Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/vDcnBDXRg6uKKfLtPCA57_tNtH8.roa
File:                     vDcnBDXRg6uKKfLtPCA57_tNtH8.roa (raw, json)
Hash identifier:          dcfCexjwJ14/fpTbE0BTy4ieBG4XVy/mbVU4gjgzHKE=
Subject key identifier:   BC:37:27:04:35:D1:83:AB:8A:29:F2:ED:3C:20:39:EF:FB:4D:B4:7F
Certificate issuer:       /CN=ac8a69ecb787cce9892dc65480463fb088b613df
Certificate serial:       018571F9F69461E2F2C695CE727EB8CCB6F6
Authority key identifier: AC:8A:69:EC:B7:87:CC:E9:89:2D:C6:54:80:46:3F:B0:88:B6:13:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/vDcnBDXRg6uKKfLtPCA57_tNtH8.roa
Signing time:             Mon 02 Jan 2023 10:14:44 +0000
ROA not before:           Mon 02 Jan 2023 10:14:44 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     44946
IP address blocks:        93.94.135.0/24 maxlen: 24
                          194.187.64.0/22 maxlen: 24
                          195.49.152.0/22 maxlen: 24
                          185.59.200.0/22 maxlen: 24
                          93.94.128.0/21 maxlen: 24
                          2a02:158::/32 maxlen: 64
                          2a02:158:aa00::/39 maxlen: 39
                          2a02:158:fffe::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 12:32:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:f9:f6:94:61:e2:f2:c6:95:ce:72:7e:b8:cc:b6:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a69ecb787cce9892dc65480463fb088b613df
        Validity
            Not Before: Jan  2 10:14:44 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bc37270435d183ab8a29f2ed3c2039effb4db47f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ac:ed:1a:0d:ef:7d:67:81:d9:78:65:5b:97:
                    68:d8:57:13:ed:f2:fa:ef:16:21:21:be:01:da:b7:
                    f5:7e:a4:da:f8:44:be:6d:07:56:5b:05:5a:10:8d:
                    dd:eb:1b:f3:27:e0:d0:af:68:b0:c1:fe:e8:74:b7:
                    0d:26:0a:dc:02:99:87:09:d2:27:cb:80:ab:f2:a4:
                    c3:ba:75:8d:61:8b:27:89:56:9b:3e:9a:ef:3c:54:
                    8d:55:1d:bc:59:d3:3a:ed:09:f5:94:00:49:82:d2:
                    cd:37:e0:c6:7a:6a:48:e7:b8:8b:96:f5:15:f5:41:
                    b8:53:56:fc:ba:67:4c:22:a3:da:2c:37:fd:b5:b6:
                    06:8e:2e:35:10:3c:d9:06:64:8d:32:e5:b9:b7:50:
                    48:eb:fb:7f:21:ce:3d:16:70:57:55:9f:4e:a0:2b:
                    4a:93:4c:d4:3f:0c:09:fe:7e:5b:fa:5d:cc:04:cc:
                    e8:c9:a4:9e:11:a7:6b:8c:0e:88:55:f0:65:12:ec:
                    af:6a:ef:c4:95:4e:2d:18:d0:6c:12:fa:80:1b:cf:
                    b6:03:47:31:8f:05:5b:97:df:8d:fe:3b:4c:0c:03:
                    25:52:5b:ee:e9:99:c0:01:8f:9d:ee:c4:b7:ee:1b:
                    21:54:64:e6:bf:77:64:76:84:0b:44:b1:46:56:8f:
                    b5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:37:27:04:35:D1:83:AB:8A:29:F2:ED:3C:20:39:EF:FB:4D:B4:7F
            X509v3 Authority Key Identifier:
                keyid:AC:8A:69:EC:B7:87:CC:E9:89:2D:C6:54:80:46:3F:B0:88:B6:13:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIpp7LeHzOmJLcZUgEY_sIi2E98.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/vDcnBDXRg6uKKfLtPCA57_tNtH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/87dadf-29d9-49d3-8ac6-4cc40ffd796d/1/rIpp7LeHzOmJLcZUgEY_sIi2E98.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.94.128.0/21
                  185.59.200.0/22
                  194.187.64.0/22
                  195.49.152.0/22
                IPv6:
                  2a02:158::/32

    Signature Algorithm: sha256WithRSAEncryption
         1d:23:ed:be:00:40:de:52:db:d7:f7:a1:75:9c:6b:0c:7a:fd:
         43:9d:d4:b6:44:54:d6:bb:b6:93:56:29:a3:ee:35:45:3a:91:
         85:e5:63:94:dd:b0:0c:0d:43:2d:c6:af:7e:62:4e:67:b1:ff:
         8b:38:0f:78:ec:a0:d7:bf:d6:b7:c9:7d:1c:43:f6:9a:dc:0b:
         85:4e:2c:dd:a0:0f:b9:1e:5e:29:c1:5d:d2:47:cb:9b:f9:a4:
         bb:5d:aa:63:61:64:39:79:da:19:73:13:56:44:c2:c9:e5:b4:
         f4:e6:74:b6:49:c6:c1:be:75:40:19:d1:8d:1a:ff:ea:de:09:
         f6:b1:63:d1:9a:0a:4e:f9:bd:a7:aa:bd:81:77:19:7d:4f:4c:
         3c:9e:68:0c:d7:a9:ef:c6:79:0e:3a:69:ac:37:b0:e1:25:49:
         11:f2:3a:de:98:ef:c8:09:87:84:ad:ed:d5:b3:82:56:9b:67:
         99:b2:50:54:5d:c5:1d:3b:42:3a:73:41:01:29:ac:9d:2e:d7:
         34:6e:d0:42:4c:a3:ac:f8:88:1b:6d:5d:04:cc:e2:e8:47:4c:
         2c:c8:42:5d:bc:a8:4f:c4:56:7a:3d:db:91:f9:68:ab:4e:4e:
         16:6d:c1:4e:c9:85:2a:46:24:49:e9:19:bb:43:79:12:d8:13:
         7f:46:db:f8
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVx+faUYeLyxpXOcn64zLb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGE2OWVjYjc4N2NjZTk4OTJkYzY1NDgwNDYzZmIwODhi
NjEzZGYwHhcNMjMwMTAyMTAxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzM3MjcwNDM1ZDE4M2FiOGEyOWYyZWQzYzIwMzllZmZiNGRiNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKztGg3vfWeB2XhlW5do2FcT7fL6
7xYhIb4B2rf1fqTa+ES+bQdWWwVaEI3d6xvzJ+DQr2iwwf7odLcNJgrcApmHCdIn
y4Cr8qTDunWNYYsniVabPprvPFSNVR28WdM67Qn1lABJgtLNN+DGempI57iLlvUV
9UG4U1b8umdMIqPaLDf9tbYGji41EDzZBmSNMuW5t1BI6/t/Ic49FnBXVZ9OoCtK
k0zUPwwJ/n5b+l3MBMzoyaSeEadrjA6IVfBlEuyvau/ElU4tGNBsEvqAG8+2A0cx
jwVbl9+N/jtMDAMlUlvu6ZnAAY+d7sS37hshVGTmv3dkdoQLRLFGVo+1QwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFLw3JwQ10YOriiny7TwgOe/7TbR/MB8GA1UdIwQY
MBaAFKyKaey3h8zpiS3GVIBGP7CIthPfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklwcDdMZUh6T21KTGNaVWdFWV9zSWkyRTk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi84N2RhZGYtMjlkOS00OWQzLThhYzYt
NGNjNDBmZmQ3OTZkLzEvdkRjbkJEWFJnNnVLS2ZMdFBDQTU3X3ROdEg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi84N2RhZGYtMjlkOS00OWQzLThhYzYtNGNjNDBmZmQ3OTZk
LzEvcklwcDdMZUh6T21KTGNaVWdFWV9zSWkyRTk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQDXV6AAwQC
uTvIAwQCwrtAAwQCwzGYMA0EAgACMAcDBQAqAgFYMA0GCSqGSIb3DQEBCwUAA4IB
AQAdI+2+AEDeUtvX96F1nGsMev1DndS2RFTWu7aTVimj7jVFOpGF5WOU3bAMDUMt
xq9+Yk5nsf+LOA947KDXv9a3yX0cQ/aa3AuFTizdoA+5Hl4pwV3SR8ub+aS7Xapj
YWQ5edoZcxNWRMLJ5bT05nS2ScbBvnVAGdGNGv/q3gn2sWPRmgpO+b2nqr2Bdxl9
T0w8nmgM16nvxnkOOmmsN7DhJUkR8jremO/ICYeEre3Vs4JWm2eZslBUXcUdO0I6
c0EBKaydLtc0btBCTKOs+IgbbV0EzOLoR0wsyEJdvKhPxFZ6PduR+WirTk4WbcFO
yYUqRiRJ6Rm7Q3kS2BN/Rtv4
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:04 2024 by rpki-client on console-fra.rpki-client.org