Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/i5SkcrCpQs1d5OMx4CKRDQyDHHY.roa
File:                     i5SkcrCpQs1d5OMx4CKRDQyDHHY.roa (raw, json)
Hash identifier:          9697SCCUstBh+1xDeOOg75F+Dy+s+MOLdkpB5gG3fIM=
Subject key identifier:   8B:94:A4:72:B0:A9:42:CD:5D:E4:E3:31:E0:22:91:0D:0C:83:1C:76
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018818FDD8E2D623EA1264F3A1ADF260D8FB
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/i5SkcrCpQs1d5OMx4CKRDQyDHHY.roa
Signing time:             Sun 14 May 2023 06:41:09 +0000
ROA not before:           Sun 14 May 2023 06:41:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12695
IP address blocks:        185.112.59.0/24 maxlen: 24
                          185.177.238.0/24 maxlen: 24
                          185.76.240.0/24 maxlen: 24
                          185.76.242.0/24 maxlen: 24
                          185.76.241.0/24 maxlen: 24
                          185.76.243.0/24 maxlen: 24
                          45.151.234.0/23 maxlen: 24
                          185.58.114.0/24 maxlen: 24
                          185.100.159.0/24 maxlen: 24
                          185.168.208.0/24 maxlen: 24
                          185.24.109.0/24 maxlen: 24
                          185.104.148.0/24 maxlen: 24
                          185.113.138.0/23 maxlen: 23
                          185.95.230.0/24 maxlen: 24
                          185.111.25.0/24 maxlen: 24
                          185.97.79.0/24 maxlen: 24
                          185.75.135.0/24 maxlen: 24
                          77.83.245.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 May 2023 10:04:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:18:fd:d8:e2:d6:23:ea:12:64:f3:a1:ad:f2:60:d8:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: May 14 06:41:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8b94a472b0a942cd5de4e331e022910d0c831c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:40:8c:8c:55:a5:55:ff:86:12:d1:8c:05:59:
                    eb:d4:a0:55:29:73:bb:8e:16:45:8c:e7:7c:87:85:
                    76:23:81:6e:47:5b:20:6c:41:93:06:a5:ac:dc:6d:
                    12:32:51:43:77:6f:54:14:68:f9:70:5d:8c:b8:e0:
                    4b:50:e9:e9:d4:0e:18:3f:4e:a8:32:10:39:eb:09:
                    79:65:82:69:15:8c:b5:4e:45:58:98:98:65:1b:ab:
                    a2:7c:ab:f8:7c:2a:2f:cc:9d:d6:c5:08:be:d2:29:
                    fa:f3:06:83:9b:7d:3f:8b:30:34:72:13:dd:98:39:
                    4d:83:89:bd:fd:51:d1:77:a6:ca:4a:d5:bf:bb:a2:
                    19:d7:74:26:1a:c4:a7:bc:33:bf:1d:9d:2e:19:21:
                    fc:d5:99:37:a8:3a:79:a6:7c:58:7a:ea:81:9b:4a:
                    fd:9a:ae:00:37:f7:87:1a:be:b0:13:89:f4:fd:0d:
                    84:4c:9a:b7:f7:05:98:5e:40:24:3f:8e:72:e5:38:
                    db:01:7f:7d:b4:40:76:18:60:3c:44:ab:77:8d:fa:
                    5c:ac:29:aa:3e:2c:16:38:2d:0f:f5:67:12:f5:97:
                    a6:90:ff:84:83:48:b1:c7:74:89:b4:30:ff:28:f6:
                    b9:93:93:47:3a:62:d0:2d:e7:19:90:86:b3:dd:f2:
