Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/tpKjoleLTiK1-i3MT2Ae5UoapR4.roa
File:                     tpKjoleLTiK1-i3MT2Ae5UoapR4.roa (raw, json)
Hash identifier:          eQlNhMUW9hYvOGxTaSVx/QUAR/8ldKC1p6Xt2nQIjII=
Subject key identifier:   B6:92:A3:A2:57:8B:4E:22:B5:FA:2D:CC:4F:60:1E:E5:4A:1A:A5:1E
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018A1C2E34F733749569880DD15702317B37
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/tpKjoleLTiK1-i3MT2Ae5UoapR4.roa
Signing time:             Tue 22 Aug 2023 07:38:24 +0000
ROA not before:           Tue 22 Aug 2023 07:38:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8447
IP address blocks:        192.164.128.0/19 maxlen: 19
                          178.188.0.0/14 maxlen: 14
                          85.90.128.0/19 maxlen: 19
                          213.33.63.0/24 maxlen: 24
                          193.187.212.0/22 maxlen: 22
                          192.164.64.0/21 maxlen: 21
                          193.187.216.0/21 maxlen: 21
                          193.187.224.0/20 maxlen: 20
                          192.164.80.0/20 maxlen: 20
                          193.187.240.0/22 maxlen: 22
                          192.164.96.0/19 maxlen: 19
                          213.33.0.0/17 maxlen: 17
                          192.164.224.0/19 maxlen: 19
                          93.111.0.0/16 maxlen: 16
                          195.3.64.0/18 maxlen: 18
                          188.20.0.0/14 maxlen: 14
                          89.144.192.0/18 maxlen: 18
                          46.74.0.0/15 maxlen: 15
                          192.164.208.0/20 maxlen: 20
                          176.66.0.0/18 maxlen: 18
                          80.240.224.0/20 maxlen: 20
                          192.164.0.0/19 maxlen: 19
                          88.116.217.0/24 maxlen: 24
                          192.164.32.0/22 maxlen: 22
                          192.164.40.0/21 maxlen: 21
                          192.164.39.0/24 maxlen: 24
                          176.66.128.0/17 maxlen: 17
                          192.164.48.0/20 maxlen: 20
                          92.248.0.0/17 maxlen: 17
                          80.120.0.0/14 maxlen: 14
                          62.46.0.0/15 maxlen: 15
                          212.183.0.0/17 maxlen: 17
                          80.75.56.0/21 maxlen: 21
                          93.82.0.0/15 maxlen: 15
                          188.45.0.0/16 maxlen: 16
                          91.112.0.0/14 maxlen: 14
                          80.75.34.0/24 maxlen: 24
                          80.75.32.0/19 maxlen: 19
                          88.116.0.0/15 maxlen: 15
                          62.116.32.0/19 maxlen: 19
                          194.48.124.0/22 maxlen: 22
                          194.48.128.0/21 maxlen: 21
                          194.48.136.0/22 maxlen: 22
                          194.48.136.0/24 maxlen: 24
                          84.20.160.0/19 maxlen: 19
                          46.206.0.0/15 maxlen: 15
                          2001:4bb8::/29 maxlen: 29
                          2001:890::/29 maxlen: 29
                          2001:870::/29 maxlen: 29
                          2001:850::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 29 Aug 2023 08:32:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:1c:2e:34:f7:33:74:95:69:88:0d:d1:57:02:31:7b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Aug 22 07:38:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b692a3a2578b4e22b5fa2dcc4f601ee54a1aa51e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:36:fa:81:bb:67:f1:86:03:01:7b:7e:73:15:
                    1f:90:65:09:39:e8:ce:49:80:b6:07:64:05:9d:f3:
                    ab:81:71:ab:58:9e:49:de:02:4f:1b:f9:39:db:9c:
                    18:46:da:82:e6:b5:90:2b:aa:e8:e8:2c:3a:7a:d8:
                    73:4b:2c:2d:70:f7:f5:44:9b:be:8a:b7:05:2e:62:
                    9d:11:92:ba:17:c4:3b:df:a7:9f:a0:8c:ec:a6:3c:
                    ab:59:13:33:e6:43:6c:b6:68:65:e2:6d:b4:5a:44:
                    b2:34:bd:41:5a:2e:4a:0b:77:11:c2:95:66:85:c9:
                    3c:06:82:79:90:b0:ab:51:e0:f9:55:2b:58:16:3e:
                    93:93:ec:a2:9f:1d:4d:ba:a8:74:3a:d8:32:2c:02:
                    14:3b:f1:27:5f:91:ba:a6:cd:70:6c:48:5a:0e:48:
                    11:75:2a:a2:22:f5:5c:31:84:b0:04:ff:3f:f5:54:
                    89:98:c6:7c:80:9d:58:84:bd:6a:67:02:dc:26:3c:
                    78:e0:75:ae:f2:b7:2e:69:9d:a4:46:cf:ef:30:32:
                    55:13:59:3b:e4:b3:2f:82:20:01:aa:aa:f9:c1:e2:
                    b8:c4:9f:85:0a:fa:52:f9:b8:66:23:e5:b4:75:63:
                    13:f0:fb:40:f6:c5:f8:bc:0a:9e:d3:00:a8:ea:6c:
                    23:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:92:A3:A2:57:8B:4E:22:B5:FA:2D:CC:4F:60:1E:E5:4A:1A:A5:1E
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/tpKjoleLTiK1-i3MT2Ae5UoapR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.74.0.0/15
                  46.206.0.0/15
                  62.46.0.0/15
                  62.116.32.0/19
                  80.75.32.0/19
                  80.120.0.0/14
                  80.240.224.0/20
                  84.20.160.0/19
                  85.90.128.0/19
                  88.116.0.0/15
                  89.144.192.0/18
                  91.112.0.0/14
                  92.248.0.0/17
                  93.82.0.0/15
                  93.111.0.0/16
                  176.66.0.0/18
                  176.66.128.0/17
                  178.188.0.0/14
                  188.20.0.0/14
                  188.45.0.0/16
                  192.164.0.0-192.164.35.255
                  192.164.39.0-192.164.71.255
                  192.164.80.0-192.164.159.255
                  192.164.208.0-192.164.255.255
                  193.187.212.0-193.187.243.255
                  194.48.124.0-194.48.139.255
                  195.3.64.0/18
                  212.183.0.0/17
                  213.33.0.0/17
                IPv6:
                  2001:850::/29
                  2001:870::/29
                  2001:890::/29
                  2001:4bb8::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:32:66:9d:02:62:cf:cc:e3:cc:09:82:97:6a:7c:47:57:4b:
         75:49:27:22:91:c7:2a:85:68:67:c9:34:ac:b1:e8:1d:e1:8c:
         a9:a7:45:a0:c4:35:60:03:ba:00:9e:ff:9d:32:de:0d:d0:32:
         dd:25:f4:81:50:d2:5d:7a:4c:61:11:58:61:59:28:ec:51:cb:
         41:d1:e9:c9:58:2b:89:ce:0d:96:8d:4b:97:49:9c:8e:cf:1f:
         b8:08:29:bf:f8:7b:54:75:2e:30:b4:fe:74:f1:c8:e1:fe:5d:
         e0:ee:fb:6e:5f:6a:9b:e2:17:fb:c1:08:28:b8:f9:e1:8d:43:
         dc:74:ee:ae:43:13:c5:51:c0:41:c2:cb:66:4d:d7:21:7b:90:
         e6:66:c4:18:c2:94:e7:70:5c:23:b6:0e:09:7b:79:60:9e:8e:
         ac:71:b9:3e:e7:50:18:67:03:53:ac:bc:ac:84:eb:d4:a9:ee:
         5e:f0:a1:f1:ac:fe:53:2a:b6:66:46:aa:e0:7c:ff:fa:ae:b0:
         97:69:4d:79:de:4f:24:49:a0:d9:ab:d0:a8:44:93:53:45:fc:
         bb:63:b0:2c:c6:fd:b9:4e:24:2f:72:84:19:8d:26:07:dc:52:
         9d:eb:34:19:3e:c4:8f:60:62:dc:45:a6:38:70:c3:74:d3:4a:
         5e:8f:e5:48
-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgISAYocLjT3M3SVaYgN0VcCMXs3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjMwODIyMDczODI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjkyYTNhMjU3OGI0ZTIyYjVmYTJkY2M0ZjYwMWVlNTRhMWFhNTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjb6gbtn8YYDAXt+cxUfkGUJOejO
SYC2B2QFnfOrgXGrWJ5J3gJPG/k525wYRtqC5rWQK6ro6Cw6ethzSywtcPf1RJu+
ircFLmKdEZK6F8Q736efoIzspjyrWRMz5kNstmhl4m20WkSyNL1BWi5KC3cRwpVm
hck8BoJ5kLCrUeD5VStYFj6Tk+yinx1Nuqh0OtgyLAIUO/EnX5G6ps1wbEhaDkgR
dSqiIvVcMYSwBP8/9VSJmMZ8gJ1YhL1qZwLcJjx44HWu8rcuaZ2kRs/vMDJVE1k7
5LMvgiABqqr5weK4xJ+FCvpS+bhmI+W0dWMT8PtA9sX4vAqe0wCo6mwjBwIDAQAB
o4IC/zCCAvswHQYDVR0OBBYEFLaSo6JXi04itfotzE9gHuVKGqUeMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvdHBLam9sZUxUaUsxLWkzTVQyQWU1VW9hcFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBEwYIKwYBBQUHAQcBAf8EggECMIH/MIHYBAIAATCB0QMD
AS5KAwMBLs4DAwE+LgMEBT50IAMEBVBLIAMDAlB4AwQEUPDgAwQFVBSgAwQFVVqA
AwMBWHQDBAZZkMADAwJbcAMEB1z4AAMDAV1SAwMAXW8DBAawQgADBAewQoADAwKy
vAMDArwUAwMAvC0wCwMDAsCkAwQCwKQgMAwDBADApCcDBAPApEAwDAMEBMCkUAME
BcCkgDALAwQEwKTQAwMAwKQwDAMEAsG71AMEAsG78DAMAwQCwjB8AwQCwjCIAwQG
wwNAAwQH1LcAAwQH1SEAMCIEAgACMBwDBQMgAQhQAwUDIAEIcAMFAyABCJADBQMg
AUu4MA0GCSqGSIb3DQEBCwUAA4IBAQCWMmadAmLPzOPMCYKXanxHV0t1SScikccq
hWhnyTSssegd4Yypp0WgxDVgA7oAnv+dMt4N0DLdJfSBUNJdekxhEVhhWSjsUctB
0enJWCuJzg2WjUuXSZyOzx+4CCm/+HtUdS4wtP508cjh/l3g7vtuX2qb4hf7wQgo
uPnhjUPcdO6uQxPFUcBBwstmTdche5DmZsQYwpTncFwjtg4Je3lgno6scbk+51AY
ZwNTrLyshOvUqe5e8KHxrP5TKrZmRqrgfP/6rrCXaU153k8kSaDZq9CoRJNTRfy7
Y7Asxv25TiQvcoQZjSYH3FKd6zQZPsSPYGLcRaY4cMN000pej+VI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:38 2024 by rpki-client on console-fra.rpki-client.org