Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/n6aYRBGHlUZYpb4iw-twmkyDdgo.roa
File:                     n6aYRBGHlUZYpb4iw-twmkyDdgo.roa (raw, json)
Hash identifier:          am/k1hBT4qPJJ38h2KMPc9KLjo9prPqxp7muzfNW00w=
Subject key identifier:   9F:A6:98:44:11:87:95:46:58:A5:BE:22:C3:EB:70:9A:4C:83:76:0A
Certificate issuer:       /CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
Certificate serial:       01856B77AA89961DAA67E7EF9669666936D0
Authority key identifier: 7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/n6aYRBGHlUZYpb4iw-twmkyDdgo.roa
Signing time:             Sun 01 Jan 2023 03:54:42 +0000
ROA not before:           Sun 01 Jan 2023 03:54:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     43207
IP address blocks:        46.231.8.0/21 maxlen: 24
                          91.209.142.0/24 maxlen: 24
                          185.44.248.0/22 maxlen: 24
                          151.249.64.0/20 maxlen: 24
                          85.95.32.0/19 maxlen: 19
                          209.35.128.0/20 maxlen: 20
                          185.168.144.0/22 maxlen: 22
                          185.113.0.0/22 maxlen: 24
                          91.214.228.0/22 maxlen: 24
                          5.133.172.0/22 maxlen: 24
                          2a01:5640::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:30:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:77:aa:89:96:1d:aa:67:e7:ef:96:69:66:69:36:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e45a9a0353a33c6a4f93608f9d25f27c85948b7
        Validity
            Not Before: Jan  1 03:54:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9fa698441187954658a5be22c3eb709a4c83760a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:fc:7b:6b:de:10:c6:16:bb:72:d1:6d:47:be:
                    b5:45:66:16:d2:f8:c3:09:36:cc:a2:f6:02:8e:7d:
                    84:1b:ce:d8:5c:6d:3a:22:27:10:54:a0:33:aa:68:
                    97:ab:bd:c2:0a:63:5f:dc:1c:c2:0c:d2:60:b2:83:
                    dd:8f:4d:55:8d:f2:da:f7:a6:91:09:df:bf:63:36:
                    16:26:fe:c1:f8:99:fe:3b:5d:8f:c6:f8:93:3d:f8:
                    99:f3:4c:34:53:80:e9:46:ea:1a:86:2f:29:97:f4:
                    b3:6c:a3:a9:ea:0a:57:0e:9e:b7:4e:5e:2a:e8:51:
                    c2:33:9e:d9:61:e8:5e:3e:52:92:0c:bb:31:df:7b:
                    0e:aa:5d:ca:9a:29:ec:0a:fb:4b:78:ff:e0:f5:b2:
                    27:8b:e1:23:db:bf:ea:a7:cb:0f:cf:72:f0:7a:09:
                    ff:47:06:20:a1:89:8f:ed:3d:5d:9d:ca:af:24:7f:
                    f5:e7:39:e8:e5:7f:34:a0:dd:36:b8:b8:0f:fa:b4:
                    81:53:3c:f7:aa:8d:77:3c:e2:01:06:f8:17:33:ec:
                    43:e1:7b:9f:27:6a:69:24:8b:90:08:6a:f1:5c:b1:
                    e2:3e:04:ff:55:36:81:a2:ce:82:3a:8d:63:b0:c3:
                    3b:f2:5b:51:64:4f:ba:bc:ac:60:3d:b6:c6:64:e9:
                    34:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A6:98:44:11:87:95:46:58:A5:BE:22:C3:EB:70:9A:4C:83:76:0A
            X509v3 Authority Key Identifier:
