Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/pA-HMr0SOhogw5OOcVvMXAWhT6Y.roa
File:                     pA-HMr0SOhogw5OOcVvMXAWhT6Y.roa (raw, json)
Hash identifier:          8NJ5midSoI4b6cl5nAqdSeqjnjouCpY04g1M+09KF8k=
Subject key identifier:   A4:0F:87:32:BD:12:3A:1A:20:C3:93:8E:71:5B:CC:5C:05:A1:4F:A6
Certificate issuer:       /CN=598fa4201344d4107f792eee2566c62d65714e2d
Certificate serial:       0185770B388A63FB8F779A452E86CE709BE3
Authority key identifier: 59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/pA-HMr0SOhogw5OOcVvMXAWhT6Y.roa
Signing time:             Tue 03 Jan 2023 09:51:42 +0000
ROA not before:           Tue 03 Jan 2023 09:51:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     39020
IP address blocks:        93.93.70.0/24 maxlen: 24
                          93.93.68.0/24 maxlen: 24
                          93.93.69.0/24 maxlen: 24
                          93.93.66.0/24 maxlen: 24
                          93.93.67.0/24 maxlen: 24
                          93.93.65.0/24 maxlen: 24
                          93.93.71.0/24 maxlen: 24
                          93.113.162.0/24 maxlen: 24
                          93.113.163.0/24 maxlen: 24
                          93.113.160.0/24 maxlen: 24
                          93.113.161.0/24 maxlen: 24
                          93.93.64.0/24 maxlen: 24
                          5.145.174.0/24 maxlen: 24
                          5.145.175.0/24 maxlen: 24
                          5.145.173.0/24 maxlen: 24
                          217.61.131.0/24 maxlen: 24
                          217.61.129.0/24 maxlen: 24
                          217.61.130.0/24 maxlen: 24
                          217.61.128.0/24 maxlen: 24
                          217.61.139.0/24 maxlen: 24
                          217.61.137.0/24 maxlen: 24
                          217.61.138.0/24 maxlen: 24
                          217.61.136.0/24 maxlen: 24
                          217.61.134.0/24 maxlen: 24
                          217.61.135.0/24 maxlen: 24
                          217.61.133.0/24 maxlen: 24
                          217.61.140.0/24 maxlen: 24
                          217.61.143.0/24 maxlen: 24
                          217.61.141.0/24 maxlen: 24
                          217.61.142.0/24 maxlen: 24
                          195.78.231.0/24 maxlen: 24
                          195.78.229.0/24 maxlen: 24
                          195.78.230.0/24 maxlen: 24
                          195.78.228.0/24 maxlen: 24
                          185.50.198.0/24 maxlen: 24
                          185.50.199.0/24 maxlen: 24
                          185.50.196.0/24 maxlen: 24
                          185.50.196.0/22 maxlen: 22
                          185.50.197.0/24 maxlen: 24
                          77.81.119.0/24 maxlen: 24
                          5.145.172.0/24 maxlen: 24
                          5.145.170.0/24 maxlen: 24
                          5.145.171.0/24 maxlen: 24
