Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/3gJxnrwToQ9B9ugC3YVBDbDwXlI.roa
File:                     3gJxnrwToQ9B9ugC3YVBDbDwXlI.roa (raw, json)
Hash identifier:          x3QN7nDg8uaQAQ5iIxDhPPJie23eEFgQToREjYAhl3c=
Subject key identifier:   DE:02:71:9E:BC:13:A1:0F:41:F6:E8:02:DD:85:41:0D:B0:F0:5E:52
Certificate issuer:       /CN=c2d2a234e224bf87996f2f0df559ead882f9e651
Certificate serial:       018C9CA12F3FFBF6A9A81F85C3D6267AD482
Authority key identifier: C2:D2:A2:34:E2:24:BF:87:99:6F:2F:0D:F5:59:EA:D8:82:F9:E6:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/3gJxnrwToQ9B9ugC3YVBDbDwXlI.roa
Signing time:             Sun 24 Dec 2023 16:20:58 +0000
ROA not before:           Sun 24 Dec 2023 16:20:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50926
IP address blocks:        188.95.112.0/21 maxlen: 24
                          185.176.9.0/24 maxlen: 24
                          185.176.8.0/24 maxlen: 24
                          185.176.11.0/24 maxlen: 24
                          185.176.10.0/24 maxlen: 24
                          212.34.156.0/22 maxlen: 24
                          84.246.208.0/21 maxlen: 24
                          109.68.80.0/21 maxlen: 24
                          91.213.46.0/24 maxlen: 24
                          31.24.152.0/21 maxlen: 24
                          185.70.92.0/22 maxlen: 24
                          91.142.208.0/20 maxlen: 24
                          188.164.192.0/21 maxlen: 24
                          185.23.68.0/22 maxlen: 24
                          94.127.184.0/21 maxlen: 24
                          185.222.156.0/22 maxlen: 24
                          185.129.248.0/22 maxlen: 24
                          149.62.168.0/21 maxlen: 24
                          194.116.147.0/24 maxlen: 24
                          195.5.116.0/23 maxlen: 24
                          5.175.40.0/21 maxlen: 24
                          91.200.140.0/22 maxlen: 24
                          185.101.224.0/22 maxlen: 24
                          31.24.40.0/21 maxlen: 24
                          2a01:4b80::/32 maxlen: 32
                          2a00:5ac0:100::/48 maxlen: 48
                          2a00:5ac0::/44 maxlen: 44
                          2a00:5ac0:147::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:9c:a1:2f:3f:fb:f6:a9:a8:1f:85:c3:d6:26:7a:d4:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d2a234e224bf87996f2f0df559ead882f9e651
        Validity
            Not Before: Dec 24 16:20:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de02719ebc13a10f41f6e802dd85410db0f05e52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0c:8f:57:1b:a8:91:39:20:77:9d:44:01:b6:
                    c4:7c:1b:2a:98:01:97:54:76:42:19:1f:23:85:6b:
                    4c:86:a5:e3:a2:99:f8:06:0f:5e:ae:69:e6:bd:2c:
                    72:81:99:68:9b:1c:ab:75:60:9f:70:b9:5e:78:9d:
                    32:22:86:00:17:00:21:bc:06:86:e7:29:4d:6d:1a:
                    6e:6a:60:c3:c8:89:0c:3d:b9:bc:53:6b:54:c9:75:
                    7d:d4:9c:67:4d:ff:77:dc:10:28:82:30:5b:e5:73:
                    76:c9:82:42:23:c5:b8:88:19:09:2f:b5:04:8d:05:
                    79:4c:49:6f:11:d7:af:f1:52:6d:88:78:be:f3:32:
                    4c:f8:d4:d1:e7:e9:0e:ab:4f:33:f6:78:88:36:6c:
                    5e:fc:f4:4b:d1:11:f5:00:d5:97:26:e7:7c:31:4f:
                    ae:81:84:af:f7:67:fc:de:53:5b:f2:29:f0:6b:5e:
                    5a:59:f9:62:31:6e:61:2e:71:d5:47:82:40:54:db:
                    21:82:bd:c9:ae:5e:cf:e5:93:d6:6b:c4:19:6c:18:
                    4d:66:b4:90:96:bb:c9:ac:6d:22:b9:77:d7:2a:1c:
                    1d:5b:92:b9:4d:e3:a3:7d:fb:cb:16:d7:fd:d0:ed:
                    3b:37:4e:9a:0c:2b:d0:fb:6a:fc:bd:c0:63:27:dc:
                    e7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:02:71:9E:BC:13:A1:0F:41:F6:E8:02:DD:85:41:0D:B0:F0:5E:52
            X509v3 Authority Key Identifier:
                keyid:C2:D2:A2:34:E2:24:BF:87:99:6F:2F:0D:F5:59:EA:D8:82:F9:E6:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtKiNOIkv4eZby8N9Vnq2IL55lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/3gJxnrwToQ9B9ugC3YVBDbDwXlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/d1ee4b-e88a-4e41-a616-4b248da6c96c/1/wtKiNOIkv4eZby8N9Vnq2IL55lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.40.0/21
                  31.24.40.0/21
                  31.24.152.0/21
                  84.246.208.0/21
                  91.142.208.0/20
                  91.200.140.0/22
                  91.213.46.0/24
                  94.127.184.0/21
                  109.68.80.0/21
                  149.62.168.0/21
                  185.23.68.0/22
                  185.70.92.0/22
                  185.101.224.0/22
                  185.129.248.0/22
                  185.176.8.0/22
                  185.222.156.0/22
                  188.95.112.0/21
                  188.164.192.0/21
                  194.116.147.0/24
                  195.5.116.0/23
                  212.34.156.0/22
                IPv6:
                  2a00:5ac0::/44
                  2a00:5ac0:100::/48
                  2a00:5ac0:147::/48
                  2a01:4b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:ed:b1:8b:2f:f7:f9:24:23:4e:88:2e:e3:54:21:c6:81:53:
         3e:b1:c3:d2:04:ae:46:14:1b:f2:d6:1c:19:07:04:63:f6:c4:
         b0:49:1e:c4:43:4d:44:9b:f2:1f:ea:11:33:1f:b5:22:7d:cc:
         03:53:fe:ff:29:4f:59:91:0d:92:30:bd:53:2f:d5:c4:ff:ce:
         9c:a5:b3:53:92:05:42:c4:f6:0b:e0:58:e9:c0:26:30:ba:93:
         a3:88:df:18:bf:bb:41:de:67:04:f1:a6:af:4b:c3:98:62:f5:
         96:34:ee:20:54:15:0a:dc:bc:29:3f:36:06:ed:8c:5f:e1:7c:
         7f:54:34:9e:b9:fd:50:27:2b:2c:7e:06:73:1f:b2:e6:b6:33:
         7b:06:e3:6f:b6:ec:a6:33:96:c3:5f:73:42:1b:ac:af:b6:26:
         7a:f6:8a:93:d3:b8:5b:be:ed:dc:78:f2:5d:87:cd:68:08:c0:
         51:09:52:a6:89:94:04:7c:28:0c:7d:d0:66:2b:d3:d7:63:63:
         2f:de:75:02:57:53:9f:86:e6:cf:6d:3c:a1:62:37:2e:a2:85:
         72:a3:e2:00:72:c6:a9:6c:bd:6a:92:0e:78:7d:1c:0c:bc:88:
         95:fd:f5:cf:ae:1f:cf:c9:7a:70:da:fb:1d:59:0c:42:8c:c4:
         c1:5b:e2:22
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYycoS8/+/apqB+Fw9YmetSCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDJhMjM0ZTIyNGJmODc5OTZmMmYwZGY1NTllYWQ4ODJm
OWU2NTEwHhcNMjMxMjI0MTYyMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTAyNzE5ZWJjMTNhMTBmNDFmNmU4MDJkZDg1NDEwZGIwZjA1ZTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgyPVxuokTkgd51EAbbEfBsqmAGX
VHZCGR8jhWtMhqXjopn4Bg9ermnmvSxygZlomxyrdWCfcLleeJ0yIoYAFwAhvAaG
5ylNbRpuamDDyIkMPbm8U2tUyXV91JxnTf933BAogjBb5XN2yYJCI8W4iBkJL7UE
jQV5TElvEdev8VJtiHi+8zJM+NTR5+kOq08z9niINmxe/PRL0RH1ANWXJud8MU+u
gYSv92f83lNb8inwa15aWfliMW5hLnHVR4JAVNshgr3Jrl7P5ZPWa8QZbBhNZrSQ
lrvJrG0iuXfXKhwdW5K5TeOjffvLFtf90O07N06aDCvQ+2r8vcBjJ9znXwIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFN4CcZ68E6EPQfboAt2FQQ2w8F5SMB8GA1UdIwQY
MBaAFMLSojTiJL+HmW8vDfVZ6tiC+eZRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3RLaU5PSWt2NGVaYnk4TjlWbnEySUw1NWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9kMWVlNGItZTg4YS00ZTQxLWE2MTYt
NGIyNDhkYTZjOTZjLzEvM2dKeG5yd1RvUTlCOXVnQzNZVkJEYkR3WGxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9kMWVlNGItZTg4YS00ZTQxLWE2MTYtNGIyNDhkYTZjOTZj
LzEvd3RLaU5PSWt2NGVaYnk4TjlWbnEySUw1NWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHEBggrBgEFBQcBBwEB/wSBtDCBsTCBhAQCAAEwfgMEAwWv
KAMEAx8YKAMEAx8YmAMEA1T20AMEBFuO0AMEAlvIjAMEAFvVLgMEA15/uAMEA21E
UAMEA5U+qAMEArkXRAMEArlGXAMEArll4AMEArmB+AMEArmwCAMEArnenAMEA7xf
cAMEA7ykwAMEAMJ0kwMEAcMFdAMEAtQinDAoBAIAAjAiAwcEKgBawAAAAwcAKgBa
wAEAAwcAKgBawAFHAwUAKgFLgDANBgkqhkiG9w0BAQsFAAOCAQEAQu2xiy/3+SQj
Togu41QhxoFTPrHD0gSuRhQb8tYcGQcEY/bEsEkexENNRJvyH+oRMx+1In3MA1P+
/ylPWZENkjC9Uy/VxP/OnKWzU5IFQsT2C+BY6cAmMLqTo4jfGL+7Qd5nBPGmr0vD
mGL1ljTuIFQVCty8KT82Bu2MX+F8f1Q0nrn9UCcrLH4Gcx+y5rYzewbjb7bspjOW
w19zQhusr7YmevaKk9O4W77t3HjyXYfNaAjAUQlSpomUBHwoDH3QZivT12NjL951
AldTn4bmz208oWI3LqKFcqPiAHLGqWy9apIOeH0cDLyIlf31z64fz8l6cNr7HVkM
QozEwVviIg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:04 2024 by rpki-client on console-fra.rpki-client.org