Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/1-jHjx6EX2ReK7qxTa2z58DlL12o.roa
File:                     1-jHjx6EX2ReK7qxTa2z58DlL12o.roa (raw, json)
Hash identifier:          z69gy1N9/4X9caxvomfRFNmJujfO/LNARkvOvpGdFIo=
Subject key identifier:   FA:31:E3:C7:A1:17:D9:17:8A:EE:AC:53:6B:6C:F9:F0:39:4B:D7:6A
Certificate issuer:       /CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
Certificate serial:       018CC4254A414695AD2CD0C2CDB00E18F456
Authority key identifier: AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/1-jHjx6EX2ReK7qxTa2z58DlL12o.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34700
IP address blocks:        31.202.192.0/18 maxlen: 19
                          31.202.0.0/17 maxlen: 17
                          46.160.88.0/21 maxlen: 21
                          85.90.222.0/24 maxlen: 24
                          178.165.0.0/17 maxlen: 18
                          31.202.128.0/18 maxlen: 18
                          185.147.96.0/22 maxlen: 22
                          5.255.160.0/20 maxlen: 20
                          82.117.247.0/24 maxlen: 24
                          82.117.248.0/22 maxlen: 23
                          79.171.120.0/21 maxlen: 21
                          2a00:1210::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sat 24 Feb 2024 07:47:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4a:41:46:95:ad:2c:d0:c2:cd:b0:0e:18:f4:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae7a9b1745a5a70c3bf7bcc2c2ee166460aff7a8
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fa31e3c7a117d9178aeeac536b6cf9f0394bd76a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:39:cf:7b:70:a1:cf:32:9c:fc:66:22:9c:b9:
                    bb:fc:71:db:cb:3a:7c:14:e6:a5:25:9e:3c:91:f3:
                    0a:bd:6f:03:1a:03:af:bb:7a:6f:0e:27:a0:b6:0a:
                    b8:72:b4:c7:33:3e:83:86:93:7c:9b:60:cf:6d:30:
                    03:59:78:51:f6:66:6f:4a:2d:1f:50:68:d5:b9:88:
                    f7:75:18:f2:dc:77:c1:50:90:1f:af:1d:5a:20:9e:
                    8d:47:28:48:97:96:f9:67:3f:2c:42:a4:ea:68:da:
                    bb:a5:60:f0:14:c4:a8:97:24:fc:63:78:5e:a7:6a:
                    09:f0:22:68:1c:38:f8:3c:cc:e8:33:7d:2e:df:bf:
                    de:52:6c:80:cd:b0:1d:04:23:70:5c:7d:49:a1:e9:
                    d6:1a:58:00:b5:a1:be:fb:15:4e:10:48:8b:98:2a:
                    1a:89:44:b1:ed:b3:ee:ab:92:92:e8:8f:76:30:15:
                    cf:cf:90:01:cf:15:39:e5:04:b8:b8:01:db:07:4e:
                    a4:d2:b0:20:da:bc:f6:92:12:c0:58:f3:a3:ce:7d:
                    91:8c:1e:48:7d:33:3d:45:39:6e:03:23:ff:aa:b4:
                    98:3c:cf:c4:72:90:be:dd:86:04:ad:5f:33:9c:7f:
                    b7:c9:1a:8a:ed:45:63:4e:96:ee:7a:d7:b9:06:e5:
                    c6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:31:E3:C7:A1:17:D9:17:8A:EE:AC:53:6B:6C:F9:F0:39:4B:D7:6A
            X509v3 Authority Key Identifier:
                keyid:AE:7A:9B:17:45:A5:A7:0C:3B:F7:BC:C2:C2:EE:16:64:60:AF:F7:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnqbF0Wlpww797zCwu4WZGCv96g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/1-jHjx6EX2ReK7qxTa2z58DlL12o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/6e909d-d325-48a1-9443-cc9a758c9916/1/rnqbF0Wlpww797zCwu4WZGCv96g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.255.160.0/20
