Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/3iVko2RgkPXQUpQpX0jHVVNXeqw.roa
File:                     3iVko2RgkPXQUpQpX0jHVVNXeqw.roa (raw, json)
Hash identifier:          Gk7ODfaL8pMxxAVWNhobhvtg/VwZGlhdxfaQrwfgrSA=
Subject key identifier:   DE:25:64:A3:64:60:90:F5:D0:52:94:29:5F:48:C7:55:53:57:7A:AC
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018AC50730C7195D0DE1E8B3FAE8F033F6C2
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/3iVko2RgkPXQUpQpX0jHVVNXeqw.roa
Signing time:             Sun 24 Sep 2023 02:31:37 +0000
ROA not before:           Sun 24 Sep 2023 02:31:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     201106
IP address blocks:        194.124.218.0/23 maxlen: 32
                          178.22.30.0/24 maxlen: 32
                          194.124.224.0/23 maxlen: 32
                          45.142.156.0/24 maxlen: 32
                          45.142.157.0/24 maxlen: 32
                          45.142.158.0/23 maxlen: 32
                          194.147.98.0/23 maxlen: 32
                          194.147.100.0/23 maxlen: 32
                          45.150.226.0/23 maxlen: 32
                          193.218.200.0/23 maxlen: 32
                          45.154.212.0/22 maxlen: 32
                          45.150.164.0/22 maxlen: 32
                          193.221.94.0/23 maxlen: 32
                          45.151.132.0/22 maxlen: 32
                          45.145.74.0/23 maxlen: 32
                          45.145.72.0/23 maxlen: 32
                          2a0e:da40:4000::/34 maxlen: 128

Validation:               Failed, certificate revoked on Thu 28 Sep 2023 21:27:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:c5:07:30:c7:19:5d:0d:e1:e8:b3:fa:e8:f0:33:f6:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Sep 24 02:31:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=de2564a3646090f5d05294295f48c75553577aac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:f7:f5:1a:e2:02:e0:0a:62:3b:e5:13:2d:ee:
                    18:35:0b:b5:6f:a3:bf:43:4a:67:d3:a1:11:3c:5f:
                    55:bf:f5:12:91:4d:39:1a:f8:bc:92:77:93:4c:72:
                    d2:1f:2f:80:af:0f:ae:35:7c:c5:55:af:93:a9:2f:
                    2c:6a:0f:58:48:22:13:ca:6b:bb:69:c7:29:a5:44:
                    00:49:4c:71:b1:84:3a:72:44:b8:66:5b:d6:96:65:
                    94:ec:6d:05:16:c5:cc:75:b3:c0:2f:89:27:b7:bc:
                    5c:28:72:f6:c0:2d:03:37:ae:d7:9e:ec:e9:a0:be:
                    bd:f9:6e:5a:6f:05:95:84:3b:80:e8:78:e7:51:73:
                    48:e4:64:e6:d0:f3:45:ce:32:fd:c1:9a:5a:ec:cf:
                    79:ca:ba:a3:08:35:a8:c1:dd:a4:1a:f8:e7:3c:fe:
                    e4:ca:b1:95:a1:8e:6f:e7:14:4c:5c:18:be:ef:24:
                    ee:36:e9:4d:fa:22:8f:30:2d:53:17:f4:e9:e5:61:
                    9f:ae:9b:cc:4b:42:c8:62:83:68:af:e5:dc:a3:65:
                    67:86:ff:1f:be:53:77:01:24:b9:bd:52:9f:e8:30:
                    22:52:ef:bc:c1:02:ee:52:2a:74:1a:f2:3e:05:91:
                    31:ab:87:0a:0b:72:25:6e:8b:b8:14:28:01:99:0f:
