Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/fx1A3Ij7OKp6KBW309_39o6rgsI.roa
File:                     fx1A3Ij7OKp6KBW309_39o6rgsI.roa (raw, json)
Hash identifier:          ynwIEJ/84fEclTZaa3+bdW1UE2pVBJi4FJ9/shG4T7k=
Subject key identifier:   7F:1D:40:DC:88:FB:38:AA:7A:28:15:B7:D3:DF:F7:F6:8E:AB:82:C2
Certificate issuer:       /CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
Certificate serial:       018CC5001FAE7195276076BC7503027CC107
Authority key identifier: CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/fx1A3Ij7OKp6KBW309_39o6rgsI.roa
Signing time:             Mon 01 Jan 2024 12:29:28 +0000
ROA not before:           Mon 01 Jan 2024 12:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15774
IP address blocks:        91.105.128.0/18 maxlen: 32
                          188.244.128.0/17 maxlen: 32
                          37.49.192.0/19 maxlen: 32
                          109.171.0.0/17 maxlen: 32
                          195.238.100.0/22 maxlen: 32
                          46.241.0.0/17 maxlen: 32
                          46.50.128.0/17 maxlen: 32
                          188.168.0.0/16 maxlen: 32
                          109.197.128.0/21 maxlen: 32
                          37.205.48.0/21 maxlen: 32
                          188.44.96.0/19 maxlen: 32
                          37.205.64.0/19 maxlen: 32
                          2a02:618::/32 maxlen: 96

Validation:               Failed, certificate revoked on Mon 04 Nov 2024 17:38:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1f:ae:71:95:27:60:76:bc:75:03:02:7c:c1:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf4a717f8fa1bb0359274223acdae22b70e66bec
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7f1d40dc88fb38aa7a2815b7d3dff7f68eab82c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ca:ce:31:22:a0:4b:bb:66:13:09:6a:e7:85:
                    ca:52:07:50:1e:a3:8d:f3:11:37:2f:09:a2:ca:38:
                    1e:48:0a:3b:17:46:5e:4e:60:ff:63:03:23:19:63:
                    72:02:15:5e:0d:9c:10:6f:1d:9e:67:38:87:77:c5:
                    22:f4:7a:ad:ca:b1:ae:33:2e:a6:c4:30:68:21:11:
                    af:57:09:be:15:aa:d7:73:0a:f5:2f:87:89:f2:b6:
                    38:ec:da:f6:da:82:43:1c:c6:b5:49:f0:f5:2d:3a:
                    bb:7d:2f:90:fe:73:da:e7:d3:fe:51:07:1f:29:70:
                    44:5b:ad:06:e4:da:41:90:2f:d7:09:53:f4:c7:de:
                    94:db:ab:11:35:b5:5e:c9:07:f1:46:1d:f8:03:20:
                    21:db:5c:41:c8:c0:11:39:74:b5:d7:dd:4f:4c:dd:
                    9a:8f:8c:d8:35:6e:cd:29:86:d9:48:af:b1:81:5f:
                    aa:cc:b3:9c:bd:5e:51:6f:4e:ba:9d:48:85:e1:2b:
                    ef:bd:3b:9f:15:ae:53:d1:e4:b7:08:bf:f8:c3:e0:
                    fa:5a:8a:e7:4d:d1:e3:63:91:bf:82:84:da:47:c7:
                    39:7f:12:24:54:bf:46:01:0a:df:3f:39:96:d4:4e:
                    17:7e:22:53:11:23:b0:d1:6e:c6:93:18:63:40:e3:
                    49:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:1D:40:DC:88:FB:38:AA:7A:28:15:B7:D3:DF:F7:F6:8E:AB:82:C2
            X509v3 Authority Key Identifier:
                keyid:CF:4A:71:7F:8F:A1:BB:03:59:27:42:23:AC:DA:E2:2B:70:E6:6B:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z0pxf4-huwNZJ0IjrNriK3Dma-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/fx1A3Ij7OKp6KBW309_39o6rgsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/e50f54-6fdd-4fe9-9fe9-6aaa6b02160d/1/z0pxf4-huwNZJ0IjrNriK3Dma-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.49.192.0/19
