Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/fTb9TXv8AF2opS_67vXlRP_eYik.roa
File:                     fTb9TXv8AF2opS_67vXlRP_eYik.roa (raw, json)
Hash identifier:          izlwEA2xvd6n5BTHFGMqgAB6xZAbfebm/2B0mC1NQ3E=
Subject key identifier:   7D:36:FD:4D:7B:FC:00:5D:A8:A5:2F:FA:EE:F5:E5:44:FF:DE:62:29
Certificate issuer:       /CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
Certificate serial:       01872D1F76D0075D44A823E5495B8DD5F4E5
Authority key identifier: 72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/fTb9TXv8AF2opS_67vXlRP_eYik.roa
Signing time:             Wed 29 Mar 2023 11:27:29 +0000
ROA not before:           Wed 29 Mar 2023 11:27:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     25291
IP address blocks:        185.46.136.0/22 maxlen: 24
                          37.44.0.0/21 maxlen: 24
                          151.252.40.0/21 maxlen: 24
                          45.153.82.0/23 maxlen: 24
                          185.56.128.0/21 maxlen: 24
                          176.74.56.0/21 maxlen: 24
                          185.54.232.0/22 maxlen: 24
                          109.68.224.0/21 maxlen: 24
                          37.49.152.0/21 maxlen: 24
                          185.56.104.0/23 maxlen: 24
                          37.123.104.0/21 maxlen: 24
                          195.192.128.0/18 maxlen: 24
                          77.247.80.0/21 maxlen: 24
                          2a00:13c8::/32 maxlen: 48
                          2a00:7fc0::/33 maxlen: 48
                          2a00:7fc0::/32 maxlen: 48
                          2a04:d480::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:32:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:1f:76:d0:07:5d:44:a8:23:e5:49:5b:8d:d5:f4:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72c26abc9e06c1afef9b5fd2da40412e7aee6b47
        Validity
            Not Before: Mar 29 11:27:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7d36fd4d7bfc005da8a52ffaeef5e544ffde6229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e1:c7:33:6a:c2:2f:6b:14:a0:d3:1d:51:62:
                    91:e2:35:ef:74:2a:a1:a7:d2:e2:34:08:20:c1:e1:
                    0d:d2:84:b3:82:7b:8c:cf:4c:41:a7:60:c1:11:28:
                    84:8c:11:45:ee:43:fc:e7:ab:01:61:cf:b0:13:b2:
                    a2:85:e0:10:14:a6:69:f4:fe:5c:61:49:ee:98:e6:
                    28:0c:b3:7a:e4:18:ce:8f:61:31:30:17:b8:ba:82:
                    2e:1d:ac:3f:0f:1f:07:01:d6:dd:e7:ca:6e:04:12:
                    99:d3:fd:73:f0:f6:58:fd:27:c8:f6:f0:1e:ce:8e:
                    7d:3e:93:eb:b2:21:68:6a:4d:17:f9:ff:38:c3:49:
                    89:5f:e0:31:57:93:13:0e:0a:07:68:c8:f4:36:89:
                    d0:57:4e:b1:53:b3:cc:80:2b:f7:2c:a9:4d:84:75:
                    cf:67:58:a8:d5:01:75:33:39:0b:e3:db:76:7e:d7:
                    62:fa:0d:d0:29:0f:47:7b:4f:bc:3d:c5:61:ce:a5:
                    fe:31:29:f4:78:1c:39:62:24:f1:26:7b:dd:4b:68:
                    fe:ab:6a:f8:7f:9b:71:9a:79:e4:5e:68:1b:ce:e0:
                    75:a7:cf:db:a7:ec:3f:c8:17:71:e0:25:74:f9:2c:
                    e0:e3:40:2c:08:1a:91:98:81:07:79:66:a3:32:a3:
                    ff:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:36:FD:4D:7B:FC:00:5D:A8:A5:2F:FA:EE:F5:E5:44:FF:DE:62:29
            X509v3 Authority Key Identifier:
