Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/o4GI4Qh22YMVIaxu1bWtzDfPVoU.roa
File:                     o4GI4Qh22YMVIaxu1bWtzDfPVoU.roa (raw, json)
Hash identifier:          yllxFV4e8hBJFNCnfSw7ExN3uaYjqYq/X+Azol3p3R4=
Subject key identifier:   A3:81:88:E1:08:76:D9:83:15:21:AC:6E:D5:B5:AD:CC:37:CF:56:85
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019049C6E85AFA27DCCD290D00A942157E70
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/o4GI4Qh22YMVIaxu1bWtzDfPVoU.roa
Signing time:             Mon 24 Jun 2024 10:24:50 +0000
ROA not before:           Mon 24 Jun 2024 10:24:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44889
IP address blocks:        46.38.129.0/24 maxlen: 24
                          46.38.131.0/24 maxlen: 24
                          46.38.136.0/24 maxlen: 24
                          46.38.137.0/24 maxlen: 24
                          46.38.138.0/24 maxlen: 24
                          46.38.139.0/24 maxlen: 24
                          46.38.140.0/24 maxlen: 24
                          46.38.144.0/23 maxlen: 23
                          46.38.150.0/24 maxlen: 24
                          109.94.164.0/24 maxlen: 24
                          109.94.165.0/24 maxlen: 24
                          185.24.149.0/24 maxlen: 24
                          185.24.150.0/24 maxlen: 24
                          185.24.151.0/24 maxlen: 24
                          185.29.220.0/24 maxlen: 24
                          185.29.221.0/24 maxlen: 24
                          185.29.222.0/24 maxlen: 24
                          185.29.223.0/24 maxlen: 24
                          185.143.74.0/24 maxlen: 24
                          185.143.75.0/24 maxlen: 24
                          212.16.64.0/19 maxlen: 24
                          212.16.71.0/24 maxlen: 24
                          212.16.72.0/24 maxlen: 25
                          212.16.86.0/23 maxlen: 23
                          212.16.89.0/24 maxlen: 24
                          212.80.0.0/19 maxlen: 24
                          212.80.2.0/24 maxlen: 24
                          212.80.12.0/24 maxlen: 24
                          212.80.13.0/24 maxlen: 24
                          212.80.14.0/24 maxlen: 24
                          212.80.15.0/24 maxlen: 24
                          2a00:7d80::/29 maxlen: 64

Validation:               Failed, certificate revoked on Fri 28 Jun 2024 18:37:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:49:c6:e8:5a:fa:27:dc:cd:29:0d:00:a9:42:15:7e:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jun 24 10:24:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a38188e10876d9831521ac6ed5b5adcc37cf5685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4b:2f:fa:ec:61:10:ba:8e:14:1e:7a:87:71:
                    16:11:31:d1:f0:10:8b:ae:a4:28:f2:1d:13:07:e2:
                    ee:95:f7:bf:f6:21:63:e2:93:1f:23:1d:ec:f1:08:
                    e8:15:b2:4a:c9:18:09:8c:9e:1d:2a:2d:78:52:ac:
                    a7:30:d5:48:33:a0:e6:2f:6f:87:a4:68:08:da:4a:
                    ea:da:aa:ec:e8:d8:e3:dc:21:81:d9:0e:52:96:60:
                    53:6b:86:fa:57:a9:e4:73:c1:45:fe:75:ee:21:86:
                    25:2a:88:68:6d:a0:e4:0d:fc:29:2d:76:36:28:81:
                    e2:15:a6:45:d9:b2:27:c9:d7:0b:a9:fa:6d:f8:54:
                    ec:08:3d:82:31:6f:c4:13:d4:49:b5:75:88:1b:8b:
                    f1:f3:5c:fc:c3:d1:a1:95:aa:09:2a:26:de:fe:6b:
                    19:67:62:7d:86:7a:9c:d2:24:4a:b4:ac:2e:b6:be:
