a:73:47:bb:70:b0:d9:18:31:5c:80:c6:f5:
                    63:b7:da:80:96:74:70:ed:b2:81:d8:30:07:df:81:
                    59:e9:ca:02:0d:73:c6:3c:01:0b:3e:3f:cc:47:c5:
                    a8:d3:81:fd:6d:79:2f:2b:9b:a7:24:ea:44:2f:01:
                    3f:d9:71:e1:5e:48:76:81:75:f2:ca:c4:f2:a1:e8:
                    82:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:32:0F:B1:AF:39:51:DE:F8:66:44:10:3B:56:BB:2A:2D:EA:3B:B4
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/yzIPsa85Ud74ZkQQO1a7Ki3qO7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/19
                  43.251.160.0/23
                  94.154.50.0/24
                  94.154.55.0/24
                  176.100.36.0/22
                  185.14.92.0/23
                IPv6:
                  2a00:ccc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:69:e1:ef:7a:fa:45:82:f2:72:61:c0:c1:a1:3a:c9:8d:94:
         09:8a:36:50:13:28:fa:c0:2a:4e:af:81:d4:ab:22:b6:05:61:
         7b:d1:d6:db:b9:e1:d4:5f:ab:65:f6:f2:a7:21:5a:bf:97:3f:
         10:b6:dc:55:be:ec:b6:b7:15:7f:64:db:21:f1:1d:57:1e:4b:
         2d:d6:22:01:7a:09:38:8c:3d:22:25:0f:6a:83:70:cd:12:f3:
         ce:04:ed:de:6b:be:a3:b4:5e:a4:d6:b5:74:f3:cc:dd:ff:a0:
         18:72:67:42:be:f1:c2:e5:e2:31:b3:37:b9:46:df:75:b6:e4:
         59:89:3b:1b:24:6e:38:02:ba:87:ba:3f:a5:f4:f6:10:f5:08:
         a2:ef:df:95:90:af:6b:64:bb:19:c9:fd:03:23:e1:66:d7:6a:
         fd:39:c6:5d:47:bc:56:bb:50:dc:26:8e:25:3e:88:64:49:6d:
         8c:6f:be:5a:6b:93:a5:e7:fc:95:91:80:f2:f7:8e:db:ca:ef:
         af:9b:09:bf:a9:b1:83:70:f3:e8:28:14:bc:6e:7c:db:5a:b7:
         3b:39:63:44:9d:63:0d:c8:05:4d:8d:c0:6a:25:b3:af:f1:3a:
         ea:fa:ef:cd:82:90:de:ac:86:6d:55:d1:9e:67:19:e4:21:bc:
         2c:88:38:62
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYzJThN6LWK6lX6th03lt3SoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwMTAyMDgzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjMyMGZiMWFmMzk1MWRlZjg2NjQ0MTAzYjU2YmIyYTJkZWEzYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9+rxwQUV6na4swcyUfXOfT4Ixhh
QUidXVXiGCI8cjc1SMsSTWS4jtXyG3GvOskj4dHpt2HD0QBxNjh02wnnBbxLGNYA
aPVBeEa4U3POXUR1tfkEaLnFgMzmsJDAA7I6Osx6+2IdUfVikoqKaDug11qp5jRU
iq/ofiwhs9Z0t8FbKa+7smycCW1tDCFD6KN/7OlwJ/N/KnEOJRXaMd3K0m+SnuCk
9ZlyOzdoB2pnDjt9i5cGWYpzR7twsNkYMVyAxvVjt9qAlnRw7bKB2DAH34FZ6coC
DXPGPAELPj/MR8Wo04H9bXkvK5unJOpELwE/2XHhXkh2gXXyysTyoeiCPQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFMsyD7GvOVHe+GZEEDtWuyot6ju0MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEveXpJUHNhODVVZDc0WmtRUU8xYTdLaTNxTzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFJXIgAwQB
K/ugAwQAXpoyAwQAXpo3AwQCsGQkAwQBuQ5cMA0EAgACMAcDBQAqAMzDMA0GCSqG
SIb3DQEBCwUAA4IBAQBQaeHvevpFgvJyYcDBoTrJjZQJijZQEyj6wCpOr4HUqyK2
BWF70dbbueHUX6tl9vKnIVq/lz8QttxVvuy2txV/ZNsh8R1XHkst1iIBegk4jD0i
JQ9qg3DNEvPOBO3ea76jtF6k1rV088zd/6AYcmdCvvHC5eIxsze5Rt91tuRZiTsb
JG44ArqHuj+l9PYQ9Qii79+VkK9rZLsZyf0DI+Fm12r9OcZdR7xWu1DcJo4lPohk
SW2Mb75aa5Ol5/yVkYDy947byu+vmwm/qbGDcPPoKBS8bnzbWrc7OWNEnWMNyAVN
jcBqJbOv8Trq+u/NgpDerIZtVdGeZxnkIbwsiDhi
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:57 2024 by rpki-client on console-fra.rpki-client.org