Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/AL9oSkqWDI6hCosSfxRKjm2NfpM.roa
File:                     AL9oSkqWDI6hCosSfxRKjm2NfpM.roa (raw, json)
Hash identifier:          VkRShDaDLte+80p+WDpB3X+0ynUmBtYow/sIBVByzbQ=
Subject key identifier:   00:BF:68:4A:4A:96:0C:8E:A1:0A:8B:12:7F:14:4A:8E:6D:8D:7E:93
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018D6535BA4CA22320B1DDD8AD8569A0675A
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/AL9oSkqWDI6hCosSfxRKjm2NfpM.roa
Signing time:             Thu 01 Feb 2024 15:07:16 +0000
ROA not before:           Thu 01 Feb 2024 15:07:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44889
IP address blocks:        46.38.129.0/24 maxlen: 24
                          46.38.130.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          46.38.132.0/24 maxlen: 24
                          46.38.133.0/24 maxlen: 24
                          46.38.134.0/24 maxlen: 24
                          46.38.135.0/24 maxlen: 24
                          46.38.136.0/24 maxlen: 24
                          46.38.137.0/24 maxlen: 24
                          46.38.138.0/24 maxlen: 24
                          46.38.139.0/24 maxlen: 24
                          46.38.140.0/24 maxlen: 24
                          46.38.141.0/24 maxlen: 24
                          46.38.144.0/21 maxlen: 21
                          46.38.144.0/23 maxlen: 23
                          46.38.150.0/24 maxlen: 24
                          46.38.152.0/22 maxlen: 22
                          46.38.156.0/23 maxlen: 23
                          46.38.158.0/24 maxlen: 24
                          109.94.164.0/24 maxlen: 24
                          109.94.165.0/24 maxlen: 24
                          185.24.148.0/24 maxlen: 24
                          185.24.149.0/24 maxlen: 24
                          185.24.150.0/24 maxlen: 24
                          185.24.151.0/24 maxlen: 24
                          185.29.220.0/24 maxlen: 24
                          185.29.221.0/24 maxlen: 24
                          185.29.222.0/24 maxlen: 24
                          185.29.223.0/24 maxlen: 24
                          185.143.72.0/24 maxlen: 24
                          185.143.73.0/24 maxlen: 24
                          185.143.74.0/24 maxlen: 24
                          185.143.75.0/24 maxlen: 24
                          212.16.64.0/19 maxlen: 24
                          212.16.71.0/24 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.16.78.0/24 maxlen: 24
                          212.16.79.0/24 maxlen: 24
                          212.16.80.0/24 maxlen: 24
                          212.16.85.0/24 maxlen: 24
                          212.16.86.0/23 maxlen: 23
                          212.16.89.0/24 maxlen: 24
                          212.16.92.0/23 maxlen: 23
                          212.16.94.0/24 maxlen: 24
                          212.80.0.0/19 maxlen: 24
                          212.80.0.0/24 maxlen: 24
                          212.80.2.0/24 maxlen: 24
                          212.80.6.0/24 maxlen: 24
                          212.80.7.0/24 maxlen: 24
                          212.80.29.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               Failed, certificate revoked on Tue 06 Feb 2024 08:09:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:65:35:ba:4c:a2:23:20:b1:dd:d8:ad:85:69:a0:67:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Feb  1 15:07:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00bf684a4a960c8ea10a8b127f144a8e6d8d7e93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:cc:72:14:df:91:21:a4:31:7f:9d:17:64:78:
                    d2:6c:5e:39:0d:9d:d8:ac:68:43:01:91:84:84:ff:
                    86:71:a3:77:b7:cd:95:da:75:34:86:48:13:59:06:
                    55:a3:14:e3:1e:ba:9a:bb:25:31:c2:9d:4c:92:24:
                    20:3f:91:22:4d:34:03:87:18:9b:a3:0c:3c:80:8a:
                    e0:f5:2c:a5:d1:c7:30:66:45:57:58:b0:01:e6:79:
                    09:53:fa:19:84:9f:32:73:c7:e0:fa:57:33:9e:8c:
                    56:12:df:6a:97:20:b2:2e:4d:44:43:74:fd:36:5e:
                    22:fe:5b:e3:03:e9:81:14:45:52:f4:94:18:cb:84:
                    c3:fd:b8:ed:f0:b3:63:69:d5:96:82:3d:b0:e8:9d:
                    8b:ed:8a:2d:0e:c5:45:37:de:a3:0a:4d:08:1d:57:
                    99:91:12:5b:4f:9a:89:77:95:7f:6c:f1:cb:d5:44:
                    68:1d:cb:b1:57:dd:23:57:b4:6b:d6:d5:ce:9b:56:
                    cb:3b:5d:a7:3e:cd:cc:44:a5:be:3d:ee:52:5c:b7:
                    2b:9b:16:a4:b5:04:72:d9:63:bd:89:55:74:f3:7f:
                    00:7b:fd:48:ea:84:e6:77:0f:c1:c7:96:2f:fc:fd:
                    cb:15:33:c0:be:7c:73:88:02:92:b1:91:70:01:6a:
                    d1:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:BF:68:4A:4A:96:0C:8E:A1:0A:8B:12:7F:14:4A:8E:6D:8D:7E:93
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/AL9oSkqWDI6hCosSfxRKjm2NfpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0-46.38.141.255
                  46.38.144.0-46.38.158.255
                  109.94.164.0/23
                  185.24.148.0/22
                  185.29.220.0/22
                  185.143.72.0/22
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:09:ad:9a:3e:17:15:d7:d6:36:ee:89:84:f0:e6:80:aa:b7:
         ed:6a:3f:ae:93:11:94:1c:b3:e6:0d:aa:36:e5:da:8b:c5:18:
         9b:ec:45:2e:a9:2b:91:ac:6f:f2:c2:9a:f9:b6:04:89:8a:27:
         e5:22:5f:6d:dd:37:82:d1:7e:f1:76:68:97:fa:e3:01:48:60:
         95:d3:54:9c:0d:38:ba:cb:0c:5b:1c:f8:7b:09:88:9c:09:db:
         9a:f6:3c:0e:80:77:2f:28:a8:45:f4:5d:03:30:52:02:63:13:
         1b:88:0e:0b:de:8e:e1:e0:e0:4e:3d:95:ac:98:11:4e:d0:46:
         2f:fb:f1:f7:c2:7c:d8:77:39:39:b0:b1:82:4e:89:db:f8:32:
         58:a7:9d:5f:7b:60:6e:79:a6:c9:ab:58:4e:3c:9c:f8:df:fc:
         8d:4d:a1:02:ad:05:c2:d8:38:06:03:3a:69:85:0f:ad:90:4d:
         aa:59:5b:1c:a0:af:45:5c:c1:6b:73:4a:f7:91:9c:95:06:1c:
         36:43:d4:66:6e:59:75:52:31:5e:95:41:87:ce:d6:bf:4f:b8:
         70:4b:72:c5:f3:bf:cd:cb:4c:b6:bd:df:ad:6f:4d:ca:57:23:
         61:0e:71:e4:6f:08:73:28:98:3c:eb:69:9f:0e:e5:90:6f:f0:
         24:e6:54:9e
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAY1lNbpMoiMgsd3YrYVpoGdaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMjAxMTUwNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGJmNjg0YTRhOTYwYzhlYTEwYThiMTI3ZjE0NGE4ZTZkOGQ3ZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcxyFN+RIaQxf50XZHjSbF45DZ3Y
rGhDAZGEhP+GcaN3t82V2nU0hkgTWQZVoxTjHrqauyUxwp1MkiQgP5EiTTQDhxib
oww8gIrg9Syl0ccwZkVXWLAB5nkJU/oZhJ8yc8fg+lcznoxWEt9qlyCyLk1EQ3T9
Nl4i/lvjA+mBFEVS9JQYy4TD/bjt8LNjadWWgj2w6J2L7YotDsVFN96jCk0IHVeZ
kRJbT5qJd5V/bPHL1URoHcuxV90jV7Rr1tXOm1bLO12nPs3MRKW+Pe5SXLcrmxak
tQRy2WO9iVV0838Ae/1I6oTmdw/Bx5Yv/P3LFTPAvnxziAKSsZFwAWrRMwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFAC/aEpKlgyOoQqLEn8USo5tjX6TMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvQUw5b1NrcVdESTZoQ29zU2Z4UktqbTJOZnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAMAwDBAAuJoED
BAEuJowwDAMEBC4mkAMEAC4mngMEAW1epAMEArkYlAMEArkd3AMEArmPSAMEBdQQ
QAMEBdRQADANBAIAAjAHAwUDKgB9gDANBgkqhkiG9w0BAQsFAAOCAQEASwmtmj4X
FdfWNu6JhPDmgKq37Wo/rpMRlByz5g2qNuXai8UYm+xFLqkrkaxv8sKa+bYEiYon
5SJfbd03gtF+8XZol/rjAUhgldNUnA04ussMWxz4ewmInAnbmvY8DoB3LyioRfRd
AzBSAmMTG4gOC96O4eDgTj2VrJgRTtBGL/vx98J82Hc5ObCxgk6J2/gyWKedX3tg
bnmmyatYTjyc+N/8jU2hAq0Fwtg4BgM6aYUPrZBNqllbHKCvRVzBa3NK95GclQYc
NkPUZm5ZdVIxXpVBh87Wv0+4cEtyxfO/zctMtr3frW9NylcjYQ5x5G8IcyiYPOtp
nw7lkG/wJOZUng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:24 2024 by rpki-client on console-fra.rpki-client.org