                    2c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:94:A4:72:B0:A9:42:CD:5D:E4:E3:31:E0:22:91:0D:0C:83:1C:76
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/i5SkcrCpQs1d5OMx4CKRDQyDHHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.234.0/23
                  77.83.245.0/24
                  185.24.109.0/24
                  185.58.114.0/24
                  185.75.135.0/24
                  185.76.240.0/22
                  185.95.230.0/24
                  185.97.79.0/24
                  185.100.159.0/24
                  185.104.148.0/24
                  185.111.25.0/24
                  185.112.59.0/24
                  185.113.138.0/23
                  185.168.208.0/24
                  185.177.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:a6:0c:52:a8:bb:1f:39:fb:ea:7a:a0:13:a3:8c:3d:02:99:
         aa:68:c6:7d:b8:24:79:fb:70:3f:e7:40:51:f5:e1:c0:83:fa:
         8d:7c:e4:42:95:84:39:94:00:2d:ff:38:80:a5:94:f9:83:d1:
         68:93:b3:82:0c:fa:42:cc:7d:15:61:3e:8c:b5:78:bc:9e:1e:
         f2:08:df:40:40:62:e0:ea:cf:de:22:6e:d7:a3:c4:39:3b:7b:
         e8:14:41:75:7a:cd:30:53:61:66:7e:ce:ce:fa:3b:cc:36:23:
         7e:4d:17:ce:df:c4:f4:68:5c:63:a4:c4:72:d3:1c:87:12:4b:
         74:33:5a:cb:68:85:04:a6:d1:a1:fd:97:f2:3f:4f:89:c7:29:
         84:2c:9e:b2:88:1d:ea:63:3c:f7:0e:4a:85:de:00:0d:b7:5b:
         66:f8:4d:c6:26:d1:65:8b:6e:f4:4a:45:39:ee:97:f3:c8:e7:
         fc:ec:f4:2e:e5:e9:f5:a6:da:20:02:4e:b6:7a:7d:3f:15:9c:
         ea:be:c9:59:73:41:56:87:e5:e9:fd:96:ed:8f:88:85:e7:ea:
         b4:1e:0c:cb:2b:b9:43:cd:6a:13:6c:3d:68:1a:c4:a4:d7:66:
         89:7a:ed:02:09:65:46:1d:32:1f:cd:4d:92:19:df:c0:1d:30:
         ef:99:ce:aa
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYgY/dji1iPqEmTzoa3yYNj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjMwNTE0MDY0MTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjk0YTQ3MmIwYTk0MmNkNWRlNGUzMzFlMDIyOTEwZDBjODMxYzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUCMjFWlVf+GEtGMBVnr1KBVKXO7
jhZFjOd8h4V2I4FuR1sgbEGTBqWs3G0SMlFDd29UFGj5cF2MuOBLUOnp1A4YP06o
MhA56wl5ZYJpFYy1TkVYmJhlG6uifKv4fCovzJ3WxQi+0in68waDm30/izA0chPd
mDlNg4m9/VHRd6bKStW/u6IZ13QmGsSnvDO/HZ0uGSH81Zk3qDp5pnxYeuqBm0r9
mq4AN/eHGr6wE4n0/Q2ETJq39wWYXkAkP45y5TjbAX99tEB2GGA8RKt3jfpcrCmq
PiwWOC0P9WcS9ZemkP+Eg0ixx3SJtDD/KPa5k5NHOmLQLecZkIaz3fIsOwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFIuUpHKwqULNXeTjMeAikQ0Mgxx2MB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvaTVTa2NyQ3BRczFkNU9NeDRDS1JEUXlESEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQBLZfqAwQA
TVP1AwQAuRhtAwQAuTpyAwQAuUuHAwQCuUzwAwQAuV/mAwQAuWFPAwQAuWSfAwQA
uWiUAwQAuW8ZAwQAuXA7AwQBuXGKAwQAuajQAwQAubHuMA0GCSqGSIb3DQEBCwUA
A4IBAQAtpgxSqLsfOfvqeqATo4w9ApmqaMZ9uCR5+3A/50BR9eHAg/qNfORClYQ5
lAAt/ziApZT5g9Fok7OCDPpCzH0VYT6MtXi8nh7yCN9AQGLg6s/eIm7Xo8Q5O3vo
FEF1es0wU2Fmfs7O+jvMNiN+TRfO38T0aFxjpMRy0xyHEkt0M1rLaIUEptGh/Zfy
P0+JxymELJ6yiB3qYzz3DkqF3gANt1tm+E3GJtFli270SkU57pfzyOf87PQu5en1
ptogAk62en0/FZzqvslZc0FWh+Xp/Zbtj4iF5+q0HgzLK7lDzWoTbD1oGsSk12aJ
eu0CCWVGHTIfzU2SGd/AHTDvmc6q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:59 2024 by rpki-client on console-fra.rpki-client.org