Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/1-LiCQg9aTOo8uim3OsCZaD35pGs.roa
File:                     1-LiCQg9aTOo8uim3OsCZaD35pGs.roa (raw, json)
Hash identifier:          mWIloevfj26R3T3QikTsO9z0FgbyQHUPcaG+ilMserA=
Subject key identifier:   F8:B8:82:42:0F:5A:4C:EA:3C:BA:29:B7:3A:C0:99:68:3D:F9:A4:6B
Certificate issuer:       /CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
Certificate serial:       01856B936300B54B43EC933BAE58177D74B9
Authority key identifier: C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/1-LiCQg9aTOo8uim3OsCZaD35pGs.roa
Signing time:             Sun 01 Jan 2023 04:24:59 +0000
ROA not before:           Sun 01 Jan 2023 04:24:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60032
IP address blocks:        193.56.168.0/22 maxlen: 22
                          45.152.184.0/22 maxlen: 22
                          194.36.137.0/24 maxlen: 24
                          45.129.48.0/22 maxlen: 22
                          185.107.84.0/22 maxlen: 24
                          185.61.144.0/22 maxlen: 22
                          109.70.16.0/21 maxlen: 22
                          45.85.176.0/22 maxlen: 22
                          45.11.148.0/22 maxlen: 22
                          194.36.221.0/24 maxlen: 24
                          80.240.176.0/21 maxlen: 21
                          185.163.60.0/22 maxlen: 22
                          80.240.188.0/22 maxlen: 22
                          45.90.224.0/22 maxlen: 22
                          185.203.180.0/22 maxlen: 22
                          194.36.169.0/24 maxlen: 24
                          5.252.60.0/22 maxlen: 22
                          194.36.167.0/24 maxlen: 24
                          188.92.64.0/21 maxlen: 22
                          5.252.88.0/22 maxlen: 22
                          185.13.180.0/22 maxlen: 22
                          95.214.44.0/22 maxlen: 22
                          2.59.68.0/22 maxlen: 22
                          2.59.72.0/22 maxlen: 22
                          193.8.116.0/22 maxlen: 22
                          185.229.176.0/22 maxlen: 22
                          128.127.16.0/21 maxlen: 22
                          185.253.36.0/22 maxlen: 22
                          212.104.240.0/20 maxlen: 20
                          185.128.140.0/22 maxlen: 23
                          194.182.112.0/20 maxlen: 22
                          2a06:4280::/29 maxlen: 32
                          2a02:cfc0::/29 maxlen: 32
                          2a02:79e0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:93:63:00:b5:4b:43:ec:93:3b:ae:58:17:7d:74:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c868ca82147ed2277b4bcc69a5285bae735f2e44
        Validity
            Not Before: Jan  1 04:24:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f8b882420f5a4cea3cba29b73ac099683df9a46b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:db:f9:23:90:b7:56:84:9d:f6:62:ec:f0:67:
                    94:4a:aa:74:15:61:bc:a1:ee:36:21:dc:0a:60:2c:
                    3a:91:ab:95:30:af:86:38:fb:57:7c:10:1d:57:94:
                    a8:95:88:a2:b9:e2:9f:af:35:66:bd:e1:ea:7b:61:
                    36:ef:88:2a:03:55:01:fc:bc:68:ef:24:5b:79:15:
                    09:64:f9:03:cf:3a:ce:76:dc:0a:10:b9:97:82:b7:
                    f5:f9:3d:26:62:36:19:cc:3e:f7:53:6a:11:0e:b2:
                    ea:06:03:f0:5e:88:70:16:84:77:d7:ac:f9:68:ba:
                    93:02:9b:c2:d5:4c:13:7b:d6:b7:12:80:18:63:3b:
                    85:17:c5:e7:98:70:e3:77:69:54:4d:c2:bc:3d:7c:
                    73:f1:7b:f2:f0:c4:1b:8f:84:e3:28:bb:ea:5a:4e:
                    fd:cf:62:8f:23:57:e5:e8:ba:73:57:25:13:10:0d:
                    6c:9b:84:0f:a0:77:2f:98:8a:ae:9c:88:e0:ff:96:
                    f1:b7:b1:95:08:a4:b1:79:19:aa:1b:c9:52:c9:f0:
                    c8:59:c4:a7:23:5b:73:d2:9d:81:32:5d:99:4d:01:
                    58:7e:0a:c3:08:6e:16:3c:80:f9:50:0c:e2:54:57:
                    60:51:c7:76:77:2c:fb:bd:c8:03:ae:7e:d2:03:12:
                    f8:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:B8:82:42:0F:5A:4C:EA:3C:BA:29:B7:3A:C0:99:68:3D:F9:A4:6B
            X509v3 Authority Key Identifier:
