Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/3645b2-af2e-4c0d-9812-69eec5b4b505/1/xuOiwzu70KfR_mfbeGEf-LMkGEY.roa
File:                     xuOiwzu70KfR_mfbeGEf-LMkGEY.roa (raw, json)
Hash identifier:          g4uYUP9DcXFzRUwxZY0ZB9mz9c2OddnOYgLwhu+eVds=
Subject key identifier:   C6:E3:A2:C3:3B:BB:D0:A7:D1:FE:67:DB:78:61:1F:F8:B3:24:18:46
Certificate issuer:       /CN=3eecd4caa9a3a57715e3d5d66bccd7185afe40da
Certificate serial:       0187943DF6728A5ACCA7FF98A6A0DB32332B
Authority key identifier: 3E:EC:D4:CA:A9:A3:A5:77:15:E3:D5:D6:6B:CC:D7:18:5A:FE:40:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PuzUyqmjpXcV49XWa8zXGFr-QNo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/3645b2-af2e-4c0d-9812-69eec5b4b505/1/xuOiwzu70KfR_mfbeGEf-LMkGEY.roa
Signing time:             Tue 18 Apr 2023 12:01:41 +0000
ROA not before:           Tue 18 Apr 2023 12:01:41 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12678
IP address blocks:        159.253.176.0/22 maxlen: 22
                          159.253.180.0/24 maxlen: 24
                          185.153.128.0/22 maxlen: 24
                          159.253.181.0/24 maxlen: 24
                          185.153.131.0/24 maxlen: 24
                          31.222.64.0/22 maxlen: 23
                          31.222.70.0/24 maxlen: 24
                          31.222.70.0/23 maxlen: 23
                          31.222.71.0/24 maxlen: 24
                          31.222.66.0/23 maxlen: 24
                          31.222.68.0/23 maxlen: 23
                          31.222.72.0/22 maxlen: 24
                          31.222.78.0/23 maxlen: 24
                          31.222.76.0/23 maxlen: 23
                          2a00:aea0:113::/48 maxlen: 48
                          2a00:aea0:213::/48 maxlen: 48
                          2a00:aea0:111::/48 maxlen: 48
                          2a00:aea0:211::/48 maxlen: 48
                          2a00:aea0:112::/48 maxlen: 48
                          2a00:aea0:212::/48 maxlen: 48
                          2a00:aea0:100::/40 maxlen: 40
                          2a00:aea0:200::/40 maxlen: 40
                          2a00:aea0:600::/40 maxlen: 40
                          2a00:aea0:6500::/40 maxlen: 40

Validation:               Failed, certificate revoked on Wed 19 Apr 2023 15:26:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:94:3d:f6:72:8a:5a:cc:a7:ff:98:a6:a0:db:32:33:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eecd4caa9a3a57715e3d5d66bccd7185afe40da
        Validity
            Not Before: Apr 18 12:01:41 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c6e3a2c33bbbd0a7d1fe67db78611ff8b3241846
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:04:bf:71:bd:b1:3a:bc:61:72:b6:e3:d7:89:
                    40:a6:a6:65:46:7d:f7:94:5b:c1:01:a4:1a:6a:ef:
                    a8:77:42:49:78:bb:ad:ae:63:50:bf:68:eb:0a:02:
                    89:83:d3:c0:32:5c:3a:f3:cf:e2:4b:63:29:29:b3:
                    61:4c:a0:5c:d6:43:6b:c8:32:5b:3c:fe:a9:dd:eb:
                    a8:d3:3a:22:ff:ca:f1:88:03:d5:aa:83:40:02:d0:
                    0f:f2:00:87:df:75:00:75:f1:6d:e2:7e:12:b7:30:
                    91:f7:27:bb:e3:f1:66:b6:df:c5:5d:a4:83:0f:66:
                    55:66:c8:88:50:79:27:f7:c7:0d:54:51:76:5f:c2:
                    fa:a9:ce:3d:63:91:cf:ad:fd:ec:45:b7:fe:d3:b7:
                    57:36:ae:94:dc:3e:0e:53:77:e0:8d:28:bf:04:28:
                    1d:9c:20:25:62:77:a2:f4:99:0b:c5:c4:e3:e7:e8:
                    1c:42:0e:da:f9:7b:87:70:83:b4:26:a5:d9:4c:41:
                    62:21:61:2f:0e:c6:7d:48:b1:33:d0:9d:35:1f:f6:
                    61:91:2a:fd:c8:dc:c2:2c:1a:b7:b1:a2:95:66:e7:
                    02:8f:28:2a:3e:af:bd:47:d3:a0:d8:97:33:6d:c0:
                    cf:e4:be:b6:50:86:ba:d6:84:34:d7:1f:4b:86:fe:
                    6a:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E3:A2:C3:3B:BB:D0:A7:D1:FE:67:DB:78:61:1F:F8:B3:24:18:46
            X509v3 Authority Key Identifier:
                keyid:3E:EC:D4:CA:A9:A3:A5:77:15:E3:D5:D6:6B:CC:D7:18:5A:FE:40:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PuzUyqmjpXcV49XWa8zXGFr-QNo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/3645b2-af2e-4c0d-9812-69eec5b4b505/1/xuOiwzu70KfR_mfbeGEf-LMkGEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/3645b2-af2e-4c0d-9812-69eec5b4b505/1/PuzUyqmjpXcV49XWa8zXGFr-QNo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.64.0/20
                  159.253.176.0-159.253.181.255
                  185.153.128.0/22
                IPv6:
                  2a00:aea0:100::-2a00:aea0:2ff:ffff:ffff:ffff:ffff:ffff
                  2a00:aea0:600::/40
                  2a00:aea0:6500::/40

    Signature Algorithm: sha256WithRSAEncryption
         38:15:e4:91:2b:6f:14:b7:3f:8c:89:b4:9e:15:3e:60:a4:94:
         28:b7:6e:86:f2:78:95:7d:b0:08:78:3e:df:e1:f8:b6:ed:41:
         2d:5f:44:a1:4a:0c:0b:3f:01:26:86:bd:fd:95:d0:5e:64:33:
         87:80:91:f0:5c:5d:7a:09:18:f8:f4:da:4f:3c:21:44:ac:6d:
         a7:d4:e9:c4:0e:9b:a1:ca:45:51:5b:73:05:79:ae:a9:90:b9:
         46:7f:f9:8d:9c:5a:79:3d:74:3a:81:17:35:c3:97:38:aa:a5:
         1a:40:85:6f:ca:51:95:8a:f7:c6:a5:29:2d:26:75:33:86:01:
         7a:8f:70:b5:dc:77:ba:37:69:73:13:60:39:d2:f4:9d:c0:d4:
         cd:5f:3d:42:df:44:a1:ac:38:39:77:9b:af:aa:22:fa:aa:43:
         a4:03:ae:c8:83:2f:ba:1a:c8:1e:cf:de:be:88:5f:9b:27:cc:
         a7:db:08:e1:13:2e:e2:5b:e3:1c:06:5a:70:22:a2:2e:55:e8:
         8a:45:58:38:e7:5a:3f:34:41:af:f3:55:ae:34:db:47:90:24:
         7d:6c:a6:fc:77:36:74:38:a7:3e:ab:a0:6b:12:d6:2a:49:1e:
         7d:bf:84:ec:d7:bc:58:98:ee:7a:24:4e:05:e3:a1:5e:57:69:
         e8:38:66:b0
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYeUPfZyilrMp/+YpqDbMjMrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZWNkNGNhYTlhM2E1NzcxNWUzZDVkNjZiY2NkNzE4NWFm
ZTQwZGEwHhcNMjMwNDE4MTIwMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmUzYTJjMzNiYmJkMGE3ZDFmZTY3ZGI3ODYxMWZmOGIzMjQxODQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAS/cb2xOrxhcrbj14lApqZlRn33
lFvBAaQaau+od0JJeLutrmNQv2jrCgKJg9PAMlw688/iS2MpKbNhTKBc1kNryDJb
PP6p3euo0zoi/8rxiAPVqoNAAtAP8gCH33UAdfFt4n4StzCR9ye74/Fmtt/FXaSD
D2ZVZsiIUHkn98cNVFF2X8L6qc49Y5HPrf3sRbf+07dXNq6U3D4OU3fgjSi/BCgd
nCAlYnei9JkLxcTj5+gcQg7a+XuHcIO0JqXZTEFiIWEvDsZ9SLEz0J01H/ZhkSr9
yNzCLBq3saKVZucCjygqPq+9R9Og2JczbcDP5L62UIa61oQ01x9Lhv5quQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFMbjosM7u9Cn0f5n23hhH/izJBhGMB8GA1UdIwQY
MBaAFD7s1Mqpo6V3FePV1mvM1xha/kDaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHV6VXlxbWpwWGNWNDlYV2E4elhHRnItUU5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8zNjQ1YjItYWYyZS00YzBkLTk4MTIt
NjllZWM1YjRiNTA1LzEveHVPaXd6dTcwS2ZSX21mYmVHRWYtTE1rR0VZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8zNjQ1YjItYWYyZS00YzBkLTk4MTItNjllZWM1YjRiNTA1
LzEvUHV6VXlxbWpwWGNWNDlYV2E4elhHRnItUU5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDAgBAIAATAaAwQEH95AMAwD
BASf/bADBAGf/bQDBAK5mYAwKAQCAAIwIjAQAwYAKgCuoAEDBgAqAK6gAgMGACoA
rqAGAwYAKgCuoGUwDQYJKoZIhvcNAQELBQADggEBADgV5JErbxS3P4yJtJ4VPmCk
lCi3bobyeJV9sAh4Pt/h+LbtQS1fRKFKDAs/ASaGvf2V0F5kM4eAkfBcXXoJGPj0
2k88IUSsbafU6cQOm6HKRVFbcwV5rqmQuUZ/+Y2cWnk9dDqBFzXDlziqpRpAhW/K
UZWK98alKS0mdTOGAXqPcLXcd7o3aXMTYDnS9J3A1M1fPULfRKGsODl3m6+qIvqq
Q6QDrsiDL7oayB7P3r6IX5snzKfbCOETLuJb4xwGWnAioi5V6IpFWDjnWj80Qa/z
Va4020eQJH1spvx3NnQ4pz6roGsS1ipJHn2/hOzXvFiY7nokTgXjoV5Xaeg4ZrA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:57 2024 by rpki-client on console-fra.rpki-client.org