Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/xuKofuHTVt-WRC8x_YMLtQhSFNs.roa
File:                     xuKofuHTVt-WRC8x_YMLtQhSFNs.roa (raw, json)
Hash identifier:          D05D1F3iWGpP+gE8gc2Qia5BeYYiU8mVzgHgJ5Hzt9Y=
Subject key identifier:   C6:E2:A8:7E:E1:D3:56:DF:96:44:2F:31:FD:83:0B:B5:08:52:14:DB
Certificate issuer:       /CN=f563da6eb3b7a07fdc4525883004970d640b036b
Certificate serial:       01856C6EEF2B2AEE5B270ED8CDED68D8D6F9
Authority key identifier: F5:63:DA:6E:B3:B7:A0:7F:DC:45:25:88:30:04:97:0D:64:0B:03:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9WPabrO3oH_cRSWIMASXDWQLA2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/xuKofuHTVt-WRC8x_YMLtQhSFNs.roa
Signing time:             Sun 01 Jan 2023 08:24:47 +0000
ROA not before:           Sun 01 Jan 2023 08:24:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6661
IP address blocks:        213.166.32.0/19 maxlen: 24
                          107.183.0.0/17 maxlen: 24
                          213.135.224.0/19 maxlen: 24
                          88.207.128.0/17 maxlen: 24
                          146.0.216.0/21 maxlen: 24
                          78.141.128.0/18 maxlen: 24
                          185.32.236.0/22 maxlen: 24
                          37.157.152.0/21 maxlen: 24
                          194.154.192.0/19 maxlen: 24
                          87.240.192.0/18 maxlen: 24
                          178.254.64.0/18 maxlen: 24
                          146.0.212.0/22 maxlen: 24
                          188.115.0.0/18 maxlen: 24
                          83.99.0.0/17 maxlen: 24
                          146.0.128.0/18 maxlen: 24
                          195.46.224.0/19 maxlen: 24
                          2a00:ca60::/32 maxlen: 48
                          2001:7e8::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:32:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:6e:ef:2b:2a:ee:5b:27:0e:d8:cd:ed:68:d8:d6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f563da6eb3b7a07fdc4525883004970d640b036b
        Validity
            Not Before: Jan  1 08:24:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c6e2a87ee1d356df96442f31fd830bb5085214db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5c:54:33:7c:a6:d5:39:e4:e7:bc:98:84:a5:
                    67:f5:0d:fe:12:04:d5:2e:e5:33:4a:b9:0f:6f:b6:
                    3d:59:e7:42:b9:69:d6:df:56:c5:41:fd:3f:a2:bf:
                    c3:36:78:7f:58:b6:cf:9b:b6:53:07:9f:ef:0f:26:
                    b0:70:ec:7e:55:d4:34:cc:a3:0e:11:af:30:9a:29:
                    44:bc:a2:90:7c:24:f2:56:dd:e8:c9:f1:45:20:95:
                    8d:4c:f9:f4:1e:da:e1:fb:11:e4:d0:c5:60:d0:f6:
                    65:00:1f:51:5e:f6:67:ff:38:5e:e3:47:e4:70:e4:
                    1b:12:da:5d:5a:be:cd:b7:bb:c4:a2:37:6f:51:b3:
                    28:57:c7:f0:76:c5:85:44:77:ab:6e:6c:f4:1e:f5:
                    68:c4:f2:ba:1c:bb:8a:53:73:80:0e:e3:ba:b9:9b:
                    19:2d:9a:e4:92:0a:f4:cc:44:30:20:0e:0b:97:df:
                    7b:a0:26:14:33:5b:a8:31:6f:2a:bf:bc:7c:97:c0:
                    e6:65:57:31:01:8d:ce:71:0a:13:b9:62:6a:48:53:
                    5b:1d:ae:6b:95:1d:a6:a7:1d:75:a5:a2:cd:42:87:
                    cc:e8:7d:9d:2c:b4:75:8d:3a:89:dd:6b:64:37:ba:
                    ff:3c:4a:61:91:fb:f9:25:59:7a:f2:dc:4e:b6:89:
                    4f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:E2:A8:7E:E1:D3:56:DF:96:44:2F:31:FD:83:0B:B5:08:52:14:DB
            X509v3 Authority Key Identifier:
                keyid:F5:63:DA:6E:B3:B7:A0:7F:DC:45:25:88:30:04:97:0D:64:0B:03:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9WPabrO3oH_cRSWIMASXDWQLA2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/xuKofuHTVt-WRC8x_YMLtQhSFNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/9WPabrO3oH_cRSWIMASXDWQLA2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.152.0/21
                  78.141.128.0/18
                  83.99.0.0/17
                  87.240.192.0/18
                  88.207.128.0/17
                  107.183.0.0/17
                  146.0.128.0/18
                  146.0.212.0-146.0.223.255
                  178.254.64.0/18
                  185.32.236.0/22
                  188.115.0.0/18
                  194.154.192.0/19
                  195.46.224.0/19
                  213.135.224.0/19
                  213.166.32.0/19
                IPv6:
                  2001:7e8::/32
                  2a00:ca60::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:c6:9e:d3:f6:b1:68:0b:2e:fa:b3:9c:6d:49:99:d7:fe:61:
         65:52:fe:05:6f:05:71:5d:70:12:13:ba:52:10:e7:b4:a9:1e:
         46:75:f0:80:94:6f:68:33:23:d9:11:f3:78:ec:a6:d5:89:3c:
         c4:a1:fc:2f:6e:82:7a:ba:54:71:56:9b:d1:0f:3e:f4:fb:8d:
         37:6f:f2:07:c2:4c:0e:63:f2:5f:cb:20:ce:63:b0:27:10:e6:
         7b:ae:a4:69:ab:8c:63:92:3d:92:5f:8f:9c:95:f8:cb:2c:d1:
         98:73:f9:d9:55:f1:8f:58:a7:cb:db:00:18:d6:28:3d:91:58:
         19:a9:2a:7a:ed:3d:3d:e2:fc:21:aa:96:a5:c1:87:38:ee:56:
         17:4c:b9:5d:3b:49:98:29:ea:7b:6d:05:74:50:b8:cf:9d:68:
         c0:f8:05:cb:d6:f0:94:5a:ab:f8:b9:0c:22:34:e4:a1:c3:c1:
         bb:61:1f:cf:89:8e:08:86:52:c9:d4:2c:09:44:1e:d2:31:c8:
         ff:00:0a:a9:0f:9c:b5:d5:cf:ec:6a:b4:cf:a0:fd:ef:55:19:
         5a:b0:4d:fb:b1:91:07:7c:68:82:48:99:d8:78:26:b9:41:d5:
         8a:97:fb:53:8f:df:a3:aa:cf:88:26:15:1f:4e:9f:9a:71:f2:
         a1:79:9e:84
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYVsbu8rKu5bJw7Yze1o2Nb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1NjNkYTZlYjNiN2EwN2ZkYzQ1MjU4ODMwMDQ5NzBkNjQw
YjAzNmIwHhcNMjMwMTAxMDgyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmUyYTg3ZWUxZDM1NmRmOTY0NDJmMzFmZDgzMGJiNTA4NTIxNGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFxUM3ym1Tnk57yYhKVn9Q3+EgTV
LuUzSrkPb7Y9WedCuWnW31bFQf0/or/DNnh/WLbPm7ZTB5/vDyawcOx+VdQ0zKMO
Ea8wmilEvKKQfCTyVt3oyfFFIJWNTPn0Htrh+xHk0MVg0PZlAB9RXvZn/zhe40fk
cOQbEtpdWr7Nt7vEojdvUbMoV8fwdsWFRHerbmz0HvVoxPK6HLuKU3OADuO6uZsZ
LZrkkgr0zEQwIA4Ll997oCYUM1uoMW8qv7x8l8DmZVcxAY3OcQoTuWJqSFNbHa5r
lR2mpx11paLNQofM6H2dLLR1jTqJ3WtkN7r/PEphkfv5JVl68txOtolP0QIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFMbiqH7h01bflkQvMf2DC7UIUhTbMB8GA1UdIwQY
MBaAFPVj2m6zt6B/3EUliDAElw1kCwNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVdQYWJyTzNvSF9jUlNXSU1BU1hEV1FMQTJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy82MzU2NGYtYWNhMS00NjNkLWJlMWUt
ZTU1MjBhYTdiYTM3LzEveHVLb2Z1SFRWdC1XUkM4eF9ZTUx0UWhTRk5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy82MzU2NGYtYWNhMS00NjNkLWJlMWUtZTU1MjBhYTdiYTM3
LzEvOVdQYWJyTzNvSF9jUlNXSU1BU1hEV1FMQTJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDBoBAIAATBiAwQDJZ2Y
AwQGTo2AAwQHU2MAAwQGV/DAAwQHWM+AAwQHa7cAAwQGkgCAMAwDBAKSANQDBAWS
AMADBAay/kADBAK5IOwDBAa8cwADBAXCmsADBAXDLuADBAXVh+ADBAXVpiAwFAQC
AAIwDgMFACABB+gDBQAqAMpgMA0GCSqGSIb3DQEBCwUAA4IBAQCwxp7T9rFoCy76
s5xtSZnX/mFlUv4FbwVxXXASE7pSEOe0qR5GdfCAlG9oMyPZEfN47KbViTzEofwv
boJ6ulRxVpvRDz70+403b/IHwkwOY/JfyyDOY7AnEOZ7rqRpq4xjkj2SX4+clfjL
LNGYc/nZVfGPWKfL2wAY1ig9kVgZqSp67T094vwhqpalwYc47lYXTLldO0mYKep7
bQV0ULjPnWjA+AXL1vCUWqv4uQwiNOShw8G7YR/PiY4IhlLJ1CwJRB7SMcj/AAqp
D5y11c/sarTPoP3vVRlasE37sZEHfGiCSJnYeCa5QdWKl/tTj9+jqs+IJhUfTp+a
cfKheZ6E
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:18 2024 by rpki-client on console-ams.rpki-client.org