Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/f7c4a2-b606-4292-b9f7-fa3c4ef5edf6/1/OyIH1y-yygxDfahPYzZRwfOFaeM.roa
File:                     OyIH1y-yygxDfahPYzZRwfOFaeM.roa (raw, json)
Hash identifier:          r/XfIUBiPdguLlJnm464twbhB6uMpbxCazPfxa5YBCA=
Subject key identifier:   3B:22:07:D7:2F:B2:CA:0C:43:7D:A8:4F:63:36:51:C1:F3:85:69:E3
Certificate issuer:       /CN=3da6e69e65dd0a540599703ed0c92474cb20e939
Certificate serial:       01856D9D074C390AFFCBFEFDB4068EC8AD4A
Authority key identifier: 3D:A6:E6:9E:65:DD:0A:54:05:99:70:3E:D0:C9:24:74:CB:20:E9:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PabmnmXdClQFmXA-0MkkdMsg6Tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/f7c4a2-b606-4292-b9f7-fa3c4ef5edf6/1/OyIH1y-yygxDfahPYzZRwfOFaeM.roa
Signing time:             Sun 01 Jan 2023 13:54:45 +0000
ROA not before:           Sun 01 Jan 2023 13:54:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12611
IP address blocks:        91.106.120.0/21 maxlen: 24
                          46.227.96.0/21 maxlen: 24
                          88.133.232.0/21 maxlen: 24
                          80.209.192.0/19 maxlen: 24
                          95.130.160.0/21 maxlen: 24
                          212.77.160.0/19 maxlen: 24
                          185.119.92.0/22 maxlen: 24
                          88.133.176.0/20 maxlen: 24
                          81.27.160.0/20 maxlen: 24
                          217.74.0.0/21 maxlen: 24
                          5.149.224.0/20 maxlen: 24
                          130.185.0.0/18 maxlen: 24
                          2001:16e0::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:31:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:9d:07:4c:39:0a:ff:cb:fe:fd:b4:06:8e:c8:ad:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3da6e69e65dd0a540599703ed0c92474cb20e939
        Validity
            Not Before: Jan  1 13:54:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b2207d72fb2ca0c437da84f633651c1f38569e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:39:81:29:eb:ed:77:5a:9d:1d:33:15:d3:9a:
                    d1:1e:27:f0:2c:1b:46:0d:11:4c:09:3d:91:3b:20:
                    4b:7c:06:e9:51:3e:a6:de:64:52:14:fc:eb:86:5e:
                    8a:46:08:95:2f:e4:d5:33:24:f9:5d:75:35:b6:f9:
                    d3:3e:fc:da:be:73:dc:85:0f:f8:21:01:29:53:1b:
                    21:d6:a7:b2:87:e0:84:63:1a:1b:90:32:a6:f3:12:
                    ec:59:e8:d0:5e:75:8c:49:46:c3:02:64:2f:9f:9c:
                    49:04:ee:44:e7:9c:7d:1e:69:6a:30:8d:4e:58:1b:
                    d0:43:9a:6c:f5:9c:41:8d:9b:34:41:95:67:62:ac:
                    15:0a:4a:ca:8b:58:c4:45:ea:82:86:9b:0b:f1:d2:
                    28:0c:64:a8:99:d6:14:ed:8e:5e:18:9c:b9:c6:64:
                    f8:38:fe:b4:09:ba:90:c1:67:36:b0:e6:7e:bf:c4:
                    a8:6c:25:a7:d9:fe:ef:66:e6:f3:fa:e2:74:e2:52:
                    25:7d:49:81:68:dd:10:70:1c:58:23:14:f8:c2:ca:
                    1b:9c:30:f5:f3:2a:2c:61:21:57:37:69:36:0a:d7:
                    3d:e7:df:e2:a5:c3:cb:08:8c:5b:3c:fe:0a:3f:bf:
                    f9:9c:41:38:aa:f6:92:d4:81:e2:19:ce:d2:3b:29:
                    d5:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:22:07:D7:2F:B2:CA:0C:43:7D:A8:4F:63:36:51:C1:F3:85:69:E3
            X509v3 Authority Key Identifier:
                keyid:3D:A6:E6:9E:65:DD:0A:54:05:99:70:3E:D0:C9:24:74:CB:20:E9:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PabmnmXdClQFmXA-0MkkdMsg6Tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f7c4a2-b606-4292-b9f7-fa3c4ef5edf6/1/OyIH1y-yygxDfahPYzZRwfOFaeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f7c4a2-b606-4292-b9f7-fa3c4ef5edf6/1/PabmnmXdClQFmXA-0MkkdMsg6Tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.149.224.0/20
                  46.227.96.0/21
                  80.209.192.0/19
                  81.27.160.0/20
                  88.133.176.0/20
                  88.133.232.0/21
                  91.106.120.0/21
                  95.130.160.0/21
                  130.185.0.0/18
                  185.119.92.0/22
                  212.77.160.0/19
                  217.74.0.0/21
                IPv6:
                  2001:16e0::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:89:bd:55:ca:4b:01:74:e4:f7:44:30:41:0e:bc:21:53:18:
         35:ae:a4:23:7e:52:c8:86:54:de:73:35:c1:a6:b4:ad:c0:40:
         14:13:64:b7:71:ce:db:86:12:0b:be:f8:89:5d:f9:71:60:0d:
         15:2b:06:69:36:a3:16:b0:00:43:92:07:4b:1e:7d:3b:d6:8c:
         fe:fd:c8:2b:37:22:89:16:93:12:4f:03:c7:dd:3d:9a:22:0e:
         45:bf:0b:5e:5d:ee:22:46:d2:f4:3d:06:7c:18:42:95:ba:47:
         5f:33:2e:ec:9a:db:36:ed:18:0a:90:be:51:9d:54:87:65:9f:
         a9:c3:e3:fa:d3:9a:66:ce:dd:4c:0e:09:4b:16:c3:05:2e:26:
         25:f1:41:71:2e:d7:54:d0:3f:b7:9a:a7:0c:da:1c:d5:28:7b:
         6e:ec:e4:26:c0:8d:9d:22:db:a4:82:64:87:e4:0f:3e:f0:76:
         a6:76:63:6d:5e:6c:9a:1d:4f:99:bf:58:b3:e5:d5:7e:5b:c3:
         7a:ae:45:32:cf:2c:f0:ab:de:62:f1:c6:e2:ce:5d:9c:55:0c:
         ce:20:84:49:02:9e:9b:5b:13:51:fa:b7:7b:d9:32:8e:78:45:
         81:8c:0a:60:aa:b3:da:ff:b3:96:44:5d:5c:08:26:bc:27:65:
         0b:5c:14:5b
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYVtnQdMOQr/y/79tAaOyK1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkYTZlNjllNjVkZDBhNTQwNTk5NzAzZWQwYzkyNDc0Y2Iy
MGU5MzkwHhcNMjMwMTAxMTM1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjIyMDdkNzJmYjJjYTBjNDM3ZGE4NGY2MzM2NTFjMWYzODU2OWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDmBKevtd1qdHTMV05rRHifwLBtG
DRFMCT2ROyBLfAbpUT6m3mRSFPzrhl6KRgiVL+TVMyT5XXU1tvnTPvzavnPchQ/4
IQEpUxsh1qeyh+CEYxobkDKm8xLsWejQXnWMSUbDAmQvn5xJBO5E55x9HmlqMI1O
WBvQQ5ps9ZxBjZs0QZVnYqwVCkrKi1jEReqChpsL8dIoDGSomdYU7Y5eGJy5xmT4
OP60CbqQwWc2sOZ+v8SobCWn2f7vZubz+uJ04lIlfUmBaN0QcBxYIxT4wsobnDD1
8yosYSFXN2k2Ctc959/ipcPLCIxbPP4KP7/5nEE4qvaS1IHiGc7SOynVRQIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFDsiB9cvssoMQ32oT2M2UcHzhWnjMB8GA1UdIwQY
MBaAFD2m5p5l3QpUBZlwPtDJJHTLIOk5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGFibW5tWGRDbFFGbVhBLTBNa2tkTXNnNlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mN2M0YTItYjYwNi00MjkyLWI5Zjct
ZmEzYzRlZjVlZGY2LzEvT3lJSDF5LXl5Z3hEZmFoUFl6WlJ3Zk9GYWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mN2M0YTItYjYwNi00MjkyLWI5ZjctZmEzYzRlZjVlZGY2
LzEvUGFibW5tWGRDbFFGbVhBLTBNa2tkTXNnNlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQEBZXgAwQD
LuNgAwQFUNHAAwQEURugAwQEWIWwAwQDWIXoAwQDW2p4AwQDX4KgAwQGgrkAAwQC
uXdcAwQF1E2gAwQD2UoAMA0EAgACMAcDBQMgARbgMA0GCSqGSIb3DQEBCwUAA4IB
AQAmib1VyksBdOT3RDBBDrwhUxg1rqQjflLIhlTeczXBprStwEAUE2S3cc7bhhIL
vviJXflxYA0VKwZpNqMWsABDkgdLHn071oz+/cgrNyKJFpMSTwPH3T2aIg5Fvwte
Xe4iRtL0PQZ8GEKVukdfMy7smts27RgKkL5RnVSHZZ+pw+P605pmzt1MDglLFsMF
LiYl8UFxLtdU0D+3mqcM2hzVKHtu7OQmwI2dItukgmSH5A8+8HamdmNtXmyaHU+Z
v1iz5dV+W8N6rkUyzyzwq95i8cbizl2cVQzOIIRJAp6bWxNR+rd72TKOeEWBjApg
qrPa/7OWRF1cCCa8J2ULXBRb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:50 2024 by rpki-client on console-ams.rpki-client.org