Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/t68y8NlRwp7haNZtDywa0R8NeqA.roa
File:                     t68y8NlRwp7haNZtDywa0R8NeqA.roa (raw, json)
Hash identifier:          fePHIqNH1bBecBm+tpE68xuYIz91Qu+VpwKtdF5jIyE=
Subject key identifier:   B7:AF:32:F0:D9:51:C2:9E:E1:68:D6:6D:0F:2C:1A:D1:1F:0D:7A:A0
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       0185DE03EC2980279D3F6C74A0D2D83443E2
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/t68y8NlRwp7haNZtDywa0R8NeqA.roa
Signing time:             Mon 23 Jan 2023 09:44:37 +0000
ROA not before:           Mon 23 Jan 2023 09:44:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     204916
IP address blocks:        84.54.36.0/24 maxlen: 24
                          83.171.240.0/24 maxlen: 24
                          83.171.240.0/22 maxlen: 22
                          83.171.243.0/24 maxlen: 24
                          83.171.242.0/24 maxlen: 24
                          194.113.105.0/24 maxlen: 24
                          2a10:c0c3::/32 maxlen: 32
                          2a10:c0c0::/29 maxlen: 29
                          2a11:200::/36 maxlen: 36
                          2a11:202::/32 maxlen: 32
                          2a11:201::/32 maxlen: 32
                          2a10:c0c1::/32 maxlen: 32
                          2a10:c0c7:3000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Mon 30 Jan 2023 13:22:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:de:03:ec:29:80:27:9d:3f:6c:74:a0:d2:d8:34:43:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan 23 09:44:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b7af32f0d951c29ee168d66d0f2c1ad11f0d7aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:aa:6f:7a:18:ff:ac:62:81:f6:1b:af:68:a6:
                    41:db:7d:ce:d9:3c:da:46:79:66:ef:f6:70:f0:94:
                    f2:a6:59:ff:d0:b8:46:83:5d:da:90:c8:39:25:a9:
                    f2:56:c4:45:d9:2a:07:e5:77:48:b2:44:95:45:35:
                    db:ea:6d:92:38:88:b8:a7:c3:02:9e:17:98:6a:a0:
                    1e:c3:71:ff:44:15:de:50:f1:f7:86:26:3b:48:d0:
                    b2:7a:26:b3:e8:cd:43:5c:10:c9:eb:69:79:a0:4c:
                    18:0b:6e:da:22:45:f5:3a:c0:5e:4c:90:e8:0b:bb:
                    be:bd:96:1a:33:16:bc:f4:84:70:54:6d:02:58:74:
                    2c:5e:f7:fc:af:bb:f0:ca:53:9b:8f:2a:af:c0:2b:
                    f2:d9:b4:b8:07:aa:81:bf:13:31:a3:ed:fa:a9:b1:
                    b9:06:37:5b:84:e1:bc:10:29:b3:45:1b:d7:3d:3f:
                    df:8c:e2:74:70:72:1b:6b:0a:4c:b4:aa:cf:9a:3c:
                    75:d6:03:68:ee:d4:bd:f5:d2:93:d6:75:22:e2:0e:
                    3c:e6:88:6f:eb:a6:bd:ea:67:ac:c4:7c:ba:82:e0:
                    69:3f:bc:79:cc:62:6a:36:c5:0b:7c:47:72:b1:d3:
                    d5:10:74:6b:e8:53:33:af:08:63:87:92:32:3f:4e:
                    86:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:AF:32:F0:D9:51:C2:9E:E1:68:D6:6D:0F:2C:1A:D1:1F:0D:7A:A0
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/t68y8NlRwp7haNZtDywa0R8NeqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.171.240.0/22
                  84.54.36.0/24
                  194.113.105.0/24
                IPv6:
                  2a10:c0c0::/29
                  2a11:200::/36
                  2a11:201::-2a11:202:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         af:5c:24:03:3f:0a:19:bf:d2:99:9c:e5:db:26:ec:66:00:11:
         a4:2b:51:55:c2:b4:d6:22:c1:b5:6f:d4:d9:6f:64:ae:53:a2:
         eb:81:e5:ae:ca:74:18:a3:43:60:32:2a:6f:34:78:80:6e:71:
         29:5c:54:f2:ce:8f:47:86:ae:80:da:06:e3:69:81:05:6f:ea:
         d1:99:f6:a2:5b:81:35:68:31:0d:f1:c5:13:18:39:40:18:5d:
         f6:cf:ad:5a:23:a5:3a:49:01:bd:08:0d:92:69:bb:fe:39:f6:
         00:a8:c3:36:04:ee:0a:05:6f:64:29:28:06:7a:3d:00:c8:64:
         5c:06:79:1e:e1:c9:d2:72:75:27:0a:cc:74:0a:9c:f6:10:2a:
         3b:a0:39:a0:24:5d:3a:be:9a:f4:b6:39:af:ac:09:0e:7c:a7:
         8f:e0:36:ba:e5:a7:e4:bd:82:54:5a:00:30:3b:1e:f1:f5:79:
         5d:92:1a:b7:7a:4a:c2:78:51:94:10:41:0e:a1:1d:5c:b6:8b:
         f6:2f:17:f5:fe:ef:66:b9:37:30:a6:61:e4:90:ae:e5:da:c8:
         6d:65:99:c2:5c:f5:e3:7a:f1:81:7c:72:49:89:82:13:da:79:
         e2:eb:3c:e1:c9:6b:f7:56:61:90:5a:dc:10:29:7e:2b:fb:fd:
         ee:11:c1:5b
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYXeA+wpgCedP2x0oNLYNEPiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjMwMTIzMDk0NDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2FmMzJmMGQ5NTFjMjllZTE2OGQ2NmQwZjJjMWFkMTFmMGQ3YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qpvehj/rGKB9huvaKZB233O2Tza
Rnlm7/Zw8JTypln/0LhGg13akMg5JanyVsRF2SoH5XdIskSVRTXb6m2SOIi4p8MC
nheYaqAew3H/RBXeUPH3hiY7SNCyeiaz6M1DXBDJ62l5oEwYC27aIkX1OsBeTJDo
C7u+vZYaMxa89IRwVG0CWHQsXvf8r7vwylObjyqvwCvy2bS4B6qBvxMxo+36qbG5
BjdbhOG8ECmzRRvXPT/fjOJ0cHIbawpMtKrPmjx11gNo7tS99dKT1nUi4g485ohv
66a96mesxHy6guBpP7x5zGJqNsULfEdysdPVEHRr6FMzrwhjh5IyP06GmQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFLevMvDZUcKe4WjWbQ8sGtEfDXqgMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvdDY4eThObFJ3cDdoYU5adER5d2EwUjhOZXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAYBAIAATASAwQCU6vwAwQA
VDYkAwQAwnFpMCUEAgACMB8DBQMqEMDAAwYEKhECAAAwDgMFACoRAgEDBQAqEQIC
MA0GCSqGSIb3DQEBCwUAA4IBAQCvXCQDPwoZv9KZnOXbJuxmABGkK1FVwrTWIsG1
b9TZb2SuU6LrgeWuynQYo0NgMipvNHiAbnEpXFTyzo9Hhq6A2gbjaYEFb+rRmfai
W4E1aDEN8cUTGDlAGF32z61aI6U6SQG9CA2Sabv+OfYAqMM2BO4KBW9kKSgGej0A
yGRcBnke4cnScnUnCsx0Cpz2ECo7oDmgJF06vpr0tjmvrAkOfKeP4Da65afkvYJU
WgAwOx7x9Xldkhq3ekrCeFGUEEEOoR1ctov2Lxf1/u9muTcwpmHkkK7l2shtZZnC
XPXjevGBfHJJiYIT2nni6zzhyWv3VmGQWtwQKX4r+/3uEcFb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:59 2024 by rpki-client on console-ams.rpki-client.org