Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/5dea97-7ef7-4db0-94bc-b8e8b34db290/1/bTtG97T7KE8UtfGUei5NS6LvYsA.roa
File:                     bTtG97T7KE8UtfGUei5NS6LvYsA.roa (raw, json)
Hash identifier:          JyoQ6Kk3uEWlNacgnwIKdhV5S6WPM74VTeq1LrfAKp8=
Subject key identifier:   6D:3B:46:F7:B4:FB:28:4F:14:B5:F1:94:7A:2E:4D:4B:A2:EF:62:C0
Certificate issuer:       /CN=87d990131467b77d11162b79fbe3b06ca8ab2d39
Certificate serial:       018CC26CF2B83D8D1278453B6592E8055039
Authority key identifier: 87:D9:90:13:14:67:B7:7D:11:16:2B:79:FB:E3:B0:6C:A8:AB:2D:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9mQExRnt30RFit5--OwbKirLTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/5dea97-7ef7-4db0-94bc-b8e8b34db290/1/bTtG97T7KE8UtfGUei5NS6LvYsA.roa
Signing time:             Mon 01 Jan 2024 00:29:29 +0000
ROA not before:           Mon 01 Jan 2024 00:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16347
IP address blocks:        192.214.192.0/19 maxlen: 19
                          23.90.192.0/18 maxlen: 18
                          185.87.100.0/22 maxlen: 22
                          185.20.16.0/22 maxlen: 22
                          185.134.156.0/22 maxlen: 22
                          45.133.68.0/22 maxlen: 22
                          185.133.80.0/22 maxlen: 22
                          79.99.160.0/21 maxlen: 21
                          92.119.232.0/22 maxlen: 22
                          185.197.108.0/22 maxlen: 22
                          5.183.248.0/22 maxlen: 22
                          45.89.76.0/22 maxlen: 22
                          45.92.180.0/22 maxlen: 22
                          185.48.252.0/22 maxlen: 22
                          45.129.218.0/24 maxlen: 24
                          45.129.217.0/24 maxlen: 24
                          185.163.136.0/22 maxlen: 22
                          45.129.216.0/24 maxlen: 24
                          185.241.140.0/22 maxlen: 22
                          94.154.4.0/24 maxlen: 24
                          88.218.12.0/22 maxlen: 22
                          185.191.36.0/22 maxlen: 22
                          185.163.212.0/22 maxlen: 22
                          185.86.88.0/22 maxlen: 22
                          45.86.96.0/22 maxlen: 22
                          185.163.220.0/22 maxlen: 22
                          31.204.80.0/21 maxlen: 21
                          185.163.228.0/22 maxlen: 22
                          94.187.128.0/19 maxlen: 19
                          2.59.144.0/22 maxlen: 22
                          185.186.88.0/22 maxlen: 22
                          185.169.156.0/22 maxlen: 22
                          185.132.64.0/22 maxlen: 22
                          45.142.108.0/22 maxlen: 22
                          185.135.176.0/22 maxlen: 22
                          195.216.140.0/22 maxlen: 22
                          168.220.128.0/19 maxlen: 19
                          46.18.120.0/22 maxlen: 22
                          46.18.124.0/24 maxlen: 24
                          46.18.125.0/24 maxlen: 24
                          46.18.126.0/23 maxlen: 23
                          185.254.8.0/22 maxlen: 22
                          185.138.116.0/22 maxlen: 22
                          5.10.128.0/21 maxlen: 21
                          45.80.252.0/22 maxlen: 22
                          185.98.116.0/22 maxlen: 22
                          45.152.16.0/22 maxlen: 22
                          62.192.156.0/22 maxlen: 22
                          2a00:41e0::/29 maxlen: 29
                          2a05:b780::/29 maxlen: 29
