Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/lHR76h1LK1rVC3Yr_i7iMHMIKxI.roa
File:                     lHR76h1LK1rVC3Yr_i7iMHMIKxI.roa (raw, json)
Hash identifier:          577ql5o9SsVe3At/OANzWtMbh2a7HhBx/qx67v+RKmw=
Subject key identifier:   94:74:7B:EA:1D:4B:2B:5A:D5:0B:76:2B:FE:2E:E2:30:73:08:2B:12
Certificate issuer:       /CN=43e0a364131841056d48b2d788ea00ca4b91db56
Certificate serial:       01856D81BB4722AA6E2AA1D4CE02C144D176
Authority key identifier: 43:E0:A3:64:13:18:41:05:6D:48:B2:D7:88:EA:00:CA:4B:91:DB:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q-CjZBMYQQVtSLLXiOoAykuR21Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/lHR76h1LK1rVC3Yr_i7iMHMIKxI.roa
Signing time:             Sun 01 Jan 2023 13:24:56 +0000
ROA not before:           Sun 01 Jan 2023 13:24:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48254
IP address blocks:        194.38.52.0/24 maxlen: 24
                          185.151.30.0/24 maxlen: 24
                          185.151.29.0/24 maxlen: 24
                          185.151.28.0/24 maxlen: 24
                          185.151.31.0/24 maxlen: 24
                          185.146.166.0/24 maxlen: 24
                          185.146.165.0/24 maxlen: 24
                          185.146.164.0/24 maxlen: 24
                          45.8.226.0/24 maxlen: 24
                          45.8.225.0/24 maxlen: 24
                          45.8.224.0/24 maxlen: 24
                          45.8.227.0/24 maxlen: 24
                          2a07:7800:9::/48 maxlen: 48
                          2a07:7800:4::/48 maxlen: 48
                          2a07:7800:8::/48 maxlen: 48
                          2a07:7800:3::/48 maxlen: 48
                          2a07:7800:1::/48 maxlen: 48
                          2a07:7800::/29 maxlen: 48
                          2a07:7800:7::/48 maxlen: 48
                          2a07:7800:2::/48 maxlen: 48
                          2a07:7800:5::/48 maxlen: 48
                          2a07:7800:10::/48 maxlen: 48
                          2a07:7800::/48 maxlen: 48
                          2a07:7800:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:81:bb:47:22:aa:6e:2a:a1:d4:ce:02:c1:44:d1:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43e0a364131841056d48b2d788ea00ca4b91db56
        Validity
            Not Before: Jan  1 13:24:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=94747bea1d4b2b5ad50b762bfe2ee23073082b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:79:5d:99:36:14:c6:63:91:ac:74:3c:6b:d9:
                    f4:6a:af:d1:57:5c:88:da:7c:e0:54:54:3b:36:ee:
                    32:c1:90:8f:0c:71:12:90:3d:14:58:6a:0e:ce:8d:
                    c0:d0:47:5f:32:48:cf:db:3e:0a:19:d0:96:29:1d:
                    2c:67:f2:ae:a3:8b:f8:4f:f7:97:d5:1a:b5:07:e5:
                    e6:55:88:bf:4e:fb:bf:f4:1d:fe:57:0d:50:12:f9:
                    5a:5e:d3:ea:0e:1f:d0:19:ff:db:ee:03:f9:ad:4c:
                    83:3c:94:0c:d6:a7:82:36:9d:00:68:82:71:0d:f0:
                    01:3f:06:fc:d9:5f:45:b1:55:26:dc:9b:df:0c:6a:
                    72:b1:58:03:d3:44:24:85:78:3d:b3:8c:67:4b:06:
                    05:26:40:45:7b:c8:87:eb:63:f6:b9:ee:ed:9a:7b:
                    93:f1:c4:3b:ed:29:bf:c0:3b:c4:c6:cc:60:6b:a0:
                    68:a0:83:31:ab:27:62:49:45:0f:f3:b8:fa:12:52:
                    40:5d:ea:a9:b7:6d:bb:4c:ef:6c:35:b7:51:3a:d0:
                    e3:ca:58:2a:51:5a:c4:f5:df:89:7d:c8:59:d6:20:
                    1f:f5:3a:cd:b8:a2:14:01:c5:8e:5b:b9:45:b1:46:
