Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/CdBl8uti2waOq_W4UGUCm0NqJFo.roa
File:                     CdBl8uti2waOq_W4UGUCm0NqJFo.roa (raw, json)
Hash identifier:          H4HXnXqCfc2s07BP/8dleewXV9CcC2teMa1SXNpJuIs=
Subject key identifier:   09:D0:65:F2:EB:62:DB:06:8E:AB:F5:B8:50:65:02:9B:43:6A:24:5A
Certificate issuer:       /CN=69a4d6916b93159aa80984a9b3774683bb550ebd
Certificate serial:       018ADB4CF01D273487E82F569F953172BD71
Authority key identifier: 69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/CdBl8uti2waOq_W4UGUCm0NqJFo.roa
Signing time:             Thu 28 Sep 2023 10:19:27 +0000
ROA not before:           Thu 28 Sep 2023 10:19:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205952
IP address blocks:        62.213.72.0/21 maxlen: 21
                          62.213.86.0/24 maxlen: 24
                          62.213.94.0/23 maxlen: 23
                          62.213.102.0/23 maxlen: 23
                          212.158.168.0/24 maxlen: 24
                          212.158.170.0/23 maxlen: 23
                          212.158.174.0/23 maxlen: 23
                          62.213.112.0/23 maxlen: 23
                          62.213.116.0/24 maxlen: 24
                          217.23.152.0/21 maxlen: 21
                          185.48.236.0/22 maxlen: 22
                          212.24.57.0/24 maxlen: 24
                          217.23.129.0/24 maxlen: 24
                          217.23.139.0/24 maxlen: 24
                          212.24.37.0/24 maxlen: 24
                          212.24.43.0/24 maxlen: 24
                          212.24.40.0/24 maxlen: 24
                          212.24.39.0/24 maxlen: 24
                          212.24.50.0/24 maxlen: 24
                          2a01:9860::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:db:4c:f0:1d:27:34:87:e8:2f:56:9f:95:31:72:bd:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69a4d6916b93159aa80984a9b3774683bb550ebd
        Validity
            Not Before: Sep 28 10:19:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09d065f2eb62db068eabf5b85065029b436a245a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:84:79:ef:a7:fa:60:2d:17:f1:21:90:3a:b5:
                    e4:89:a0:16:f3:bf:cc:45:02:a4:76:7e:c8:a3:98:
                    2d:ff:bd:57:57:20:57:69:dc:b5:93:3b:dc:b7:d4:
                    59:5c:91:6e:b5:3c:be:08:e3:8f:d6:b1:82:a7:df:
                    53:11:71:0a:17:f3:68:2f:1f:85:9e:ad:da:8b:d4:
                    1c:60:21:27:62:d8:cb:18:91:0d:79:10:9c:e3:8e:
                    95:fc:26:60:ed:62:5c:5d:8b:f9:ce:37:be:9c:8a:
                    1b:80:ff:37:f7:88:c5:97:11:32:6c:5b:e2:23:78:
                    13:d7:62:40:c3:14:b5:84:e5:59:a4:e8:66:2c:cf:
                    1d:48:d8:c0:d4:62:c6:0f:8c:17:c9:f1:18:1e:f3:
                    50:a5:67:92:61:0d:9e:d8:05:e6:74:99:e6:3a:6e:
                    9c:c9:bf:ba:52:ac:4c:58:2b:14:d7:96:32:94:2c:
                    c0:82:c6:cf:a0:5b:34:bb:76:62:ba:52:a1:65:ff:
                    de:24:a4:50:4b:68:c4:7f:d1:56:8f:8a:bf:39:3e:
                    c5:c8:6e:dc:9a:f3:6c:cb:48:c9:dd:67:aa:4f:07:
                    20:e3:bb:8c:77:18:f4:2f:79:9e:bb:ed:a7:18:7e:
                    6a:aa:f9:54:dd:cc:ca:b8:1a:4a:ee:90:92:ad:0c:
                    d6:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:D0:65:F2:EB:62:DB:06:8E:AB:F5:B8:50:65:02:9B:43:6A:24:5A
            X509v3 Authority Key Identifier:
                keyid:69:A4:D6:91:6B:93:15:9A:A8:09:84:A9:B3:77:46:83:BB:55:0E:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aaTWkWuTFZqoCYSps3dGg7tVDr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/CdBl8uti2waOq_W4UGUCm0NqJFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/c031e5-fc67-41f5-8ebe-3197110097c9/1/aaTWkWuTFZqoCYSps3dGg7tVDr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.213.72.0/21
                  62.213.86.0/24
                  62.213.94.0/23
                  62.213.102.0/23
                  62.213.112.0/23
                  62.213.116.0/24
                  185.48.236.0/22
                  212.24.37.0/24
                  212.24.39.0-212.24.40.255
                  212.24.43.0/24
                  212.24.50.0/24
                  212.24.57.0/24
                  212.158.168.0/24
                  212.158.170.0/23
                  212.158.174.0/23
                  217.23.129.0/24
                  217.23.139.0/24
                  217.23.152.0/21
                IPv6:
                  2a01:9860::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:a0:38:d2:53:a3:c1:2b:09:0d:de:7e:68:60:e3:8b:c0:5d:
         69:90:3f:27:c2:a4:11:fe:a2:f0:6e:e6:0b:f8:a0:9c:f9:0c:
         c5:53:39:9e:fa:00:bb:75:b1:0d:1c:13:3c:77:aa:b4:91:9d:
         00:9b:81:13:d5:34:88:76:36:d6:e7:a2:c3:a2:9d:24:04:59:
         34:f2:5f:a7:16:af:8e:9e:25:a3:fa:d2:d6:89:6f:c7:5c:1b:
         b3:11:8c:86:19:81:7f:c3:d3:9a:9c:ac:25:83:fa:91:f5:6f:
         f0:28:8f:fa:56:ea:60:c6:17:22:26:a2:c6:9a:69:30:a1:62:
         ce:2a:fd:c9:8b:61:bc:f3:0f:23:bd:22:6f:bf:3c:50:1b:be:
         b4:d5:e1:87:79:21:af:5c:ed:04:48:7c:bb:1f:2c:bc:93:5d:
         90:a3:63:b7:a1:58:57:13:55:24:82:35:47:dc:e8:78:fb:2c:
         c9:3b:31:9c:1a:2e:b1:98:ea:01:b2:1d:db:68:af:9e:63:92:
         80:b0:00:75:9e:da:27:c6:52:66:74:eb:4e:29:a4:f5:7d:37:
         d3:11:21:d1:d5:ed:e3:d2:04:bb:dd:8c:40:6e:aa:e9:95:60:
         0d:6b:1b:d8:70:84:f6:a3:69:b3:e0:b7:f1:6c:72:d9:9b:0f:
         cf:d2:c6:51
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgISAYrbTPAdJzSH6C9Wn5Uxcr1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5YTRkNjkxNmI5MzE1OWFhODA5ODRhOWIzNzc0NjgzYmI1
NTBlYmQwHhcNMjMwOTI4MTAxOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWQwNjVmMmViNjJkYjA2OGVhYmY1Yjg1MDY1MDI5YjQzNmEyNDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIR576f6YC0X8SGQOrXkiaAW87/M
RQKkdn7Io5gt/71XVyBXady1kzvct9RZXJFutTy+COOP1rGCp99TEXEKF/NoLx+F
nq3ai9QcYCEnYtjLGJENeRCc446V/CZg7WJcXYv5zje+nIobgP8394jFlxEybFvi
I3gT12JAwxS1hOVZpOhmLM8dSNjA1GLGD4wXyfEYHvNQpWeSYQ2e2AXmdJnmOm6c
yb+6UqxMWCsU15YylCzAgsbPoFs0u3ZiulKhZf/eJKRQS2jEf9FWj4q/OT7FyG7c
mvNsy0jJ3WeqTwcg47uMdxj0L3meu+2nGH5qqvlU3czKuBpK7pCSrQzWxQIDAQAB
o4ICiTCCAoUwHQYDVR0OBBYEFAnQZfLrYtsGjqv1uFBlAptDaiRaMB8GA1UdIwQY
MBaAFGmk1pFrkxWaqAmEqbN3RoO7VQ69MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUt
MzE5NzExMDA5N2M5LzEvQ2RCbDh1dGkyd2FPcV9XNFVHVUNtME5xSkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9jMDMxZTUtZmM2Ny00MWY1LThlYmUtMzE5NzExMDA5N2M5
LzEvYWFUV2tXdVRGWnFvQ1lTcHMzZEdnN3RWRHIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGeBggrBgEFBQcBBwEB/wSBjjCBizB6BAIAATB0AwQDPtVI
AwQAPtVWAwQBPtVeAwQBPtVmAwQBPtVwAwQAPtV0AwQCuTDsAwQA1BglMAwDBADU
GCcDBADUGCgDBADUGCsDBADUGDIDBADUGDkDBADUnqgDBAHUnqoDBAHUnq4DBADZ
F4EDBADZF4sDBAPZF5gwDQQCAAIwBwMFACoBmGAwDQYJKoZIhvcNAQELBQADggEB
ABegONJTo8ErCQ3efmhg44vAXWmQPyfCpBH+ovBu5gv4oJz5DMVTOZ76ALt1sQ0c
Ezx3qrSRnQCbgRPVNIh2NtbnosOinSQEWTTyX6cWr46eJaP60taJb8dcG7MRjIYZ
gX/D05qcrCWD+pH1b/Aoj/pW6mDGFyImosaaaTChYs4q/cmLYbzzDyO9Im+/PFAb
vrTV4Yd5Ia9c7QRIfLsfLLyTXZCjY7ehWFcTVSSCNUfc6Hj7LMk7MZwaLrGY6gGy
Hdtor55jkoCwAHWe2ifGUmZ0604ppPV9N9MRIdHV7ePSBLvdjEBuqumVYA1rG9hw
hPajabPgt/FsctmbD8/SxlE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:05 2024 by rpki-client on console-fra.rpki-client.org