                          2a01:648::/29 maxlen: 29
                          2a00:6780::/29 maxlen: 29
                          2a05:c100::/29 maxlen: 29

Validation:               Failed, certificate revoked on Fri 02 Aug 2024 12:12:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f2:b8:3d:8d:12:78:45:3b:65:92:e8:05:50:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87d990131467b77d11162b79fbe3b06ca8ab2d39
        Validity
            Not Before: Jan  1 00:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d3b46f7b4fb284f14b5f1947a2e4d4ba2ef62c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:03:7a:4c:17:53:b3:3a:06:00:7d:ac:bf:4c:
                    37:7c:b8:62:14:28:a5:08:76:03:be:19:b3:8a:25:
                    24:dc:c5:1a:fb:61:c3:d0:a0:2f:11:00:0c:b2:09:
                    25:90:49:82:27:e0:6c:02:3a:93:49:82:b5:7c:db:
                    56:01:c9:76:b4:d7:71:19:83:11:7d:f2:3b:81:2d:
                    f8:1a:6c:f2:e9:dd:8c:be:39:9b:95:e7:86:84:d0:
                    d0:d5:f6:5d:c3:93:dd:32:a2:16:8c:48:cb:82:94:
                    29:fc:d1:2f:52:2c:1f:d5:d1:05:37:67:9e:87:1c:
                    43:87:4b:63:b9:cd:ad:dc:84:90:d5:27:e2:50:5d:
                    a5:ed:e3:2b:9b:98:2e:b0:fa:1e:02:14:36:10:a0:
                    cf:85:5c:7b:ab:75:1e:53:4c:d7:92:23:0b:e6:f4:
                    23:15:ea:58:65:ff:be:aa:7e:ea:61:e7:ff:38:2f:
                    7c:fe:5e:a0:bc:17:6c:bd:66:e2:02:4d:dd:f8:a4:
                    81:80:f0:08:33:b5:65:73:7d:9b:c1:fb:c9:11:6b:
                    5d:82:b6:a5:88:53:81:8f:7c:c0:a0:e0:66:2b:f4:
                    e0:3d:b3:4f:96:ee:c0:59:e2:ed:45:24:83:70:a5:
                    5a:75:f8:07:a4:b2:62:4d:4c:e6:b6:de:6d:98:ec:
                    fc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:3B:46:F7:B4:FB:28:4F:14:B5:F1:94:7A:2E:4D:4B:A2:EF:62:C0
            X509v3 Authority Key Identifier:
                keyid:87:D9:90:13:14:67:B7:7D:11:16:2B:79:FB:E3:B0:6C:A8:AB:2D:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9mQExRnt30RFit5--OwbKirLTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/5dea97-7ef7-4db0-94bc-b8e8b34db290/1/bTtG97T7KE8UtfGUei5NS6LvYsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/5dea97-7ef7-4db0-94bc-b8e8b34db290/1/h9mQExRnt30RFit5--OwbKirLTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.144.0/22
                  5.10.128.0/21
                  5.183.248.0/22
                  23.90.192.0/18
                  31.204.80.0/21
                  45.80.252.0/22
                  45.86.96.0/22
                  45.89.76.0/22
                  45.92.180.0/22
                  45.129.216.0-45.129.218.255
                  45.133.68.0/22
                  45.142.108.0/22
                  45.152.16.0/22
                  46.18.120.0/21
                  62.192.156.0/22
                  79.99.160.0/21
                  88.218.12.0/22
                  92.119.232.0/22
                  94.154.4.0/24
                  94.187.128.0/19
                  168.220.128.0/19
                  185.20.16.0/22
                  185.48.252.0/22
                  185.86.88.0/22
                  185.87.100.0/22
                  185.98.116.0/22
                  185.132.64.0/22
                  185.133.80.0/22
                  185.134.156.0/22
                  185.135.176.0/22
                  185.138.116.0/22
                  185.163.136.0/22
                  185.163.212.0/22
                  185.163.220.0/22
                  185.163.228.0/22
                  185.169.156.0/22
