Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/ctgTaRaKXkL4p2KhLbSjaABFBiA.roa
File:                     ctgTaRaKXkL4p2KhLbSjaABFBiA.roa (raw, json)
Hash identifier:          deqE3Ds/PMWXkBE++wuL0RQ7dwF0mtWfBa2I0Q0jKmY=
Subject key identifier:   72:D8:13:69:16:8A:5E:42:F8:A7:62:A1:2D:B4:A3:68:00:45:06:20
Certificate issuer:       /CN=cd68f7a391b7b1649ed4903482d3e931ed34e3d8
Certificate serial:       018570DE2C320A7FE1EC401BAEE2122EEE1B
Authority key identifier: CD:68:F7:A3:91:B7:B1:64:9E:D4:90:34:82:D3:E9:31:ED:34:E3:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zWj3o5G3sWSe1JA0gtPpMe0049g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/ctgTaRaKXkL4p2KhLbSjaABFBiA.roa
Signing time:             Mon 02 Jan 2023 05:04:46 +0000
ROA not before:           Mon 02 Jan 2023 05:04:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59491
IP address blocks:        91.238.134.0/23 maxlen: 23
                          31.6.70.0/23 maxlen: 23
                          31.6.68.0/23 maxlen: 23
                          178.19.96.0/24 maxlen: 24
                          178.19.99.0/24 maxlen: 24
                          178.19.104.0/21 maxlen: 21
                          212.59.229.0/24 maxlen: 24
                          212.59.240.0/23 maxlen: 23
                          212.59.243.0/24 maxlen: 24
                          212.59.244.0/22 maxlen: 22
                          91.188.125.0/24 maxlen: 24
                          185.24.216.0/24 maxlen: 24
                          185.24.218.0/23 maxlen: 23
                          2a02:2430:5::/48 maxlen: 48
                          2a02:2430:40::/42 maxlen: 42
                          2a02:2430:3::/48 maxlen: 48
                          2a02:2430:7::/48 maxlen: 48
                          2a02:2430:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:de:2c:32:0a:7f:e1:ec:40:1b:ae:e2:12:2e:ee:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd68f7a391b7b1649ed4903482d3e931ed34e3d8
        Validity
            Not Before: Jan  2 05:04:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72d81369168a5e42f8a762a12db4a36800450620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:21:7a:f4:1f:b9:3b:8b:56:08:35:07:6e:c8:
                    e7:f3:bb:7e:c2:2a:52:b4:92:f0:b9:9f:42:31:c1:
                    c4:b6:66:11:db:9c:6e:23:d1:61:8b:a3:bc:fe:c9:
                    5a:0b:f2:4a:04:9c:c8:7c:45:99:d2:d0:ed:f0:49:
                    a1:b3:91:ad:18:49:f9:09:4e:48:3b:23:21:fb:af:
                    c1:e5:94:16:e0:c2:07:2a:a5:0d:9b:87:ef:ed:33:
                    d1:7b:41:9d:7f:a1:b7:cf:90:31:47:1f:ce:2b:9a:
                    31:91:ee:aa:f9:4d:b4:f8:f3:f5:fa:17:c6:14:bd:
                    c3:15:06:8e:f7:1d:e4:c3:81:7e:51:56:94:b4:0c:
                    05:23:87:16:cd:6f:2b:bb:3e:02:5e:67:9a:7a:4d:
                    6c:ef:bf:66:66:84:ad:9c:bb:e2:2c:c8:f5:1a:7f:
                    68:f8:5e:98:c1:8d:85:33:8e:fa:3a:c6:d2:53:cb:
                    19:ab:97:28:d6:c1:81:e8:6c:e3:90:8c:b3:73:6b:
                    2d:c3:92:ec:dd:46:6e:04:ca:a5:d7:19:37:32:be:
                    8b:7c:91:5f:fa:3e:89:ca:df:c6:29:1c:e7:f3:75:
                    d6:ad:97:be:dd:86:00:df:64:c7:75:52:a7:27:2e:
                    57:ea:80:27:e7:32:7b:ec:16:30:98:f6:6d:f6:16:
                    f0:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:D8:13:69:16:8A:5E:42:F8:A7:62:A1:2D:B4:A3:68:00:45:06:20
            X509v3 Authority Key Identifier:
                keyid:CD:68:F7:A3:91:B7:B1:64:9E:D4:90:34:82:D3:E9:31:ED:34:E3:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWj3o5G3sWSe1JA0gtPpMe0049g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/ctgTaRaKXkL4p2KhLbSjaABFBiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/zWj3o5G3sWSe1JA0gtPpMe0049g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.6.68.0/22
                  91.188.125.0/24
                  91.238.134.0/23
                  178.19.96.0/24
                  178.19.99.0/24
                  178.19.104.0/21
                  185.24.216.0/24
                  185.24.218.0/23
                  212.59.229.0/24
                  212.59.240.0/23
                  212.59.243.0-212.59.247.255
                IPv6:
                  2a02:2430:3::/48
                  2a02:2430:5::-2a02:2430:7:ffff:ffff:ffff:ffff:ffff
                  2a02:2430:40::/42

    Signature Algorithm: sha256WithRSAEncryption
         78:64:f6:de:07:e4:a3:b4:60:7e:28:cc:2b:38:10:29:7b:f0:
         ef:a4:c4:c1:e9:e3:fb:d3:c7:9c:f6:b5:61:4e:c8:c3:4d:29:
         47:31:f4:ae:d0:26:5e:b9:43:77:5c:13:2b:3c:ef:77:ab:e1:
         57:61:c1:07:13:d7:6e:24:ce:c1:a0:3d:84:f2:ea:7c:14:84:
         e6:fc:c2:cf:a5:bf:02:77:7b:91:20:48:23:cd:fb:7e:c9:4a:
         e2:0a:d9:17:41:94:00:ad:63:c0:d8:c4:ec:bb:f4:07:37:38:
         c4:0c:84:13:d9:b2:de:7f:36:11:76:ad:49:3d:cb:7f:b4:d5:
         f5:59:81:31:7e:4a:c2:a0:4a:30:25:92:74:7f:c2:88:51:e3:
         0c:05:c2:6f:2a:98:21:90:2d:56:77:51:13:3d:ba:7e:cb:ca:
         88:5f:33:63:ab:8a:21:8d:9b:26:9a:17:b0:b0:19:df:05:f1:
         d3:96:48:59:0f:2e:8d:1c:72:da:82:56:37:bf:89:6f:e8:c9:
         16:47:02:4c:8e:5a:39:a6:a1:fc:f9:cf:3f:ed:69:64:38:a3:
         b5:21:d7:f9:25:b6:d9:c4:bd:cd:e6:37:e5:ce:dc:21:65:54:
         2e:10:d2:0d:12:72:62:20:05:7e:98:b2:df:08:2e:32:63:75:
         46:2f:3e:6f
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYVw3iwyCn/h7EAbruISLu4bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjhmN2EzOTFiN2IxNjQ5ZWQ0OTAzNDgyZDNlOTMxZWQz
NGUzZDgwHhcNMjMwMTAyMDUwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmQ4MTM2OTE2OGE1ZTQyZjhhNzYyYTEyZGI0YTM2ODAwNDUwNjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSF69B+5O4tWCDUHbsjn87t+wipS
tJLwuZ9CMcHEtmYR25xuI9Fhi6O8/slaC/JKBJzIfEWZ0tDt8Emhs5GtGEn5CU5I
OyMh+6/B5ZQW4MIHKqUNm4fv7TPRe0Gdf6G3z5AxRx/OK5oxke6q+U20+PP1+hfG
FL3DFQaO9x3kw4F+UVaUtAwFI4cWzW8ruz4CXmeaek1s779mZoStnLviLMj1Gn9o
+F6YwY2FM476OsbSU8sZq5co1sGB6GzjkIyzc2stw5Ls3UZuBMql1xk3Mr6LfJFf
+j6Jyt/GKRzn83XWrZe+3YYA32THdVKnJy5X6oAn5zJ77BYwmPZt9hbwPwIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFHLYE2kWil5C+KdioS20o2gARQYgMB8GA1UdIwQY
MBaAFM1o96ORt7FkntSQNILT6THtNOPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldqM281RzNzV1NlMUpBMGd0UHBNZTAwNDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84YjA1YmYtMzNmMS00YjViLTg4YTQt
MTY3M2FkOGM0MDEyLzEvY3RnVGFSYUtYa0w0cDJLaExiU2phQUJGQmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84YjA1YmYtMzNmMS00YjViLTg4YTQtMTY3M2FkOGM0MDEy
LzEveldqM281RzNzV1NlMUpBMGd0UHBNZTAwNDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDBQBAIAATBKAwQCHwZE
AwQAW7x9AwQBW+6GAwQAshNgAwQAshNjAwQDshNoAwQAuRjYAwQBuRjaAwQA1Dvl
AwQB1DvwMAwDBADUO/MDBAPUO/AwLAQCAAIwJgMHACoCJDAAAzASAwcAKgIkMAAF
AwcDKgIkMAAAAwcGKgIkMABAMA0GCSqGSIb3DQEBCwUAA4IBAQB4ZPbeB+SjtGB+
KMwrOBApe/DvpMTB6eP708ec9rVhTsjDTSlHMfSu0CZeuUN3XBMrPO93q+FXYcEH
E9duJM7BoD2E8up8FITm/MLPpb8Cd3uRIEgjzft+yUriCtkXQZQArWPA2MTsu/QH
NzjEDIQT2bLefzYRdq1JPct/tNX1WYExfkrCoEowJZJ0f8KIUeMMBcJvKpghkC1W
d1ETPbp+y8qIXzNjq4ohjZsmmhewsBnfBfHTlkhZDy6NHHLaglY3v4lv6MkWRwJM
jlo5pqH8+c8/7WlkOKO1Idf5JbbZxL3N5jflztwhZVQuENINEnJiIAV+mLLfCC4y
Y3VGLz5v
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:23 2024 by rpki-client on console-ams.rpki-client.org