Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/GUK1y1WJbZg_vUDVShWEEotKaWc.roa
File:                     GUK1y1WJbZg_vUDVShWEEotKaWc.roa (raw, json)
Hash identifier:          UXyDEdo3dVcHzsZAXJFu5XJmWSiOFWGpsmQaOM7N9yw=
Subject key identifier:   19:42:B5:CB:55:89:6D:98:3F:BD:40:D5:4A:15:84:12:8B:4A:69:67
Certificate issuer:       /CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
Certificate serial:       01856CE6067B4CBE1E04C6C6DB4014A76EB9
Authority key identifier: 34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/GUK1y1WJbZg_vUDVShWEEotKaWc.roa
Signing time:             Sun 01 Jan 2023 10:34:52 +0000
ROA not before:           Sun 01 Jan 2023 10:34:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15734
IP address blocks:        217.15.42.0/24 maxlen: 24
                          217.15.46.0/24 maxlen: 24
                          88.84.64.0/19 maxlen: 24
                          88.84.80.0/24 maxlen: 24
                          88.84.82.0/24 maxlen: 24
                          88.84.93.0/24 maxlen: 24
                          88.84.92.0/24 maxlen: 24
                          185.117.178.0/24 maxlen: 24
                          185.117.179.0/24 maxlen: 24
                          185.117.176.0/24 maxlen: 24
                          217.15.32.0/20 maxlen: 24
                          217.149.144.0/20 maxlen: 24
                          95.142.0.0/20 maxlen: 24
                          95.142.3.0/24 maxlen: 24
                          217.149.148.0/22 maxlen: 24
                          95.142.8.0/24 maxlen: 24
                          95.142.10.0/24 maxlen: 24
                          217.149.157.0/24 maxlen: 24
                          217.149.156.0/24 maxlen: 24
                          95.142.13.0/24 maxlen: 24
                          2a02:2068::/29 maxlen: 48

Validation:               Failed, certificate revoked on Fri 22 Sep 2023 14:56:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:e6:06:7b:4c:be:1e:04:c6:c6:db:40:14:a7:6e:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34f47b73ee8fbedd25f41b3b17b2be08f5bf6563
        Validity
            Not Before: Jan  1 10:34:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1942b5cb55896d983fbd40d54a1584128b4a6967
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:54:f9:a1:fc:ba:09:54:51:ee:9d:5a:70:9c:
                    a5:e0:8e:63:7c:0d:5f:c6:ba:01:42:b4:0d:27:42:
                    6b:53:2a:84:aa:6e:37:e3:59:6f:3c:2f:90:65:6b:
                    9e:33:2f:e3:fc:ea:49:24:18:7d:fb:14:85:48:1c:
                    48:78:48:e0:46:74:e3:e1:78:dc:58:d5:f4:75:2d:
                    d5:85:97:d0:c7:43:8a:38:36:b7:5e:f7:52:e6:c8:
                    df:ef:b7:17:8a:f9:bd:b5:2d:ee:30:35:37:59:62:
                    62:be:0b:3e:bf:4f:37:e4:b6:ee:76:5a:f6:48:04:
                    d3:15:c5:4c:9b:34:61:fb:83:62:90:ae:3a:b2:0d:
                    0d:45:3c:a6:e2:e6:26:4c:76:53:13:5d:3e:24:5f:
                    82:b5:8e:8f:70:61:7f:45:20:7b:4b:75:44:c1:7c:
                    8a:2e:95:9d:9c:f4:10:ab:d8:a7:9e:ee:c2:b6:9b:
                    f3:9d:fa:32:39:a1:02:52:fc:4d:17:c6:f9:9e:1e:
                    80:f2:cb:fb:ba:df:4c:62:b9:93:d4:95:9d:08:5a:
                    16:18:d8:09:53:fc:6b:7f:2e:32:3a:50:10:ca:ca:
                    ae:05:90:ff:fd:60:18:26:3c:26:2f:3f:ce:5b:d7:
                    c1:1e:65:8d:8a:d9:ef:85:70:44:01:02:ab:6c:97:
                    3b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:42:B5:CB:55:89:6D:98:3F:BD:40:D5:4A:15:84:12:8B:4A:69:67
            X509v3 Authority Key Identifier:
                keyid:34:F4:7B:73:EE:8F:BE:DD:25:F4:1B:3B:17:B2:BE:08:F5:BF:65:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/GUK1y1WJbZg_vUDVShWEEotKaWc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/0fc5c9-4ec6-4df6-82c4-d87e4047f853/1/NPR7c-6Pvt0l9Bs7F7K-CPW_ZWM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.84.64.0/19
                  95.142.0.0/20
                  185.117.176.0/24
                  185.117.178.0/23
                  217.15.32.0/20
                  217.149.144.0/20
                IPv6:
                  2a02:2068::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:10:c4:73:85:ad:78:b5:5c:6e:84:27:74:1e:46:06:6a:a3:
         c1:fd:c5:f3:f9:30:91:a1:9f:6b:78:3d:4f:84:67:dc:91:a9:
         8a:5a:af:21:98:2f:25:60:5c:d2:f2:d7:46:47:cf:f7:a1:d2:
         4b:c3:b1:ba:f9:c9:9c:91:45:dc:73:3e:76:fa:75:f2:9c:fa:
         e0:89:1f:a0:de:5f:e0:55:b9:0e:10:a1:b5:29:a6:66:a2:6c:
         b9:1b:22:61:90:92:a6:63:97:6c:77:5f:33:b0:0e:6e:12:b3:
         55:3c:2a:89:fe:0f:bd:9d:56:74:85:c5:0d:50:10:19:01:95:
         0e:23:85:c4:85:70:e2:04:b9:14:13:45:90:f2:72:eb:e6:82:
         76:aa:4d:86:eb:c9:01:a5:57:11:9a:c0:40:ea:a3:a4:40:71:
         b4:41:4b:24:6b:61:2e:02:62:a2:72:3d:aa:6a:1d:ac:f5:4a:
         ba:8d:16:03:42:1b:19:11:3e:11:84:55:e4:41:48:69:bb:6d:
         58:dd:65:04:d9:e2:7c:50:fb:db:24:56:70:0a:4c:3c:37:62:
         5b:4f:f1:01:a1:23:9e:8d:d5:a4:6c:3e:b1:ab:dc:77:96:d2:
         c1:40:03:aa:3b:14:ea:98:3c:60:c0:7b:7a:2d:cd:dc:5a:dd:
         c3:33:63:ce
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVs5gZ7TL4eBMbG20AUp265MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZjQ3YjczZWU4ZmJlZGQyNWY0MWIzYjE3YjJiZTA4ZjVi
ZjY1NjMwHhcNMjMwMTAxMTAzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTQyYjVjYjU1ODk2ZDk4M2ZiZDQwZDU0YTE1ODQxMjhiNGE2OTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAllT5ofy6CVRR7p1acJyl4I5jfA1f
xroBQrQNJ0JrUyqEqm4341lvPC+QZWueMy/j/OpJJBh9+xSFSBxIeEjgRnTj4Xjc
WNX0dS3VhZfQx0OKODa3XvdS5sjf77cXivm9tS3uMDU3WWJivgs+v0835Lbudlr2
SATTFcVMmzRh+4NikK46sg0NRTym4uYmTHZTE10+JF+CtY6PcGF/RSB7S3VEwXyK
LpWdnPQQq9innu7CtpvznfoyOaECUvxNF8b5nh6A8sv7ut9MYrmT1JWdCFoWGNgJ
U/xrfy4yOlAQysquBZD//WAYJjwmLz/OW9fBHmWNitnvhXBEAQKrbJc7sQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBlCtctViW2YP71A1UoVhBKLSmlnMB8GA1UdIwQY
MBaAFDT0e3Puj77dJfQbOxeyvgj1v2VjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlBSN2MtNlB2dDBsOUJzN0Y3Sy1DUFdfWldNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wZmM1YzktNGVjNi00ZGY2LTgyYzQt
ZDg3ZTQwNDdmODUzLzEvR1VLMXkxV0piWmdfdlVEVlNoV0VFb3RLYVdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wZmM1YzktNGVjNi00ZGY2LTgyYzQtZDg3ZTQwNDdmODUz
LzEvTlBSN2MtNlB2dDBsOUJzN0Y3Sy1DUFdfWldNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFWFRAAwQE
X44AAwQAuXWwAwQBuXWyAwQE2Q8gAwQE2ZWQMA0EAgACMAcDBQMqAiBoMA0GCSqG
SIb3DQEBCwUAA4IBAQA+EMRzha14tVxuhCd0HkYGaqPB/cXz+TCRoZ9reD1PhGfc
kamKWq8hmC8lYFzS8tdGR8/3odJLw7G6+cmckUXccz52+nXynPrgiR+g3l/gVbkO
EKG1KaZmomy5GyJhkJKmY5dsd18zsA5uErNVPCqJ/g+9nVZ0hcUNUBAZAZUOI4XE
hXDiBLkUE0WQ8nLr5oJ2qk2G68kBpVcRmsBA6qOkQHG0QUska2EuAmKicj2qah2s
9Uq6jRYDQhsZET4RhFXkQUhpu21Y3WUE2eJ8UPvbJFZwCkw8N2JbT/EBoSOejdWk
bD6xq9x3ltLBQAOqOxTqmDxgwHt6Lc3cWt3DM2PO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:34 2024 by rpki-client on console-ams.rpki-client.org