                  185.186.88.0/22
                  185.191.36.0/22
                  185.197.108.0/22
                  185.241.140.0/22
                  185.254.8.0/22
                  192.214.192.0/19
                  195.216.140.0/22
                IPv6:
                  2a00:41e0::/29
                  2a00:6780::/29
                  2a01:648::/29
                  2a05:b780::/29
                  2a05:c100::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:02:96:0d:f4:a5:38:78:d6:70:91:b1:ee:95:42:56:60:7e:
         40:1b:67:f6:4b:6d:16:af:31:2f:d8:c5:ea:cc:1f:ca:b0:0f:
         1f:df:ab:b2:a1:4d:df:e9:03:6c:23:79:e7:ad:33:8f:1a:19:
         ac:2c:97:11:53:fa:3c:49:04:f0:43:bb:7e:7a:b6:c3:a7:ec:
         67:6d:d3:88:26:89:ee:04:46:15:c9:27:aa:f5:c8:c2:da:6a:
         e5:3b:6b:86:be:5a:26:2b:5a:52:65:e0:89:4e:42:52:b2:98:
         9d:a2:a8:36:f5:30:51:ed:18:d4:0c:9d:54:ac:cb:0a:f1:68:
         a1:22:26:ed:9e:02:2b:bc:2b:d4:a2:a7:35:e1:de:d6:a4:c2:
         57:78:93:86:2f:d0:8c:aa:ea:a1:a4:c6:67:4a:ea:de:1d:cf:
         80:ed:0a:11:28:09:a9:26:6f:26:42:d2:96:04:46:44:7e:0b:
         d9:1e:7f:9c:2a:26:10:29:6c:ae:bd:cd:01:d2:32:df:c9:dc:
         83:da:5a:b9:da:ec:0e:7b:2b:9b:41:a8:4b:b2:0b:5d:94:9f:
         d0:23:d8:97:a3:09:40:a2:91:50:11:3b:2e:29:90:c0:b0:5c:
         19:53:5a:36:c8:a2:f8:9e:c2:89:84:59:41:5a:bf:5d:54:e1:
         25:5e:e3:75
-----BEGIN CERTIFICATE-----
MIIGNjCCBR6gAwIBAgISAYzCbPK4PY0SeEU7ZZLoBVA5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZDk5MDEzMTQ2N2I3N2QxMTE2MmI3OWZiZTNiMDZjYThh
YjJkMzkwHhcNMjQwMTAxMDAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDNiNDZmN2I0ZmIyODRmMTRiNWYxOTQ3YTJlNGQ0YmEyZWY2MmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQN6TBdTszoGAH2sv0w3fLhiFCil
CHYDvhmziiUk3MUa+2HD0KAvEQAMsgklkEmCJ+BsAjqTSYK1fNtWAcl2tNdxGYMR
ffI7gS34Gmzy6d2MvjmbleeGhNDQ1fZdw5PdMqIWjEjLgpQp/NEvUiwf1dEFN2ee
hxxDh0tjuc2t3ISQ1SfiUF2l7eMrm5gusPoeAhQ2EKDPhVx7q3UeU0zXkiML5vQj
FepYZf++qn7qYef/OC98/l6gvBdsvWbiAk3d+KSBgPAIM7Vlc32bwfvJEWtdgral
iFOBj3zAoOBmK/TgPbNPlu7AWeLtRSSDcKVadfgHpLJiTUzmtt5tmOz8HQIDAQAB
o4IDQjCCAz4wHQYDVR0OBBYEFG07Rve0+yhPFLXxlHouTUui72LAMB8GA1UdIwQY
MBaAFIfZkBMUZ7d9ERYrefvjsGyoqy05MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDltUUV4Um50MzBSRml0NS0tT3diS2lyTFRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni81ZGVhOTctN2VmNy00ZGIwLTk0YmMt
YjhlOGIzNGRiMjkwLzEvYlR0Rzk3VDdLRThVdGZHVWVpNU5TNkx2WXNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni81ZGVhOTctN2VmNy00ZGIwLTk0YmMtYjhlOGIzNGRiMjkw
LzEvaDltUUV4Um50MzBSRml0NS0tT3diS2lyTFRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBVgYIKwYBBQUHAQcBAf8EggFFMIIBQTCCARIEAgABMIIB
CgMEAgI7kAMEAwUKgAMEAgW3+AMEBhdawAMEAx/MUAMEAi1Q/AMEAi1WYAMEAi1Z
TAMEAi1ctDAMAwQDLYHYAwQALYHaAwQCLYVEAwQCLY5sAwQCLZgQAwQDLhJ4AwQC
PsCcAwQDT2OgAwQCWNoMAwQCXHfoAwQAXpoEAwQFXruAAwQFqNyAAwQCuRQQAwQC
uTD8AwQCuVZYAwQCuVdkAwQCuWJ0AwQCuYRAAwQCuYVQAwQCuYacAwQCuYewAwQC
uYp0AwQCuaOIAwQCuaPUAwQCuaPcAwQCuaPkAwQCuamcAwQCubpYAwQCub8kAwQC
ucVsAwQCufGMAwQCuf4IAwQFwNbAAwQCw9iMMCkEAgACMCMDBQMqAEHgAwUDKgBn
gAMFAyoBBkgDBQMqBbeAAwUDKgXBADANBgkqhkiG9w0BAQsFAAOCAQEAIwKWDfSl
OHjWcJGx7pVCVmB+QBtn9kttFq8xL9jF6swfyrAPH9+rsqFN3+kDbCN5560zjxoZ
rCyXEVP6PEkE8EO7fnq2w6fsZ23TiCaJ7gRGFcknqvXIwtpq5Ttrhr5aJitaUmXg
iU5CUrKYnaKoNvUwUe0Y1AydVKzLCvFooSIm7Z4CK7wr1KKnNeHe1qTCV3iThi/Q
jKrqoaTGZ0rq3h3PgO0KESgJqSZvJkLSlgRGRH4L2R5/nComEClsrr3NAdIy38nc
g9paudrsDnsrm0GoS7ILXZSf0CPYl6MJQKKRUBE7LimQwLBcGVNaNsii+J7CiYRZ
QVq/XVThJV7jdQ==
-----END CERTIFICATE-----
Generated at Fri Aug 2 14:56:25 2024 by rpki-client on console-ams.rpki-client.org