Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/_5xE7K5sLhko0SUR5A8dhUwPIOA.roa
File:                     _5xE7K5sLhko0SUR5A8dhUwPIOA.roa (raw, json)
Hash identifier:          DP0mAIX0ZSEn42bvfSWwfEnqorsxBzMe/NrHKydfoak=
Subject key identifier:   FF:9C:44:EC:AE:6C:2E:19:28:D1:25:11:E4:0F:1D:85:4C:0F:20:E0
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       018752FD73C796A3EFA7F30C6233E349DA07
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/_5xE7K5sLhko0SUR5A8dhUwPIOA.roa
Signing time:             Wed 05 Apr 2023 19:55:54 +0000
ROA not before:           Wed 05 Apr 2023 19:55:54 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     23959
IP address blocks:        45.66.216.0/22 maxlen: 24
                          92.60.43.0/24 maxlen: 24
                          94.124.119.0/24 maxlen: 24
                          195.245.219.0/24 maxlen: 24
                          193.111.30.0/23 maxlen: 24
                          185.184.223.0/24 maxlen: 24
                          79.143.140.0/22 maxlen: 24
                          45.130.21.0/24 maxlen: 24
                          176.119.148.0/22 maxlen: 24
                          88.214.22.0/24 maxlen: 24
                          194.36.24.0/24 maxlen: 24
                          95.214.165.0/24 maxlen: 24
                          194.36.27.0/24 maxlen: 24
                          45.143.232.0/24 maxlen: 24
                          95.214.164.0/24 maxlen: 24
                          45.143.233.0/24 maxlen: 24
                          45.143.232.0/22 maxlen: 24
                          45.143.234.0/24 maxlen: 24
                          45.143.235.0/24 maxlen: 24
                          45.66.128.0/22 maxlen: 24
                          91.200.240.0/24 maxlen: 24
                          185.194.54.0/24 maxlen: 24
                          91.200.242.0/24 maxlen: 24
                          91.200.243.0/24 maxlen: 24
                          193.32.148.0/22 maxlen: 24
                          141.98.196.0/24 maxlen: 24
                          141.98.198.0/24 maxlen: 24
                          141.98.197.0/24 maxlen: 24
                          45.159.48.0/22 maxlen: 24
                          45.14.105.0/24 maxlen: 24
                          45.14.107.0/24 maxlen: 24
                          45.142.125.0/24 maxlen: 24
                          45.142.127.0/24 maxlen: 24
                          45.142.126.0/24 maxlen: 24
                          147.78.240.0/21 maxlen: 24
                          185.200.64.0/24 maxlen: 24
                          149.62.44.0/24 maxlen: 24
                          185.200.66.0/24 maxlen: 24
                          149.62.46.0/24 maxlen: 24
                          149.62.47.0/24 maxlen: 24
                          45.149.156.0/22 maxlen: 24
                          195.245.241.0/24 maxlen: 24
                          195.245.242.0/24 maxlen: 24
                          194.104.155.0/24 maxlen: 24
