Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/8G9BURACk1S4mEZT5V-mZhGLD8k.roa
File:                     8G9BURACk1S4mEZT5V-mZhGLD8k.roa (raw, json)
Hash identifier:          0F7JRfPkNkJ1mOs/z5bWJSS9ixCFpW5+MV12wl4j8iY=
Subject key identifier:   F0:6F:41:51:10:02:93:54:B8:98:46:53:E5:5F:A6:66:11:8B:0F:C9
Certificate issuer:       /CN=93a229e266b2558899f3547ee63d84ed6594768b
Certificate serial:       018A40293F922C22CFF79001FAB0499EF22A
Authority key identifier: 93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/8G9BURACk1S4mEZT5V-mZhGLD8k.roa
Signing time:             Tue 29 Aug 2023 07:19:19 +0000
ROA not before:           Tue 29 Aug 2023 07:19:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     56655
IP address blocks:        195.16.73.0/24 maxlen: 24
                          45.88.201.0/24 maxlen: 24
                          45.88.200.0/24 maxlen: 24
                          185.14.97.0/24 maxlen: 24
                          185.181.60.0/22 maxlen: 24
                          185.125.168.0/22 maxlen: 24
                          198.140.141.0/24 maxlen: 24
                          194.32.107.0/24 maxlen: 24
                          185.243.217.0/24 maxlen: 24
                          185.243.216.0/24 maxlen: 24
                          185.243.218.0/24 maxlen: 24
                          2a03:94e1::/32 maxlen: 32
                          2a0a:cd80::/32 maxlen: 32
                          2a03:94e2::/32 maxlen: 32
                          2a03:94e3::/32 maxlen: 32
                          2a03:94e0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 05 Oct 2023 11:37:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:40:29:3f:92:2c:22:cf:f7:90:01:fa:b0:49:9e:f2:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a229e266b2558899f3547ee63d84ed6594768b
        Validity
            Not Before: Aug 29 07:19:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f06f415110029354b8984653e55fa666118b0fc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9a:68:f8:e0:b6:04:02:4b:73:ca:ec:85:3a:
                    4a:fe:07:b3:04:c5:f6:99:73:4a:32:5b:a4:36:eb:
                    f8:b5:67:12:d8:2b:a7:3c:74:35:33:c2:b6:1d:e1:
                    cb:a9:2f:37:c5:97:9c:b9:b9:15:8c:24:36:61:e5:
                    cc:20:7f:79:0e:ae:2a:61:d7:03:09:e5:af:b9:0e:
                    e8:2b:af:97:d6:9a:15:37:01:c5:6d:6b:69:1a:41:
                    f6:d1:65:c3:80:36:b5:50:65:e6:58:59:5f:c2:71:
                    b3:dc:64:8a:db:23:f0:7f:e1:8e:ab:09:38:9f:36:
                    13:25:f7:d2:d5:52:9e:17:86:04:fe:26:b4:39:2a:
                    9b:8c:8c:03:34:90:bd:60:01:54:a1:7a:93:10:12:
                    54:63:88:b3:a8:4e:f9:c6:89:f4:45:33:11:75:dd:
                    9e:2b:ad:9a:e9:fe:46:8c:f3:f2:28:8e:ad:a6:71:
                    fb:56:f7:f8:95:27:70:f6:5b:1e:8d:87:98:2f:c6:
                    ed:2a:22:52:27:db:b9:f6:78:ec:e4:47:51:3f:a9:
                    a6:50:84:63:05:7e:b1:40:91:1e:fc:20:c4:d1:63:
                    26:83:7b:e8:ba:07:4e:39:5d:9a:17:1e:08:23:2b:
                    bc:7e:bb:f5:1e:e4:fe:c0:ec:a9:b8:b2:d8:23:68:
                    19:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:6F:41:51:10:02:93:54:B8:98:46:53:E5:5F:A6:66:11:8B:0F:C9
            X509v3 Authority Key Identifier:
