Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ytZ7Cs-fCfIxIqLdtvbqO2TDhOA.roa
File:                     ytZ7Cs-fCfIxIqLdtvbqO2TDhOA.roa (raw, json)
Hash identifier:          +uVTI9Sk+Y60YRKAjavZTHhm+M2Zo79YSUm02IOT2U4=
Subject key identifier:   CA:D6:7B:0A:CF:9F:09:F2:31:22:A2:DD:B6:F6:EA:3B:64:C3:84:E0
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       018C911F04AEB2D53410E4998674037CD678
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ytZ7Cs-fCfIxIqLdtvbqO2TDhOA.roa
Signing time:             Fri 22 Dec 2023 10:42:58 +0000
ROA not before:           Fri 22 Dec 2023 10:42:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62005
IP address blocks:        176.124.32.0/24 maxlen: 24
                          176.124.33.0/24 maxlen: 24
                          194.61.121.0/24 maxlen: 24
                          194.61.120.0/24 maxlen: 24
                          45.86.228.0/24 maxlen: 24
                          45.86.229.0/24 maxlen: 24
                          45.86.231.0/24 maxlen: 24
                          77.72.85.0/24 maxlen: 24
                          185.123.53.0/24 maxlen: 24
                          185.39.18.0/24 maxlen: 24
                          193.109.120.0/24 maxlen: 24
                          45.129.199.0/24 maxlen: 24
                          91.235.234.0/24 maxlen: 24
                          195.54.160.0/24 maxlen: 24
                          2a10:1fc0:f::/48 maxlen: 48
                          2a10:1fc0:d::/48 maxlen: 48
                          2a10:1fc0:8::/48 maxlen: 48
                          2a10:1fc0:3::/48 maxlen: 48
                          2a10:1fc0:c::/48 maxlen: 48
                          2a10:1fc0:2::/48 maxlen: 48
                          2a10:1fc0:5::/48 maxlen: 48
                          2a10:1fc0:e::/48 maxlen: 48
                          2a10:1fc0:1::/48 maxlen: 48
                          2a10:1fc0:10::/48 maxlen: 48
                          2a10:1fc0:b::/48 maxlen: 48
                          2a10:1fc0:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:29:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:91:1f:04:ae:b2:d5:34:10:e4:99:86:74:03:7c:d6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Dec 22 10:42:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cad67b0acf9f09f23122a2ddb6f6ea3b64c384e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:7d:d4:df:e5:fc:e2:28:a4:e3:e1:ef:23:f8:
                    14:34:04:9f:bf:25:05:61:c0:c0:34:f1:47:24:1b:
                    d6:3d:0d:de:19:b5:b2:0d:5b:78:7b:91:4a:50:43:
                    73:6e:4e:c6:98:e5:24:cf:df:fa:85:db:ea:34:3d:
                    39:5b:52:5a:ec:88:0c:35:2c:bf:95:d8:35:08:59:
                    d8:ab:09:ed:1f:a3:92:a0:02:51:3e:5e:18:eb:7f:
                    c2:92:f0:a1:ee:b8:b7:92:fc:7b:d2:38:15:46:fc:
                    b7:78:73:ce:ba:bc:ca:7e:1f:4c:d2:1f:98:67:30:
                    d7:6a:9e:3c:97:63:7d:09:6c:ab:eb:f1:0e:46:e5:
                    7a:5e:ee:37:e4:bf:fb:74:01:4f:14:ca:3b:fd:05:
                    a0:c4:dc:0e:b0:8d:88:e2:3f:f2:3b:5e:9b:ea:5a:
                    d8:20:da:89:32:3f:89:c6:50:e3:7a:f9:3d:f9:09:
                    14:39:21:82:ff:5c:b0:9f:06:64:ad:2e:9c:80:49:
                    20:e2:ec:a7:80:68:8a:dd:43:69:9b:9f:4e:22:58:
                    68:2d:2e:36:53:cb:43:00:00:24:83:d3:b9:66:88:
                    7e:6d:20:71:e6:e7:aa:99:4c:41:de:83:23:2f:35:
                    39:ab:d1:c7:6e:0b:74:8e:0a:0b:1a:77:86:9e:58:
                    d6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D6:7B:0A:CF:9F:09:F2:31:22:A2:DD:B6:F6:EA:3B:64:C3:84:E0
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/ytZ7Cs-fCfIxIqLdtvbqO2TDhOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.228.0/23
                  45.86.231.0/24
                  45.129.199.0/24
                  77.72.85.0/24
                  91.235.234.0/24
                  176.124.32.0/23
                  185.39.18.0/24
                  185.123.53.0/24
                  193.109.120.0/24
                  194.61.120.0/23
                  195.54.160.0/24
                IPv6:
                  2a10:1fc0:1::-2a10:1fc0:3:ffff:ffff:ffff:ffff:ffff
                  2a10:1fc0:5::-2a10:1fc0:6:ffff:ffff:ffff:ffff:ffff
                  2a10:1fc0:8::/48
                  2a10:1fc0:b::-2a10:1fc0:10:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         36:55:07:42:0a:b3:77:79:d6:f0:b9:d3:68:21:16:0d:09:3b:
         e5:a3:16:a8:81:57:08:15:6a:79:c9:93:14:2d:ba:8a:02:39:
         3f:85:ae:c5:bc:54:65:5c:82:92:49:50:4d:83:5d:cc:4d:21:
         9f:ff:a3:2f:b5:0e:a8:e0:ea:45:9a:c9:b7:5d:88:27:e9:e1:
         ef:1e:d0:32:c8:88:b3:1a:52:0b:88:e5:c6:e2:b4:1b:e0:67:
         f4:9f:ad:d4:eb:a5:1b:c8:6f:07:1c:dd:4c:c8:80:cd:88:e5:
         9a:02:77:d3:d7:7c:26:56:9e:00:10:93:5a:03:80:3c:26:2e:
         46:13:62:26:5e:50:4b:10:73:53:d7:c4:1e:11:31:b8:93:1f:
         10:94:1d:f2:4d:0e:32:3e:a0:08:93:fc:ec:99:29:31:1c:28:
         b2:d6:c3:f5:d9:4d:37:d4:fe:9a:5f:aa:06:87:64:32:ff:9c:
         a7:04:99:ac:59:c6:be:c5:bd:22:43:cf:f6:69:35:7f:23:e0:
         e8:42:0b:31:51:46:fe:3f:3e:cf:99:d4:c9:52:35:02:56:cb:
         72:e4:30:18:ad:dd:80:a2:3d:54:3e:fd:31:95:a5:ba:0c:31:
         51:1c:2c:e0:4e:66:3b:82:7a:cf:49:15:c4:cf:7f:61:66:b2:
         b3:21:40:1d
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgISAYyRHwSustU0EOSZhnQDfNZ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjMxMjIyMTA0MjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQ2N2IwYWNmOWYwOWYyMzEyMmEyZGRiNmY2ZWEzYjY0YzM4NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoH3U3+X84iik4+HvI/gUNASfvyUF
YcDANPFHJBvWPQ3eGbWyDVt4e5FKUENzbk7GmOUkz9/6hdvqND05W1Ja7IgMNSy/
ldg1CFnYqwntH6OSoAJRPl4Y63/CkvCh7ri3kvx70jgVRvy3eHPOurzKfh9M0h+Y
ZzDXap48l2N9CWyr6/EORuV6Xu435L/7dAFPFMo7/QWgxNwOsI2I4j/yO16b6lrY
INqJMj+JxlDjevk9+QkUOSGC/1ywnwZkrS6cgEkg4uyngGiK3UNpm59OIlhoLS42
U8tDAAAkg9O5Zoh+bSBx5ueqmUxB3oMjLzU5q9HHbgt0jgoLGneGnljW9wIDAQAB
o4IClTCCApEwHQYDVR0OBBYEFMrWewrPnwnyMSKi3bb26jtkw4TgMB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEveXRaN0NzLWZDZkl4SXFMZHR2YnFPMlREaE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGqBggrBgEFBQcBBwEB/wSBmjCBlzBIBAIAATBCAwQBLVbk
AwQALVbnAwQALYHHAwQATUhVAwQAW+vqAwQBsHwgAwQAuScSAwQAuXs1AwQAwW14
AwQBwj14AwQAwzagMEsEAgACMEUwEgMHACoQH8AAAQMHAioQH8AAADASAwcAKhAf
wAAFAwcAKhAfwAAGAwcAKhAfwAAIMBIDBwAqEB/AAAsDBwAqEB/AABAwDQYJKoZI
hvcNAQELBQADggEBADZVB0IKs3d51vC502ghFg0JO+WjFqiBVwgVannJkxQtuooC
OT+FrsW8VGVcgpJJUE2DXcxNIZ//oy+1Dqjg6kWaybddiCfp4e8e0DLIiLMaUguI
5cbitBvgZ/SfrdTrpRvIbwcc3UzIgM2I5ZoCd9PXfCZWngAQk1oDgDwmLkYTYiZe
UEsQc1PXxB4RMbiTHxCUHfJNDjI+oAiT/OyZKTEcKLLWw/XZTTfU/ppfqgaHZDL/
nKcEmaxZxr7FvSJDz/ZpNX8j4OhCCzFRRv4/Ps+Z1MlSNQJWy3LkMBit3YCiPVQ+
/TGVpboMMVEcLOBOZjuCes9JFcTPf2FmsrMhQB0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:24 2024 by rpki-client on console-fra.rpki-client.org