Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OvLNoI0dEvpzrBVtu3fY1ox9I64.roa
File:                     OvLNoI0dEvpzrBVtu3fY1ox9I64.roa (raw, json)
Hash identifier:          Vrtw8dT1eiYpCEor+zJYvYq7iK5rM/yHUJKXasDkxw8=
Subject key identifier:   3A:F2:CD:A0:8D:1D:12:FA:73:AC:15:6D:BB:77:D8:D6:8C:7D:23:AE
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018EA7A707ABC43522C8A10B35DD82D5DC44
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OvLNoI0dEvpzrBVtu3fY1ox9I64.roa
Signing time:             Thu 04 Apr 2024 05:48:45 +0000
ROA not before:           Thu 04 Apr 2024 05:48:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3258
IP address blocks:        45.14.64.0/22 maxlen: 24
                          45.14.70.0/24 maxlen: 24
                          45.14.105.0/24 maxlen: 24
                          45.14.107.0/24 maxlen: 24
                          45.66.128.0/22 maxlen: 24
                          45.66.216.0/22 maxlen: 24
                          45.89.232.0/22 maxlen: 32
                          45.94.40.0/22 maxlen: 32
                          45.128.208.0/22 maxlen: 32
                          45.129.8.0/22 maxlen: 24
                          45.134.168.0/22 maxlen: 24
                          45.142.124.0/22 maxlen: 24
                          45.143.232.0/22 maxlen: 24
                          45.149.156.0/22 maxlen: 24
                          45.159.48.0/22 maxlen: 24
                          62.106.70.0/24 maxlen: 24
                          88.214.20.0/22 maxlen: 24
                          88.218.192.0/22 maxlen: 32
                          91.200.240.0/22 maxlen: 24
                          92.60.40.0/22 maxlen: 24
                          109.107.137.0/24 maxlen: 24
                          109.107.140.0/24 maxlen: 24
                          141.98.196.0/22 maxlen: 24
                          141.98.196.0/24 maxlen: 24
                          141.98.197.0/24 maxlen: 24
                          141.98.198.0/24 maxlen: 24
                          147.78.240.0/21 maxlen: 24
                          149.62.44.0/22 maxlen: 24
                          176.113.68.0/22 maxlen: 32
                          176.119.148.0/22 maxlen: 24
                          176.126.114.0/24 maxlen: 24
                          185.184.220.0/22 maxlen: 24
                          185.200.64.0/22 maxlen: 24
                          185.207.152.0/22 maxlen: 32
                          193.32.148.0/22 maxlen: 24
                          193.111.30.0/23 maxlen: 24
                          194.104.152.0/22 maxlen: 24
                          195.245.241.0/24 maxlen: 24
                          195.245.242.0/24 maxlen: 24
                          2a09:1::/48 maxlen: 48
                          2a09:2::/48 maxlen: 48
                          2a09:3::/48 maxlen: 48
                          2a09:4::/48 maxlen: 48
                          2a09:5::/48 maxlen: 48
                          2a09:7::/36 maxlen: 48
                          2a09:7::/48 maxlen: 48