                          194.104.153.0/24 maxlen: 24
                          194.104.154.0/24 maxlen: 24
                          45.14.64.0/22 maxlen: 24
                          45.14.70.0/24 maxlen: 24
                          194.169.54.0/24 maxlen: 24
                          2a09:7::/36 maxlen: 48
                          2a0d:c7c1::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 23 Nov 2023 01:16:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:52:fd:73:c7:96:a3:ef:a7:f3:0c:62:33:e3:49:da:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Apr  5 19:55:54 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ff9c44ecae6c2e1928d12511e40f1d854c0f20e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:19:46:4f:2e:9d:91:fc:18:65:02:1a:87:f8:
                    6b:9b:d6:9f:5c:75:b9:61:b5:94:0d:37:1a:af:16:
                    45:20:4e:7f:18:4d:48:44:f0:80:39:85:85:c0:80:
                    96:95:e9:b9:93:26:e6:5d:3b:df:c4:ef:63:c3:a1:
                    c9:01:d8:b2:77:bc:bb:77:0d:7f:2b:c7:92:b6:cc:
                    7a:34:0e:8f:89:91:6e:d9:7b:f6:34:e3:5a:d0:39:
                    ac:97:03:88:63:1a:94:b9:13:90:07:49:19:60:4c:
                    76:72:4b:31:d8:9e:02:eb:6f:a0:e7:18:13:b8:66:
                    2d:ba:57:32:6e:12:0c:4c:ef:6b:3d:90:12:af:90:
                    46:4d:37:f7:cc:45:01:dd:ce:f1:f4:68:45:11:c4:
                    43:1c:b7:89:95:ca:e0:7d:d2:e7:eb:e5:f2:ef:2a:
                    93:5c:29:19:23:04:a6:d1:99:2a:54:2c:41:e9:94:
                    76:17:80:d2:04:36:a9:a5:fc:4d:1b:bb:16:38:62:
                    37:65:4e:68:43:73:82:d0:29:71:f6:ae:04:3a:68:
                    10:4d:5a:b2:15:31:d1:3e:5c:ca:4e:0d:4d:49:70:
                    87:6f:dd:54:14:d0:9c:45:7a:cf:88:86:75:83:e1:
                    bb:29:e3:81:02:c2:05:fe:89:96:b3:70:88:76:36:
                    18:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:9C:44:EC:AE:6C:2E:19:28:D1:25:11:E4:0F:1D:85:4C:0F:20:E0
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/_5xE7K5sLhko0SUR5A8dhUwPIOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.64.0/22
                  45.14.70.0/24
                  45.14.105.0/24
                  45.14.107.0/24
                  45.66.128.0/22
                  45.66.216.0/22
                  45.130.21.0/24
                  45.142.125.0-45.142.127.255
                  45.143.232.0/22
                  45.149.156.0/22
                  45.159.48.0/22
                  79.143.140.0/22
                  88.214.22.0/24
                  91.200.240.0/24
                  91.200.242.0/23
                  92.60.43.0/24
                  94.124.119.0/24
                  95.214.164.0/23
                  141.98.196.0-141.98.198.255
                  147.78.240.0/21
                  149.62.44.0/24
                  149.62.46.0/23
                  176.119.148.0/22
                  185.184.223.0/24
                  185.194.54.0/24
                  185.200.64.0/24
                  185.200.66.0/24
                  193.32.148.0/22