                keyid:C8:68:CA:82:14:7E:D2:27:7B:4B:CC:69:A5:28:5B:AE:73:5F:2E:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yGjKghR-0id7S8xppShbrnNfLkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/1-LiCQg9aTOo8uim3OsCZaD35pGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/042c33-ab6b-48be-a492-66849019627e/1/yGjKghR-0id7S8xppShbrnNfLkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.68.0-2.59.75.255
                  5.252.60.0/22
                  5.252.88.0/22
                  45.11.148.0/22
                  45.85.176.0/22
                  45.90.224.0/22
                  45.129.48.0/22
                  45.152.184.0/22
                  80.240.176.0/21
                  80.240.188.0/22
                  95.214.44.0/22
                  109.70.16.0/21
                  128.127.16.0/21
                  185.13.180.0/22
                  185.61.144.0/22
                  185.107.84.0/22
                  185.128.140.0/22
                  185.163.60.0/22
                  185.203.180.0/22
                  185.229.176.0/22
                  185.253.36.0/22
                  188.92.64.0/21
                  193.8.116.0/22
                  193.56.168.0/22
                  194.36.137.0/24
                  194.36.167.0/24
                  194.36.169.0/24
                  194.36.221.0/24
                  194.182.112.0/20
                  212.104.240.0/20
                IPv6:
                  2a02:79e0::/32
                  2a02:cfc0::/29
                  2a06:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:b9:e5:6a:0e:81:41:81:28:11:bf:2a:66:d9:5f:d2:f5:cb:
         db:56:70:a1:3f:9e:aa:e6:16:2a:2f:d2:6b:7e:12:6b:11:c5:
         84:4f:19:40:bf:c8:c1:51:75:c3:11:c5:66:6c:4d:88:d0:8d:
         2b:bd:f7:e1:87:26:d6:a0:94:46:20:57:d5:52:3c:3a:6a:67:
         df:55:a3:bf:53:81:f2:9c:70:5a:8d:7a:09:a5:44:ee:82:c4:
         9b:53:c2:a6:e5:21:10:eb:c5:c5:92:78:d7:ca:f1:3b:a1:e3:
         08:ab:0b:f0:43:63:5b:3d:a5:1f:e9:86:c8:dd:a3:44:f2:8a:
         d1:17:44:9f:f1:66:cc:7d:2f:9e:8a:e0:79:ca:4f:87:bf:d0:
         22:d5:f9:b4:f9:b7:80:20:36:2a:ed:c1:fb:2a:d7:5c:2b:f2:
         70:50:89:ab:3e:49:88:00:74:ec:47:22:d7:06:0d:0d:bc:d5:
         33:b4:c3:e3:27:03:3e:55:6b:11:d9:4b:7b:ec:f9:49:52:a7:
         3b:6a:2a:8f:7d:ed:e8:97:95:2a:1a:52:ae:8d:9e:64:62:49:
         b6:89:7b:13:f5:a4:15:fb:0c:2e:f7:8b:b4:bf:73:bd:53:9d:
         f7:04:b2:cf:3d:f7:da:1f:7c:68:64:e9:5a:a4:cd:8c:f5:b5:
         71:3a:9f:e1
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAYVrk2MAtUtD7JM7rlgXfXS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NjhjYTgyMTQ3ZWQyMjc3YjRiY2M2OWE1Mjg1YmFlNzM1
ZjJlNDQwHhcNMjMwMTAxMDQyNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGI4ODI0MjBmNWE0Y2VhM2NiYTI5YjczYWMwOTk2ODNkZjlhNDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi9v5I5C3VoSd9mLs8GeUSqp0FWG8
oe42IdwKYCw6kauVMK+GOPtXfBAdV5SolYiiueKfrzVmveHqe2E274gqA1UB/Lxo
7yRbeRUJZPkDzzrOdtwKELmXgrf1+T0mYjYZzD73U2oRDrLqBgPwXohwFoR316z5
aLqTApvC1UwTe9a3EoAYYzuFF8XnmHDjd2lUTcK8PXxz8Xvy8MQbj4TjKLvqWk79
z2KPI1fl6LpzVyUTEA1sm4QPoHcvmIqunIjg/5bxt7GVCKSxeRmqG8lSyfDIWcSn
I1tz0p2BMl2ZTQFYfgrDCG4WPID5UAziVFdgUcd2dyz7vcgDrn7SAxL45QIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFPi4gkIPWkzqPLoptzrAmWg9+aRrMB8GA1UdIwQY
MBaAFMhoyoIUftIne0vMaaUoW65zXy5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUdqS2doUi0waWQ3Uzh4cHBTaGJybk5mTGtRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8wNDJjMzMtYWI2Yi00OGJlLWE0OTIt
NjY4NDkwMTk2MjdlLzEvMS1MaUNRZzlhVE9vOHVpbTNPc0NaYUQzNXBHcy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2EvMDQyYzMzLWFiNmItNDhiZS1hNDkyLTY2ODQ5MDE5NjI3
ZS8xL3lHaktnaFItMGlkN1M4eHBwU2hicm5OZkxrUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCB9gYIKwYBBQUHAQcBAf8EgeYwgeMwgcMEAgABMIG8MAwD
BAICO0QDBAICO0gDBAIF/DwDBAIF/FgDBAItC5QDBAItVbADBAItWuADBAItgTAD
BAItmLgDBANQ8LADBAJQ8LwDBAJf1iwDBANtRhADBAOAfxADBAK5DbQDBAK5PZAD
BAK5a1QDBAK5gIwDBAK5ozwDBAK5y7QDBAK55bADBAK5/SQDBAO8XEADBALBCHQD
BALBOKgDBADCJIkDBADCJKcDBADCJKkDBADCJN0DBATCtnADBATUaPAwGwQCAAIw
FQMFACoCeeADBQMqAs/AAwUDKgZCgDANBgkqhkiG9w0BAQsFAAOCAQEAu7nlag6B
QYEoEb8qZtlf0vXL21ZwoT+equYWKi/Sa34SaxHFhE8ZQL/IwVF1wxHFZmxNiNCN
K7334Ycm1qCURiBX1VI8Ompn31Wjv1OB8pxwWo16CaVE7oLEm1PCpuUhEOvFxZJ4
18rxO6HjCKsL8ENjWz2lH+mGyN2jRPKK0RdEn/FmzH0vnorgecpPh7/QItX5tPm3
gCA2Ku3B+yrXXCvycFCJqz5JiAB07Eci1wYNDbzVM7TD4ycDPlVrEdlLe+z5SVKn
O2oqj33t6JeVKhpSro2eZGJJtol7E/WkFfsMLveLtL9zvVOd9wSyzz332h98aGTp
WqTNjPW1cTqf4Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:13 2024 by rpki-client on console-ams.rpki-client.org