Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/LuR3yKKDXcUHJUrMFEI1K_lp7fM.roa
File:                     LuR3yKKDXcUHJUrMFEI1K_lp7fM.roa (raw, json)
Hash identifier:          SGzdnlFuO1P0hjJjyKeMUldEk0l0FFEDh1nlHXJEHJU=
Subject key identifier:   2E:E4:77:C8:A2:83:5D:C5:07:25:4A:CC:14:42:35:2B:F9:69:ED:F3
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       01856CB855FC36F8B73E52A8648DD334BA3B
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/LuR3yKKDXcUHJUrMFEI1K_lp7fM.roa
Signing time:             Sun 01 Jan 2023 09:44:57 +0000
ROA not before:           Sun 01 Jan 2023 09:44:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     199140
IP address blocks:        80.12.240.0/23 maxlen: 24
                          80.12.243.0/24 maxlen: 24
                          80.12.250.0/24 maxlen: 24
                          80.12.253.0/24 maxlen: 25
                          80.12.249.0/24 maxlen: 24
                          80.12.254.0/24 maxlen: 24
                          195.101.150.160/28 maxlen: 28
                          80.12.212.0/24 maxlen: 24
                          80.12.213.0/24 maxlen: 24
                          195.101.150.152/29 maxlen: 29
                          81.252.94.184/29 maxlen: 29
                          83.206.119.208/28 maxlen: 28
                          2a01:cb22:4000::/36 maxlen: 56

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:b8:55:fc:36:f8:b7:3e:52:a8:64:8d:d3:34:ba:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jan  1 09:44:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2ee477c8a2835dc507254acc1442352bf969edf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1d:01:0d:f6:ef:e7:60:fe:d1:9c:93:fb:03:
                    a2:e8:c5:17:29:bc:34:61:27:8f:38:f9:a1:2d:bb:
                    f4:7e:a6:d8:5f:3f:d8:e4:3d:f6:18:25:2c:5b:4c:
                    a4:56:d1:68:56:7c:4b:9e:27:18:7a:de:a8:87:ba:
                    b3:9b:d5:b8:24:fd:ad:3d:18:f7:63:77:ca:7e:c7:
                    c7:1e:97:e5:af:f5:5d:da:6f:05:c6:24:a0:ca:1f:
                    fd:17:f6:d2:df:bb:67:b7:4b:43:ed:16:39:ac:d2:
                    80:ef:47:f3:15:4d:cc:61:1f:08:61:ec:64:c9:f5:
                    b0:ed:99:68:1b:90:7b:25:95:72:1a:58:f4:73:32:
                    5a:5e:d9:9d:75:60:48:9f:a8:2b:ae:5f:e0:a3:05:
                    e3:1b:d5:7e:d6:4c:7b:4b:2e:51:98:4d:dd:ff:f7:
                    37:67:f7:a5:16:22:dd:c6:51:60:37:e0:37:7b:4f:
                    5f:53:8b:50:34:85:45:fb:2b:5f:53:98:c0:a9:53:
                    e2:53:76:15:97:54:e4:9e:bb:c7:5a:df:fa:55:7a:
                    18:fe:56:d2:ea:91:95:36:39:42:49:8a:dd:3f:bc:
                    f8:fc:f9:44:aa:fc:c9:3e:d4:df:aa:d0:5d:c6:29:
                    b5:cb:93:03:ae:a3:cf:7d:c4:2a:dc:23:b0:eb:60:
                    11:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:E4:77:C8:A2:83:5D:C5:07:25:4A:CC:14:42:35:2B:F9:69:ED:F3
