Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/OgXbjeQcYhw3PiltTA_1WXXI4Qc.roa
File:                     OgXbjeQcYhw3PiltTA_1WXXI4Qc.roa (raw, json)
Hash identifier:          6c7ifFdpx2ooK1ZD6iGRiOw4HF9HLKlutvc/LVsYbSw=
Subject key identifier:   3A:05:DB:8D:E4:1C:62:1C:37:3E:29:6D:4C:0F:F5:59:75:C8:E1:07
Certificate issuer:       /CN=598fa4201344d4107f792eee2566c62d65714e2d
Certificate serial:       018572959B1F8D1C1520FE4747B03265F235
Authority key identifier: 59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/OgXbjeQcYhw3PiltTA_1WXXI4Qc.roa
Signing time:             Mon 02 Jan 2023 13:04:45 +0000
ROA not before:           Mon 02 Jan 2023 13:04:45 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39020
IP address blocks:        5.145.173.0/24 maxlen: 24
                          217.61.131.0/24 maxlen: 24
                          217.61.139.0/24 maxlen: 24
                          217.61.137.0/24 maxlen: 24
                          217.61.138.0/24 maxlen: 24
                          217.61.136.0/24 maxlen: 24
                          217.61.134.0/24 maxlen: 24
                          217.61.135.0/24 maxlen: 24
                          217.61.133.0/24 maxlen: 24
                          217.61.140.0/24 maxlen: 24
                          217.61.143.0/24 maxlen: 24
                          217.61.141.0/24 maxlen: 24
                          217.61.142.0/24 maxlen: 24
                          195.78.231.0/24 maxlen: 24
                          195.78.229.0/24 maxlen: 24
                          195.78.230.0/24 maxlen: 24
                          195.78.228.0/24 maxlen: 24
                          93.93.70.0/24 maxlen: 24
                          93.93.68.0/24 maxlen: 24
                          93.93.69.0/24 maxlen: 24
                          93.93.66.0/24 maxlen: 24
                          93.93.67.0/24 maxlen: 24
                          93.93.65.0/24 maxlen: 24
                          77.81.119.0/24 maxlen: 24
                          93.93.71.0/24 maxlen: 24
                          93.113.162.0/24 maxlen: 24
                          93.113.163.0/24 maxlen: 24
                          93.113.160.0/24 maxlen: 24
                          93.113.161.0/24 maxlen: 24
                          5.145.172.0/24 maxlen: 24
                          5.145.170.0/24 maxlen: 24
                          5.145.171.0/24 maxlen: 24
                          5.145.169.0/24 maxlen: 24
                          5.145.168.0/24 maxlen: 24
                          91.192.110.0/24 maxlen: 24
                          91.192.111.0/24 maxlen: 24
                          91.192.108.0/24 maxlen: 24
                          91.192.109.0/24 maxlen: 24
                          77.81.112.0/24 maxlen: 24
                          93.93.64.0/24 maxlen: 24
                          77.81.118.0/24 maxlen: 24
                          77.81.117.0/24 maxlen: 24
                          77.81.115.0/24 maxlen: 24
                          77.81.116.0/24 maxlen: 24
                          77.81.113.0/24 maxlen: 24
                          77.81.114.0/24 maxlen: 24
                          2a00:1d70::/33 maxlen: 33
                          2a00:1d70:8000::/33 maxlen: 33

Validation:               Failed, certificate revoked on Tue 03 Jan 2023 09:51:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:95:9b:1f:8d:1c:15:20:fe:47:47:b0:32:65:f2:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=598fa4201344d4107f792eee2566c62d65714e2d
        Validity
            Not Before: Jan  2 13:04:45 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3a05db8de41c621c373e296d4c0ff55975c8e107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:88:ea:28:35:cc:53:0a:95:6a:4f:46:04:5c:
                    0a:c3:0b:f7:79:f8:28:37:2f:a6:e8:3c:f4:4f:78:
                    e6:6a:e0:0d:ec:f5:4a:a6:50:4e:28:3a:c0:03:da:
                    80:4b:44:4f:9e:80:75:f5:f7:98:7d:27:a8:8b:17:
                    a1:69:0e:2f:fe:e5:a2:c7:e6:cb:3a:33:55:aa:f8:
                    43:f0:9e:44:96:c5:17:9e:99:7f:a2:f7:10:48:6c:
                    37:0a:46:59:c1:02:e8:43:30:2c:44:20:c3:d5:6a:
                    dd:bd:b8:a8:91:8e:4e:cd:77:73:e0:1d:94:f7:97:
                    1d:e2:b4:6c:40:be:6a:ae:aa:bf:70:ac:9f:03:3b:
                    dc:98:6a:52:ae:17:ec:d2:e0:8d:08:43:6f:1f:60:
                    a7:3c:2f:3b:45:4f:c0:71:b3:95:ba:16:91:52:86:
                    7b:87:19:72:94:52:c8:fb:41:b9:54:28:b1:14:6f:
                    29:f2:2a:8d:95:4a:83:da:68:b4:e1:66:31:44:56:
                    ca:7d:e5:19:a1:f2:f1:06:14:79:26:af:15:ff:ed:
                    d8:30:c9:42:1a:b7:85:e2:23:01:9e:11:08:83:a7:
                    8a:10:5f:8c:c9:2a:72:5b:f6:35:d4:10:f4:a3:d2:
                    9c:9b:f1:2d:0d:5e:cc:79:04:1b:de:4a:5b:1f:a1:
                    7f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:05:DB:8D:E4:1C:62:1C:37:3E:29:6D:4C:0F:F5:59:75:C8:E1:07
            X509v3 Authority Key Identifier:
                keyid:59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/OgXbjeQcYhw3PiltTA_1WXXI4Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.168.0-5.145.173.255
                  77.81.112.0/21
                  91.192.108.0/22
                  93.93.64.0/21
                  93.113.160.0/22
                  195.78.228.0/22
                  217.61.131.0/24
                  217.61.133.0-217.61.143.255
                IPv6:
                  2a00:1d70::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:c3:42:d8:bd:d8:05:23:a9:55:22:b2:b5:8b:b0:af:7b:2a:
         6c:4b:9e:cd:cb:a5:5e:87:2a:bc:c7:78:9b:ec:d3:d7:66:96:
         d7:7d:ef:76:d0:33:91:cf:7e:fb:fa:3c:a8:e3:69:b4:09:d8:
         84:be:fd:ed:cb:d4:6c:bd:84:11:7f:87:20:7a:95:d5:5c:fc:
         81:a7:1a:4a:81:fc:f1:3e:bf:8b:90:58:9c:19:13:af:db:f7:
         f8:42:cc:11:b6:51:3d:cf:34:05:c3:40:11:81:7b:cd:bd:35:
         9b:d2:7f:69:a8:b6:8a:3b:32:dd:a1:b7:b1:b4:42:7c:2f:18:
         99:b6:7d:a2:04:af:cb:74:dc:d6:8c:0d:a6:f6:0d:6c:cd:cf:
         93:c3:99:6c:17:6b:34:37:18:86:1d:fe:ff:b0:59:92:ba:ba:
         be:b8:45:e4:32:3a:a7:20:54:40:52:a5:a0:14:71:f5:ff:00:
         01:00:c8:58:3f:8c:8f:31:00:71:92:f1:b6:a4:da:fc:ab:4c:
         cd:64:f6:de:a4:cb:5b:6e:f1:ff:23:2c:1a:03:40:1c:84:a5:
         07:ca:d0:d9:da:93:6b:a3:a6:23:85:a8:78:d6:fe:58:8c:9a:
         ca:61:d7:7d:9d:ac:3e:26:46:8d:19:eb:f9:83:46:10:45:30:
         de:eb:ae:11
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYVylZsfjRwVIP5HR7AyZfI1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5OGZhNDIwMTM0NGQ0MTA3Zjc5MmVlZTI1NjZjNjJkNjU3
MTRlMmQwHhcNMjMwMTAyMTMwNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTA1ZGI4ZGU0MWM2MjFjMzczZTI5NmQ0YzBmZjU1OTc1YzhlMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhojqKDXMUwqVak9GBFwKwwv3efgo
Ny+m6Dz0T3jmauAN7PVKplBOKDrAA9qAS0RPnoB19feYfSeoixehaQ4v/uWix+bL
OjNVqvhD8J5ElsUXnpl/ovcQSGw3CkZZwQLoQzAsRCDD1WrdvbiokY5OzXdz4B2U
95cd4rRsQL5qrqq/cKyfAzvcmGpSrhfs0uCNCENvH2CnPC87RU/AcbOVuhaRUoZ7
hxlylFLI+0G5VCixFG8p8iqNlUqD2mi04WYxRFbKfeUZofLxBhR5Jq8V/+3YMMlC
GreF4iMBnhEIg6eKEF+MySpyW/Y11BD0o9Kcm/EtDV7MeQQb3kpbH6F/2wIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFDoF243kHGIcNz4pbUwP9Vl1yOEHMB8GA1UdIwQY
MBaAFFmPpCATRNQQf3ku7iVmxi1lcU4tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2It
NjY0YjhmMDNkMTgwLzEvT2dYYmplUWNZaHczUGlsdFRBXzFXWFhJNFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2ItNjY0YjhmMDNkMTgw
LzEvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAMAwDBAMFkagD
BAEFkawDBANNUXADBAJbwGwDBANdXUADBAJdcaADBALDTuQDBADZPYMwDAMEANk9
hQMEBNk9gDANBAIAAjAHAwUAKgAdcDANBgkqhkiG9w0BAQsFAAOCAQEABcNC2L3Y
BSOpVSKytYuwr3sqbEuezculXocqvMd4m+zT12aW133vdtAzkc9++/o8qONptAnY
hL797cvUbL2EEX+HIHqV1Vz8gacaSoH88T6/i5BYnBkTr9v3+ELMEbZRPc80BcNA
EYF7zb01m9J/aai2ijsy3aG3sbRCfC8YmbZ9ogSvy3Tc1owNpvYNbM3Pk8OZbBdr
NDcYhh3+/7BZkrq6vrhF5DI6pyBUQFKloBRx9f8AAQDIWD+MjzEAcZLxtqTa/KtM
zWT23qTLW27x/yMsGgNAHISlB8rQ2dqTa6OmI4WoeNb+WIyaymHXfZ2sPiZGjRnr
+YNGEEUw3uuuEQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:21 2024 by rpki-client on console-ams.rpki-client.org