Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/XjRrwDt2twb27pK8tkMJ_ywT5wI.roa
File:                     XjRrwDt2twb27pK8tkMJ_ywT5wI.roa (raw, json)
Hash identifier:          lh91ZwVDMBMT9oGn/PkfsNNGfG409B3F4UcUpUB3kLk=
Subject key identifier:   5E:34:6B:C0:3B:76:B7:06:F6:EE:92:BC:B6:43:09:FF:2C:13:E7:02
Certificate issuer:       /CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
Certificate serial:       018CC79566E781A3EA671B6B8F5292DF353B
Authority key identifier: 7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/XjRrwDt2twb27pK8tkMJ_ywT5wI.roa
Signing time:             Tue 02 Jan 2024 00:31:46 +0000
ROA not before:           Tue 02 Jan 2024 00:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41344
IP address blocks:        185.124.176.0/22 maxlen: 22
                          185.124.177.0/24 maxlen: 24
                          31.185.13.0/24 maxlen: 24
                          31.185.12.0/24 maxlen: 24
                          89.249.233.0/24 maxlen: 24
                          89.249.232.0/24 maxlen: 24
                          89.249.231.0/24 maxlen: 24
                          31.185.15.0/24 maxlen: 24
                          31.185.14.0/24 maxlen: 24
                          89.249.235.0/24 maxlen: 24
                          89.249.239.0/24 maxlen: 24
                          89.249.238.0/24 maxlen: 24
                          89.249.237.0/24 maxlen: 24
                          89.249.236.0/24 maxlen: 24
                          31.185.11.0/24 maxlen: 24
                          89.249.226.0/24 maxlen: 24
                          31.185.10.0/24 maxlen: 24
                          31.185.9.0/24 maxlen: 24
                          31.185.8.0/21 maxlen: 21
                          89.249.224.0/20 maxlen: 20
                          31.185.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 24 Jul 2024 09:17:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:66:e7:81:a3:ea:67:1b:6b:8f:52:92:df:35:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bd5997ed075c2298b461225e1060f577b1d7d4d
        Validity
            Not Before: Jan  2 00:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e346bc03b76b706f6ee92bcb64309ff2c13e702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:e0:2b:86:51:e9:f7:6c:c3:d9:71:52:ba:bf:
                    d7:54:b3:91:38:97:32:a2:31:7a:0b:8f:f1:b0:77:
                    23:05:1c:c9:99:06:6e:a4:c0:db:a2:76:48:3a:df:
                    50:43:6f:64:53:a3:c4:4b:3d:4b:90:8e:d7:bd:ca:
                    d1:d5:39:b9:32:82:d9:38:9a:4e:d8:20:1d:40:db:
                    62:37:0a:ae:bc:1a:53:7d:b7:2c:10:5a:1b:e9:c2:
                    80:d7:7e:31:ca:36:b2:5c:d8:14:f8:40:97:77:45:
                    d4:f8:f3:8c:21:0b:80:56:8e:23:0d:9b:bb:56:10:
                    d7:19:3d:d6:92:84:14:37:ef:3c:be:a8:59:2c:f6:
                    97:3c:e7:a7:b9:a5:02:11:97:bc:80:48:ed:6e:9e:
                    10:04:7e:1e:49:39:50:a3:69:9a:77:24:e2:ba:a3:
                    78:be:7e:0c:bd:7d:17:03:80:a1:8b:8a:ec:b1:3a:
                    b0:b9:99:63:f2:55:4c:dd:d8:87:93:d7:03:ce:e1:
                    30:6b:bd:a8:5b:1d:be:c6:6a:bd:50:f1:ab:f7:90:
                    da:05:bc:b0:6e:e0:70:c6:15:08:18:3f:1c:26:35:
                    a2:3c:00:d8:52:19:e6:ef:07:d5:c0:9d:59:22:d7:
                    dc:96:a9:b4:9e:d0:3d:fa:d8:bc:0b:9a:97:82:68:
                    64:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:34:6B:C0:3B:76:B7:06:F6:EE:92:BC:B6:43:09:FF:2C:13:E7:02
            X509v3 Authority Key Identifier:
                keyid:7B:D5:99:7E:D0:75:C2:29:8B:46:12:25:E1:06:0F:57:7B:1D:7D:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9WZftB1wimLRhIl4QYPV3sdfU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/XjRrwDt2twb27pK8tkMJ_ywT5wI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/4d7f40-49ec-4ce2-882e-5ac7f066230b/1/e9WZftB1wimLRhIl4QYPV3sdfU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.8.0/21
                  89.249.224.0/20
                  185.124.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:97:72:46:9b:d4:c1:6e:f1:5b:12:53:0b:a6:00:74:28:6b:
         d7:e6:1c:0a:fc:e1:df:38:a8:c7:3c:f7:81:63:0f:9b:31:2d:
         a5:d7:b9:b1:68:57:99:f3:a2:6e:ad:1b:40:50:57:c5:65:4a:
         cb:9d:83:94:71:5a:de:65:f2:f7:60:53:de:8d:c3:22:11:95:
         4a:91:28:97:57:8e:c7:00:a4:36:b8:6e:12:49:c0:03:04:54:
         9e:0b:a8:bc:a8:24:b3:97:c6:55:e4:48:2d:21:0b:35:d7:1a:
         58:d0:82:b5:d9:8c:33:47:50:45:95:96:8a:fe:be:70:e8:5f:
         94:c5:1e:a9:6d:5e:d6:69:81:40:da:6a:58:4c:dc:71:a8:74:
         b0:ee:ef:83:52:4a:68:76:5d:24:41:02:23:25:f5:41:84:4a:
         ea:05:d2:df:78:1e:d9:ac:32:87:73:3f:ba:23:98:4c:2c:b6:
         71:a5:21:75:93:ef:6f:0b:35:cc:42:09:ce:7b:6c:b8:81:3c:
         b0:46:35:0c:9e:e6:e3:60:b9:33:62:52:c3:d3:c5:6e:64:9c:
         c7:42:f9:ee:ea:47:b0:47:59:52:c6:78:67:76:78:fb:80:61:
         88:f3:ad:eb:be:64:db:fd:9b:55:77:ea:51:52:3b:53:a0:6f:
         87:56:d4:29
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHlWbngaPqZxtrj1KS3zU7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZDU5OTdlZDA3NWMyMjk4YjQ2MTIyNWUxMDYwZjU3N2Ix
ZDdkNGQwHhcNMjQwMTAyMDAzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTM0NmJjMDNiNzZiNzA2ZjZlZTkyYmNiNjQzMDlmZjJjMTNlNzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+ArhlHp92zD2XFSur/XVLOROJcy
ojF6C4/xsHcjBRzJmQZupMDbonZIOt9QQ29kU6PESz1LkI7XvcrR1Tm5MoLZOJpO
2CAdQNtiNwquvBpTfbcsEFob6cKA134xyjayXNgU+ECXd0XU+POMIQuAVo4jDZu7
VhDXGT3WkoQUN+88vqhZLPaXPOenuaUCEZe8gEjtbp4QBH4eSTlQo2madyTiuqN4
vn4MvX0XA4Chi4rssTqwuZlj8lVM3diHk9cDzuEwa72oWx2+xmq9UPGr95DaBbyw
buBwxhUIGD8cJjWiPADYUhnm7wfVwJ1ZItfclqm0ntA9+ti8C5qXgmhkTQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF40a8A7drcG9u6SvLZDCf8sE+cCMB8GA1UdIwQY
MBaAFHvVmX7QdcIpi0YSJeEGD1d7HX1NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUt
NWFjN2YwNjYyMzBiLzEvWGpScndEdDJ0d2IyN3BLOHRrTUpfeXdUNXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS80ZDdmNDAtNDllYy00Y2UyLTg4MmUtNWFjN2YwNjYyMzBi
LzEvZTlXWmZ0QjF3aW1MUmhJbDRRWVBWM3NkZlUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDH7kIAwQE
WfngAwQCuXywMA0GCSqGSIb3DQEBCwUAA4IBAQBxl3JGm9TBbvFbElMLpgB0KGvX
5hwK/OHfOKjHPPeBYw+bMS2l17mxaFeZ86JurRtAUFfFZUrLnYOUcVreZfL3YFPe
jcMiEZVKkSiXV47HAKQ2uG4SScADBFSeC6i8qCSzl8ZV5EgtIQs11xpY0IK12Ywz
R1BFlZaK/r5w6F+UxR6pbV7WaYFA2mpYTNxxqHSw7u+DUkpodl0kQQIjJfVBhErq
BdLfeB7ZrDKHcz+6I5hMLLZxpSF1k+9vCzXMQgnOe2y4gTywRjUMnubjYLkzYlLD
08VuZJzHQvnu6kewR1lSxnhndnj7gGGI863rvmTb/ZtVd+pRUjtToG+HVtQp
-----END CERTIFICATE-----
Generated at Wed Jul 24 12:45:20 2024 by rpki-client on console-ams.rpki-client.org