                keyid:93:A2:29:E2:66:B2:55:88:99:F3:54:7E:E6:3D:84:ED:65:94:76:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6Ip4mayVYiZ81R-5j2E7WWUdos.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/8G9BURACk1S4mEZT5V-mZhGLD8k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/c4073a-923b-4ecf-9566-4d777cacd9a4/1/k6Ip4mayVYiZ81R-5j2E7WWUdos.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.200.0/23
                  185.14.97.0/24
                  185.125.168.0/22
                  185.181.60.0/22
                  185.243.216.0-185.243.218.255
                  194.32.107.0/24
                  195.16.73.0/24
                  198.140.141.0/24
                IPv6:
                  2a03:94e0::/30
                  2a0a:cd80::/32

    Signature Algorithm: sha256WithRSAEncryption
         49:f3:85:cc:a1:cf:40:00:2a:2f:09:82:9f:00:49:31:c2:8a:
         a6:e3:22:80:a4:8a:53:a8:d1:b8:c8:9d:0c:c1:ed:1d:fe:3b:
         58:23:8b:71:5d:ae:60:32:c4:73:c7:75:51:75:3c:2c:c3:9f:
         00:37:fe:6f:87:37:d5:10:38:55:8c:e2:5a:eb:d6:44:d6:ca:
         71:c9:4c:bb:9a:44:38:7c:b1:2a:89:40:c4:c3:f5:57:f4:49:
         2e:b3:67:8e:e8:18:27:c0:54:68:1b:61:04:14:c2:56:0f:17:
         b3:19:14:44:05:a8:e8:97:5e:96:9f:f9:b7:a0:61:e5:40:19:
         17:1d:84:a2:45:b1:12:e6:94:3b:39:c9:ed:10:82:8a:03:91:
         43:94:2f:95:fa:98:8f:19:c9:26:42:cd:95:57:e6:28:3a:2c:
         4a:61:61:e2:6b:b0:b2:67:10:18:b7:e2:10:4c:30:53:e3:e1:
         99:90:56:e6:e9:be:bd:5a:72:31:99:4f:6a:22:64:e4:2f:50:
         aa:ce:b9:57:6f:77:4f:86:82:0d:b7:8a:ac:9a:fe:fe:42:99:
         5e:da:de:37:ed:a5:c1:59:c8:06:c9:fc:43:43:e7:2b:be:db:
         81:b1:15:ae:3d:47:80:0a:ed:99:fb:b5:d9:c5:97:03:68:8e:
         ce:71:1d:ba
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYpAKT+SLCLP95AB+rBJnvIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTIyOWUyNjZiMjU1ODg5OWYzNTQ3ZWU2M2Q4NGVkNjU5
NDc2OGIwHhcNMjMwODI5MDcxOTE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDZmNDE1MTEwMDI5MzU0Yjg5ODQ2NTNlNTVmYTY2NjExOGIwZmM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArppo+OC2BAJLc8rshTpK/gezBMX2
mXNKMlukNuv4tWcS2CunPHQ1M8K2HeHLqS83xZecubkVjCQ2YeXMIH95Dq4qYdcD
CeWvuQ7oK6+X1poVNwHFbWtpGkH20WXDgDa1UGXmWFlfwnGz3GSK2yPwf+GOqwk4
nzYTJffS1VKeF4YE/ia0OSqbjIwDNJC9YAFUoXqTEBJUY4izqE75xon0RTMRdd2e
K62a6f5GjPPyKI6tpnH7Vvf4lSdw9lsejYeYL8btKiJSJ9u59njs5EdRP6mmUIRj
BX6xQJEe/CDE0WMmg3vougdOOV2aFx4IIyu8frv1HuT+wOypuLLYI2gZwwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFPBvQVEQApNUuJhGU+VfpmYRiw/JMB8GA1UdIwQY
MBaAFJOiKeJmslWImfNUfuY9hO1llHaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYt
NGQ3NzdjYWNkOWE0LzEvOEc5QlVSQUNrMVM0bUVaVDVWLW1aaEdMRDhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9jNDA3M2EtOTIzYi00ZWNmLTk1NjYtNGQ3NzdjYWNkOWE0
LzEvazZJcDRtYXlWWWlaODFSLTVqMkU3V1dVZG9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjA+BAIAATA4AwQBLVjIAwQA
uQ5hAwQCuX2oAwQCubU8MAwDBAO589gDBAC589oDBADCIGsDBADDEEkDBADGjI0w
FAQCAAIwDgMFAioDlOADBQAqCs2AMA0GCSqGSIb3DQEBCwUAA4IBAQBJ84XMoc9A
ACovCYKfAEkxwoqm4yKApIpTqNG4yJ0Mwe0d/jtYI4txXa5gMsRzx3VRdTwsw58A
N/5vhzfVEDhVjOJa69ZE1spxyUy7mkQ4fLEqiUDEw/VX9Ekus2eO6BgnwFRoG2EE
FMJWDxezGRREBajol16Wn/m3oGHlQBkXHYSiRbES5pQ7OcntEIKKA5FDlC+V+piP
GckmQs2VV+YoOixKYWHia7CyZxAYt+IQTDBT4+GZkFbm6b69WnIxmU9qImTkL1Cq
zrlXb3dPhoINt4qsmv7+Qple2t437aXBWcgGyfxDQ+crvtuBsRWuPUeACu2Z+7XZ
xZcDaI7OcR26
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:21 2024 by rpki-client on console-fra.rpki-client.org