Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/THiBEP6Ay7wy9zjznBm2Kck3tOo.roa
File:                     THiBEP6Ay7wy9zjznBm2Kck3tOo.roa (raw, json)
Hash identifier:          7v68vl3kvheckmGEzAoyHzm1uQPK86J95305XzF52f4=
Subject key identifier:   4C:78:81:10:FE:80:CB:BC:32:F7:38:F3:9C:19:B6:29:C9:37:B4:EA
Certificate issuer:       /CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
Certificate serial:       018C25078EA397EFF937D23D3D1ED7C6ED83
Authority key identifier: 66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/THiBEP6Ay7wy9zjznBm2Kck3tOo.roa
Signing time:             Fri 01 Dec 2023 10:58:21 +0000
ROA not before:           Fri 01 Dec 2023 10:58:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39122
IP address blocks:        185.97.236.0/22 maxlen: 22
                          81.17.240.0/20 maxlen: 24
                          194.36.58.0/23 maxlen: 23
                          91.197.234.0/23 maxlen: 23
                          194.36.64.0/23 maxlen: 23
                          176.52.222.0/23 maxlen: 23
                          185.152.72.0/22 maxlen: 22
                          185.209.164.0/22 maxlen: 22
                          200.69.8.0/21 maxlen: 21
                          185.206.192.0/22 maxlen: 22
                          78.153.192.0/19 maxlen: 24
                          185.2.64.0/22 maxlen: 22
                          46.22.128.0/20 maxlen: 20
                          2a01:a8::/32 maxlen: 32
                          2a01:ac::/32 maxlen: 32
                          2a01:ad::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:31:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:25:07:8e:a3:97:ef:f9:37:d2:3d:3d:1e:d7:c6:ed:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6696aea6bab79c48f5ddee4a46bf4ab64d863160
        Validity
            Not Before: Dec  1 10:58:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4c788110fe80cbbc32f738f39c19b629c937b4ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:45:d1:bf:b2:6b:22:6b:2d:23:3d:b2:14:1a:
                    78:17:f6:e7:67:f4:a9:a0:15:6c:c4:8d:c5:0e:48:
                    a1:98:40:58:ce:40:b8:37:79:80:eb:a5:24:57:51:
                    e6:cb:09:cc:4c:cc:55:3f:e3:5e:32:88:1a:ec:e2:
                    e6:0e:70:52:df:f9:80:6e:46:53:ca:69:ed:18:a8:
                    bc:74:39:1e:7c:de:76:8f:b9:36:ed:a6:9d:e7:92:
                    12:19:87:93:91:4b:87:fb:63:fb:34:6a:0f:d8:85:
                    56:da:62:fb:e5:c0:3f:93:8a:64:fe:48:f2:16:e2:
                    61:e3:a7:19:f0:13:53:6a:34:72:10:50:57:3b:c6:
                    9e:f0:d3:e2:4f:7c:bf:8f:32:39:00:6a:77:96:05:
                    7c:70:6e:f1:13:a0:8c:dd:cf:f6:84:e2:c4:2d:2c:
                    b3:9a:f4:24:0a:af:66:0a:a8:b3:98:be:11:81:13:
                    36:f3:60:69:17:9a:db:35:d4:dc:a7:0b:0a:24:fd:
                    a4:08:1c:05:1b:ef:0f:29:32:40:d7:0d:89:c9:ed:
                    5c:c6:b9:c4:b9:db:bd:d6:ac:bc:1e:3f:14:1d:01:
                    d2:73:66:78:46:0f:41:76:d8:a0:b2:c5:9c:6c:81:
                    a4:81:79:5b:41:b5:c3:97:3c:fc:c7:36:f0:a3:b5:
                    94:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:78:81:10:FE:80:CB:BC:32:F7:38:F3:9C:19:B6:29:C9:37:B4:EA
            X509v3 Authority Key Identifier:
                keyid:66:96:AE:A6:BA:B7:9C:48:F5:DD:EE:4A:46:BF:4A:B6:4D:86:31:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zpauprq3nEj13e5KRr9Ktk2GMWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/THiBEP6Ay7wy9zjznBm2Kck3tOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/452c2b-f2cf-4a92-a1cd-f0198c6c2474/1/Zpauprq3nEj13e5KRr9Ktk2GMWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.128.0/20
                  78.153.192.0/19
                  81.17.240.0/20
                  91.197.234.0/23
                  176.52.222.0/23
                  185.2.64.0/22
                  185.97.236.0/22
                  185.152.72.0/22
                  185.206.192.0/22
                  185.209.164.0/22
                  194.36.58.0/23
                  194.36.64.0/23
                  200.69.8.0/21
                IPv6:
                  2a01:a8::/32
                  2a01:ac::/31

    Signature Algorithm: sha256WithRSAEncryption
         7a:8a:c1:4a:94:dc:4f:8e:fe:86:47:9e:f7:5d:52:74:94:42:
         53:4a:25:66:39:bc:86:81:20:7d:eb:98:48:2d:6b:5b:ee:33:
         e9:8f:36:01:8a:45:d7:b6:fe:89:89:75:b0:17:03:5a:1f:27:
         10:3d:7b:82:d1:e7:c3:e6:28:5a:56:b5:c1:78:3d:68:99:79:
         c3:18:8f:87:fd:0f:50:95:49:df:6a:c3:8c:f9:cf:34:45:12:
         3a:a3:c5:7e:7f:ad:19:e7:8c:24:15:e0:97:5c:0c:62:22:3d:
         eb:77:cf:3f:94:80:49:85:f2:5e:aa:0f:75:ad:b0:78:c8:0a:
         f5:c2:5d:4c:5a:2a:36:c5:94:1f:db:da:1e:5b:49:18:da:f8:
         f8:04:32:89:80:6e:ee:a4:25:b3:e6:3c:40:d2:70:e1:9d:4d:
         79:20:66:85:b6:b7:e9:a1:c7:0c:4e:76:6c:18:4a:7e:3a:f4:
         91:11:dd:14:eb:49:c6:13:14:06:b0:84:d1:54:50:40:02:6d:
         04:91:e3:64:94:42:1e:d8:77:ac:d5:51:0d:e1:99:83:4e:92:
         67:9e:8d:49:8b:f2:e0:8d:f9:83:15:18:26:7c:ad:a2:6d:78:
         99:98:dd:62:70:c9:f2:31:ed:a0:22:7c:af:e1:a1:40:86:4d:
         94:27:ca:ab
-----BEGIN CERTIFICATE-----
MIIFWzCCBEOgAwIBAgISAYwlB46jl+/5N9I9PR7Xxu2DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTZhZWE2YmFiNzljNDhmNWRkZWU0YTQ2YmY0YWI2NGQ4
NjMxNjAwHhcNMjMxMjAxMTA1ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzc4ODExMGZlODBjYmJjMzJmNzM4ZjM5YzE5YjYyOWM5MzdiNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0XRv7JrImstIz2yFBp4F/bnZ/Sp
oBVsxI3FDkihmEBYzkC4N3mA66UkV1HmywnMTMxVP+NeMoga7OLmDnBS3/mAbkZT
ymntGKi8dDkefN52j7k27aad55ISGYeTkUuH+2P7NGoP2IVW2mL75cA/k4pk/kjy
FuJh46cZ8BNTajRyEFBXO8ae8NPiT3y/jzI5AGp3lgV8cG7xE6CM3c/2hOLELSyz
mvQkCq9mCqizmL4RgRM282BpF5rbNdTcpwsKJP2kCBwFG+8PKTJA1w2Jye1cxrnE
udu91qy8Hj8UHQHSc2Z4Rg9BdtigssWcbIGkgXlbQbXDlzz8xzbwo7WUZwIDAQAB
o4ICZzCCAmMwHQYDVR0OBBYEFEx4gRD+gMu8Mvc485wZtinJN7TqMB8GA1UdIwQY
MBaAFGaWrqa6t5xI9d3uSka/SrZNhjFgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2Qt
ZjAxOThjNmMyNDc0LzEvVEhpQkVQNkF5N3d5OXpqem5CbTJLY2szdE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My80NTJjMmItZjJjZi00YTkyLWExY2QtZjAxOThjNmMyNDc0
LzEvWnBhdXBycTNuRWoxM2U1S1JyOUt0azJHTVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH0GCCsGAQUFBwEHAQH/BG4wbDBUBAIAATBOAwQELhaAAwQF
TpnAAwQEURHwAwQBW8XqAwQBsDTeAwQCuQJAAwQCuWHsAwQCuZhIAwQCuc7AAwQC
udGkAwQBwiQ6AwQBwiRAAwQDyEUIMBQEAgACMA4DBQAqAQCoAwUBKgEArDANBgkq
hkiG9w0BAQsFAAOCAQEAeorBSpTcT47+hkee911SdJRCU0olZjm8hoEgfeuYSC1r
W+4z6Y82AYpF17b+iYl1sBcDWh8nED17gtHnw+YoWla1wXg9aJl5wxiPh/0PUJVJ
32rDjPnPNEUSOqPFfn+tGeeMJBXgl1wMYiI963fPP5SASYXyXqoPda2weMgK9cJd
TFoqNsWUH9vaHltJGNr4+AQyiYBu7qQls+Y8QNJw4Z1NeSBmhba36aHHDE52bBhK
fjr0kRHdFOtJxhMUBrCE0VRQQAJtBJHjZJRCHth3rNVRDeGZg06SZ56NSYvy4I35
gxUYJnytom14mZjdYnDJ8jHtoCJ8r+GhQIZNlCfKqw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:39 2024 by rpki-client on console-fra.rpki-client.org