Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/zdx141jQAJdCYW9h9qiS13K-Fs0.roa
File:                     zdx141jQAJdCYW9h9qiS13K-Fs0.roa (raw, json)
Hash identifier:          43aDfkoukKcLF14FKS+JdZFewcw4KmUiSmIB6/2eMBo=
Subject key identifier:   CD:DC:75:E3:58:D0:00:97:42:61:6F:61:F6:A8:92:D7:72:BE:16:CD
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       0185EEC1AD2349A80FE8C9679D9F7758DE61
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/zdx141jQAJdCYW9h9qiS13K-Fs0.roa
Signing time:             Thu 26 Jan 2023 15:45:48 +0000
ROA not before:           Thu 26 Jan 2023 15:45:48 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59592
IP address blocks:        185.14.92.0/22 maxlen: 22
                          94.154.51.0/24 maxlen: 24
                          94.154.48.0/21 maxlen: 24
                          94.154.49.0/24 maxlen: 24
                          94.154.54.0/24 maxlen: 24
                          94.154.53.0/24 maxlen: 24
                          94.154.52.0/24 maxlen: 24
                          176.100.33.0/24 maxlen: 24
                          176.100.32.0/24 maxlen: 24
                          176.100.35.0/24 maxlen: 24
                          176.100.34.0/24 maxlen: 24
                          37.114.38.0/24 maxlen: 24
                          37.114.36.0/24 maxlen: 24
                          37.114.35.0/24 maxlen: 24
                          37.114.39.0/24 maxlen: 24
                          37.114.58.0/24 maxlen: 24
                          2a00:ccc2::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 24 Feb 2023 13:32:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:ee:c1:ad:23:49:a8:0f:e8:c9:67:9d:9f:77:58:de:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan 26 15:45:48 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cddc75e358d0009742616f61f6a892d772be16cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:07:05:54:17:8f:ae:ce:c5:b1:68:ba:76:b9:
                    13:e0:a7:80:c0:e0:d0:10:9e:28:92:15:4e:99:f2:
                    43:aa:37:7b:69:a6:9f:b5:0b:e6:68:44:fa:bd:55:
                    16:50:ed:b1:dc:23:7f:88:e8:25:95:57:fe:7d:0f:
                    c4:e6:05:ed:e9:8c:6b:53:18:09:17:25:53:94:62:
                    b1:ae:2f:26:67:b4:04:81:0e:4f:3a:5d:96:79:97:
                    0e:e7:ce:a2:04:7f:40:62:ac:aa:d5:da:7d:d2:53:
                    d9:77:db:54:56:51:20:91:ad:d8:bd:36:c5:75:e1:
                    40:33:dc:6a:80:59:56:62:34:e5:a1:f0:11:e3:56:
                    71:34:62:cc:13:47:7f:c0:72:a5:72:c0:05:6c:4f:
                    01:c4:7c:53:cc:2c:eb:89:86:9a:85:50:08:ca:2d:
                    ed:e6:9a:9d:b4:c5:22:ca:5f:03:a5:43:74:f9:f4:
                    21:e0:f9:44:10:68:2c:b9:2d:7d:85:8d:f7:a0:2a:
                    29:26:68:3f:39:5a:b5:43:94:d0:20:27:e5:1d:8d:
                    14:8e:3c:c6:cd:ac:10:38:43:47:be:84:51:57:18:
                    60:2b:fa:0f:38:44:47:7b:85:f8:44:06:f6:dd:fd:
                    45:04:8d:93:fe:fe:c4:83:d0:fe:a5:34:8c:25:8a:
                    82:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:DC:75:E3:58:D0:00:97:42:61:6F:61:F6:A8:92:D7:72:BE:16:CD
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/zdx141jQAJdCYW9h9qiS13K-Fs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.35.0-37.114.36.255
                  37.114.38.0/23
                  37.114.58.0/24
                  94.154.48.0/21
                  176.100.32.0/22
                  185.14.92.0/22
                IPv6:
                  2a00:ccc2::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:8a:5b:9a:98:c9:0a:75:12:94:ba:f2:f6:65:54:c7:d3:cd:
         2d:8a:3d:e4:3e:92:fc:db:9b:9a:21:ea:a0:e0:5b:e1:38:d1:
         03:6b:7a:03:a4:8d:e2:5c:78:52:52:76:2f:d6:3a:ee:b9:ef:
         cd:00:83:de:a9:44:cb:3b:a0:12:ad:3d:ad:5d:86:ae:b0:2a:
         ec:48:04:56:c0:5a:c6:29:26:b9:84:6a:2b:2d:b7:c4:f2:1f:
         38:70:30:69:59:dc:df:b1:ad:48:ea:8b:07:81:12:83:89:1d:
         17:ec:e2:ed:e2:85:a0:a9:98:88:99:32:a6:b6:b0:ce:7b:5a:
         82:e7:87:05:7b:d6:c6:df:40:4c:04:5d:b6:45:97:90:b2:00:
         b0:05:43:59:43:fa:38:82:da:46:55:a2:ab:07:1c:52:d6:f2:
         41:c0:56:b0:45:14:28:3b:dd:89:dd:34:86:4f:64:61:7c:4d:
         78:4d:a0:4d:f7:0c:ec:22:2b:59:5b:95:77:5e:75:e5:53:56:
         02:f4:d3:6a:ce:dd:70:f2:84:b0:43:5a:aa:97:e9:69:56:87:
         81:c7:b1:91:d7:b6:61:6d:46:05:27:98:e0:da:ab:e5:39:d6:
         5c:d9:30:00:c6:e3:0b:c1:aa:a4:86:be:50:81:02:c2:37:6d:
         ba:3a:97:4b
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYXuwa0jSagP6MlnnZ93WN5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjMwMTI2MTU0NTQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGRjNzVlMzU4ZDAwMDk3NDI2MTZmNjFmNmE4OTJkNzcyYmUxNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwcFVBePrs7FsWi6drkT4KeAwODQ
EJ4okhVOmfJDqjd7aaaftQvmaET6vVUWUO2x3CN/iOgllVf+fQ/E5gXt6YxrUxgJ
FyVTlGKxri8mZ7QEgQ5POl2WeZcO586iBH9AYqyq1dp90lPZd9tUVlEgka3YvTbF
deFAM9xqgFlWYjTlofAR41ZxNGLME0d/wHKlcsAFbE8BxHxTzCzriYaahVAIyi3t
5pqdtMUiyl8DpUN0+fQh4PlEEGgsuS19hY33oCopJmg/OVq1Q5TQICflHY0UjjzG
zawQOENHvoRRVxhgK/oPOERHe4X4RAb23f1FBI2T/v7Eg9D+pTSMJYqCjwIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFM3cdeNY0ACXQmFvYfaoktdyvhbNMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvemR4MTQxalFBSmRDWVc5aDlxaVMxM0stRnMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsMAwDBAAlciMD
BAAlciQDBAElciYDBAAlcjoDBANemjADBAKwZCADBAK5DlwwDQQCAAIwBwMFACoA
zMIwDQYJKoZIhvcNAQELBQADggEBAFiKW5qYyQp1EpS68vZlVMfTzS2KPeQ+kvzb
m5oh6qDgW+E40QNregOkjeJceFJSdi/WOu65780Ag96pRMs7oBKtPa1dhq6wKuxI
BFbAWsYpJrmEaistt8TyHzhwMGlZ3N+xrUjqiweBEoOJHRfs4u3ihaCpmIiZMqa2
sM57WoLnhwV71sbfQEwEXbZFl5CyALAFQ1lD+jiC2kZVoqsHHFLW8kHAVrBFFCg7
3YndNIZPZGF8TXhNoE33DOwiK1lblXdedeVTVgL002rO3XDyhLBDWqqX6WlWh4HH
sZHXtmFtRgUnmODaq+U51lzZMADG4wvBqqSGvlCBAsI3bbo6l0s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:57 2024 by rpki-client on console-fra.rpki-client.org