                    78:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:25:64:A3:64:60:90:F5:D0:52:94:29:5F:48:C7:55:53:57:7A:AC
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/3iVko2RgkPXQUpQpX0jHVVNXeqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.156.0/22
                  45.145.72.0/22
                  45.150.164.0/22
                  45.150.226.0/23
                  45.151.132.0/22
                  45.154.212.0/22
                  178.22.30.0/24
                  193.218.200.0/23
                  193.221.94.0/23
                  194.124.218.0/23
                  194.124.224.0/23
                  194.147.98.0-194.147.101.255
                IPv6:
                  2a0e:da40:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         9c:4e:cf:3f:a7:bf:4d:23:05:41:cd:fd:64:39:f8:3e:9b:d8:
         ea:f6:8f:a4:12:b5:cd:a4:e6:7c:03:a2:8d:6e:d9:46:9d:60:
         a5:2e:09:a5:f8:3e:2e:0c:4b:03:7a:11:19:60:93:b2:73:82:
         a1:36:8c:11:fc:bc:ee:18:28:f8:b1:56:86:6e:0a:da:0e:99:
         11:43:6b:0b:7d:a1:79:31:93:21:ea:e5:ae:4f:ed:bd:f9:02:
         df:ed:23:d9:ae:7e:05:21:66:32:e3:ca:c9:c9:27:03:2c:77:
         96:3c:46:b1:47:44:cd:f2:86:51:8b:e1:3e:54:6b:ca:bd:33:
         a4:0c:5a:80:5e:47:c3:b6:0e:0a:b1:5f:85:b2:bd:72:50:a4:
         b4:b8:62:ca:3d:0b:52:b3:e3:1d:a8:21:72:a0:f9:9b:67:d3:
         0f:bd:58:ee:57:70:51:63:7c:09:5c:87:e8:e7:da:27:cb:4e:
         78:44:13:28:e9:c8:ed:ba:04:87:81:9c:37:fe:79:23:bb:2f:
         0b:5e:f4:48:28:f1:1d:9c:88:eb:1d:83:1e:67:24:95:df:7e:
         93:75:98:17:d4:a9:86:6b:df:64:76:6a:d9:b6:71:ea:08:84:
         f0:e9:e7:32:64:b1:a3:e8:7d:0c:6e:78:52:cf:e9:56:02:23:
         1e:4a:07:aa
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYrFBzDHGV0N4eiz+ujwM/bCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjMwOTI0MDIzMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTI1NjRhMzY0NjA5MGY1ZDA1Mjk0Mjk1ZjQ4Yzc1NTUzNTc3YWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvf1GuIC4ApiO+UTLe4YNQu1b6O/
Q0pn06ERPF9Vv/USkU05Gvi8kneTTHLSHy+Arw+uNXzFVa+TqS8sag9YSCITymu7
accppUQASUxxsYQ6ckS4ZlvWlmWU7G0FFsXMdbPAL4knt7xcKHL2wC0DN67Xnuzp
oL69+W5abwWVhDuA6HjnUXNI5GTm0PNFzjL9wZpa7M95yrqjCDWowd2kGvjnPP7k
yrGVoY5v5xRMXBi+7yTuNulN+iKPMC1TF/Tp5WGfrpvMS0LIYoNor+Xco2Vnhv8f
vlN3ASS5vVKf6DAiUu+8wQLuUip0GvI+BZExq4cKC3Ilbou4FCgBmQ94VQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFN4lZKNkYJD10FKUKV9Ix1VTV3qsMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvM2lWa28yUmdrUFhRVXBRcFgwakhWVk5YZXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBWBAIAATBQAwQCLY6cAwQC
LZFIAwQCLZakAwQBLZbiAwQCLZeEAwQCLZrUAwQAshYeAwQBwdrIAwQBwd1eAwQB
wnzaAwQBwnzgMAwDBAHCk2IDBAHCk2QwDgQCAAIwCAMGBioO2kBAMA0GCSqGSIb3
DQEBCwUAA4IBAQCcTs8/p79NIwVBzf1kOfg+m9jq9o+kErXNpOZ8A6KNbtlGnWCl
Lgml+D4uDEsDehEZYJOyc4KhNowR/LzuGCj4sVaGbgraDpkRQ2sLfaF5MZMh6uWu
T+29+QLf7SPZrn4FIWYy48rJyScDLHeWPEaxR0TN8oZRi+E+VGvKvTOkDFqAXkfD
tg4KsV+Fsr1yUKS0uGLKPQtSs+MdqCFyoPmbZ9MPvVjuV3BRY3wJXIfo59ony054
RBMo6cjtugSHgZw3/nkjuy8LXvRIKPEdnIjrHYMeZySV336TdZgX1KmGa99kdmrZ
tnHqCITw6ecyZLGj6H0MbnhSz+lWAiMeSgeq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:57 2024 by rpki-client on console-fra.rpki-client.org