Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/G0i2fz7QlMCyw0kufLSOEIs260c.roa
File:                     G0i2fz7QlMCyw0kufLSOEIs260c.roa (raw, json)
Hash identifier:          qZCstXCw1fINr0bOmVj0ae7z8FhXAE+m8fPuKzG4imk=
Subject key identifier:   1B:48:B6:7F:3E:D0:94:C0:B2:C3:49:2E:7C:B4:8E:10:8B:36:EB:47
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       01856F1DCC7D5061984552E675AB0CAEFC19
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/G0i2fz7QlMCyw0kufLSOEIs260c.roa
Signing time:             Sun 01 Jan 2023 20:55:01 +0000
ROA not before:           Sun 01 Jan 2023 20:55:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     23959
IP address blocks:        45.66.216.0/22 maxlen: 24
                          92.60.43.0/24 maxlen: 24
                          94.124.119.0/24 maxlen: 24
                          195.245.219.0/24 maxlen: 24
                          193.111.30.0/23 maxlen: 24
                          45.130.21.0/24 maxlen: 24
                          176.119.148.0/22 maxlen: 24
                          88.214.20.0/22 maxlen: 24
                          45.147.48.0/24 maxlen: 24
                          45.147.51.0/24 maxlen: 24
                          45.147.49.0/24 maxlen: 24
                          194.36.24.0/24 maxlen: 24
                          95.214.165.0/24 maxlen: 24
                          194.36.27.0/24 maxlen: 24
                          95.214.164.0/24 maxlen: 24
                          45.143.233.0/24 maxlen: 24
                          45.143.234.0/24 maxlen: 24
                          45.143.235.0/24 maxlen: 24
                          45.66.128.0/22 maxlen: 24
                          91.200.240.0/24 maxlen: 24
                          185.194.54.0/24 maxlen: 24
                          91.200.242.0/24 maxlen: 24
                          91.200.243.0/24 maxlen: 24
                          193.32.148.0/22 maxlen: 24
                          141.98.196.0/24 maxlen: 24
                          141.98.198.0/24 maxlen: 24
                          141.98.197.0/24 maxlen: 24
                          45.159.48.0/22 maxlen: 24
                          45.142.125.0/24 maxlen: 24
                          45.142.127.0/24 maxlen: 24
                          45.142.126.0/24 maxlen: 24
                          147.78.240.0/21 maxlen: 24
                          185.200.64.0/24 maxlen: 24
                          149.62.44.0/24 maxlen: 24
                          185.200.66.0/24 maxlen: 24
                          149.62.46.0/24 maxlen: 24
                          149.62.47.0/24 maxlen: 24
                          45.149.156.0/22 maxlen: 24
                          78.142.228.0/22 maxlen: 24
                          213.232.112.0/22 maxlen: 24
                          195.245.241.0/24 maxlen: 24
                          195.245.242.0/24 maxlen: 24
                          194.104.155.0/24 maxlen: 24
                          194.104.153.0/24 maxlen: 24
                          194.104.154.0/24 maxlen: 24
                          45.14.64.0/22 maxlen: 24
                          194.169.54.0/24 maxlen: 24
                          2a09:7::/36 maxlen: 48
                          2a0d:c7c1::/32 maxlen: 48

Validation:               Failed, certificate revoked on Fri 24 Feb 2023 10:26:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:cc:7d:50:61:98:45:52:e6:75:ab:0c:ae:fc:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Jan  1 20:55:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1b48b67f3ed094c0b2c3492e7cb48e108b36eb47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:37:72:65:89:a5:bc:95:98:84:d8:c8:b5:
                    a3:11:13:fc:79:dd:81:d7:25:8a:36:8c:da:4e:ca:
                    26:a7:8d:bf:cb:8a:a7:97:ab:9f:42:38:8a:4d:99:
                    19:55:c9:fe:53:da:2d:95:1d:c4:31:9f:02:48:6e:
                    e4:da:ca:8a:dc:fc:92:e5:6a:33:5f:4d:3f:d7:54:
                    9f:df:7b:3e:28:ce:84:58:25:78:75:bc:8e:e1:f3:
                    ea:c2:24:22:dd:b2:3d:c0:04:36:cf:fc:7b:00:a7:
                    aa:52:d0:d1:ee:b9:a0:da:f4:7e:df:d6:7f:d6:a6:
                    ad:62:ff:51:3f:4e:b9:9e:94:0c:fd:8f:a4:a1:ab:
                    8d:23:10:15:04:00:3d:c7:a8:d6:8b:42:ec:0c:01:
                    51:b9:e5:99:c4:9d:57:e1:cb:b8:21:9c:7a:69:12:
                    42:f1:22:81:58:a2:38:73:bd:14:e8:cf:09:ca:89:
                    0b:83:ac:f2:d3:2e:ca:52:13:80:9e:3f:01:be:8d:
