Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/opEZffif8XyzWQQnr-caWx90_dM.roa
File:                     opEZffif8XyzWQQnr-caWx90_dM.roa (raw, json)
Hash identifier:          udX4ntG16UFmx/UONrxYuGqPZnHTeN3kNnWcDUS41pU=
Subject key identifier:   A2:91:19:7D:F8:9F:F1:7C:B3:59:04:27:AF:E7:1A:5B:1F:74:FD:D3
Certificate issuer:       /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial:       018BF630E5FACFB71DDB9BF2C4D41BB754DC
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/opEZffif8XyzWQQnr-caWx90_dM.roa
Signing time:             Wed 22 Nov 2023 08:41:21 +0000
ROA not before:           Wed 22 Nov 2023 08:41:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     5398
IP address blocks:        31.44.32.0/20 maxlen: 20
                          193.221.216.0/23 maxlen: 23
                          31.44.46.0/23 maxlen: 23
                          46.21.22.0/24 maxlen: 24
                          46.21.21.0/24 maxlen: 24
                          46.21.29.0/24 maxlen: 24
                          193.222.104.0/23 maxlen: 23
                          185.155.176.0/22 maxlen: 22
                          185.155.184.0/23 maxlen: 24
                          77.220.64.0/19 maxlen: 19
                          2a00:bd00::/32 maxlen: 32
                          2a0f:e880::/29 maxlen: 29
                          2a02:210::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 29 Nov 2023 18:18:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:f6:30:e5:fa:cf:b7:1d:db:9b:f2:c4:d4:1b:b7:54:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
        Validity
            Not Before: Nov 22 08:41:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a291197df89ff17cb3590427afe71a5b1f74fdd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c9:b1:75:b2:f3:8a:bc:fa:76:43:5b:80:4d:
                    e6:ff:1a:7c:b8:75:f1:cc:d8:66:4a:f8:33:55:18:
                    d7:3f:6f:e0:b5:cc:b7:f1:24:ea:dc:79:d2:f9:97:
                    1b:9b:a1:f5:2a:4d:dc:49:ab:4f:c0:78:bf:52:b0:
                    41:93:a5:c9:a7:d8:48:e3:5e:b0:fa:97:5f:98:12:
                    97:7d:d9:f3:ea:6d:a8:87:3b:b2:5e:71:e3:16:c9:
                    b1:f9:bd:fe:a5:88:5a:4a:f9:09:47:9a:83:0e:27:
                    4d:fd:1d:cb:bd:87:79:d9:fb:e1:e3:eb:4b:a5:71:
                    77:cb:13:2e:1c:18:61:6d:f3:f8:48:c2:2e:1f:94:
                    5e:f4:18:b7:d9:bf:b5:82:2e:63:53:5c:55:43:16:
                    fa:83:39:4e:ca:8b:40:05:6d:90:9f:b3:e9:4a:ef:
                    ae:70:21:4d:f5:23:45:b1:93:87:cc:7b:65:6c:a0:
                    d8:8b:f6:15:38:c6:44:8b:77:d7:59:cb:c7:98:7c:
                    c0:4b:d7:b4:2a:53:55:b3:13:70:22:84:4f:05:5d:
                    43:68:c9:07:5e:91:1d:88:bd:fb:96:5a:d7:91:09:
                    e8:3c:5f:c4:2b:74:5e:a9:ce:34:20:18:6c:4c:97:
                    93:b1:9b:47:5f:4c:42:fa:01:77:24:9f:e8:03:b5:
                    11:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:91:19:7D:F8:9F:F1:7C:B3:59:04:27:AF:E7:1A:5B:1F:74:FD:D3