                          2a09:7:1::/48 maxlen: 48
                          2a09:7:2008::/48 maxlen: 48
                          2a0d:c7c1::/32 maxlen: 48
                          2a10:480::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 24 Jun 2024 07:43:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a7:a7:07:ab:c4:35:22:c8:a1:0b:35:dd:82:d5:dc:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Apr  4 05:48:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3af2cda08d1d12fa73ac156dbb77d8d68c7d23ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:4d:c5:ef:cd:dd:40:3f:50:5e:9b:0a:67:ca:
                    5f:26:81:9f:6e:db:e2:6a:a4:36:d4:86:74:20:d0:
                    c3:29:79:b0:9d:6c:bb:20:1a:e2:36:f8:29:67:d8:
                    4c:51:5a:11:b8:4f:ae:b1:af:17:fb:54:11:c4:3a:
                    93:0f:dd:2f:6d:ea:e7:4f:d8:65:6e:c3:ca:f8:bf:
                    24:cf:0a:e5:80:6f:3b:07:cb:38:10:28:d2:ff:9e:
                    84:97:81:2c:c3:02:ad:cd:65:82:12:9a:e0:4f:59:
                    d0:70:ae:34:17:cb:db:41:9e:c0:ee:98:c8:51:74:
                    fb:00:1c:b4:c5:c4:f2:23:5d:4c:f2:1e:55:e8:4a:
                    eb:13:fa:62:d6:30:5d:62:64:3c:98:c6:7b:fc:c7:
                    fb:60:2c:94:6d:db:fe:28:dc:89:b2:61:28:c1:46:
                    4d:3b:1c:3c:bf:6a:d3:5b:58:1d:22:92:55:97:7f:
                    35:62:d4:de:38:b1:d7:89:98:f4:2f:a9:fa:e5:2c:
                    f1:a9:17:50:41:02:9c:92:87:50:e8:76:a8:19:08:
                    d3:db:ac:50:38:cf:07:2a:14:86:1d:55:0d:61:61:
                    aa:54:da:45:d7:f1:12:1f:54:4a:37:e7:f7:2c:e3:
                    74:b6:9d:48:4d:83:b8:73:a0:6c:42:91:4d:34:5c:
                    c0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F2:CD:A0:8D:1D:12:FA:73:AC:15:6D:BB:77:D8:D6:8C:7D:23:AE
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/OvLNoI0dEvpzrBVtu3fY1ox9I64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.64.0/22
                  45.14.70.0/24
                  45.14.105.0/24
                  45.14.107.0/24
                  45.66.128.0/22
                  45.66.216.0/22
                  45.89.232.0/22
                  45.94.40.0/22
                  45.128.208.0/22
                  45.129.8.0/22
                  45.134.168.0/22
                  45.142.124.0/22
                  45.143.232.0/22
                  45.149.156.0/22
                  45.159.48.0/22
                  62.106.70.0/24
                  88.214.20.0/22
                  88.218.192.0/22
                  91.200.240.0/22
                  92.60.40.0/22
                  109.107.137.0/24
                  109.107.140.0/24
                  141.98.196.0/22
                  147.78.240.0/21
                  149.62.44.0/22
                  176.113.68.0/22
                  176.119.148.0/22
                  176.126.114.0/24
                  185.184.220.0/22
                  185.200.64.0/22
                  185.207.152.0/22
                  193.32.148.0/22
                  193.111.30.0/23
                  194.104.152.0/22
                  195.245.241.0-195.245.242.255
