Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/qSDYIs7MUw3StAOZrY5lm8u9tQQ.roa
File:                     qSDYIs7MUw3StAOZrY5lm8u9tQQ.roa (raw, json)
Hash identifier:          wwmLBu8j0JWgN+0M6cSUylD0wy2cUnIuNjFumTcLNjQ=
Subject key identifier:   A9:20:D8:22:CE:CC:53:0D:D2:B4:03:99:AD:8E:65:9B:CB:BD:B5:04
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       018A3BD48B73B2031FA0998F61D0362F6670
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/qSDYIs7MUw3StAOZrY5lm8u9tQQ.roa
Signing time:             Mon 28 Aug 2023 11:08:19 +0000
ROA not before:           Mon 28 Aug 2023 11:08:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204916
IP address blocks:        45.151.139.0/24 maxlen: 24
                          45.142.210.0/24 maxlen: 24
                          45.142.211.0/24 maxlen: 24
                          84.54.36.0/24 maxlen: 24
                          83.171.240.0/24 maxlen: 24
                          83.171.240.0/22 maxlen: 22
                          83.171.243.0/24 maxlen: 24
                          83.171.242.0/24 maxlen: 24
                          194.113.105.0/24 maxlen: 24
                          2a09:3d00::/29 maxlen: 36
                          2a0f:cc87::/36 maxlen: 36
                          2a11:b80::/29 maxlen: 36
                          2a09:b680::/29 maxlen: 36
                          2a10:c0c3::/32 maxlen: 32
                          2a10:c0c0::/29 maxlen: 29
                          2a11:200:8000::/36 maxlen: 36
                          2a11:200:7000::/36 maxlen: 36
                          2a11:200:5000::/36 maxlen: 36
                          2a11:200::/36 maxlen: 36
                          2a11:200:4000::/36 maxlen: 36
                          2a11:200:a000::/36 maxlen: 36
                          2a09:3505:9000::/36 maxlen: 36
                          2a0d:5ec5::/32 maxlen: 32
                          2a11:202::/32 maxlen: 32
                          2a11:af01::/32 maxlen: 32
                          2a0c:e8c0::/29 maxlen: 29
                          2a10:c0c1::/32 maxlen: 32
                          2a10:c0c7:3000::/36 maxlen: 36
                          2a10:c0c7:5000::/36 maxlen: 36
                          2a10:c0c0::/32 maxlen: 32
                          2a0d:5ec0::/29 maxlen: 36
                          2a11:e82::/32 maxlen: 32
                          2a06:d900::/29 maxlen: 29
                          2a11:780::/29 maxlen: 36
                          2a09:3b00::/29 maxlen: 29
                          2a09:4e01:3000::/36 maxlen: 36
                          2a09:4e01:4000::/36 maxlen: 36
                          2a09:4e01:5000::/36 maxlen: 36
                          2a09:4e01:9000::/36 maxlen: 36
                          2a11:201::/32 maxlen: 32
                          2a10:c340::/29 maxlen: 36

Validation:               Failed, certificate revoked on Tue 29 Aug 2023 07:17:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:3b:d4:8b:73:b2:03:1f:a0:99:8f:61:d0:36:2f:66:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Aug 28 11:08:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a920d822cecc530dd2b40399ad8e659bcbbdb504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e2:ac:46:4c:f5:a1:12:04:d1:14:be:c1:7f:
                    39:7d:78:1e:d4:f4:69:c4:f9:ac:47:ac:75:66:a7:
                    ca:8e:f0:60:1e:29:dd:1e:19:21:2e:69:f6:0b:3c:
                    bf:fa:a5:13:29:6f:62:3b:2c:11:6a:c7:c2:96:65:
                    a1:46:48:a3:50:0c:10:66:41:5e:50:b7:05:96:ae:
                    d2:75:4b:25:de:79:1e:2f:49:2e:9d:55:78:88:1f:
                    f9:a4:1a:24:1c:c8:28:5d:a3:e7:d6:2c:b0:e0:fd:
                    ca:70:3a:3f:07:c0:83:09:09:d4:9e:65:fc:f8:71:
                    19:ec:a3:c2:0c:dc:49:f4:d6:79:d7:7e:04:98:d1:
                    3e:d8:18:01:a1:2f:66:f8:86:e4:ea:4d:54:8d:42:
                    c8:02:42:87:be:1c:4e:43:56:f4:82:20:10:18:f0:
                    1f:d5:b0:33:5e:99:a9:4e:71:5d:a5:4d:0b:e6:00:
                    af:89:7d:f0:26:87:63:67:9d:eb:00:09:3c:26:1a:
                    ca:e0:5d:a9:1e:34:26:71:55:36:29:22:c0:86:67:
                    88:75:47:bd:e3:38:11:ec:62:5b:e3:cf:cc:e3:b8:
                    f3:a2:01:7b:9f:ae:dc:3f:42:99:d7:f3:01:5d:62:
                    b5:d4:ab:90:79:44:39:69:fe:a6:ba:da:67:92:b9:
                    d1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:20:D8:22:CE:CC:53:0D:D2:B4:03:99:AD:8E:65:9B:CB:BD:B5:04
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/qSDYIs7MUw3StAOZrY5lm8u9tQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.210.0/23
                  45.151.139.0/24
                  83.171.240.0/22
                  84.54.36.0/24
                  194.113.105.0/24
                IPv6:
                  2a06:d900::/29
                  2a09:3505:9000::/36
                  2a09:3b00::/29
                  2a09:3d00::/29
                  2a09:4e01:3000::-2a09:4e01:5fff:ffff:ffff:ffff:ffff:ffff
                  2a09:4e01:9000::/36
                  2a09:b680::/29
                  2a0c:e8c0::/29
                  2a0d:5ec0::/29
                  2a0f:cc87::/36
                  2a10:c0c0::/29
                  2a10:c340::/29
                  2a11:200::/36
                  2a11:200:4000::/35
                  2a11:200:7000::-2a11:200:8fff:ffff:ffff:ffff:ffff:ffff
                  2a11:200:a000::/36
                  2a11:201::-2a11:202:ffff:ffff:ffff:ffff:ffff:ffff
                  2a11:780::/29
                  2a11:b80::/29
                  2a11:e82::/32
                  2a11:af01::/32

    Signature Algorithm: sha256WithRSAEncryption
         4e:bd:7b:26:70:85:fe:c2:9e:46:eb:88:de:aa:b6:5b:b9:cb:
         80:b9:94:45:e0:7a:b4:7c:e5:21:85:11:e2:62:24:d1:00:fc:
         82:15:f6:43:bb:0a:53:c3:03:ba:69:9a:ff:a5:0c:46:66:ab:
         83:4a:78:48:6c:8d:54:4b:14:a2:4a:0c:a6:5d:87:c4:a2:47:
         64:9e:13:fc:ad:77:b6:a1:6f:1d:84:e1:0c:52:b9:e2:b2:01:
         35:9d:00:59:6a:da:a6:ab:d2:ae:5e:6f:ff:8f:4f:b5:99:fe:
         d6:e8:ab:27:f0:f1:76:e2:4f:0c:e2:de:04:7d:4d:a0:0a:14:
         1b:74:70:a2:82:de:93:0a:82:fd:69:b9:63:a8:e3:92:5e:d8:
         21:54:e5:45:be:e2:a2:c0:07:48:af:c9:df:54:39:3b:61:c4:
         5c:65:8e:1b:ab:dc:d8:36:31:df:8b:52:15:41:ca:bf:c5:9c:
         fd:2e:72:9d:ec:b7:5d:1c:4c:c8:8e:32:9c:76:2e:f0:4d:13:
         39:da:98:94:8f:da:c6:eb:76:49:c8:21:86:5d:01:07:b6:37:
         d3:57:e5:ba:74:f8:3e:e2:2d:af:c4:52:0b:e7:30:c5:ce:68:
         99:f7:40:3f:16:35:d7:6f:cf:0c:99:b7:6e:b7:0d:7d:34:99:
         99:9d:9a:d2
-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgISAYo71ItzsgMfoJmPYdA2L2ZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjMwODI4MTEwODE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTIwZDgyMmNlY2M1MzBkZDJiNDAzOTlhZDhlNjU5YmNiYmRiNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieKsRkz1oRIE0RS+wX85fXge1PRp
xPmsR6x1ZqfKjvBgHindHhkhLmn2Czy/+qUTKW9iOywRasfClmWhRkijUAwQZkFe
ULcFlq7SdUsl3nkeL0kunVV4iB/5pBokHMgoXaPn1iyw4P3KcDo/B8CDCQnUnmX8
+HEZ7KPCDNxJ9NZ5134EmNE+2BgBoS9m+Ibk6k1UjULIAkKHvhxOQ1b0giAQGPAf
1bAzXpmpTnFdpU0L5gCviX3wJodjZ53rAAk8JhrK4F2pHjQmcVU2KSLAhmeIdUe9
4zgR7GJb48/M47jzogF7n67cP0KZ1/MBXWK11KuQeUQ5af6mutpnkrnRhQIDAQAB
o4IC5jCCAuIwHQYDVR0OBBYEFKkg2CLOzFMN0rQDma2OZZvLvbUEMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvcVNEWUlzN01VdzNTdEFPWnJZNWxtOHU5dFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH7BggrBgEFBQcBBwEB/wSB6zCB6DAkBAIAATAeAwQBLY7S
AwQALZeLAwQCU6vwAwQAVDYkAwQAwnFpMIG/BAIAAjCBuAMFAyoG2QADBgQqCTUF
kAMFAyoJOwADBQMqCT0AMBADBgQqCU4BMAMGBSoJTgFAAwYEKglOAZADBQMqCbaA
AwUDKgzowAMFAyoNXsADBgQqD8yHAAMFAyoQwMADBQMqEMNAAwYEKhECAAADBgUq
EQIAQDAQAwYEKhECAHADBgQqEQIAgAMGBCoRAgCgMA4DBQAqEQIBAwUAKhECAgMF
AyoRB4ADBQMqEQuAAwUAKhEOggMFACoRrwEwDQYJKoZIhvcNAQELBQADggEBAE69
eyZwhf7CnkbriN6qtlu5y4C5lEXgerR85SGFEeJiJNEA/IIV9kO7ClPDA7ppmv+l
DEZmq4NKeEhsjVRLFKJKDKZdh8SiR2SeE/ytd7ahbx2E4QxSueKyATWdAFlq2qar
0q5eb/+PT7WZ/tboqyfw8XbiTwzi3gR9TaAKFBt0cKKC3pMKgv1puWOo45Je2CFU
5UW+4qLAB0ivyd9UOTthxFxljhur3Ng2Md+LUhVByr/FnP0ucp3st10cTMiOMpx2
LvBNEznamJSP2sbrdknIIYZdAQe2N9NX5bp0+D7iLa/EUgvnMMXOaJn3QD8WNddv
zwyZt263DX00mZmdmtI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:05 2024 by rpki-client on console-fra.rpki-client.org