                keyid:72:C2:6A:BC:9E:06:C1:AF:EF:9B:5F:D2:DA:40:41:2E:7A:EE:6B:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csJqvJ4Gwa_vm1_S2kBBLnrua0c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/fTb9TXv8AF2opS_67vXlRP_eYik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6c0530-1074-4b35-be0c-cd7d61913288/1/csJqvJ4Gwa_vm1_S2kBBLnrua0c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.44.0.0/21
                  37.49.152.0/21
                  37.123.104.0/21
                  45.153.82.0/23
                  77.247.80.0/21
                  109.68.224.0/21
                  151.252.40.0/21
                  176.74.56.0/21
                  185.46.136.0/22
                  185.54.232.0/22
                  185.56.104.0/23
                  185.56.128.0/21
                  195.192.128.0/18
                IPv6:
                  2a00:13c8::/32
                  2a00:7fc0::/32
                  2a04:d480::/29

    Signature Algorithm: sha256WithRSAEncryption
         4b:d9:cd:8b:d4:90:9c:b3:d3:31:9f:01:3b:40:d3:ef:49:c8:
         5c:f9:60:0e:3f:27:7b:df:57:f0:32:00:4b:f4:68:99:61:c7:
         e2:e3:87:4c:c8:3e:ea:43:d0:87:43:cb:d5:78:12:c3:4e:a9:
         6c:1a:65:e1:bd:f2:bb:8c:b7:8d:bf:08:cc:d0:f5:ce:45:15:
         46:cd:d3:a3:3c:79:b3:c4:56:ba:20:52:31:7c:c4:8c:e6:dd:
         e7:af:48:0a:d3:38:dd:ff:6b:ec:e5:50:6e:e9:ca:61:2b:f6:
         9e:a0:6d:69:a2:12:1f:34:9f:47:12:34:27:49:22:d8:de:52:
         1f:fd:e9:89:50:33:1c:b3:64:51:12:f2:01:ae:97:e8:fb:e7:
         8c:ec:ac:00:63:35:d5:15:e2:0d:e8:83:d1:15:85:e1:3e:6c:
         a7:1a:37:ae:9c:7a:e5:3e:e1:df:23:e9:c3:a0:5a:71:9c:bc:
         34:56:bb:e9:dc:d2:e9:c8:73:ac:37:4e:13:c8:e2:bc:b0:be:
         9d:36:05:c5:c2:a0:f2:bb:64:b4:eb:ee:a3:f9:35:62:1c:7e:
         3b:c5:0a:68:8d:21:12:9d:f9:ee:41:fd:77:97:02:11:b3:10:
         7a:10:b7:34:ce:1f:ea:a5:c9:7a:c2:47:9b:7b:02:38:f7:83:
         8e:ee:00:2c
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYctH3bQB11EqCPlSVuN1fTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYzI2YWJjOWUwNmMxYWZlZjliNWZkMmRhNDA0MTJlN2Fl
ZTZiNDcwHhcNMjMwMzI5MTEyNzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDM2ZmQ0ZDdiZmMwMDVkYThhNTJmZmFlZWY1ZTU0NGZmZGU2MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuHHM2rCL2sUoNMdUWKR4jXvdCqh
p9LiNAggweEN0oSzgnuMz0xBp2DBESiEjBFF7kP856sBYc+wE7KiheAQFKZp9P5c
YUnumOYoDLN65BjOj2ExMBe4uoIuHaw/Dx8HAdbd58puBBKZ0/1z8PZY/SfI9vAe
zo59PpPrsiFoak0X+f84w0mJX+AxV5MTDgoHaMj0NonQV06xU7PMgCv3LKlNhHXP
Z1io1QF1MzkL49t2ftdi+g3QKQ9He0+8PcVhzqX+MSn0eBw5YiTxJnvdS2j+q2r4
f5txmnnkXmgbzuB1p8/bp+w/yBdx4CV0+Szg40AsCBqRmIEHeWajMqP/bQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFH02/U17/ABdqKUv+u715UT/3mIpMB8GA1UdIwQY
MBaAFHLCaryeBsGv75tf0tpAQS567mtHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMt
Y2Q3ZDYxOTEzMjg4LzEvZlRiOVRYdjhBRjJvcFNfNjd2WGxSUF9lWWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82YzA1MzAtMTA3NC00YjM1LWJlMGMtY2Q3ZDYxOTEzMjg4
LzEvY3NKcXZKNEd3YV92bTFfUzJrQkJMbnJ1YTBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwVAQCAAEwTgMEAyUsAAME
AyUxmAMEAyV7aAMEAS2ZUgMEA033UAMEA21E4AMEA5f8KAMEA7BKOAMEArkuiAME
Ark26AMEAbk4aAMEA7k4gAMEBsPAgDAbBAIAAjAVAwUAKgATyAMFACoAf8ADBQMq
BNSAMA0GCSqGSIb3DQEBCwUAA4IBAQBL2c2L1JCcs9MxnwE7QNPvSchc+WAOPyd7
31fwMgBL9GiZYcfi44dMyD7qQ9CHQ8vVeBLDTqlsGmXhvfK7jLeNvwjM0PXORRVG
zdOjPHmzxFa6IFIxfMSM5t3nr0gK0zjd/2vs5VBu6cphK/aeoG1pohIfNJ9HEjQn
SSLY3lIf/emJUDMcs2RREvIBrpfo++eM7KwAYzXVFeIN6IPRFYXhPmynGjeunHrl
PuHfI+nDoFpxnLw0Vrvp3NLpyHOsN04TyOK8sL6dNgXFwqDyu2S06+6j+TViHH47
xQpojSESnfnuQf13lwIRsxB6ELc0zh/qpcl6wkebewI494OO7gAs
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:46 2024 by rpki-client on console-fra.rpki-client.org