                    cb:1b:39:6d:51:85:67:fb:34:94:57:69:37:6c:78:
                    b9:8e:4c:eb:43:72:64:8d:f2:78:75:07:19:af:5d:
                    83:bd:5c:39:a7:40:e8:78:86:04:90:c8:07:5b:f2:
                    bc:7d:3a:f5:bd:1d:41:4d:0f:85:1b:5b:6c:ce:7d:
                    74:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:48:B6:7F:3E:D0:94:C0:B2:C3:49:2E:7C:B4:8E:10:8B:36:EB:47
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/G0i2fz7QlMCyw0kufLSOEIs260c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.64.0/22
                  45.66.128.0/22
                  45.66.216.0/22
                  45.130.21.0/24
                  45.142.125.0-45.142.127.255
                  45.143.233.0-45.143.235.255
                  45.147.48.0/23
                  45.147.51.0/24
                  45.149.156.0/22
                  45.159.48.0/22
                  78.142.228.0/22
                  88.214.20.0/22
                  91.200.240.0/24
                  91.200.242.0/23
                  92.60.43.0/24
                  94.124.119.0/24
                  95.214.164.0/23
                  141.98.196.0-141.98.198.255
                  147.78.240.0/21
                  149.62.44.0/24
                  149.62.46.0/23
                  176.119.148.0/22
                  185.194.54.0/24
                  185.200.64.0/24
                  185.200.66.0/24
                  193.32.148.0/22
                  193.111.30.0/23
                  194.36.24.0/24
                  194.36.27.0/24
                  194.104.153.0-194.104.155.255
                  194.169.54.0/24
                  195.245.219.0/24
                  195.245.241.0-195.245.242.255
                  213.232.112.0/22
                IPv6:
                  2a09:7::/36
                  2a0d:c7c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:8a:cc:8e:36:44:13:40:11:42:3b:8c:6d:ad:80:4f:b6:bf:
         c0:6f:95:70:ba:9f:35:e6:73:22:2e:6d:00:f8:b0:e9:07:06:
         b3:1d:12:23:8a:0c:92:55:7c:a5:9d:88:fe:7c:1e:b0:15:de:
         a0:8f:f2:cd:3e:be:f3:b2:63:29:81:06:0c:47:71:39:7e:4c:
         e7:8c:93:64:9e:33:ce:39:58:38:cd:6b:c2:16:e9:30:32:03:
         2d:df:dc:b7:6d:db:8d:d5:db:1c:27:25:db:17:11:73:d9:09:
         75:c0:d4:c7:35:fb:cc:a8:d5:98:36:3d:38:01:8d:51:88:d4:
         b3:4f:70:15:a0:9d:05:20:20:f9:47:af:6f:1e:75:7b:af:1b:
         74:2e:e5:80:da:6b:ac:6c:8a:ad:2f:0d:27:54:ff:81:4b:31:
         fc:b0:8f:a8:71:a0:8a:d4:e0:ad:14:25:79:cf:db:d7:81:c5:
         12:94:68:42:c9:87:d2:8a:3d:97:2c:1b:57:dd:b3:22:ed:d8:
         01:b2:7f:3b:89:74:24:66:ea:d2:72:71:fa:39:66:88:2b:ff:
         0a:e6:ad:98:4e:f2:62:3d:f0:f5:c2:4c:86:e6:ab:5d:c1:02:
         11:86:12:f6:e0:7e:ce:d1:21:2d:ab:26:08:13:b8:2c:9c:cf:
         23:5c:a6:9c
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAYVvHcx9UGGYRVLmdasMrvwZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjMwMTAxMjA1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjQ4YjY3ZjNlZDA5NGMwYjJjMzQ5MmU3Y2I0OGUxMDhiMzZlYjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYQ3cmWJpbyVmITYyLWjERP8ed2B
1yWKNozaTsomp42/y4qnl6ufQjiKTZkZVcn+U9otlR3EMZ8CSG7k2sqK3PyS5Woz
X00/11Sf33s+KM6EWCV4dbyO4fPqwiQi3bI9wAQ2z/x7AKeqUtDR7rmg2vR+39Z/
1qatYv9RP065npQM/Y+koauNIxAVBAA9x6jWi0LsDAFRueWZxJ1X4cu4IZx6aRJC
8SKBWKI4c70U6M8JyokLg6zy0y7KUhOAnj8Bvo3LGzltUYVn+zSUV2k3bHi5jkzr
Q3JkjfJ4dQcZr12DvVw5p0DoeIYEkMgHW/K8fTr1vR1BTQ+FG1tszn10cQIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFBtItn8+0JTAssNJLny0jhCLNutHMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvRzBpMmZ6N1FsTUN5dzBrdWZMU09FSXMyNjBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKgYIKwYBBQUHAQcBAf8EggEZMIIBFTCB+wQCAAEwgfQD
BAItDkADBAItQoADBAItQtgDBAAtghUwDAMEAC2OfQMEBy2OADAMAwQALY/pAwQC
LY/oAwQBLZMwAwQALZMzAwQCLZWcAwQCLZ8wAwQCTo7kAwQCWNYUAwQAW8jwAwQB
W8jyAwQAXDwrAwQAXnx3AwQBX9akMAwDBAKNYsQDBACNYsYDBAOTTvADBACVPiwD
BAGVPi4DBAKwd5QDBAC5wjYDBAC5yEADBAC5yEIDBALBIJQDBAHBbx4DBADCJBgD
BADCJBswDAMEAMJomQMEAsJomAMEAMKpNgMEAMP12zAMAwQAw/XxAwQAw/XyAwQC
1ehwMBUEAgACMA8DBgQqCQAHAAMFACoNx8EwDQYJKoZIhvcNAQELBQADggEBAJKK
zI42RBNAEUI7jG2tgE+2v8BvlXC6nzXmcyIubQD4sOkHBrMdEiOKDJJVfKWdiP58
HrAV3qCP8s0+vvOyYymBBgxHcTl+TOeMk2SeM845WDjNa8IW6TAyAy3f3Ldt243V
2xwnJdsXEXPZCXXA1Mc1+8yo1Zg2PTgBjVGI1LNPcBWgnQUgIPlHr28edXuvG3Qu
5YDaa6xsiq0vDSdU/4FLMfywj6hxoIrU4K0UJXnP29eBxRKUaELJh9KKPZcsG1fd
syLt2AGyfzuJdCRm6tJycfo5Zogr/wrmrZhO8mI98PXCTIbmq13BAhGGEvbgfs7R
IS2rJggTuCyczyNcppw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:46 2024 by rpki-client on console-ams.rpki-client.org