Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa
File:                     Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa (raw, json)
Hash identifier:          kcJ+tx6nGJHI0WDazrJHe/3xyL2bN04tcfeIfP0jo1w=
Subject key identifier:   43:6F:F7:E9:9B:D9:F5:FD:1D:CB:CA:A5:24:98:11:BD:16:77:29:DA
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018B61AF8B627EBEDF670C2669934919F591
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa
Signing time:             Tue 24 Oct 2023 12:36:16 +0000
ROA not before:           Tue 24 Oct 2023 12:36:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39543
IP address blocks:        195.28.2.0/23 maxlen: 23
                          193.19.192.0/24 maxlen: 24
                          193.19.192.0/22 maxlen: 24
                          89.34.228.0/24 maxlen: 24
                          89.34.230.0/23 maxlen: 23
                          89.34.230.0/24 maxlen: 24
                          89.34.231.0/24 maxlen: 24
                          93.113.181.0/24 maxlen: 24
                          93.113.183.0/24 maxlen: 24
                          93.113.204.0/24 maxlen: 24
                          93.114.79.0/24 maxlen: 24
                          89.40.67.0/24 maxlen: 24
                          89.43.141.0/24 maxlen: 24
                          89.43.140.0/22 maxlen: 22
                          89.43.140.0/24 maxlen: 24
                          89.43.143.0/24 maxlen: 24
                          89.43.142.0/24 maxlen: 24
                          89.47.96.0/24 maxlen: 24
                          89.47.96.0/20 maxlen: 20
                          89.47.97.0/24 maxlen: 24
                          89.47.98.0/24 maxlen: 24
                          89.47.99.0/24 maxlen: 24
                          89.47.101.0/24 maxlen: 24
                          93.114.194.0/24 maxlen: 24
                          89.47.100.0/24 maxlen: 24
                          89.47.103.0/24 maxlen: 24
                          89.47.102.0/24 maxlen: 24
                          89.47.104.0/24 maxlen: 24
                          89.47.105.0/24 maxlen: 24
                          89.35.158.0/24 maxlen: 24
                          89.47.106.0/24 maxlen: 24
                          89.47.108.0/24 maxlen: 24
                          89.47.107.0/24 maxlen: 24
                          89.47.110.0/24 maxlen: 24
                          89.47.109.0/24 maxlen: 24
                          89.47.111.0/24 maxlen: 24
                          89.47.112.0/20 maxlen: 20
                          89.47.113.0/24 maxlen: 24
                          89.47.115.0/24 maxlen: 24
                          89.47.114.0/24 maxlen: 24
                          89.47.118.0/24 maxlen: 24
                          89.47.119.0/24 maxlen: 24
                          89.45.164.0/24 maxlen: 24
                          89.39.111.0/24 maxlen: 24
                          89.34.27.0/24 maxlen: 24
                          89.46.3.0/24 maxlen: 24
                          2001:4d18::/32 maxlen: 32
                          2001:4d18::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 25 Oct 2023 14:22:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:61:af:8b:62:7e:be:df:67:0c:26:69:93:49:19:f5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: Oct 24 12:36:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=436ff7e99bd9f5fd1dcbcaa5249811bd167729da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:42:b7:ca:10:cc:e0:0a:41:5e:84:38:32:d1:
                    49:46:a0:00:87:e0:29:ba:d1:6a:d6:cc:08:91:34:
                    02:2e:e4:36:4b:74:d6:1a:7b:3f:30:e5:90:ec:16:
                    db:75:f3:cd:56:28:1f:36:91:cf:25:37:0c:07:81:
                    02:79:73:dd:89:99:b8:c4:55:a5:93:43:34:19:79:
                    43:c2:09:78:cd:4c:64:6e:78:93:2c:20:e3:9a:b9:
                    15:25:d3:84:ac:2e:5e:84:b8:e1:ed:37:0d:da:49:
                    8a:03:d6:55:6a:1d:8c:2b:f8:3b:0c:88:7b:96:fb:
                    dd:c8:b1:e7:0e:ef:67:49:83:a6:98:2f:37:4d:16:
                    08:5e:fa:e3:6d:fd:f8:cb:51:14:7d:b2:ac:9d:4e:
                    07:24:0d:b8:87:f4:ec:c9:89:75:97:83:d3:bf:5e:
                    b5:97:38:f6:af:c1:e8:a5:7f:06:bd:f6:8d:bc:33:
                    b8:2a:e2:1c:2a:d0:af:95:0f:ce:ac:2c:bc:a2:4d:
                    90:f1:1d:07:ac:ce:4b:6a:4d:46:69:84:11:7d:f0:
                    01:5b:d8:02:5a:3b:5e:ff:03:ac:1d:07:ed:c5:c1:
                    19:cf:1d:2e:f4:54:8c:d3:01:0c:c8:5d:c0:67:7f:
                    f5:83:e5:58:0a:9d:55:a1:12:77:43:62:49:25:22:
                    d6:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:6F:F7:E9:9B:D9:F5:FD:1D:CB:CA:A5:24:98:11:BD:16:77:29:DA
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.34.27.0/24
                  89.34.228.0/24
                  89.34.230.0/23
                  89.35.158.0/24
                  89.39.111.0/24
                  89.40.67.0/24
                  89.43.140.0/22
                  89.45.164.0/24
                  89.46.3.0/24
                  89.47.96.0/19
                  93.113.181.0/24
                  93.113.183.0/24
                  93.113.204.0/24
                  93.114.79.0/24
                  93.114.194.0/24
                  193.19.192.0/22
                  195.28.2.0/23
                IPv6:
                  2001:4d18::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:d9:7e:01:b3:44:ff:a0:99:0a:51:a0:84:39:73:d5:aa:91:
         5d:6c:78:a8:6c:36:f3:75:41:90:47:57:ed:76:ef:57:ad:4c:
         67:f0:3f:a0:38:40:14:3e:f2:56:6a:66:c0:2e:fe:2d:a8:4c:
         b3:e6:bd:b0:ea:10:c5:ea:7d:cd:f7:06:31:38:91:c8:e1:dc:
         d8:43:b9:36:ef:df:91:3f:a8:ed:d6:ae:7c:34:78:01:36:90:
         a2:7f:eb:aa:b0:d6:94:2d:12:0b:25:0a:06:64:2c:09:39:3c:
         46:0a:ae:6a:c0:5e:e6:af:f8:4c:32:98:4b:0d:fd:c8:76:d5:
         de:49:43:05:7e:8c:ad:11:3e:d2:78:99:4d:02:ac:ee:9d:08:
         4a:df:3c:02:16:9d:6c:f6:cb:7d:5e:b3:f4:13:e7:cc:4c:61:
         57:c6:20:08:17:b4:2b:1a:23:db:2a:53:72:67:f8:1f:0d:e0:
         d4:2a:34:49:ea:5c:2c:98:cc:1a:c6:64:8f:d1:5b:3d:c4:31:
         30:be:ff:cb:79:40:ee:78:23:ce:d6:3a:46:af:49:eb:f0:09:
         6f:3e:cf:b4:91:84:00:fc:40:55:37:24:4e:43:93:2f:7d:81:
         85:76:8d:60:51:24:11:79:73:bd:b7:05:50:71:5d:8f:b8:cf:
         a6:61:f0:51
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYthr4tifr7fZwwmaZNJGfWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMDI0MTIzNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZmZjdlOTliZDlmNWZkMWRjYmNhYTUyNDk4MTFiZDE2NzcyOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUK3yhDM4ApBXoQ4MtFJRqAAh+Ap
utFq1swIkTQCLuQ2S3TWGns/MOWQ7BbbdfPNVigfNpHPJTcMB4ECeXPdiZm4xFWl
k0M0GXlDwgl4zUxkbniTLCDjmrkVJdOErC5ehLjh7TcN2kmKA9ZVah2MK/g7DIh7
lvvdyLHnDu9nSYOmmC83TRYIXvrjbf34y1EUfbKsnU4HJA24h/TsyYl1l4PTv161
lzj2r8HopX8GvfaNvDO4KuIcKtCvlQ/OrCy8ok2Q8R0HrM5Lak1GaYQRffABW9gC
Wjte/wOsHQftxcEZzx0u9FSM0wEMyF3AZ3/1g+VYCp1VoRJ3Q2JJJSLWOQIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFENv9+mb2fX9HcvKpSSYEb0WdynaMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUTJfMzZadlo5ZjBkeThxbEpKZ1J2UlozS2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAFkiGwME
AFki5AMEAVki5gMEAFkjngMEAFknbwMEAFkoQwMEAlkrjAMEAFktpAMEAFkuAwME
BVkvYAMEAF1xtQMEAF1xtwMEAF1xzAMEAF1yTwMEAF1ywgMEAsETwAMEAcMcAjAN
BAIAAjAHAwUAIAFNGDANBgkqhkiG9w0BAQsFAAOCAQEAJdl+AbNE/6CZClGghDlz
1aqRXWx4qGw283VBkEdX7XbvV61MZ/A/oDhAFD7yVmpmwC7+LahMs+a9sOoQxep9
zfcGMTiRyOHc2EO5Nu/fkT+o7daufDR4ATaQon/rqrDWlC0SCyUKBmQsCTk8Rgqu
asBe5q/4TDKYSw39yHbV3klDBX6MrRE+0niZTQKs7p0ISt88AhadbPbLfV6z9BPn
zExhV8YgCBe0Kxoj2ypTcmf4Hw3g1Co0SepcLJjMGsZkj9FbPcQxML7/y3lA7ngj
ztY6Rq9J6/AJbz7PtJGEAPxAVTckTkOTL32BhXaNYFEkEXlzvbcFUHFdj7jPpmHw
UQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:50 2024 by rpki-client on console-ams.rpki-client.org