                    65:5a:e6:7d:8d:80:04:92:b9:c2:d8:13:69:f1:21:
                    a5:2c:3d:45:9e:01:b9:e0:be:91:12:2b:2a:26:f3:
                    a7:1c:ae:b8:1c:72:d6:e3:d8:b4:bb:69:7a:26:fe:
                    43:f2:f7:02:32:df:2b:25:1f:e0:c9:e5:ef:c1:b9:
                    ee:27:15:f6:8f:3c:c0:c7:f0:9f:a4:06:c3:ab:f7:
                    f8:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:81:88:E1:08:76:D9:83:15:21:AC:6E:D5:B5:AD:CC:37:CF:56:85
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/o4GI4Qh22YMVIaxu1bWtzDfPVoU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.129.0/24
                  46.38.131.0/24
                  46.38.136.0-46.38.140.255
                  46.38.144.0/23
                  46.38.150.0/24
                  109.94.164.0/23
                  185.24.149.0-185.24.151.255
                  185.29.220.0/22
                  185.143.74.0/23
                  212.16.64.0/19
                  212.80.0.0/19
                IPv6:
                  2a00:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:49:77:f6:a5:de:aa:ef:25:e0:42:4b:ad:c3:11:e1:70:24:
         bf:ce:d0:0a:cd:92:b8:83:29:89:a3:00:01:d2:b0:6a:31:5a:
         67:3e:e2:c8:20:c9:41:38:4a:89:75:02:2b:7b:23:a3:3d:ba:
         18:06:f2:6a:ec:56:43:a4:80:ad:9b:f6:55:8f:6e:f7:b3:5c:
         ff:54:78:53:64:a3:b2:6a:aa:5c:69:b1:9b:fb:fc:49:72:d2:
         25:8e:04:2b:71:94:c6:e5:0a:d7:91:df:1d:5a:54:72:d6:82:
         06:65:9e:75:dd:6a:0b:53:13:7c:0b:1a:84:9d:90:95:54:eb:
         25:bd:14:be:c0:d5:97:a4:67:96:0f:20:31:70:13:97:e5:fc:
         c8:f7:e8:c6:31:a4:fd:63:f4:68:e3:79:84:a2:cf:78:31:8f:
         9c:c0:7e:f5:7c:67:cd:db:d9:e5:38:c7:7c:e7:12:c4:ef:38:
         bc:af:ef:1c:70:43:83:08:14:29:df:2f:e0:a7:cf:7c:f7:9f:
         69:b9:81:76:e3:ec:22:19:4e:94:2a:03:61:a6:c8:3c:b0:12:
         9c:3c:1b:e0:42:e0:dc:ce:28:bb:b2:78:7e:b8:1c:2b:17:29:
         a0:8a:33:3d:76:4a:06:2b:70:c4:bd:c2:de:6b:d0:60:4a:4f:
         3a:d3:23:85
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAZBJxuha+ifczSkNAKlCFX5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwNjI0MTAyNDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzgxODhlMTA4NzZkOTgzMTUyMWFjNmVkNWI1YWRjYzM3Y2Y1Njg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEsv+uxhELqOFB56h3EWETHR8BCL
rqQo8h0TB+Lulfe/9iFj4pMfIx3s8QjoFbJKyRgJjJ4dKi14UqynMNVIM6DmL2+H
pGgI2krq2qrs6Njj3CGB2Q5SlmBTa4b6V6nkc8FF/nXuIYYlKohobaDkDfwpLXY2
KIHiFaZF2bInydcLqfpt+FTsCD2CMW/EE9RJtXWIG4vx81z8w9GhlaoJKibe/msZ
Z2J9hnqc0iRKtKwutr5lWuZ9jYAEkrnC2BNp8SGlLD1FngG54L6REisqJvOnHK64
HHLW49i0u2l6Jv5D8vcCMt8rJR/gyeXvwbnuJxX2jzzAx/CfpAbDq/f4OQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFKOBiOEIdtmDFSGsbtW1rcw3z1aFMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvbzRHSTRRaDIyWU1WSWF4dTFiV3R6RGZQVm9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBYBAIAATBSAwQALiaBAwQA
LiaDMAwDBAMuJogDBAAuJowDBAEuJpADBAAuJpYDBAFtXqQwDAMEALkYlQMEA7kY
kAMEArkd3AMEAbmPSgMEBdQQQAMEBdRQADANBAIAAjAHAwUDKgB9gDANBgkqhkiG
9w0BAQsFAAOCAQEAYkl39qXequ8l4EJLrcMR4XAkv87QCs2SuIMpiaMAAdKwajFa
Zz7iyCDJQThKiXUCK3sjoz26GAbyauxWQ6SArZv2VY9u97Nc/1R4U2SjsmqqXGmx
m/v8SXLSJY4EK3GUxuUK15HfHVpUctaCBmWedd1qC1MTfAsahJ2QlVTrJb0UvsDV
l6Rnlg8gMXATl+X8yPfoxjGk/WP0aON5hKLPeDGPnMB+9XxnzdvZ5TjHfOcSxO84
vK/vHHBDgwgUKd8v4KfPfPefabmBduPsIhlOlCoDYabIPLASnDwb4ELg3M4ou7J4
frgcKxcpoIozPXZKBitwxL3C3mvQYEpPOtMjhQ==
-----END CERTIFICATE-----
Generated at Fri Jun 28 23:10:46 2024 by rpki-client on console-ams.rpki-client.org