Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/ed51ec-78e6-4ff0-ba58-076c88b8802f/1/KydU0qNnQAwvF6l1UnssyAsCc0g.roa
File:                     KydU0qNnQAwvF6l1UnssyAsCc0g.roa (raw, json)
Hash identifier:          rbBoLoKyaJgX9Zq+ZISu0fSVI8l57CBo3iUgSL3YB4o=
Subject key identifier:   2B:27:54:D2:A3:67:40:0C:2F:17:A9:75:52:7B:2C:C8:0B:02:73:48
Certificate issuer:       /CN=65df379faaf210a7036dac05de6b5772dbe4dd6c
Certificate serial:       01856D8ACCC78EC452BAD07934D564CAD6CB
Authority key identifier: 65:DF:37:9F:AA:F2:10:A7:03:6D:AC:05:DE:6B:57:72:DB:E4:DD:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zd83n6ryEKcDbawF3mtXctvk3Ww.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/ed51ec-78e6-4ff0-ba58-076c88b8802f/1/KydU0qNnQAwvF6l1UnssyAsCc0g.roa
Signing time:             Sun 01 Jan 2023 13:34:51 +0000
ROA not before:           Sun 01 Jan 2023 13:34:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201838
IP address blocks:        89.45.176.0/20 maxlen: 20
                          89.36.112.0/20 maxlen: 20
                          188.212.122.0/23 maxlen: 23
                          93.113.26.0/23 maxlen: 23
                          188.215.16.0/23 maxlen: 23
                          79.171.154.0/23 maxlen: 23
                          79.171.153.0/24 maxlen: 24
                          79.171.156.0/22 maxlen: 22
                          94.177.138.0/23 maxlen: 23
                          147.12.128.0/17 maxlen: 17
                          46.102.171.0/24 maxlen: 24
                          46.102.170.0/24 maxlen: 24
                          46.102.170.0/23 maxlen: 23
                          94.176.208.0/23 maxlen: 23
                          185.59.124.0/22 maxlen: 22
                          212.132.192.0/18 maxlen: 18
                          188.215.74.0/23 maxlen: 23
                          188.241.106.0/23 maxlen: 23
                          94.247.86.0/23 maxlen: 23
                          2a02:6b60::/28 maxlen: 28
                          2a02:6b60::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 25 Apr 2023 10:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6d:8a:cc:c7:8e:c4:52:ba:d0:79:34:d5:64:ca:d6:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65df379faaf210a7036dac05de6b5772dbe4dd6c
        Validity
            Not Before: Jan  1 13:34:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2b2754d2a367400c2f17a975527b2cc80b027348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:9e:d8:e6:5d:60:16:df:18:03:7c:08:87:a2:
                    aa:0e:9d:7e:4d:88:e4:d9:91:4e:a0:6f:44:a7:df:
                    df:40:c7:79:d9:07:d4:ca:ea:2e:6b:35:56:e7:82:
                    75:a3:ca:51:cc:51:f6:1a:5d:1e:1a:0f:ee:fd:37:
                    5e:5e:07:fd:4e:44:b7:fd:de:9c:23:3c:93:7d:56:
                    24:92:51:15:9c:8e:04:95:86:69:2f:30:fb:dc:ef:
                    e6:11:4b:60:60:ef:49:cd:a3:63:c0:4c:09:4b:05:
                    9e:84:b3:a2:1c:76:57:81:30:cf:46:7a:59:84:40:
                    5c:7d:e0:65:33:10:72:a5:60:cb:8e:33:01:18:34:
                    a0:e4:30:e8:56:a5:48:61:0f:09:de:94:fc:64:56:
                    9d:e0:60:d7:4a:09:2d:d2:94:d5:26:da:e2:7d:e1:
                    aa:71:2e:60:76:ae:14:b0:00:38:54:5f:96:f5:11:
                    1f:5f:1c:92:ae:2a:1e:3b:20:6c:e1:95:02:81:c9:
                    69:9d:e0:2e:35:bf:60:3d:b3:19:69:97:e5:9d:c4:
                    71:1f:82:95:2b:1c:c7:ba:c8:6d:e6:30:fa:a6:24:
                    2e:c3:5f:62:b9:e1:d5:17:b7:1b:76:e2:4f:b3:19:
                    93:9c:17:89:c5:66:56:9a:1a:c7:f7:d6:01:6e:25:
                    2e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:27:54:D2:A3:67:40:0C:2F:17:A9:75:52:7B:2C:C8:0B:02:73:48
            X509v3 Authority Key Identifier:
