Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/3e59c9-9f01-4562-921d-513ca8e6cece/1/DymsvGDL4pPc4rSz2NWreoy1hqc.roa
File:                     DymsvGDL4pPc4rSz2NWreoy1hqc.roa (raw, json)
Hash identifier:          Pd4njJSBLAfSgN3NdSi2MnplP8v85ERIw3qnTGLgYUw=
Subject key identifier:   0F:29:AC:BC:60:CB:E2:93:DC:E2:B4:B3:D8:D5:AB:7A:8C:B5:86:A7
Certificate issuer:       /CN=f81fc8c82986310c5f6a9b56fb76b6bd9877fcc0
Certificate serial:       01856EB90835ADC13DBC41E0EF058735DD7E
Authority key identifier: F8:1F:C8:C8:29:86:31:0C:5F:6A:9B:56:FB:76:B6:BD:98:77:FC:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-B_IyCmGMQxfaptW-3a2vZh3_MA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/3e59c9-9f01-4562-921d-513ca8e6cece/1/DymsvGDL4pPc4rSz2NWreoy1hqc.roa
Signing time:             Sun 01 Jan 2023 19:04:57 +0000
ROA not before:           Sun 01 Jan 2023 19:04:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44684
IP address blocks:        176.126.240.0/21 maxlen: 24
                          185.101.96.0/24 maxlen: 24
                          195.10.223.0/24 maxlen: 24
                          45.139.80.0/22 maxlen: 22
                          45.139.80.0/24 maxlen: 24
                          93.93.128.0/21 maxlen: 24
                          185.47.60.0/22 maxlen: 22
                          46.235.224.0/21 maxlen: 24
                          2a04:ad80::/47 maxlen: 48
                          2a00:1098::/32 maxlen: 48
                          2a06:1c80::/29 maxlen: 29
                          2a04:ad80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:b9:08:35:ad:c1:3d:bc:41:e0:ef:05:87:35:dd:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f81fc8c82986310c5f6a9b56fb76b6bd9877fcc0
        Validity
            Not Before: Jan  1 19:04:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0f29acbc60cbe293dce2b4b3d8d5ab7a8cb586a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:13:8b:55:4e:73:bc:b7:8d:88:27:9d:3a:16:
                    c7:fb:dc:4d:a1:5b:4f:8e:50:ff:f4:ec:80:8f:80:
                    57:be:84:9e:ae:3e:c3:67:a4:c4:61:45:a7:04:f0:
                    5d:d1:c4:71:7e:d1:a1:05:bc:40:81:07:2f:9a:19:
                    0d:6b:62:d8:96:81:c6:ee:db:6e:3a:ba:2b:0e:4a:
                    c1:9a:d6:12:f8:fb:e2:b8:ad:73:1f:8d:b1:e5:29:
                    24:ed:d4:2e:6a:70:56:13:63:c3:c5:88:63:06:27:
                    13:56:cc:3c:cd:a8:b0:35:18:0b:81:cc:76:71:a5:
                    26:fd:6b:fd:aa:ee:43:65:8d:ba:3a:c6:7c:e8:90:
                    a2:96:b2:cd:71:58:d9:8d:a8:f8:e2:82:71:3d:d3:
                    48:64:c6:9c:8f:d7:7e:ce:a8:5e:1a:0a:35:56:ea:
                    87:d5:7b:b5:8f:8a:16:e8:28:89:d8:3d:f1:32:52:
                    4b:91:31:a7:33:9e:3f:1c:70:48:9f:9b:6b:d9:7a:
                    c1:4b:0c:95:e6:88:9f:ef:29:1b:3d:27:ac:f0:73:
                    52:08:d5:10:7c:4d:79:98:41:3c:21:cf:27:0c:47:
                    ca:b3:5b:a1:36:18:56:0a:36:c3:3e:c1:c4:8f:bd:
                    63:4c:0b:ff:78:19:ff:ea:82:a7:64:1b:78:84:dd:
                    d7:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:29:AC:BC:60:CB:E2:93:DC:E2:B4:B3:D8:D5:AB:7A:8C:B5:86:A7
            X509v3 Authority Key Identifier:
