Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/s16AC86iYzQQZuLas9BchRUponI.roa
File:                     s16AC86iYzQQZuLas9BchRUponI.roa (raw, json)
Hash identifier:          s6OWXn6ofZdSLwqeSiHgInf4we1h2knrdKqKPrAqChQ=
Subject key identifier:   B3:5E:80:0B:CE:A2:63:34:10:66:E2:DA:B3:D0:5C:85:15:29:A2:72
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       0186BC02BA45757D33FB576457C93633BD56
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/s16AC86iYzQQZuLas9BchRUponI.roa
Signing time:             Tue 07 Mar 2023 12:19:00 +0000
ROA not before:           Tue 07 Mar 2023 12:19:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     209408
IP address blocks:        80.71.228.0/24 maxlen: 24
                          45.66.224.0/22 maxlen: 22
                          81.29.145.0/24 maxlen: 24
                          81.29.146.0/24 maxlen: 24
                          81.29.149.0/24 maxlen: 24
                          81.29.147.0/24 maxlen: 24
                          81.29.156.0/24 maxlen: 24
                          2a09:6c40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 13 Mar 2023 07:54:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:bc:02:ba:45:75:7d:33:fb:57:64:57:c9:36:33:bd:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Mar  7 12:19:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b35e800bcea263341066e2dab3d05c851529a272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:92:19:26:4e:16:95:e7:51:65:24:b0:e6:bd:
                    06:43:a5:17:45:43:81:71:9b:1e:42:3d:fb:b7:44:
                    06:2e:4e:3d:46:00:ff:88:ea:16:91:07:9c:5e:d8:
                    ac:3f:8e:83:eb:72:4e:42:db:34:2f:19:bd:0b:dd:
                    94:6f:fb:bd:b7:93:ea:e4:60:45:a3:4f:54:79:de:
                    1c:6b:94:b9:43:43:4c:de:3f:60:e0:ab:15:83:33:
                    ba:85:c6:86:1e:5a:04:c0:7f:69:27:34:5b:25:f6:
                    93:ed:f1:a5:48:26:9a:fe:e9:63:7a:3f:d2:74:09:
                    cd:47:6e:e6:c5:a3:b2:11:0f:2a:67:f3:42:4c:0a:
                    bd:38:af:88:7c:57:04:e6:6d:ca:12:8d:ad:2b:53:
                    df:be:ba:54:05:54:fc:30:79:a9:7a:bc:0a:32:86:
                    af:c9:ce:9e:3b:68:03:dd:fb:fd:15:80:20:9d:5d:
                    1f:6c:c4:55:96:9c:67:55:8d:b7:ed:82:9e:b1:18:
                    5a:66:f3:22:1e:86:54:06:0b:aa:99:2a:cf:1f:cf:
                    e4:89:91:6b:fc:69:a7:fc:ea:9b:d9:a2:ca:01:44:
                    b4:25:7b:2f:3c:da:d3:06:98:26:8a:93:cf:94:15:
                    65:25:b8:ab:bc:f0:1e:60:d9:9f:3b:6e:cb:93:96:
                    36:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5E:80:0B:CE:A2:63:34:10:66:E2:DA:B3:D0:5C:85:15:29:A2:72
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/s16AC86iYzQQZuLas9BchRUponI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.224.0/22
                  80.71.228.0/24
                  81.29.145.0-81.29.147.255
                  81.29.149.0/24
                  81.29.156.0/24
                IPv6:
                  2a09:6c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:8c:d7:13:42:63:9e:da:d6:63:6a:47:65:c6:6e:b1:36:f6:
         41:63:e7:97:28:7c:bb:22:09:c3:41:85:c1:a3:e8:34:cb:75:
         1f:60:58:fe:6b:f7:55:a6:14:ae:f1:16:d6:58:2e:b9:86:fa:
         ff:15:ed:e5:40:ab:0a:87:eb:98:59:04:99:cd:5a:3b:2f:49:
         3b:e0:4d:f9:16:ba:3b:48:2b:bb:97:27:8e:de:ef:db:02:88:
         d3:44:d6:a3:d8:69:08:e6:29:3a:f5:8a:db:b7:03:4b:43:35:
         7a:2e:34:98:d1:06:05:70:fd:18:23:16:69:44:c1:9f:fb:9d:
         90:2a:28:93:ff:30:e6:8e:fb:92:52:98:3e:b0:55:d5:6e:a4:
         94:25:2e:92:a7:44:80:79:75:4f:d2:bf:85:55:02:1e:cb:6b:
         c5:2f:e7:eb:a3:42:f5:c4:a5:0a:f4:f8:77:09:d8:60:de:7b:
         b1:5f:c7:a7:b1:17:0d:3b:55:af:83:6b:4f:cc:ec:b7:5a:aa:
         f9:1f:6c:ab:64:6a:0d:15:c8:b3:bd:9d:d0:12:22:af:e3:7d:
         6c:0f:ef:ee:d3:eb:01:e5:17:44:2f:c8:c8:1a:05:6e:00:e4:
         3a:3c:89:cf:30:d4:f5:01:03:e1:bb:15:34:50:24:1b:ec:d1:
         8c:7b:57:76
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYa8ArpFdX0z+1dkV8k2M71WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjMwMzA3MTIxOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzVlODAwYmNlYTI2MzM0MTA2NmUyZGFiM2QwNWM4NTE1MjlhMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppIZJk4WledRZSSw5r0GQ6UXRUOB
cZseQj37t0QGLk49RgD/iOoWkQecXtisP46D63JOQts0Lxm9C92Ub/u9t5Pq5GBF
o09Ued4ca5S5Q0NM3j9g4KsVgzO6hcaGHloEwH9pJzRbJfaT7fGlSCaa/uljej/S
dAnNR27mxaOyEQ8qZ/NCTAq9OK+IfFcE5m3KEo2tK1PfvrpUBVT8MHmperwKMoav
yc6eO2gD3fv9FYAgnV0fbMRVlpxnVY237YKesRhaZvMiHoZUBguqmSrPH8/kiZFr
/Gmn/Oqb2aLKAUS0JXsvPNrTBpgmipPPlBVlJbirvPAeYNmfO27Lk5Y20wIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFLNegAvOomM0EGbi2rPQXIUVKaJyMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvczE2QUM4NmlZelFRWnVMYXM5QmNoUlVwb25JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQCLULgAwQA
UEfkMAwDBABRHZEDBAJRHZADBABRHZUDBABRHZwwDQQCAAIwBwMFAyoJbEAwDQYJ
KoZIhvcNAQELBQADggEBACqM1xNCY57a1mNqR2XGbrE29kFj55cofLsiCcNBhcGj
6DTLdR9gWP5r91WmFK7xFtZYLrmG+v8V7eVAqwqH65hZBJnNWjsvSTvgTfkWujtI
K7uXJ47e79sCiNNE1qPYaQjmKTr1itu3A0tDNXouNJjRBgVw/RgjFmlEwZ/7nZAq
KJP/MOaO+5JSmD6wVdVupJQlLpKnRIB5dU/Sv4VVAh7La8Uv5+ujQvXEpQr0+HcJ
2GDee7Ffx6exFw07Va+Da0/M7LdaqvkfbKtkag0VyLO9ndASIq/jfWwP7+7T6wHl
F0QvyMgaBW4A5Do8ic8w1PUBA+G7FTRQJBvs0Yx7V3Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:40 2024 by rpki-client on console-fra.rpki-client.org