                  31.202.0.0/16
                  46.160.88.0/21
                  79.171.120.0/21
                  82.117.247.0-82.117.251.255
                  85.90.222.0/24
                  178.165.0.0/17
                  185.147.96.0/22
                IPv6:
                  2a00:1210::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:f7:42:bc:e7:78:be:48:d4:25:e6:90:da:49:d2:be:01:5e:
         de:c1:55:a3:4f:ee:eb:f5:1c:43:81:c1:b1:0c:39:88:c4:08:
         6b:4f:49:ae:19:d9:0e:8a:18:66:3a:dc:62:de:61:17:23:bc:
         43:80:35:0b:50:5e:52:3a:1b:5f:06:1f:e5:1b:57:3a:0b:bf:
         fd:46:88:94:68:89:13:2d:7e:7e:df:ba:1c:e9:9a:04:98:69:
         b5:be:70:fb:67:d5:59:df:a3:f5:8d:4a:ee:be:53:2c:f2:1a:
         0d:6a:1a:77:49:2e:51:7f:54:e3:22:fd:16:be:33:ba:7c:36:
         7b:6c:7d:71:f1:ca:47:03:07:54:0d:07:e7:ec:5b:8b:a9:d9:
         c4:7f:39:1d:11:42:85:87:76:3a:c6:1b:09:7f:80:1c:d5:d7:
         51:43:20:03:2e:e4:93:11:14:e1:bb:e3:1b:ad:b7:7d:17:f9:
         08:d1:90:74:73:3a:ea:5e:40:13:64:d4:20:ee:5a:c7:84:d3:
         f1:83:cb:9d:05:e3:ae:6a:90:b2:79:a1:4e:1e:74:a0:3b:9f:
         15:d6:a9:b4:72:b7:05:03:70:d3:aa:b1:2c:62:4a:8f:4c:b5:
         3e:c3:cf:43:a3:24:e7:25:60:83:df:c3:4d:4f:c9:fa:f2:cc:
         15:3a:ad:26
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYzEJUpBRpWtLNDCzbAOGPRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlN2E5YjE3NDVhNWE3MGMzYmY3YmNjMmMyZWUxNjY0NjBh
ZmY3YTgwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTMxZTNjN2ExMTdkOTE3OGFlZWFjNTM2YjZjZjlmMDM5NGJkNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApznPe3ChzzKc/GYinLm7/HHbyzp8
FOalJZ48kfMKvW8DGgOvu3pvDiegtgq4crTHMz6DhpN8m2DPbTADWXhR9mZvSi0f
UGjVuYj3dRjy3HfBUJAfrx1aIJ6NRyhIl5b5Zz8sQqTqaNq7pWDwFMSolyT8Y3he
p2oJ8CJoHDj4PMzoM30u37/eUmyAzbAdBCNwXH1JoenWGlgAtaG++xVOEEiLmCoa
iUSx7bPuq5KS6I92MBXPz5ABzxU55QS4uAHbB06k0rAg2rz2khLAWPOjzn2RjB5I
fTM9RTluAyP/qrSYPM/EcpC+3YYErV8znH+3yRqK7UVjTpbuete5BuXG1QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFPox48ehF9kXiu6sU2ts+fA5S9dqMB8GA1UdIwQY
MBaAFK56mxdFpacMO/e8wsLuFmRgr/eoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5xYkYwV2xwd3c3OTd6Q3d1NFdaR0N2OTZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy82ZTkwOWQtZDMyNS00OGExLTk0NDMt
Y2M5YTc1OGM5OTE2LzEvMS1qSGp4NkVYMlJlSzdxeFRhMno1OERsTDEyby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOWMvNmU5MDlkLWQzMjUtNDhhMS05NDQzLWNjOWE3NThjOTkx
Ni8xL3JucWJGMFdscHd3Nzk3ekN3dTRXWkdDdjk2Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBfBggrBgEFBQcBBwEB/wRQME4wPQQCAAEwNwMEBAX/oAMD
AB/KAwQDLqBYAwQDT6t4MAwDBABSdfcDBAJSdfgDBABVWt4DBAeypQADBAK5k2Aw
DQQCAAIwBwMFACoAEhAwDQYJKoZIhvcNAQELBQADggEBAKH3QrzneL5I1CXmkNpJ
0r4BXt7BVaNP7uv1HEOBwbEMOYjECGtPSa4Z2Q6KGGY63GLeYRcjvEOANQtQXlI6
G18GH+UbVzoLv/1GiJRoiRMtfn7fuhzpmgSYabW+cPtn1Vnfo/WNSu6+UyzyGg1q
GndJLlF/VOMi/Ra+M7p8NntsfXHxykcDB1QNB+fsW4up2cR/OR0RQoWHdjrGGwl/
gBzV11FDIAMu5JMRFOG74xutt30X+QjRkHRzOupeQBNk1CDuWseE0/GDy50F465q
kLJ5oU4edKA7nxXWqbRytwUDcNOqsSxiSo9MtT7Dz0OjJOclYIPfw01PyfryzBU6
rSY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:49 2024 by rpki-client on console-fra.rpki-client.org