                keyid:F8:1F:C8:C8:29:86:31:0C:5F:6A:9B:56:FB:76:B6:BD:98:77:FC:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-B_IyCmGMQxfaptW-3a2vZh3_MA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/3e59c9-9f01-4562-921d-513ca8e6cece/1/DymsvGDL4pPc4rSz2NWreoy1hqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/3e59c9-9f01-4562-921d-513ca8e6cece/1/1-B_IyCmGMQxfaptW-3a2vZh3_MA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.80.0/22
                  46.235.224.0/21
                  93.93.128.0/21
                  176.126.240.0/21
                  185.47.60.0/22
                  185.101.96.0/24
                  195.10.223.0/24
                IPv6:
                  2a00:1098::/32
                  2a04:ad80::/29
                  2a06:1c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:f1:e7:7b:f2:83:94:ab:1b:21:98:5b:53:8b:44:55:d4:47:
         4e:d1:a8:1b:6a:98:c5:8e:86:97:58:21:5d:14:b6:7c:f2:49:
         4b:d2:f6:f3:ce:68:e6:2a:69:8c:c5:c9:4e:cf:85:26:75:8d:
         e2:c5:2f:32:d0:a7:c5:1c:90:5e:2d:ee:70:d2:02:fd:06:d8:
         04:5c:d0:08:90:a7:1b:c2:9a:df:e1:44:80:ae:f3:78:cb:21:
         91:86:cc:ca:07:23:11:46:0e:91:a2:9f:fa:e3:4c:3a:12:ee:
         93:f1:0a:fa:de:b3:65:94:8d:cd:d5:d6:0a:c9:2a:d8:02:62:
         60:c5:79:63:0c:40:65:76:5b:43:d5:a3:96:4f:30:ac:8e:75:
         1d:46:f8:12:f7:f9:12:67:ec:f3:53:44:41:9c:f5:bf:95:73:
         b9:1f:53:78:34:42:49:7b:b8:70:82:fa:e6:d6:07:fa:38:11:
         b3:df:14:51:bc:28:25:ed:cb:3a:ac:aa:14:c0:55:c7:04:47:
         24:32:ed:56:66:c6:67:77:83:52:cb:36:8e:da:9c:06:16:43:
         f5:1b:90:3f:65:c2:78:93:7c:20:08:6f:8c:28:ab:cd:d5:46:
         cf:85:fc:b5:55:32:8e:dc:bc:d2:86:4e:4e:e6:76:81:05:ef:
         87:5b:91:b5
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAYVuuQg1rcE9vEHg7wWHNd1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MWZjOGM4Mjk4NjMxMGM1ZjZhOWI1NmZiNzZiNmJkOTg3
N2ZjYzAwHhcNMjMwMTAxMTkwNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjI5YWNiYzYwY2JlMjkzZGNlMmI0YjNkOGQ1YWI3YThjYjU4NmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBOLVU5zvLeNiCedOhbH+9xNoVtP
jlD/9OyAj4BXvoSerj7DZ6TEYUWnBPBd0cRxftGhBbxAgQcvmhkNa2LYloHG7ttu
OrorDkrBmtYS+PviuK1zH42x5Skk7dQuanBWE2PDxYhjBicTVsw8zaiwNRgLgcx2
caUm/Wv9qu5DZY26OsZ86JCilrLNcVjZjaj44oJxPdNIZMacj9d+zqheGgo1VuqH
1Xu1j4oW6CiJ2D3xMlJLkTGnM54/HHBIn5tr2XrBSwyV5oif7ykbPSes8HNSCNUQ
fE15mEE8Ic8nDEfKs1uhNhhWCjbDPsHEj71jTAv/eBn/6oKnZBt4hN3XZwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFA8prLxgy+KT3OK0s9jVq3qMtYanMB8GA1UdIwQY
MBaAFPgfyMgphjEMX2qbVvt2tr2Yd/zAMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1CX0l5Q21HTVF4ZmFwdFctM2EydlpoM19NQS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGYvM2U1OWM5LTlmMDEtNDU2Mi05MjFk
LTUxM2NhOGU2Y2VjZS8xL0R5bXN2R0RMNHBQYzRyU3oyTldyZW95MWhxYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGYvM2U1OWM5LTlmMDEtNDU2Mi05MjFkLTUxM2NhOGU2Y2Vj
ZS8xLzEtQl9JeUNtR01ReGZhcHRXLTNhMnZaaDNfTUEuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwYAYIKwYBBQUHAQcBAf8EUTBPMDAEAgABMCoDBAIti1AD
BAMu6+ADBANdXYADBAOwfvADBAK5LzwDBAC5ZWADBADDCt8wGwQCAAIwFQMFACoA
EJgDBQMqBK2AAwUDKgYcgDANBgkqhkiG9w0BAQsFAAOCAQEAYPHne/KDlKsbIZhb
U4tEVdRHTtGoG2qYxY6Gl1ghXRS2fPJJS9L2885o5ippjMXJTs+FJnWN4sUvMtCn
xRyQXi3ucNIC/QbYBFzQCJCnG8Ka3+FEgK7zeMshkYbMygcjEUYOkaKf+uNMOhLu
k/EK+t6zZZSNzdXWCskq2AJiYMV5YwxAZXZbQ9Wjlk8wrI51HUb4Evf5Emfs81NE
QZz1v5VzuR9TeDRCSXu4cIL65tYH+jgRs98UUbwoJe3LOqyqFMBVxwRHJDLtVmbG
Z3eDUss2jtqcBhZD9RuQP2XCeJN8IAhvjCirzdVGz4X8tVUyjty80oZOTuZ2gQXv
h1uRtQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:01 2024 by rpki-client on console-fra.rpki-client.org