                  37.205.48.0/21
                  37.205.64.0/19
                  46.50.128.0/17
                  46.241.0.0/17
                  91.105.128.0/18
                  109.171.0.0/17
                  109.197.128.0/21
                  188.44.96.0/19
                  188.168.0.0/16
                  188.244.128.0/17
                  195.238.100.0/22
                IPv6:
                  2a02:618::/32

    Signature Algorithm: sha256WithRSAEncryption
         14:37:ea:48:1a:92:b2:64:21:6c:95:2d:6f:a6:57:35:12:34:
         13:5e:b0:df:ce:7a:56:48:3b:59:1d:e2:fa:22:48:2a:aa:ed:
         b3:59:d3:5a:32:75:94:66:2a:99:b0:6e:5b:97:bc:c2:c5:1f:
         63:61:f4:8c:9d:6d:03:a6:5c:b1:b2:60:9c:ad:19:72:c8:ab:
         36:61:a4:47:b9:1c:83:28:ea:20:0f:f6:18:2e:4d:aa:47:74:
         18:a2:39:7a:c3:da:3b:56:d6:a2:70:34:ea:84:0b:f2:71:8b:
         c5:44:8e:3d:c8:58:a4:6c:23:a4:f9:39:74:88:7c:59:e0:70:
         ba:ea:1e:6f:87:f9:18:ae:62:a3:da:9e:29:91:f6:2c:8d:02:
         ba:96:42:bd:55:16:fb:c3:f8:96:56:48:d7:63:9c:80:af:2a:
         fb:53:74:8a:05:11:95:90:f2:29:a6:e3:03:c2:ef:23:80:54:
         50:5d:34:27:4d:68:9e:34:41:39:3a:c3:ca:58:a7:19:d9:f8:
         be:8c:30:c2:8c:f3:4e:4b:f8:67:92:bc:50:1f:26:29:99:bb:
         da:d8:c3:5d:3e:dd:f7:c7:55:1e:ca:93:15:a7:08:1b:63:8a:
         ce:87:7c:99:72:28:f6:1d:ae:23:33:02:82:45:fe:47:f1:bb:
         92:36:63:98
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYzFAB+ucZUnYHa8dQMCfMEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNGE3MTdmOGZhMWJiMDM1OTI3NDIyM2FjZGFlMjJiNzBl
NjZiZWMwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjFkNDBkYzg4ZmIzOGFhN2EyODE1YjdkM2RmZjdmNjhlYWI4MmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1crOMSKgS7tmEwlq54XKUgdQHqON
8xE3LwmiyjgeSAo7F0ZeTmD/YwMjGWNyAhVeDZwQbx2eZziHd8Ui9HqtyrGuMy6m
xDBoIRGvVwm+FarXcwr1L4eJ8rY47Nr22oJDHMa1SfD1LTq7fS+Q/nPa59P+UQcf
KXBEW60G5NpBkC/XCVP0x96U26sRNbVeyQfxRh34AyAh21xByMAROXS1191PTN2a
j4zYNW7NKYbZSK+xgV+qzLOcvV5Rb066nUiF4SvvvTufFa5T0eS3CL/4w+D6Worn
TdHjY5G/goTaR8c5fxIkVL9GAQrfPzmW1E4XfiJTESOw0W7GkxhjQONJ+wIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFH8dQNyI+ziqeigVt9Pf9/aOq4LCMB8GA1UdIwQY
MBaAFM9KcX+PobsDWSdCI6za4itw5mvsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTkt
NmFhYTZiMDIxNjBkLzEvZngxQTNJajdPS3A2S0JXMzA5XzM5bzZyZ3NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9lNTBmNTQtNmZkZC00ZmU5LTlmZTktNmFhYTZiMDIxNjBk
LzEvejBweGY0LWh1d05aSjBJanJOcmlLM0RtYS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBNBAIAATBHAwQFJTHAAwQD
Jc0wAwQFJc1AAwQHLjKAAwQHLvEAAwQGW2mAAwQHbasAAwQDbcWAAwQFvCxgAwMA
vKgDBAe89IADBALD7mQwDQQCAAIwBwMFACoCBhgwDQYJKoZIhvcNAQELBQADggEB
ABQ36kgakrJkIWyVLW+mVzUSNBNesN/OelZIO1kd4voiSCqq7bNZ01oydZRmKpmw
bluXvMLFH2Nh9IydbQOmXLGyYJytGXLIqzZhpEe5HIMo6iAP9hguTapHdBiiOXrD
2jtW1qJwNOqEC/Jxi8VEjj3IWKRsI6T5OXSIfFngcLrqHm+H+RiuYqPanimR9iyN
ArqWQr1VFvvD+JZWSNdjnICvKvtTdIoFEZWQ8imm4wPC7yOAVFBdNCdNaJ40QTk6
w8pYpxnZ+L6MMMKM805L+GeSvFAfJimZu9rYw10+3ffHVR7KkxWnCBtjis6HfJly
KPYdriMzAoJF/kfxu5I2Y5g=
-----END CERTIFICATE-----
Generated at Mon Nov 4 21:29:22 2024 by rpki-client on console-fra.rpki-client.org