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/LuR3yKKDXcUHJUrMFEI1K_lp7fM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.12.212.0/23
                  80.12.240.0/23
                  80.12.243.0/24
                  80.12.249.0-80.12.250.255
                  80.12.253.0-80.12.254.255
                  81.252.94.184/29
                  83.206.119.208/28
                  195.101.150.152-195.101.150.175
                IPv6:
                  2a01:cb22:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         96:f3:ee:61:15:32:22:bd:1f:4b:b0:16:30:70:e9:1a:7b:1a:
         fc:40:b4:c2:14:77:3b:05:b8:96:93:ac:ac:2e:25:8b:73:88:
         ee:2c:e6:c0:3d:50:22:42:41:de:84:ad:26:9d:23:9e:8f:56:
         23:2a:b1:10:5e:c6:54:8f:15:c0:d0:74:bb:e6:c7:b3:1b:f4:
         8e:f3:5c:2c:ab:64:b2:4c:23:75:42:7e:6f:c1:2d:b5:fa:b7:
         ef:2c:15:54:17:06:89:91:e4:5e:d8:89:7e:c5:83:67:59:58:
         b7:09:8e:68:96:7e:11:38:a3:70:81:a1:92:ad:9f:1a:69:bf:
         6e:10:84:4c:af:6a:82:17:10:7a:19:83:92:9d:9f:5a:3e:1e:
         0e:d1:35:a9:24:b7:36:62:86:62:43:0b:9c:73:bf:a8:dc:91:
         08:af:28:9d:33:dd:69:3b:db:24:73:fd:48:7d:2d:f8:ef:7d:
         58:e5:dc:b3:d7:84:c9:9b:59:1c:b0:4d:40:16:19:be:a0:14:
         36:be:2d:80:cf:8a:31:6d:f7:9e:3c:cf:15:56:76:86:c8:0d:
         5f:34:08:fa:74:a4:b1:53:47:b3:30:7b:56:0d:33:c3:89:c6:
         11:fc:23:e5:d5:b6:d6:ae:52:d5:0d:4f:24:fd:64:f5:f8:55:
         e8:bf:cb:c0
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYVsuFX8Nvi3PlKoZI3TNLo7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjMwMTAxMDk0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWU0NzdjOGEyODM1ZGM1MDcyNTRhY2MxNDQyMzUyYmY5NjllZGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh0BDfbv52D+0ZyT+wOi6MUXKbw0
YSePOPmhLbv0fqbYXz/Y5D32GCUsW0ykVtFoVnxLnicYet6oh7qzm9W4JP2tPRj3
Y3fKfsfHHpflr/Vd2m8FxiSgyh/9F/bS37tnt0tD7RY5rNKA70fzFU3MYR8IYexk
yfWw7ZloG5B7JZVyGlj0czJaXtmddWBIn6grrl/gowXjG9V+1kx7Sy5RmE3d//c3
Z/elFiLdxlFgN+A3e09fU4tQNIVF+ytfU5jAqVPiU3YVl1TknrvHWt/6VXoY/lbS
6pGVNjlCSYrdP7z4/PlEqvzJPtTfqtBdxim1y5MDrqPPfcQq3COw62ARhwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFC7kd8iig13FByVKzBRCNSv5ae3zMB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvTHVSM3lLS0RYY1VISlVyTUZFSTFLX2xwN2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBSBAIAATBMAwQBUAzUAwQB
UAzwAwQAUAzzMAwDBABQDPkDBABQDPowDAMEAFAM/QMEAFAM/gMFA1H8XrgDBQRT
znfQMA4DBQPDZZaYAwUEw2WWoDAOBAIAAjAIAwYEKgHLIkAwDQYJKoZIhvcNAQEL
BQADggEBAJbz7mEVMiK9H0uwFjBw6Rp7GvxAtMIUdzsFuJaTrKwuJYtziO4s5sA9
UCJCQd6ErSadI56PViMqsRBexlSPFcDQdLvmx7Mb9I7zXCyrZLJMI3VCfm/BLbX6
t+8sFVQXBomR5F7YiX7Fg2dZWLcJjmiWfhE4o3CBoZKtnxppv24QhEyvaoIXEHoZ
g5Kdn1o+Hg7RNakktzZihmJDC5xzv6jckQivKJ0z3Wk72yRz/Uh9LfjvfVjl3LPX
hMmbWRywTUAWGb6gFDa+LYDPijFt9548zxVWdobIDV80CPp0pLFTR7Mwe1YNM8OJ
xhH8I+XVttauUtUNTyT9ZPX4Vei/y8A=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:51 2024 by rpki-client on console-fra.rpki-client.org