                          5.145.169.0/24 maxlen: 24
                          5.145.168.0/24 maxlen: 24
                          91.192.110.0/24 maxlen: 24
                          91.192.111.0/24 maxlen: 24
                          91.192.108.0/24 maxlen: 24
                          91.192.109.0/24 maxlen: 24
                          77.81.112.0/24 maxlen: 24
                          77.81.118.0/24 maxlen: 24
                          77.81.117.0/24 maxlen: 24
                          77.81.115.0/24 maxlen: 24
                          77.81.116.0/24 maxlen: 24
                          77.81.113.0/24 maxlen: 24
                          77.81.114.0/24 maxlen: 24
                          2a00:1d70:8000::/33 maxlen: 33
                          2a00:1d70::/33 maxlen: 33

Validation:               Failed, certificate revoked on Sat 14 Oct 2023 18:54:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:77:0b:38:8a:63:fb:8f:77:9a:45:2e:86:ce:70:9b:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=598fa4201344d4107f792eee2566c62d65714e2d
        Validity
            Not Before: Jan  3 09:51:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a40f8732bd123a1a20c3938e715bcc5c05a14fa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:62:59:81:d1:71:a8:ab:a3:a6:32:f9:3b:e6:
                    33:ad:aa:95:a3:8d:a3:ae:7c:e1:ef:7d:4b:ed:1d:
                    9d:76:c1:3d:7f:6d:2d:a6:cd:1b:68:82:04:76:3f:
                    68:1b:c9:07:b0:bf:81:e2:9e:f9:e3:0e:06:04:ba:
                    1d:80:ab:4f:e3:6e:f6:77:9c:65:7b:d6:ac:51:b7:
                    65:f7:a0:f8:3c:ba:ef:47:a7:4d:f1:7a:e1:7b:de:
                    72:86:ae:83:8a:81:47:39:de:97:23:1d:0b:e4:41:
                    f3:27:f2:d6:3a:94:aa:c3:44:e6:1a:97:70:28:3d:
                    94:85:9a:e1:f4:f6:54:f5:0e:c4:b5:f5:5a:3c:91:
                    64:0f:c9:2c:d7:a1:4f:09:07:a7:69:38:6b:5f:8a:
                    e2:9e:48:99:ce:0c:59:b1:58:46:8f:a3:86:13:2d:
                    ca:1e:00:52:a3:85:a8:0b:33:1f:23:d5:fb:14:9c:
                    d4:47:9a:ff:47:68:78:fe:cc:cd:3d:85:b5:0d:2f:
                    14:c9:0a:a0:fe:87:2f:7c:c2:29:7c:38:b7:64:de:
                    b7:3e:7d:28:ed:09:55:d8:a9:66:01:77:ad:fb:69:
                    21:bf:22:6a:72:22:7c:66:d1:fd:32:6b:d9:3e:d0:
                    b7:bf:3a:c4:30:f7:24:d3:46:87:35:83:d0:44:db:
                    b3:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:0F:87:32:BD:12:3A:1A:20:C3:93:8E:71:5B:CC:5C:05:A1:4F:A6
            X509v3 Authority Key Identifier:
                keyid:59:8F:A4:20:13:44:D4:10:7F:79:2E:EE:25:66:C6:2D:65:71:4E:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WY-kIBNE1BB_eS7uJWbGLWVxTi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/pA-HMr0SOhogw5OOcVvMXAWhT6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/838ef1-7393-4fbd-b67b-664b8f03d180/1/WY-kIBNE1BB_eS7uJWbGLWVxTi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.145.168.0/21
                  77.81.112.0/21