                IPv6:
                  2a09:1::/48
                  2a09:2::/48
                  2a09:3::/48
                  2a09:4::/48
                  2a09:5::/48
                  2a09:7::/36
                  2a09:7:2008::/48
                  2a0d:c7c1::/32
                  2a10:480::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:78:a4:13:ec:ce:4e:26:ba:ac:e4:14:6a:f8:02:78:9b:34:
         81:53:df:b7:e6:1a:9f:c5:5b:5c:6c:39:06:3b:5f:35:69:4b:
         49:1b:9b:2c:11:6e:cd:a3:9f:dd:67:06:f2:a9:ba:c6:e4:70:
         82:a6:5d:9c:0e:0c:4d:de:31:40:3a:ab:8e:f0:b8:36:ca:2a:
         df:a5:65:8d:94:f4:d5:bf:a3:ef:79:ff:7e:a9:af:5f:9a:6a:
         b2:9d:36:ff:cf:e2:63:f8:27:f0:e3:8a:ad:0d:59:a5:bb:23:
         58:60:99:bb:c1:92:65:f1:4b:24:f9:9d:66:6e:fb:b8:e7:09:
         c3:b2:1e:e4:59:ce:23:46:cc:af:d2:e0:b3:7c:4b:2a:71:2a:
         44:2c:04:30:37:5d:bd:f2:d9:66:36:ca:b4:f6:c7:dc:84:6e:
         21:64:07:a1:87:55:76:80:3b:99:fe:73:86:fa:8a:db:eb:b3:
         5e:58:cf:12:0c:d2:19:85:8e:18:32:0c:dc:54:f8:68:e4:f3:
         a7:bd:74:7f:cd:8e:4a:be:07:6b:f5:c4:dd:87:04:1c:30:8d:
         ac:53:4d:02:65:0c:12:c4:41:fb:dc:6a:af:42:a1:fd:69:3e:
         ef:24:57:9d:8d:d4:26:89:19:a1:74:d3:9a:f5:c7:09:48:61:
         f8:4d:6e:44
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgISAY6npwerxDUiyKELNd2C1dxEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjQwNDA0MDU0ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWYyY2RhMDhkMWQxMmZhNzNhYzE1NmRiYjc3ZDhkNjhjN2QyM2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkU3F783dQD9QXpsKZ8pfJoGfbtvi
aqQ21IZ0INDDKXmwnWy7IBriNvgpZ9hMUVoRuE+usa8X+1QRxDqTD90vbernT9hl
bsPK+L8kzwrlgG87B8s4ECjS/56El4EswwKtzWWCEprgT1nQcK40F8vbQZ7A7pjI
UXT7ABy0xcTyI11M8h5V6ErrE/pi1jBdYmQ8mMZ7/Mf7YCyUbdv+KNyJsmEowUZN
Oxw8v2rTW1gdIpJVl381YtTeOLHXiZj0L6n65SzxqRdQQQKckodQ6HaoGQjT26xQ
OM8HKhSGHVUNYWGqVNpF1/ESH1RKN+f3LON0tp1ITYO4c6BsQpFNNFzAFwIDAQAB
o4IDOTCCAzUwHQYDVR0OBBYEFDryzaCNHRL6c6wVbbt32NaMfSOuMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvT3ZMTm9JMGRFdnB6ckJWdHUzZlkxb3g5STY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTQYIKwYBBQUHAQcBAf8EggE8MIIBODCB4QQCAAEwgdoD
BAItDkADBAAtDkYDBAAtDmkDBAAtDmsDBAItQoADBAItQtgDBAItWegDBAItXigD
BAItgNADBAItgQgDBAIthqgDBAItjnwDBAItj+gDBAItlZwDBAItnzADBAA+akYD
BAJY1hQDBAJY2sADBAJbyPADBAJcPCgDBABta4kDBABta4wDBAKNYsQDBAOTTvAD
BAKVPiwDBAKwcUQDBAKwd5QDBACwfnIDBAK5uNwDBAK5yEADBAK5z5gDBALBIJQD
BAHBbx4DBALCaJgwDAMEAMP18QMEAMP18jBSBAIAAjBMAwcAKgkAAQAAAwcAKgkA
AgAAAwcAKgkAAwAAAwcAKgkABAAAAwcAKgkABQAAAwYEKgkABwADBwAqCQAHIAgD
BQAqDcfBAwUDKhAEgDANBgkqhkiG9w0BAQsFAAOCAQEAiXikE+zOTia6rOQUavgC
eJs0gVPft+Yan8VbXGw5BjtfNWlLSRubLBFuzaOf3WcG8qm6xuRwgqZdnA4MTd4x
QDqrjvC4Nsoq36VljZT01b+j73n/fqmvX5pqsp02/8/iY/gn8OOKrQ1ZpbsjWGCZ
u8GSZfFLJPmdZm77uOcJw7Ie5FnOI0bMr9Lgs3xLKnEqRCwEMDddvfLZZjbKtPbH
3IRuIWQHoYdVdoA7mf5zhvqK2+uzXljPEgzSGYWOGDIM3FT4aOTzp710f82OSr4H
a/XE3YcEHDCNrFNNAmUMEsRB+9xqr0Kh/Wk+7yRXnY3UJokZoXTTmvXHCUhh+E1u
RA==
-----END CERTIFICATE-----
Generated at Mon Jun 24 10:44:44 2024 by rpki-client on console-fra.rpki-client.org