            X509v3 Authority Key Identifier:
                keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/opEZffif8XyzWQQnr-caWx90_dM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.32.0/20
                  46.21.21.0-46.21.22.255
                  46.21.29.0/24
                  77.220.64.0/19
                  185.155.176.0/22
                  185.155.184.0/23
                  193.221.216.0/23
                  193.222.104.0/23
                IPv6:
                  2a00:bd00::/32
                  2a02:210::/32
                  2a0f:e880::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:66:fa:d4:40:84:3e:58:49:92:60:a4:47:e7:65:5d:56:3a:
         31:a1:43:7c:98:9b:6d:55:77:f1:57:dc:0e:f7:43:07:e3:88:
         9b:59:e5:b8:e0:03:2d:e4:b9:90:83:bd:a8:cc:eb:94:46:be:
         09:06:89:89:fc:f9:ce:ec:3f:73:b0:7c:f0:5b:3f:32:b0:b6:
         7d:1a:07:ec:b9:69:f1:ee:ca:1e:e3:ee:0e:60:89:07:18:af:
         e7:6c:fd:b8:4d:2d:c3:72:01:5a:6f:d1:6d:5f:ac:a7:fd:e0:
         fe:d3:73:b8:90:57:77:7a:6e:d4:3e:55:f6:23:ce:51:1a:f7:
         af:73:ce:07:63:e3:39:fe:f0:87:88:f7:42:4b:2c:d0:96:50:
         38:43:8f:d5:2e:c5:8d:3b:5d:8e:c0:7f:f2:04:10:26:b9:a8:
         59:1e:47:9b:4a:01:50:9d:d6:b2:05:3a:00:ad:c1:79:47:0d:
         dc:7b:2b:05:65:37:61:72:95:b3:c2:86:82:e3:ae:7a:0a:7a:
         1a:54:3b:22:87:d3:e4:d6:5e:c4:fd:c0:61:f2:56:a2:27:48:
         c6:6d:7e:2f:b3:f6:7b:03:c4:7d:84:e6:a3:52:a6:55:b6:77:
         4e:a2:61:dc:c5:37:70:cc:86:2d:4d:da:59:27:1f:11:76:e8:
         04:23:61:9c
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYv2MOX6z7cd25vyxNQbt1TcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMTIyMDg0MTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjkxMTk3ZGY4OWZmMTdjYjM1OTA0MjdhZmU3MWE1YjFmNzRmZGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8mxdbLzirz6dkNbgE3m/xp8uHXx
zNhmSvgzVRjXP2/gtcy38STq3HnS+Zcbm6H1Kk3cSatPwHi/UrBBk6XJp9hI416w
+pdfmBKXfdnz6m2ohzuyXnHjFsmx+b3+pYhaSvkJR5qDDidN/R3LvYd52fvh4+tL
pXF3yxMuHBhhbfP4SMIuH5Re9Bi32b+1gi5jU1xVQxb6gzlOyotABW2Qn7PpSu+u
cCFN9SNFsZOHzHtlbKDYi/YVOMZEi3fXWcvHmHzAS9e0KlNVsxNwIoRPBV1DaMkH
XpEdiL37llrXkQnoPF/EK3Reqc40IBhsTJeTsZtHX0xC+gF3JJ/oA7URkwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFKKRGX34n/F8s1kEJ6/nGlsfdP3TMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvb3BFWmZmaWY4WHl6V1FRbnItY2FXeDkwX2RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTA+BAIAATA4AwQEHywgMAwD
BAAuFRUDBAAuFRYDBAAuFR0DBAVN3EADBAK5m7ADBAG5m7gDBAHB3dgDBAHB3mgw
GwQCAAIwFQMFACoAvQADBQAqAgIQAwUDKg/ogDANBgkqhkiG9w0BAQsFAAOCAQEA
mGb61ECEPlhJkmCkR+dlXVY6MaFDfJibbVV38VfcDvdDB+OIm1nluOADLeS5kIO9
qMzrlEa+CQaJifz5zuw/c7B88Fs/MrC2fRoH7Llp8e7KHuPuDmCJBxiv52z9uE0t
w3IBWm/RbV+sp/3g/tNzuJBXd3pu1D5V9iPOURr3r3POB2PjOf7wh4j3Qkss0JZQ
OEOP1S7FjTtdjsB/8gQQJrmoWR5Hm0oBUJ3WsgU6AK3BeUcN3HsrBWU3YXKVs8KG
guOuegp6GlQ7IofT5NZexP3AYfJWoidIxm1+L7P2ewPEfYTmo1KmVbZ3TqJh3MU3
cMyGLU3aWScfEXboBCNhnA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:58 2024 by rpki-client on console-ams.rpki-client.org