Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/5s5DiVEtruCLIPXMi3ZK1XYEc8E.roa
File:                     5s5DiVEtruCLIPXMi3ZK1XYEc8E.roa (raw, json)
Hash identifier:          XgDDMICiVseYfutWJp/5ZR9mD1Dsc6V3SMj7ZiPAhZg=
Subject key identifier:   E6:CE:43:89:51:2D:AE:E0:8B:20:F5:CC:8B:76:4A:D5:76:04:73:C1
Certificate issuer:       /CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
Certificate serial:       018BC3BF031E3D5D3ABB0B5A311A2EF6BD22
Authority key identifier: 3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/5s5DiVEtruCLIPXMi3ZK1XYEc8E.roa
Signing time:             Sun 12 Nov 2023 13:35:57 +0000
ROA not before:           Sun 12 Nov 2023 13:35:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62166
IP address blocks:        185.240.68.0/23 maxlen: 23
                          185.240.68.0/22 maxlen: 22
                          185.240.70.0/23 maxlen: 23
                          185.83.172.0/22 maxlen: 22
                          185.83.172.0/23 maxlen: 23
                          185.83.174.0/23 maxlen: 23
                          193.58.36.0/23 maxlen: 23
                          193.58.36.0/22 maxlen: 22
                          193.58.38.0/23 maxlen: 23
                          185.208.44.0/23 maxlen: 23
                          185.208.44.0/22 maxlen: 22
                          185.208.46.0/23 maxlen: 23
                          2a05:9d40::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:30:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:c3:bf:03:1e:3d:5d:3a:bb:0b:5a:31:1a:2e:f6:bd:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ec9fb0d13552aad04f3aaaeb58d4dd4e7cf40f0
        Validity
            Not Before: Nov 12 13:35:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=e6ce4389512daee08b20f5cc8b764ad5760473c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0e:37:91:0a:19:c9:7b:92:22:90:26:3b:f1:
                    2b:05:b2:db:98:99:ab:1d:96:4c:4a:f3:b3:d0:40:
                    24:d8:eb:ca:66:08:b6:84:c0:0a:ad:af:29:b2:08:
                    db:12:46:25:1e:a5:27:2a:5a:2d:10:cf:d5:7b:3a:
                    0e:6f:e6:58:8a:41:e3:7f:c3:ed:bf:73:4d:7a:02:
                    51:a1:2a:2d:f6:3e:39:56:37:a2:02:6f:d7:e8:fa:
                    b5:1f:0f:40:95:f7:ca:0d:9f:46:99:79:c2:00:7f:
                    50:31:fc:1f:fa:57:69:7c:58:12:d4:2a:ce:94:a9:
                    8a:c3:b2:27:14:af:02:86:07:40:99:a9:2f:1d:12:
                    61:96:12:dd:70:98:b0:8c:fb:3a:2e:19:a4:ad:6d:
                    9a:a4:5c:7c:9d:9d:c7:33:16:87:84:79:31:9b:37:
                    95:09:fd:cb:a3:11:c0:ce:c2:3d:62:5c:be:6f:4b:
                    75:98:60:5e:91:a2:43:41:b7:01:10:f2:2e:48:1c:
                    ca:ff:4a:16:17:d7:99:cc:69:e3:b0:d5:86:60:3d:
                    49:84:56:f4:b9:df:cf:db:2c:ca:46:a1:33:6f:6b:
                    43:2a:2d:b6:77:ce:e8:00:81:fd:3a:d9:3c:22:ec:
                    cc:76:1f:21:a3:b2:e7:e4:1f:64:04:bd:b8:0d:0d:
                    09:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:CE:43:89:51:2D:AE:E0:8B:20:F5:CC:8B:76:4A:D5:76:04:73:C1
            X509v3 Authority Key Identifier:
                keyid:3E:C9:FB:0D:13:55:2A:AD:04:F3:AA:AE:B5:8D:4D:D4:E7:CF:40:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Psn7DRNVKq0E86qutY1N1OfPQPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/5s5DiVEtruCLIPXMi3ZK1XYEc8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/6ccab3-479b-4da8-ae98-2cb6e3fdf9cd/1/Psn7DRNVKq0E86qutY1N1OfPQPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.172.0/22
                  185.208.44.0/22
                  185.240.68.0/22
                  193.58.36.0/22
                IPv6:
                  2a05:9d40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:ac:4c:fa:1e:31:08:00:2e:05:58:06:d9:f0:ab:e6:70:c8:
         d6:7e:26:c2:0d:32:51:60:fe:dc:93:08:40:69:e4:46:ee:8e:
         54:fd:d8:fc:56:b4:e0:c0:0a:3a:f5:4b:8f:f1:92:f2:b3:0f:
         64:10:63:9c:e4:6f:9d:b9:c9:c9:a0:6f:20:9d:7a:4e:11:b4:
         02:b2:e1:ce:68:41:97:6b:d5:47:ce:39:fc:62:58:c8:f3:5f:
         bd:3a:98:3e:16:c7:8f:91:f2:e5:7e:39:a9:e2:60:44:f1:03:
         ef:87:11:92:1c:50:ac:f8:14:66:bc:86:4e:b7:f5:98:bf:c1:
         fb:35:01:67:31:6f:24:99:89:f4:24:cc:4d:3c:94:1d:dc:4c:
         63:83:b3:f8:b1:b9:c8:a1:01:3f:25:43:77:0d:a4:de:5d:2d:
         a7:7e:96:17:4f:51:bf:4f:09:21:5b:a3:63:5a:4e:a1:4e:ea:
         68:86:7f:45:36:eb:b8:1c:9c:89:ae:c0:78:af:c1:8a:b9:24:
         8c:9f:7b:52:3c:29:4d:f9:43:5e:03:a0:2f:8b:77:ae:e7:42:
         d1:57:9d:b9:f8:81:85:ec:d6:2e:d1:5a:3b:67:0c:6c:cd:10:
         ba:6e:0c:3c:dd:0e:18:c9:10:99:5c:cb:5d:80:df:5c:97:52:
         fb:63:65:ef
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYvDvwMePV06uwtaMRou9r0iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYzlmYjBkMTM1NTJhYWQwNGYzYWFhZWI1OGQ0ZGQ0ZTdj
ZjQwZjAwHhcNMjMxMTEyMTMzNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmNlNDM4OTUxMmRhZWUwOGIyMGY1Y2M4Yjc2NGFkNTc2MDQ3M2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQ43kQoZyXuSIpAmO/ErBbLbmJmr
HZZMSvOz0EAk2OvKZgi2hMAKra8psgjbEkYlHqUnKlotEM/VezoOb+ZYikHjf8Pt
v3NNegJRoSot9j45VjeiAm/X6Pq1Hw9AlffKDZ9GmXnCAH9QMfwf+ldpfFgS1CrO
lKmKw7InFK8ChgdAmakvHRJhlhLdcJiwjPs6LhmkrW2apFx8nZ3HMxaHhHkxmzeV
Cf3LoxHAzsI9Yly+b0t1mGBekaJDQbcBEPIuSBzK/0oWF9eZzGnjsNWGYD1JhFb0
ud/P2yzKRqEzb2tDKi22d87oAIH9Otk8IuzMdh8ho7Ln5B9kBL24DQ0JbwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFObOQ4lRLa7giyD1zIt2StV2BHPBMB8GA1UdIwQY
MBaAFD7J+w0TVSqtBPOqrrWNTdTnz0DwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgt
MmNiNmUzZmRmOWNkLzEvNXM1RGlWRXRydUNMSVBYTWkzWksxWFlFYzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny82Y2NhYjMtNDc5Yi00ZGE4LWFlOTgtMmNiNmUzZmRmOWNk
LzEvUHNuN0RSTlZLcTBFODZxdXRZMU4xT2ZQUVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuVOsAwQC
udAsAwQCufBEAwQCwTokMA0EAgACMAcDBQMqBZ1AMA0GCSqGSIb3DQEBCwUAA4IB
AQAqrEz6HjEIAC4FWAbZ8KvmcMjWfibCDTJRYP7ckwhAaeRG7o5U/dj8VrTgwAo6
9UuP8ZLysw9kEGOc5G+ducnJoG8gnXpOEbQCsuHOaEGXa9VHzjn8YljI81+9Opg+
FsePkfLlfjmp4mBE8QPvhxGSHFCs+BRmvIZOt/WYv8H7NQFnMW8kmYn0JMxNPJQd
3Exjg7P4sbnIoQE/JUN3DaTeXS2nfpYXT1G/TwkhW6NjWk6hTupohn9FNuu4HJyJ
rsB4r8GKuSSMn3tSPClN+UNeA6Avi3eu50LRV525+IGF7NYu0Vo7ZwxszRC6bgw8
3Q4YyRCZXMtdgN9cl1L7Y2Xv
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:45 2024 by rpki-client on console-ams.rpki-client.org