Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/kfjvmB5UhLlD78epi5SSZwYt3aY.roa
File:                     kfjvmB5UhLlD78epi5SSZwYt3aY.roa (raw, json)
Hash identifier:          FYjTObgrISln/BUDtPtjR4O6d4L13uYwUe7edm0bAKk=
Subject key identifier:   91:F8:EF:98:1E:54:84:B9:43:EF:C7:A9:8B:94:92:67:06:2D:DD:A6
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0189CED208743C44382967DCA3E08167689E
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/kfjvmB5UhLlD78epi5SSZwYt3aY.roa
Signing time:             Mon 07 Aug 2023 07:06:58 +0000
ROA not before:           Mon 07 Aug 2023 07:06:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204916
IP address blocks:        45.151.139.0/24 maxlen: 24
                          84.54.36.0/24 maxlen: 24
                          83.171.240.0/24 maxlen: 24
                          83.171.240.0/22 maxlen: 22
                          83.171.243.0/24 maxlen: 24
                          83.171.242.0/24 maxlen: 24
                          194.113.105.0/24 maxlen: 24
                          2a0f:cc87::/36 maxlen: 36
                          2a10:c0c3::/32 maxlen: 32
                          2a10:c0c0::/29 maxlen: 29
                          2a11:200:4000::/36 maxlen: 36
                          2a11:200::/36 maxlen: 36
                          2a11:200:5000::/36 maxlen: 36
                          2a11:200:7000::/36 maxlen: 36
                          2a11:200:8000::/36 maxlen: 36
                          2a0d:5ec5::/32 maxlen: 32
                          2a11:202::/32 maxlen: 32
                          2a11:af01::/32 maxlen: 32
                          2a0c:e8c0::/29 maxlen: 29
                          2a10:c0c1::/32 maxlen: 32
                          2a10:c0c7:5000::/36 maxlen: 36
                          2a10:c0c7:3000::/36 maxlen: 36
                          2a10:c0c0::/32 maxlen: 32
                          2a06:d900::/29 maxlen: 29
                          2a09:3b00::/29 maxlen: 29
                          2a09:4e01:5000::/36 maxlen: 36
                          2a09:4e01:4000::/36 maxlen: 36
                          2a09:4e01:3000::/36 maxlen: 36
                          2a11:201::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 07 Aug 2023 08:53:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ce:d2:08:74:3c:44:38:29:67:dc:a3:e0:81:67:68:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Aug  7 07:06:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=91f8ef981e5484b943efc7a98b949267062ddda6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d5:fa:c4:7e:d8:8b:14:03:a4:f6:8d:0d:94:
                    db:74:ec:06:41:71:47:42:cf:67:ce:f4:99:11:37:
                    a7:79:ea:99:e3:0a:4b:a0:ba:f7:19:34:0d:99:2c:
                    6d:19:20:0b:71:66:d7:de:ab:10:e2:1d:2d:c3:7f:
                    e2:35:65:f4:54:14:29:b0:e8:6e:1a:de:cd:4a:01:
                    fd:3c:b6:eb:65:90:f6:6b:ba:13:24:44:58:63:59:
                    45:70:46:bd:77:a7:9f:31:9f:be:fe:a9:c3:1d:8e:
                    40:65:72:e7:0f:5a:2e:c5:2c:00:d6:db:a3:d8:c4:
                    9c:83:da:1e:ac:3d:c8:41:64:c0:14:52:eb:1b:0d:
                    89:41:51:af:32:21:7a:5b:1b:44:1e:ff:c7:50:b0:
                    da:e3:c7:c9:c7:e3:09:62:b5:e1:98:73:3e:23:1a:
                    47:3d:eb:c9:d0:0a:69:af:ac:53:6f:27:eb:4c:06:
                    c5:02:6b:83:24:e8:c7:df:fc:c0:2d:41:fb:33:2d:
                    c1:a5:e0:f1:8a:e6:92:b6:a4:4f:20:3d:ed:7c:49:
                    9c:5e:ff:41:6f:21:1b:66:9c:23:f5:5a:2c:1a:3f:
                    d8:25:cb:2e:ca:d8:8b:56:43:ad:56:2d:8b:f2:ab:
                    2f:4f:d3:8a:66:b4:60:59:b5:0e:16:b1:32:72:db:
                    b9:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:F8:EF:98:1E:54:84:B9:43:EF:C7:A9:8B:94:92:67:06:2D:DD:A6
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/kfjvmB5UhLlD78epi5SSZwYt3aY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.139.0/24
                  83.171.240.0/22
                  84.54.36.0/24
                  194.113.105.0/24
                IPv6:
                  2a06:d900::/29
                  2a09:3b00::/29
                  2a09:4e01:3000::-2a09:4e01:5fff:ffff:ffff:ffff:ffff:ffff
                  2a0c:e8c0::/29
                  2a0d:5ec5::/32
                  2a0f:cc87::/36
                  2a10:c0c0::/29
                  2a11:200::/36
                  2a11:200:4000::/35
                  2a11:200:7000::-2a11:200:8fff:ffff:ffff:ffff:ffff:ffff
                  2a11:201::-2a11:202:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:af01::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:ff:db:6f:0c:81:30:20:10:fc:96:0d:36:b3:c1:b9:3f:0e:
         60:e4:6c:0e:64:80:c6:79:15:6d:06:e4:8c:b0:de:0f:bd:49:
         22:d6:42:60:d7:4a:47:70:f8:a4:bd:c8:55:0f:22:27:5b:91:
         b3:a3:df:e8:66:82:e6:b8:20:39:05:5a:50:fc:10:be:31:e8:
         88:6e:fb:53:d9:1c:7c:3f:79:58:ba:c7:ce:0b:e5:88:86:68:
         be:5b:b9:20:4f:e5:6a:25:f9:fe:16:fb:1f:bd:f9:02:f6:97:
         89:a5:6a:2a:41:a9:bf:4c:b0:98:0e:a3:2a:e4:0a:7f:9f:80:
         a5:c0:4c:24:3d:a6:1d:5a:a0:b9:fb:ff:7c:81:ff:d0:b5:1c:
         68:34:fb:5f:46:49:6e:9d:fb:ea:47:d5:39:e0:a5:96:c9:6c:
         80:82:2f:4d:f6:87:b1:3a:99:7f:df:05:b9:11:b6:e0:82:7e:
         db:85:ea:ee:66:c0:c2:27:b3:37:ba:84:cb:a3:89:72:93:5d:
         07:9f:19:a2:21:09:3d:71:55:8e:ad:26:da:2c:0b:77:ad:0a:
         5a:10:de:8a:b2:44:00:4d:34:df:85:fd:85:65:63:86:46:8a:
         27:10:a9:40:dd:50:67:37:25:d5:c0:30:2a:c1:e4:d2:61:86:
         2c:51:fa:05
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAYnO0gh0PEQ4KWfco+CBZ2ieMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjMwODA3MDcwNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY4ZWY5ODFlNTQ4NGI5NDNlZmM3YTk4Yjk0OTI2NzA2MmRkZGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNX6xH7YixQDpPaNDZTbdOwGQXFH
Qs9nzvSZETeneeqZ4wpLoLr3GTQNmSxtGSALcWbX3qsQ4h0tw3/iNWX0VBQpsOhu
Gt7NSgH9PLbrZZD2a7oTJERYY1lFcEa9d6efMZ++/qnDHY5AZXLnD1ouxSwA1tuj
2MScg9oerD3IQWTAFFLrGw2JQVGvMiF6WxtEHv/HULDa48fJx+MJYrXhmHM+IxpH
PevJ0Appr6xTbyfrTAbFAmuDJOjH3/zALUH7My3BpeDxiuaStqRPID3tfEmcXv9B
byEbZpwj9VosGj/YJcsuytiLVkOtVi2L8qsvT9OKZrRgWbUOFrEyctu5zQIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFJH475geVIS5Q+/HqYuUkmcGLd2mMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEva2Zqdm1CNVVoTGxENzhlcGk1U1Nad1l0M2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjAeBAIAATAYAwQALZeL
AwQCU6vwAwQAVDYkAwQAwnFpMHwEAgACMHYDBQMqBtkAAwUDKgk7ADAQAwYEKglO
ATADBgUqCU4BQAMFAyoM6MADBQAqDV7FAwYEKg/MhwADBQMqEMDAAwYEKhECAAAD
BgUqEQIAQDAQAwYEKhECAHADBgQqEQIAgDAOAwUAKhECAQMFACoRAgIDBQAqEa8B
MA0GCSqGSIb3DQEBCwUAA4IBAQBx/9tvDIEwIBD8lg02s8G5Pw5g5GwOZIDGeRVt
BuSMsN4PvUki1kJg10pHcPikvchVDyInW5Gzo9/oZoLmuCA5BVpQ/BC+MeiIbvtT
2Rx8P3lYusfOC+WIhmi+W7kgT+VqJfn+FvsfvfkC9peJpWoqQam/TLCYDqMq5Ap/
n4ClwEwkPaYdWqC5+/98gf/QtRxoNPtfRklunfvqR9U54KWWyWyAgi9N9oexOpl/
3wW5Ebbggn7bheruZsDCJ7M3uoTLo4lyk10HnxmiIQk9cVWOrSbaLAt3rQpaEN6K
skQATTTfhf2FZWOGRoonEKlA3VBnNyXVwDAqweTSYYYsUfoF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:05 2024 by rpki-client on console-fra.rpki-client.org