                  193.111.30.0/23
                  194.36.24.0/24
                  194.36.27.0/24
                  194.104.153.0-194.104.155.255
                  194.169.54.0/24
                  195.245.219.0/24
                  195.245.241.0-195.245.242.255
                IPv6:
                  2a09:7::/36
                  2a0d:c7c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:a3:3f:4c:f6:4d:a1:23:a2:b5:f8:a1:20:6c:42:d9:ec:ce:
         1d:f2:cd:05:fc:c6:67:29:89:a2:c1:1b:6d:68:86:90:66:ec:
         80:42:e3:07:d1:77:95:37:0c:e5:2c:fa:ae:34:66:bf:40:44:
         a0:28:bc:9b:c6:89:c5:59:28:2a:52:12:85:b7:55:ba:93:8d:
         af:84:a4:6a:ef:39:c7:80:94:e9:3f:cb:cc:0a:4e:44:12:45:
         d3:3c:f9:93:1a:ea:f4:6d:03:74:7b:ed:ef:9c:9d:a4:68:b7:
         3e:93:35:76:dc:30:43:2c:3c:1e:32:95:7b:d9:df:a1:a1:3c:
         90:7b:0f:d4:58:26:e8:e2:d1:f4:03:94:58:3e:17:bc:ac:67:
         a0:62:86:62:c0:78:23:fd:31:5c:c0:b2:d3:06:a4:62:3b:5f:
         44:fc:87:d3:67:37:97:71:53:3c:5c:51:b6:f2:17:db:a5:18:
         a8:8a:67:24:75:8c:d5:f7:8c:1c:0e:98:2f:aa:d5:68:31:0e:
         91:52:61:29:d8:dc:7f:64:b7:4d:70:68:e5:c0:34:c5:7c:f8:
         8e:2a:b1:79:25:64:7c:df:ee:1e:25:b8:9a:40:ff:63:40:01:
         0c:6b:35:c7:28:09:b1:92:0e:78:3b:0d:e1:83:57:22:1d:54:
         29:2f:52:8e
-----BEGIN CERTIFICATE-----
MIIGCDCCBPCgAwIBAgISAYdS/XPHlqPvp/MMYjPjSdoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjMwNDA1MTk1NTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjljNDRlY2FlNmMyZTE5MjhkMTI1MTFlNDBmMWQ4NTRjMGYyMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRlGTy6dkfwYZQIah/hrm9afXHW5
YbWUDTcarxZFIE5/GE1IRPCAOYWFwICWlem5kybmXTvfxO9jw6HJAdiyd7y7dw1/
K8eStsx6NA6PiZFu2Xv2NONa0DmslwOIYxqUuROQB0kZYEx2cksx2J4C62+g5xgT
uGYtulcybhIMTO9rPZASr5BGTTf3zEUB3c7x9GhFEcRDHLeJlcrgfdLn6+Xy7yqT
XCkZIwSm0ZkqVCxB6ZR2F4DSBDappfxNG7sWOGI3ZU5oQ3OC0Clx9q4EOmgQTVqy
FTHRPlzKTg1NSXCHb91UFNCcRXrPiIZ1g+G7KeOBAsIF/omWs3CIdjYYuwIDAQAB
o4IDFDCCAxAwHQYDVR0OBBYEFP+cROyubC4ZKNElEeQPHYVMDyDgMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvXzV4RTdLNXNMaGtvMFNVUjVBOGRoVXdQSU9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKAYIKwYBBQUHAQcBAf8EggEXMIIBEzCB+QQCAAEwgfID
BAItDkADBAAtDkYDBAAtDmkDBAAtDmsDBAItQoADBAItQtgDBAAtghUwDAMEAC2O
fQMEBy2OAAMEAi2P6AMEAi2VnAMEAi2fMAMEAk+PjAMEAFjWFgMEAFvI8AMEAVvI
8gMEAFw8KwMEAF58dwMEAV/WpDAMAwQCjWLEAwQAjWLGAwQDk07wAwQAlT4sAwQB
lT4uAwQCsHeUAwQAubjfAwQAucI2AwQAuchAAwQAuchCAwQCwSCUAwQBwW8eAwQA
wiQYAwQAwiQbMAwDBADCaJkDBALCaJgDBADCqTYDBADD9dswDAMEAMP18QMEAMP1
8jAVBAIAAjAPAwYEKgkABwADBQAqDcfBMA0GCSqGSIb3DQEBCwUAA4IBAQB7oz9M
9k2hI6K1+KEgbELZ7M4d8s0F/MZnKYmiwRttaIaQZuyAQuMH0XeVNwzlLPquNGa/
QESgKLybxonFWSgqUhKFt1W6k42vhKRq7znHgJTpP8vMCk5EEkXTPPmTGur0bQN0
e+3vnJ2kaLc+kzV23DBDLDweMpV72d+hoTyQew/UWCbo4tH0A5RYPhe8rGegYoZi
wHgj/TFcwLLTBqRiO19E/IfTZzeXcVM8XFG28hfbpRioimckdYzV94wcDpgvqtVo
MQ6RUmEp2Nx/ZLdNcGjlwDTFfPiOKrF5JWR83+4eJbiaQP9jQAEMazXHKAmxkg54
Ow3hg1ciHVQpL1KO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:47 2024 by rpki-client on console-ams.rpki-client.org