                keyid:65:DF:37:9F:AA:F2:10:A7:03:6D:AC:05:DE:6B:57:72:DB:E4:DD:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zd83n6ryEKcDbawF3mtXctvk3Ww.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ed51ec-78e6-4ff0-ba58-076c88b8802f/1/KydU0qNnQAwvF6l1UnssyAsCc0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/ed51ec-78e6-4ff0-ba58-076c88b8802f/1/Zd83n6ryEKcDbawF3mtXctvk3Ww.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.170.0/23
                  79.171.153.0-79.171.159.255
                  89.36.112.0/20
                  89.45.176.0/20
                  93.113.26.0/23
                  94.176.208.0/23
                  94.177.138.0/23
                  94.247.86.0/23
                  147.12.128.0/17
                  185.59.124.0/22
                  188.212.122.0/23
                  188.215.16.0/23
                  188.215.74.0/23
                  188.241.106.0/23
                  212.132.192.0/18
                IPv6:
                  2a02:6b60::/28

    Signature Algorithm: sha256WithRSAEncryption
         1e:26:a2:ed:25:a9:84:f6:f6:f4:4d:0f:b7:5a:df:aa:34:47:
         7a:5c:39:e9:5b:92:23:1d:fa:b2:c7:5b:71:95:2a:de:81:15:
         08:e3:b1:7e:af:24:db:62:dd:98:1a:b0:3a:40:f0:70:34:e4:
         8a:2e:57:b1:34:74:ee:28:1c:03:62:82:1a:e9:7f:0b:8e:74:
         e6:e1:d9:fa:c3:7d:f4:1c:24:92:76:c7:e8:9a:82:0f:91:5f:
         67:6e:21:a5:6c:10:f0:79:f9:d6:6a:ee:89:07:f6:b5:5b:f0:
         68:56:08:fb:d5:55:72:65:67:d9:b6:e5:58:e9:73:fa:72:29:
         86:39:29:5c:45:55:37:b9:aa:10:56:72:46:c0:9d:0a:8c:c6:
         e3:5f:ec:84:6d:90:e5:97:49:e4:3c:93:99:ab:65:d4:15:10:
         7f:93:ea:ce:6b:30:55:10:32:7c:24:88:92:9f:21:60:5b:6b:
         9d:18:f2:a0:4b:ee:98:59:93:98:8e:0d:16:02:54:a9:cf:78:
         ca:25:fb:5b:0a:26:e5:7a:52:91:3e:37:b7:93:d2:b5:e2:d0:
         0f:b2:f1:90:7c:5f:ba:00:dc:ee:bd:0b:07:07:42:09:c0:45:
         bf:7d:ee:9f:04:b4:d7:a2:ad:54:ef:79:6f:27:aa:04:44:de:
         0a:64:1b:25
-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISAYVtiszHjsRSutB5NNVkytbLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZGYzNzlmYWFmMjEwYTcwMzZkYWMwNWRlNmI1NzcyZGJl
NGRkNmMwHhcNMjMwMTAxMTMzNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjI3NTRkMmEzNjc0MDBjMmYxN2E5NzU1MjdiMmNjODBiMDI3MzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjp7Y5l1gFt8YA3wIh6KqDp1+TYjk
2ZFOoG9Ep9/fQMd52QfUyuouazVW54J1o8pRzFH2Gl0eGg/u/TdeXgf9TkS3/d6c
IzyTfVYkklEVnI4ElYZpLzD73O/mEUtgYO9JzaNjwEwJSwWehLOiHHZXgTDPRnpZ
hEBcfeBlMxBypWDLjjMBGDSg5DDoVqVIYQ8J3pT8ZFad4GDXSgkt0pTVJtrifeGq
cS5gdq4UsAA4VF+W9REfXxySrioeOyBs4ZUCgclpneAuNb9gPbMZaZflncRxH4KV
KxzHusht5jD6piQuw19iueHVF7cbduJPsxmTnBeJxWZWmhrH99YBbiUutQIDAQAB
o4ICdTCCAnEwHQYDVR0OBBYEFCsnVNKjZ0AMLxepdVJ7LMgLAnNIMB8GA1UdIwQY
MBaAFGXfN5+q8hCnA22sBd5rV3Lb5N1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmQ4M242cnlFS2NEYmF3RjNtdFhjdHZrM1d3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9lZDUxZWMtNzhlNi00ZmYwLWJhNTgt
MDc2Yzg4Yjg4MDJmLzEvS3lkVTBxTm5RQXd2RjZsMVVuc3N5QXNDYzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9lZDUxZWMtNzhlNi00ZmYwLWJhNTgtMDc2Yzg4Yjg4MDJm
LzEvWmQ4M242cnlFS2NEYmF3RjNtdFhjdHZrM1d3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGKBggrBgEFBQcBBwEB/wR7MHkwaAQCAAEwYgMEAS5mqjAM
AwQAT6uZAwQFT6uAAwQEWSRwAwQEWS2wAwQBXXEaAwQBXrDQAwQBXrGKAwQBXvdW
AwQHkwyAAwQCuTt8AwQBvNR6AwQBvNcQAwQBvNdKAwQBvPFqAwQG1ITAMA0EAgAC
MAcDBQQqAmtgMA0GCSqGSIb3DQEBCwUAA4IBAQAeJqLtJamE9vb0TQ+3Wt+qNEd6
XDnpW5IjHfqyx1txlSregRUI47F+ryTbYt2YGrA6QPBwNOSKLlexNHTuKBwDYoIa
6X8LjnTm4dn6w330HCSSdsfomoIPkV9nbiGlbBDwefnWau6JB/a1W/BoVgj71VVy
ZWfZtuVY6XP6cimGOSlcRVU3uaoQVnJGwJ0KjMbjX+yEbZDll0nkPJOZq2XUFRB/
k+rOazBVEDJ8JIiSnyFgW2udGPKgS+6YWZOYjg0WAlSpz3jKJftbCiblelKRPje3
k9K14tAPsvGQfF+6ANzuvQsHB0IJwEW/fe6fBLTXoq1U73lvJ6oERN4KZBsl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:53 2024 by rpki-client on console-ams.rpki-client.org