Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/vGEbJ0BmDR5BQw-k3XwqqJh7umI.roa
File:                     vGEbJ0BmDR5BQw-k3XwqqJh7umI.roa (raw, json)
Hash identifier:          HuGj/R+6gNz1DIWXB/334tzYW2iGyQlwN0IOKahzudM=
Subject key identifier:   BC:61:1B:27:40:66:0D:1E:41:43:0F:A4:DD:7C:2A:A8:98:7B:BA:62
Certificate issuer:       /CN=172537601a31697404922d957e74450f5a9cbe73
Certificate serial:       0185703077CB3B2189F2353ED6DB9D412248
Authority key identifier: 17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/vGEbJ0BmDR5BQw-k3XwqqJh7umI.roa
Signing time:             Mon 02 Jan 2023 01:55:02 +0000
ROA not before:           Mon 02 Jan 2023 01:55:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25534
IP address blocks:        81.17.164.0/22 maxlen: 24
                          81.17.160.0/22 maxlen: 24
                          185.146.16.0/22 maxlen: 24
                          81.17.160.0/20 maxlen: 24
                          81.17.168.0/22 maxlen: 24
                          81.17.172.0/22 maxlen: 24
                          217.15.176.0/20 maxlen: 24
                          217.15.176.0/22 maxlen: 24
                          217.15.180.0/22 maxlen: 24
                          217.15.184.0/22 maxlen: 24
                          217.15.188.0/22 maxlen: 24
                          2a00:1a08::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:30:77:cb:3b:21:89:f2:35:3e:d6:db:9d:41:22:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=172537601a31697404922d957e74450f5a9cbe73
        Validity
            Not Before: Jan  2 01:55:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bc611b2740660d1e41430fa4dd7c2aa8987bba62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c4:c8:11:d7:38:f4:80:0d:5c:c8:a4:d3:de:
                    88:cd:c2:0c:ee:a6:88:3e:61:f8:12:f0:0f:f2:32:
                    04:25:52:27:96:b9:01:1e:66:69:2d:cd:f7:52:eb:
                    91:20:6d:12:f2:1d:f4:af:9e:82:ea:a6:46:de:41:
                    71:27:ec:60:85:d9:8c:35:a1:8a:57:3f:f9:95:c4:
                    d1:1e:56:d0:a1:d9:22:c7:73:05:4a:da:2b:aa:1d:
                    3e:48:a9:d4:4e:e2:f7:70:7b:5b:bb:ea:b4:26:bc:
                    72:27:8f:98:e1:dc:41:71:09:eb:85:17:0b:a0:53:
                    c2:2c:40:c0:fb:b4:9e:eb:d5:ec:a1:86:67:b8:10:
                    69:83:5c:68:93:cc:2b:00:ca:6d:73:bc:e8:79:be:
                    9d:2d:dc:01:04:22:78:19:94:3e:d2:85:b9:ff:1f:
                    8e:fb:eb:44:1d:80:c7:c9:9c:cb:5c:76:da:36:78:
                    81:af:18:ad:63:ee:d0:4d:ed:74:85:fd:33:8a:21:
                    0d:aa:2f:49:ac:42:54:fd:df:e6:36:89:6c:1b:98:
                    ff:e0:7c:03:a1:25:59:48:98:59:ed:c2:2d:97:3c:
                    86:eb:62:67:87:73:0d:24:b9:7b:44:ff:8a:d6:ea:
                    7e:1b:0b:65:ea:0f:32:64:dd:f6:ff:28:64:8d:4d:
                    d7:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:61:1B:27:40:66:0D:1E:41:43:0F:A4:DD:7C:2A:A8:98:7B:BA:62
            X509v3 Authority Key Identifier:
                keyid:17:25:37:60:1A:31:69:74:04:92:2D:95:7E:74:45:0F:5A:9C:BE:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FyU3YBoxaXQEki2VfnRFD1qcvnM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/vGEbJ0BmDR5BQw-k3XwqqJh7umI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/219cae-264d-46a7-9e64-e604b61be0ea/1/FyU3YBoxaXQEki2VfnRFD1qcvnM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.17.160.0/20
                  185.146.16.0/22
                  217.15.176.0/20
                IPv6:
                  2a00:1a08::/32

    Signature Algorithm: sha256WithRSAEncryption
         61:62:72:40:ec:13:26:ee:7d:27:db:9c:35:13:44:ed:8f:95:
         57:08:b5:22:57:69:cd:52:74:d1:87:39:ed:61:23:81:68:e0:
         0b:d5:ee:f7:7b:78:d5:9f:69:d6:ca:b3:04:08:75:9d:6a:42:
         e0:48:68:f6:ec:f2:93:f8:90:54:7b:a3:d6:48:dc:89:d2:51:
         36:bc:b5:e9:70:cf:0c:26:77:10:13:67:16:0a:59:68:1c:89:
         c9:5a:47:a6:ef:50:41:eb:f9:dd:02:48:8f:33:25:1c:f3:50:
         21:ca:da:8c:26:a2:36:ff:83:e8:63:db:af:1b:d7:21:93:35:
         32:8f:18:ed:ed:4b:70:85:57:d1:32:ef:46:99:40:e4:7a:63:
         4b:75:f0:22:c5:31:90:bd:d4:22:db:83:64:1c:9b:06:93:08:
         fc:52:4c:ce:4c:e1:33:1b:33:f2:31:62:88:f2:59:c5:9d:75:
         25:ca:53:65:83:ee:f8:f3:f6:ac:21:48:f2:85:e4:4d:28:7f:
         35:83:cc:ef:94:ef:90:bc:a9:74:32:33:a3:87:6a:05:79:d4:
         f0:6e:64:0f:bf:cb:f5:68:67:ea:d8:13:1d:cd:ed:84:14:d1:
         b3:26:57:2b:99:7d:2b:9b:cb:53:e8:8d:d7:b3:27:cb:92:82:
         48:da:fd:55
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVwMHfLOyGJ8jU+1tudQSJIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MjUzNzYwMWEzMTY5NzQwNDkyMmQ5NTdlNzQ0NTBmNWE5
Y2JlNzMwHhcNMjMwMTAyMDE1NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzYxMWIyNzQwNjYwZDFlNDE0MzBmYTRkZDdjMmFhODk4N2JiYTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8TIEdc49IANXMik096IzcIM7qaI
PmH4EvAP8jIEJVInlrkBHmZpLc33UuuRIG0S8h30r56C6qZG3kFxJ+xghdmMNaGK
Vz/5lcTRHlbQodkix3MFStorqh0+SKnUTuL3cHtbu+q0JrxyJ4+Y4dxBcQnrhRcL
oFPCLEDA+7Se69XsoYZnuBBpg1xok8wrAMptc7zoeb6dLdwBBCJ4GZQ+0oW5/x+O
++tEHYDHyZzLXHbaNniBrxitY+7QTe10hf0ziiENqi9JrEJU/d/mNolsG5j/4HwD
oSVZSJhZ7cItlzyG62Jnh3MNJLl7RP+K1up+Gwtl6g8yZN32/yhkjU3XCQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLxhGydAZg0eQUMPpN18KqiYe7piMB8GA1UdIwQY
MBaAFBclN2AaMWl0BJItlX50RQ9anL5zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQt
ZTYwNGI2MWJlMGVhLzEvdkdFYkowQm1EUjVCUXctazNYd3FxSmg3dW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMTljYWUtMjY0ZC00NmE3LTllNjQtZTYwNGI2MWJlMGVh
LzEvRnlVM1lCb3hhWFFFa2kyVmZuUkZEMXFjdm5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQEURGgAwQC
uZIQAwQE2Q+wMA0EAgACMAcDBQAqABoIMA0GCSqGSIb3DQEBCwUAA4IBAQBhYnJA
7BMm7n0n25w1E0Ttj5VXCLUiV2nNUnTRhzntYSOBaOAL1e73e3jVn2nWyrMECHWd
akLgSGj27PKT+JBUe6PWSNyJ0lE2vLXpcM8MJncQE2cWClloHInJWkem71BB6/nd
AkiPMyUc81AhytqMJqI2/4PoY9uvG9chkzUyjxjt7UtwhVfRMu9GmUDkemNLdfAi
xTGQvdQi24NkHJsGkwj8UkzOTOEzGzPyMWKI8lnFnXUlylNlg+748/asIUjyheRN
KH81g8zvlO+QvKl0MjOjh2oFedTwbmQPv8v1aGfq2BMdze2EFNGzJlcrmX0rm8tT
6I3XsyfLkoJI2v1V
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:32 2024 by rpki-client on console-ams.rpki-client.org