                  91.192.108.0/22
                  93.93.64.0/21
                  93.113.160.0/22
                  185.50.196.0/22
                  195.78.228.0/22
                  217.61.128.0/22
                  217.61.133.0-217.61.143.255
                IPv6:
                  2a00:1d70::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:b1:71:f5:c1:d5:36:2e:07:a2:e6:33:7b:8e:f3:0d:6d:7c:
         7a:68:6a:7e:49:63:87:ea:74:9e:f5:b2:26:67:98:50:35:12:
         e1:70:75:0d:75:b9:9e:b9:e3:f4:5a:2e:07:bd:c2:ea:51:e0:
         c1:5a:4e:05:35:bc:6d:b9:b5:07:8b:dc:04:94:46:c7:37:c4:
         4e:66:f7:4b:45:03:59:91:1c:77:f4:0d:ca:11:7b:48:88:a6:
         b9:1a:43:89:f6:3d:30:8e:27:8a:57:65:08:1f:9b:2b:ea:29:
         0f:80:a1:e7:87:86:37:ef:cb:d9:51:aa:94:22:4f:dd:5a:bf:
         8c:1c:5f:ef:1c:4e:f2:09:9e:3b:28:1f:16:28:c2:51:06:98:
         5c:ef:e0:6b:6f:1d:cb:db:e1:11:ea:8d:df:c1:82:4e:ce:91:
         3c:96:1b:c5:64:99:c4:f2:65:19:5b:bd:40:03:67:83:ed:e1:
         66:5d:7c:8e:8c:2c:11:65:7a:25:0b:c7:44:f0:97:ea:4c:ce:
         26:c3:3b:2d:cd:99:30:c1:b3:7b:82:5e:59:71:12:55:2c:eb:
         39:4a:54:4f:53:1f:6d:41:27:94:b6:83:25:c0:f3:7a:eb:34:
         5d:b0:57:97:f7:9a:e3:4a:3e:b7:31:cb:b9:55:63:46:40:49:
         bb:f1:f7:b1
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYV3CziKY/uPd5pFLobOcJvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5OGZhNDIwMTM0NGQ0MTA3Zjc5MmVlZTI1NjZjNjJkNjU3
MTRlMmQwHhcNMjMwMTAzMDk1MTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDBmODczMmJkMTIzYTFhMjBjMzkzOGU3MTViY2M1YzA1YTE0ZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkWJZgdFxqKujpjL5O+YzraqVo42j
rnzh731L7R2ddsE9f20tps0baIIEdj9oG8kHsL+B4p754w4GBLodgKtP4272d5xl
e9asUbdl96D4PLrvR6dN8Xrhe95yhq6DioFHOd6XIx0L5EHzJ/LWOpSqw0TmGpdw
KD2UhZrh9PZU9Q7EtfVaPJFkD8ks16FPCQenaThrX4rinkiZzgxZsVhGj6OGEy3K
HgBSo4WoCzMfI9X7FJzUR5r/R2h4/szNPYW1DS8UyQqg/ocvfMIpfDi3ZN63Pn0o
7QlV2KlmAXet+2khvyJqciJ8ZtH9MmvZPtC3vzrEMPck00aHNYPQRNuzgwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFKQPhzK9EjoaIMOTjnFbzFwFoU+mMB8GA1UdIwQY
MBaAFFmPpCATRNQQf3ku7iVmxi1lcU4tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2It
NjY0YjhmMDNkMTgwLzEvcEEtSE1yMFNPaG9ndzVPT2NWdk1YQVdoVDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS84MzhlZjEtNzM5My00ZmJkLWI2N2ItNjY0YjhmMDNkMTgw
LzEvV1kta0lCTkUxQkJfZVM3dUpXYkdMV1Z4VGkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBEBAIAATA+AwQDBZGoAwQD
TVFwAwQCW8BsAwQDXV1AAwQCXXGgAwQCuTLEAwQCw07kAwQC2T2AMAwDBADZPYUD
BATZPYAwDQQCAAIwBwMFACoAHXAwDQYJKoZIhvcNAQELBQADggEBAIqxcfXB1TYu
B6LmM3uO8w1tfHpoan5JY4fqdJ71siZnmFA1EuFwdQ11uZ654/RaLge9wupR4MFa
TgU1vG25tQeL3ASURsc3xE5m90tFA1mRHHf0DcoRe0iIprkaQ4n2PTCOJ4pXZQgf
myvqKQ+AoeeHhjfvy9lRqpQiT91av4wcX+8cTvIJnjsoHxYowlEGmFzv4GtvHcvb
4RHqjd/Bgk7OkTyWG8VkmcTyZRlbvUADZ4Pt4WZdfI6MLBFleiULx0Twl+pMzibD
Oy3NmTDBs3uCXllxElUs6zlKVE9TH21BJ5S2gyXA83rrNF2wV5f3muNKPrcxy7lV
Y0ZASbvx97E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:21 2024 by rpki-client on console-ams.rpki-client.org