                    ba:4b:18:f1:e4:d0:5d:59:90:2e:b1:72:a9:f2:d3:
                    8f:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:74:7B:EA:1D:4B:2B:5A:D5:0B:76:2B:FE:2E:E2:30:73:08:2B:12
            X509v3 Authority Key Identifier:
                keyid:43:E0:A3:64:13:18:41:05:6D:48:B2:D7:88:EA:00:CA:4B:91:DB:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q-CjZBMYQQVtSLLXiOoAykuR21Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/lHR76h1LK1rVC3Yr_i7iMHMIKxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/9cbb06-b4da-4c94-b418-4b081cc2b39a/1/Q-CjZBMYQQVtSLLXiOoAykuR21Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.224.0/22
                  185.146.164.0-185.146.166.255
                  185.151.28.0/22
                  194.38.52.0/24
                IPv6:
                  2a07:7800::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:26:56:33:90:fa:65:20:74:67:1c:15:33:95:e9:0e:ab:f8:
         9c:62:ed:d6:5c:f8:63:64:15:e1:cb:58:2f:7a:83:c6:d3:e1:
         0c:00:45:12:ba:09:61:b6:11:4e:82:01:82:ec:52:07:5b:a2:
         07:59:b5:12:77:73:15:93:17:13:60:2a:7b:65:f5:bd:a9:68:
         cb:8d:d9:5f:02:a0:b5:cd:4e:63:3b:29:26:8a:24:90:d8:58:
         e9:cc:3e:d9:12:ae:6f:f1:2f:96:43:34:d2:54:7e:3e:44:64:
         d1:06:5c:a5:07:43:c1:f5:ae:a7:19:06:3b:82:22:8a:c9:99:
         74:da:59:49:61:53:85:57:f3:a4:2e:19:3f:e7:ee:e0:4d:14:
         9d:92:53:8f:11:ad:76:cf:9b:33:e8:d4:c7:5f:e7:1b:51:7b:
         2a:ce:d4:c2:34:d2:21:14:c2:09:1f:c8:51:ea:bf:c2:fa:6f:
         3a:2b:b6:75:cd:ca:c8:07:e9:6b:fc:22:26:8a:57:16:63:a4:
         5a:47:8b:de:11:0c:64:28:ac:a3:af:c4:5e:fd:ed:db:c5:28:
         d9:f7:84:40:0b:54:87:f7:d3:0b:d7:83:f1:23:90:45:79:ff:
         b3:66:a9:4a:a7:d6:fa:6a:7f:d8:90:6c:fa:8c:4a:96:69:e3:
         f1:47:eb:cc
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVtgbtHIqpuKqHUzgLBRNF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZTBhMzY0MTMxODQxMDU2ZDQ4YjJkNzg4ZWEwMGNhNGI5
MWRiNTYwHhcNMjMwMTAxMTMyNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc0N2JlYTFkNGIyYjVhZDUwYjc2MmJmZTJlZTIzMDczMDgyYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvHldmTYUxmORrHQ8a9n0aq/RV1yI
2nzgVFQ7Nu4ywZCPDHESkD0UWGoOzo3A0EdfMkjP2z4KGdCWKR0sZ/Kuo4v4T/eX
1Rq1B+XmVYi/Tvu/9B3+Vw1QEvlaXtPqDh/QGf/b7gP5rUyDPJQM1qeCNp0AaIJx
DfABPwb82V9FsVUm3JvfDGpysVgD00QkhXg9s4xnSwYFJkBFe8iH62P2ue7tmnuT
8cQ77Sm/wDvExsxga6BooIMxqydiSUUP87j6ElJAXeqpt227TO9sNbdROtDjylgq
UVrE9d+JfchZ1iAf9TrNuKIUAcWOW7lFsUa6Sxjx5NBdWZAusXKp8tOPYQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJR0e+odSyta1Qt2K/4u4jBzCCsSMB8GA1UdIwQY
MBaAFEPgo2QTGEEFbUiy14jqAMpLkdtWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUS1DalpCTVlRUVZ0U0xMWGlPb0F5a3VSMjFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi85Y2JiMDYtYjRkYS00Yzk0LWI0MTgt
NGIwODFjYzJiMzlhLzEvbEhSNzZoMUxLMXJWQzNZcl9pN2lNSE1JS3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi85Y2JiMDYtYjRkYS00Yzk0LWI0MTgtNGIwODFjYzJiMzlh
LzEvUS1DalpCTVlRUVZ0U0xMWGlPb0F5a3VSMjFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQCLQjgMAwD
BAK5kqQDBAC5kqYDBAK5lxwDBADCJjQwDQQCAAIwBwMFAyoHeAAwDQYJKoZIhvcN
AQELBQADggEBAAsmVjOQ+mUgdGccFTOV6Q6r+Jxi7dZc+GNkFeHLWC96g8bT4QwA
RRK6CWG2EU6CAYLsUgdbogdZtRJ3cxWTFxNgKntl9b2paMuN2V8CoLXNTmM7KSaK
JJDYWOnMPtkSrm/xL5ZDNNJUfj5EZNEGXKUHQ8H1rqcZBjuCIorJmXTaWUlhU4VX
86QuGT/n7uBNFJ2SU48RrXbPmzPo1Mdf5xtReyrO1MI00iEUwgkfyFHqv8L6bzor
tnXNysgH6Wv8IiaKVxZjpFpHi94RDGQorKOvxF797dvFKNn3hEALVIf30wvXg/Ej
kEV5/7NmqUqn1vpqf9iQbPqMSpZp4/FH68w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:12 2024 by rpki-client on console-ams.rpki-client.org