Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/a06407-a1f2-4b47-96c7-0a9e3cb4dc13/1/Amq6XojXOpFEyJqfCNSKf-BNJLk.roa
File:                     Amq6XojXOpFEyJqfCNSKf-BNJLk.roa (raw, json)
Hash identifier:          mt6DqoSHUjoWFiE4ijoMvVrJ1TLtwne/GEtF1GJQ6Mo=
Subject key identifier:   02:6A:BA:5E:88:D7:3A:91:44:C8:9A:9F:08:D4:8A:7F:E0:4D:24:B9
Certificate issuer:       /CN=587ed7e9f98a1f1975ee9fbcb095c3adfa28aec0
Certificate serial:       01856E6F97F438C22D4CB42F04083E7644F1
Authority key identifier: 58:7E:D7:E9:F9:8A:1F:19:75:EE:9F:BC:B0:95:C3:AD:FA:28:AE:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WH7X6fmKHxl17p-8sJXDrfoorsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/a06407-a1f2-4b47-96c7-0a9e3cb4dc13/1/Amq6XojXOpFEyJqfCNSKf-BNJLk.roa
Signing time:             Sun 01 Jan 2023 17:44:44 +0000
ROA not before:           Sun 01 Jan 2023 17:44:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198144
IP address blocks:        176.97.230.0/23 maxlen: 23
                          176.97.228.0/22 maxlen: 22
                          176.97.228.0/23 maxlen: 23
                          93.117.65.0/24 maxlen: 24
                          212.85.238.0/23 maxlen: 23
                          212.85.236.0/22 maxlen: 22
                          212.85.236.0/23 maxlen: 23
                          128.65.152.0/23 maxlen: 23
                          128.65.152.0/21 maxlen: 21
                          128.65.156.0/24 maxlen: 24
                          128.65.155.0/24 maxlen: 24
                          128.65.154.0/24 maxlen: 24
                          128.65.159.0/24 maxlen: 24
                          128.65.158.0/24 maxlen: 24
                          128.65.157.0/24 maxlen: 24
                          188.208.111.0/24 maxlen: 24
                          185.78.212.0/22 maxlen: 22
                          185.78.212.0/23 maxlen: 23
                          185.78.214.0/23 maxlen: 23
                          188.211.239.0/24 maxlen: 24
                          93.113.102.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:6f:97:f4:38:c2:2d:4c:b4:2f:04:08:3e:76:44:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=587ed7e9f98a1f1975ee9fbcb095c3adfa28aec0
        Validity
            Not Before: Jan  1 17:44:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=026aba5e88d73a9144c89a9f08d48a7fe04d24b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:d9:ae:08:ab:e4:64:90:c7:ba:ac:00:3e:77:
                    73:92:43:9e:77:d0:9c:be:aa:90:e7:96:58:46:7b:
                    4b:93:fd:4a:d5:f7:c3:b2:4c:97:76:d8:8d:92:d5:
                    1a:91:45:df:58:fd:0e:6a:06:5e:82:40:df:55:c1:
                    fd:8e:ef:c8:9f:45:99:14:84:a9:4a:b8:bc:f3:bc:
                    7d:63:dd:f3:6b:45:a0:ce:e3:b5:23:9b:56:3c:9e:
                    5e:78:bb:2d:95:16:bd:ba:19:ce:0e:05:3e:7f:30:
                    85:b1:0f:68:e8:d5:a7:e9:9c:50:25:a8:9b:3b:08:
                    ff:d2:29:93:62:1a:d3:7e:8f:7e:da:c1:39:ac:c5:
                    82:cf:9a:e2:f8:25:84:be:69:9e:f5:f2:ca:02:0d:
                    11:90:00:8e:85:bb:7f:0d:e5:29:d0:5d:4e:6d:b8:
                    aa:3b:1c:c1:48:85:32:5f:31:f2:11:8b:d2:ed:2f:
                    8f:76:48:f2:e9:8b:6f:c6:a1:d7:c5:26:4c:32:69:
                    e2:31:3a:27:84:d1:74:ea:51:ba:fa:1c:bf:93:09:
                    01:78:c5:88:fa:0f:1c:2f:14:5f:35:7f:c8:07:ad:
                    81:49:51:ca:3a:9e:4c:2b:a1:a5:79:f3:d4:29:50:
                    ad:b9:47:df:f0:10:bb:a8:a1:15:50:e1:82:90:88:
                    e5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:6A:BA:5E:88:D7:3A:91:44:C8:9A:9F:08:D4:8A:7F:E0:4D:24:B9
            X509v3 Authority Key Identifier:
                keyid:58:7E:D7:E9:F9:8A:1F:19:75:EE:9F:BC:B0:95:C3:AD:FA:28:AE:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WH7X6fmKHxl17p-8sJXDrfoorsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/a06407-a1f2-4b47-96c7-0a9e3cb4dc13/1/Amq6XojXOpFEyJqfCNSKf-BNJLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/a06407-a1f2-4b47-96c7-0a9e3cb4dc13/1/WH7X6fmKHxl17p-8sJXDrfoorsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.102.0/24
                  93.117.65.0/24
                  128.65.152.0/21
                  176.97.228.0/22
                  185.78.212.0/22
                  188.208.111.0/24
                  188.211.239.0/24
                  212.85.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:f5:57:35:9a:6c:e5:ab:a7:db:60:1d:c9:e0:c4:7d:ee:44:
         67:9a:f4:f7:e3:fd:17:63:69:bf:14:c3:31:6b:9a:08:bb:a8:
         3a:21:e7:5f:8e:16:6c:10:86:85:0a:1c:b4:b3:75:44:e3:67:
         5e:e3:ce:7f:d1:8a:aa:27:84:5c:d9:9d:c7:26:d5:ee:ce:ed:
         0a:11:46:41:33:1a:10:15:83:a5:5d:44:19:8a:67:ff:29:f4:
         e3:01:57:a7:33:7d:c0:be:66:ce:30:e3:3a:e3:cc:69:94:7d:
         42:6e:9d:72:ef:51:8f:2f:13:4d:a8:52:f3:80:1a:cd:db:69:
         24:f5:16:90:9e:0f:ee:2b:c7:e8:3a:f7:61:b7:e5:40:e8:1c:
         31:8b:c2:36:6e:03:50:8a:41:0a:c1:d2:3e:17:af:4f:b6:12:
         70:a6:67:c5:30:7f:5b:ed:cc:28:dc:26:31:f6:7d:51:5f:b6:
         3a:bb:1c:3c:33:7a:03:50:d5:45:b2:e6:e0:4c:8d:53:4d:d5:
         fc:13:2b:44:20:28:50:bd:2f:0c:72:55:a3:9f:5f:db:a7:0b:
         68:c0:e6:fb:66:5c:e3:92:41:92:85:9b:3c:2d:52:37:44:17:
         99:04:c6:cd:7c:62:9d:8e:16:aa:3c:1f:0c:78:64:76:11:cb:
         1c:fe:a3:26
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVub5f0OMItTLQvBAg+dkTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4N2VkN2U5Zjk4YTFmMTk3NWVlOWZiY2IwOTVjM2FkZmEy
OGFlYzAwHhcNMjMwMTAxMTc0NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjZhYmE1ZTg4ZDczYTkxNDRjODlhOWYwOGQ0OGE3ZmUwNGQyNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNmuCKvkZJDHuqwAPndzkkOed9Cc
vqqQ55ZYRntLk/1K1ffDskyXdtiNktUakUXfWP0OagZegkDfVcH9ju/In0WZFISp
Sri887x9Y93za0WgzuO1I5tWPJ5eeLstlRa9uhnODgU+fzCFsQ9o6NWn6ZxQJaib
Owj/0imTYhrTfo9+2sE5rMWCz5ri+CWEvmme9fLKAg0RkACOhbt/DeUp0F1Obbiq
OxzBSIUyXzHyEYvS7S+Pdkjy6YtvxqHXxSZMMmniMTonhNF06lG6+hy/kwkBeMWI
+g8cLxRfNX/IB62BSVHKOp5MK6GlefPUKVCtuUff8BC7qKEVUOGCkIjljwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAJqul6I1zqRRMianwjUin/gTSS5MB8GA1UdIwQY
MBaAFFh+1+n5ih8Zde6fvLCVw636KK7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0g3WDZmbUtIeGwxN3AtOHNKWERyZm9vcnNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hMDY0MDctYTFmMi00YjQ3LTk2Yzct
MGE5ZTNjYjRkYzEzLzEvQW1xNlhvalhPcEZFeUpxZkNOU0tmLUJOSkxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hMDY0MDctYTFmMi00YjQ3LTk2YzctMGE5ZTNjYjRkYzEz
LzEvV0g3WDZmbUtIeGwxN3AtOHNKWERyZm9vcnNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAXXFmAwQA
XXVBAwQDgEGYAwQCsGHkAwQCuU7UAwQAvNBvAwQAvNPvAwQC1FXsMA0GCSqGSIb3
DQEBCwUAA4IBAQBX9Vc1mmzlq6fbYB3J4MR97kRnmvT34/0XY2m/FMMxa5oIu6g6
IedfjhZsEIaFChy0s3VE42de485/0YqqJ4Rc2Z3HJtXuzu0KEUZBMxoQFYOlXUQZ
imf/KfTjAVenM33AvmbOMOM648xplH1Cbp1y71GPLxNNqFLzgBrN22kk9RaQng/u
K8foOvdht+VA6Bwxi8I2bgNQikEKwdI+F69PthJwpmfFMH9b7cwo3CYx9n1RX7Y6
uxw8M3oDUNVFsubgTI1TTdX8EytEIChQvS8MclWjn1/bpwtowOb7ZlzjkkGShZs8
LVI3RBeZBMbNfGKdjhaqPB8MeGR2Ecsc/qMm
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:41:03 2024 by rpki-client on console-fra.rpki-client.org