                keyid:7E:45:A9:A0:35:3A:33:C6:A4:F9:36:08:F9:D2:5F:27:C8:59:48:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/n6aYRBGHlUZYpb4iw-twmkyDdgo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/dd7beb-6f78-419b-957d-37a60c335a5d/1/fkWpoDU6M8ak-TYI-dJfJ8hZSLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.172.0/22
                  46.231.8.0/21
                  85.95.32.0/19
                  91.209.142.0/24
                  91.214.228.0/22
                  151.249.64.0/20
                  185.44.248.0/22
                  185.113.0.0/22
                  185.168.144.0/22
                  209.35.128.0/20
                IPv6:
                  2a01:5640::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:3e:8e:cb:b1:85:9f:42:12:d6:6a:0d:93:b7:b3:e4:3a:76:
         03:a2:5a:b1:27:ed:ee:fd:2d:5a:fa:ff:96:43:b7:32:11:dd:
         04:dd:e7:90:8f:eb:76:f0:cf:f4:ea:5f:80:46:fb:76:7f:29:
         94:63:34:f3:91:4c:d0:37:af:bd:6b:57:4a:36:55:ad:f8:43:
         53:ca:8d:69:32:91:e4:fe:29:80:52:3a:51:d5:cf:2a:31:a9:
         17:cb:15:6e:7e:52:ba:38:97:4e:20:42:a0:29:b4:6d:2a:86:
         ac:13:d7:78:7e:aa:3a:0c:fa:39:9d:63:e1:db:30:01:a3:1e:
         2b:85:79:fb:eb:3d:f7:13:0d:da:5b:cc:b4:7b:e0:04:97:dc:
         94:93:11:75:16:37:1c:97:93:af:47:dd:b8:4a:09:fb:98:c1:
         8f:66:ef:22:4a:51:b4:08:b0:f7:dd:e3:87:38:5a:d2:f7:5e:
         43:0a:f9:07:7a:97:8f:14:76:d9:17:f2:8f:72:14:c4:ef:a6:
         18:fb:00:53:92:1f:07:03:5f:41:ab:74:db:ea:0b:b5:34:39:
         05:28:4f:74:73:84:29:98:b1:53:e0:74:7e:ac:a0:9f:13:01:
         9e:a9:4f:97:ce:ca:03:74:5b:5f:a7:e3:07:e4:3e:e7:07:17:
         2f:ec:d3:3f
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYVrd6qJlh2qZ+fvlmlmaTbQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNDVhOWEwMzUzYTMzYzZhNGY5MzYwOGY5ZDI1ZjI3Yzg1
OTQ4YjcwHhcNMjMwMTAxMDM1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE2OTg0NDExODc5NTQ2NThhNWJlMjJjM2ViNzA5YTRjODM3NjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPx7a94Qxha7ctFtR761RWYW0vjD
CTbMovYCjn2EG87YXG06IicQVKAzqmiXq73CCmNf3BzCDNJgsoPdj01VjfLa96aR
Cd+/YzYWJv7B+Jn+O12PxviTPfiZ80w0U4DpRuoahi8pl/SzbKOp6gpXDp63Tl4q
6FHCM57ZYehePlKSDLsx33sOql3KminsCvtLeP/g9bIni+Ej27/qp8sPz3Lwegn/
RwYgoYmP7T1dncqvJH/15zno5X80oN02uLgP+rSBUzz3qo13POIBBvgXM+xD4Xuf
J2ppJIuQCGrxXLHiPgT/VTaBos6COo1jsMM78ltRZE+6vKxgPbbGZOk0fwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFJ+mmEQRh5VGWKW+IsPrcJpMg3YKMB8GA1UdIwQY
MBaAFH5FqaA1OjPGpPk2CPnSXyfIWUi3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2Qt
MzdhNjBjMzM1YTVkLzEvbjZhWVJCR0hsVVpZcGI0aXctdHdta3lEZGdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9kZDdiZWItNmY3OC00MTliLTk1N2QtMzdhNjBjMzM1YTVk
LzEvZmtXcG9EVTZNOGFrLVRZSS1kSmZKOGhaU0xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQCBYWsAwQD
LucIAwQFVV8gAwQAW9GOAwQCW9bkAwQEl/lAAwQCuSz4AwQCuXEAAwQCuaiQAwQE
0SOAMA0EAgACMAcDBQAqAVZAMA0GCSqGSIb3DQEBCwUAA4IBAQBiPo7LsYWfQhLW
ag2Tt7PkOnYDolqxJ+3u/S1a+v+WQ7cyEd0E3eeQj+t28M/06l+ARvt2fymUYzTz
kUzQN6+9a1dKNlWt+ENTyo1pMpHk/imAUjpR1c8qMakXyxVuflK6OJdOIEKgKbRt
KoasE9d4fqo6DPo5nWPh2zABox4rhXn76z33Ew3aW8y0e+AEl9yUkxF1Fjccl5Ov
R924Sgn7mMGPZu8iSlG0CLD33eOHOFrS915DCvkHepePFHbZF/KPchTE76YY+wBT
kh8HA19Bq3Tb6gu1NDkFKE90c4QpmLFT4HR+rKCfEwGeqU+XzsoDdFtfp+MH5D7n
Bxcv7NM/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:23 2024 by rpki-client on console-fra.rpki-client.org