Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/3550b4-51b5-448b-ab62-2a813dbf4582/1/vtEngmb9YfKcDxzRKjBiNeu6dAU.roa
File:                     vtEngmb9YfKcDxzRKjBiNeu6dAU.roa (raw, json)
Hash identifier:          bkSbP+/CnR52+XoGvO1poK3cr7kOzDoKi3MfjQ9QLig=
Subject key identifier:   BE:D1:27:82:66:FD:61:F2:9C:0F:1C:D1:2A:30:62:35:EB:BA:74:05
Certificate issuer:       /CN=053d04e72bb249c79eb1168cf1d43a3ca548c206
Certificate serial:       0188761B7959DD7ECB2F64F8F7161CB61B02
Authority key identifier: 05:3D:04:E7:2B:B2:49:C7:9E:B1:16:8C:F1:D4:3A:3C:A5:48:C2:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BT0E5yuySceesRaM8dQ6PKVIwgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/3550b4-51b5-448b-ab62-2a813dbf4582/1/vtEngmb9YfKcDxzRKjBiNeu6dAU.roa
Signing time:             Thu 01 Jun 2023 08:38:11 +0000
ROA not before:           Thu 01 Jun 2023 08:38:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29422
IP address blocks:        194.29.192.0/21 maxlen: 21
                          77.91.210.0/23 maxlen: 23
                          77.91.209.0/24 maxlen: 24
                          77.91.212.0/22 maxlen: 22
                          81.17.192.0/21 maxlen: 21
                          83.145.192.0/18 maxlen: 18
                          217.149.48.0/20 maxlen: 20
                          194.79.16.0/22 maxlen: 22
                          94.101.0.0/20 maxlen: 20
                          193.104.38.0/24 maxlen: 24
                          84.20.128.0/19 maxlen: 19
                          84.239.128.0/17 maxlen: 17
                          217.30.176.0/20 maxlen: 20
                          83.150.64.0/18 maxlen: 18
                          109.75.224.0/21 maxlen: 21
                          84.239.208.0/20 maxlen: 20
                          188.117.0.0/18 maxlen: 18
                          185.123.116.0/22 maxlen: 22
                          80.69.160.0/21 maxlen: 21
                          77.86.128.0/17 maxlen: 17
                          213.157.64.0/19 maxlen: 19
                          80.69.168.0/22 maxlen: 22
                          2001:67c:70::/48 maxlen: 48
                          2a01:51c0::/29 maxlen: 29
                          2001:1bc8::/32 maxlen: 32
                          2a01:51c1::/32 maxlen: 32
                          2001:1bc8::/29 maxlen: 29
                          2a01:51c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 16:29:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:76:1b:79:59:dd:7e:cb:2f:64:f8:f7:16:1c:b6:1b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=053d04e72bb249c79eb1168cf1d43a3ca548c206
        Validity
            Not Before: Jun  1 08:38:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=bed1278266fd61f29c0f1cd12a306235ebba7405
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:d5:ad:4f:db:ed:99:bf:64:ac:8f:d2:d7:0a:
                    19:36:26:eb:08:3b:7c:44:d0:e8:6f:92:b1:76:72:
                    d4:0a:a8:38:2b:6e:64:8a:f4:01:f9:9a:b6:41:a3:
                    82:4c:24:21:16:95:d7:a6:db:4d:5a:1d:84:1a:78:
                    01:2a:98:51:08:06:78:6f:8b:63:e0:eb:e2:ca:00:
                    2d:a3:10:42:74:c2:6e:d1:33:ac:d4:39:8d:6c:5c:
                    13:db:67:b5:4e:fd:2e:15:1e:d4:7e:b1:85:42:0f:
                    cf:9e:ba:11:63:18:4e:67:95:d2:15:18:f5:4f:ec:
                    f8:5b:f9:72:1e:98:42:39:9d:08:b6:07:3d:23:10:
                    89:a2:f9:14:6f:5a:cc:bd:bb:9d:81:5d:76:fe:52:
                    fa:50:b9:91:db:17:83:de:68:c7:95:03:f7:01:ec:
                    6c:05:96:cd:e0:3a:f8:9d:15:18:a5:11:4c:a1:29:
                    92:6a:a8:7c:8f:31:6b:b9:2c:29:1e:63:1f:a9:b2:
                    07:77:b4:69:ab:d6:50:4a:2f:eb:84:f3:ed:8d:61:
                    30:f6:22:30:3e:d3:7b:3f:e9:d4:8b:7b:fd:e8:f8:
                    08:f4:48:f1:b6:e7:30:93:ac:81:4a:14:0e:d0:24:
                    f0:60:ec:77:72:f4:a3:29:b9:50:8e:31:ec:36:2c:
                    b0:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D1:27:82:66:FD:61:F2:9C:0F:1C:D1:2A:30:62:35:EB:BA:74:05
            X509v3 Authority Key Identifier:
                keyid:05:3D:04:E7:2B:B2:49:C7:9E:B1:16:8C:F1:D4:3A:3C:A5:48:C2:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BT0E5yuySceesRaM8dQ6PKVIwgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/3550b4-51b5-448b-ab62-2a813dbf4582/1/vtEngmb9YfKcDxzRKjBiNeu6dAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/3550b4-51b5-448b-ab62-2a813dbf4582/1/BT0E5yuySceesRaM8dQ6PKVIwgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.86.128.0/17
                  77.91.209.0-77.91.215.255
                  80.69.160.0-80.69.171.255
                  81.17.192.0/21
                  83.145.192.0/18
                  83.150.64.0/18
                  84.20.128.0/19
                  84.239.128.0/17
                  94.101.0.0/20
                  109.75.224.0/21
                  185.123.116.0/22
                  188.117.0.0/18
                  193.104.38.0/24
                  194.29.192.0/21
                  194.79.16.0/22
                  213.157.64.0/19
                  217.30.176.0/20
                  217.149.48.0/20
                IPv6:
                  2001:67c:70::/48
                  2001:1bc8::/29
                  2a01:51c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b6:1d:97:b0:6d:ed:89:b0:ac:64:b7:10:8e:a3:ca:9f:6b:e1:
         31:d9:42:48:ce:3b:f6:88:c5:24:8a:e0:d0:8d:fe:61:e9:26:
         e5:c6:60:4d:bd:5a:ac:c7:d2:ef:72:b7:42:db:33:10:e3:bd:
         2a:22:2d:13:21:36:48:8a:2d:2f:39:a0:53:68:05:85:4e:39:
         1a:0a:c5:f0:92:bc:d8:8a:bb:4d:00:8f:2e:a1:07:f1:76:ef:
         e7:5c:67:c5:d4:ea:41:3a:1c:4f:a1:15:dd:bf:ed:cc:33:ce:
         48:f7:ce:14:ef:60:49:de:73:9a:a1:f0:43:49:24:57:bd:74:
         9a:49:19:04:9f:f6:f5:e5:15:9d:1a:c4:8e:b4:d2:77:b7:b9:
         bf:98:dd:67:a9:93:d2:60:e2:ce:c5:35:00:51:ed:41:7d:0d:
         af:b0:c6:49:81:8c:74:cc:e7:0d:07:33:94:c3:2b:0a:58:50:
         3e:08:e1:99:f7:cf:ed:a1:de:1d:2e:ff:c3:dd:7d:9b:95:15:
         68:79:23:1e:8e:9d:c2:13:52:33:04:89:88:b8:ee:2c:59:f0:
         88:5c:87:a3:a3:87:c8:41:bd:85:27:d0:8f:96:06:7e:c1:fb:
         30:46:3f:25:d9:b4:95:69:0d:cf:c0:86:df:21:be:c1:c9:79:
         0a:db:41:ce
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAYh2G3lZ3X7LL2T49xYcthsCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1M2QwNGU3MmJiMjQ5Yzc5ZWIxMTY4Y2YxZDQzYTNjYTU0
OGMyMDYwHhcNMjMwNjAxMDgzODExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWQxMjc4MjY2ZmQ2MWYyOWMwZjFjZDEyYTMwNjIzNWViYmE3NDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNWtT9vtmb9krI/S1woZNibrCDt8
RNDob5KxdnLUCqg4K25kivQB+Zq2QaOCTCQhFpXXpttNWh2EGngBKphRCAZ4b4tj
4OviygAtoxBCdMJu0TOs1DmNbFwT22e1Tv0uFR7UfrGFQg/PnroRYxhOZ5XSFRj1
T+z4W/lyHphCOZ0Itgc9IxCJovkUb1rMvbudgV12/lL6ULmR2xeD3mjHlQP3Aexs
BZbN4Dr4nRUYpRFMoSmSaqh8jzFruSwpHmMfqbIHd7Rpq9ZQSi/rhPPtjWEw9iIw
PtN7P+nUi3v96PgI9Ejxtucwk6yBShQO0CTwYOx3cvSjKblQjjHsNiyw6wIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFL7RJ4Jm/WHynA8c0SowYjXrunQFMB8GA1UdIwQY
MBaAFAU9BOcrsknHnrEWjPHUOjylSMIGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlQwRTV5dXlTY2Vlc1JhTThkUTZQS1ZJd2dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zNTUwYjQtNTFiNS00NDhiLWFiNjIt
MmE4MTNkYmY0NTgyLzEvdnRFbmdtYjlZZktjRHh6UktqQmlOZXU2ZEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zNTUwYjQtNTFiNS00NDhiLWFiNjItMmE4MTNkYmY0NTgy
LzEvQlQwRTV5dXlTY2Vlc1JhTThkUTZQS1ZJd2dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBggQCAAEwfAMEB01W
gDAMAwQATVvRAwQDTVvQMAwDBAVQRaADBAJQRagDBANREcADBAZTkcADBAZTlkAD
BAVUFIADBAdU74ADBAReZQADBANtS+ADBAK5e3QDBAa8dQADBADBaCYDBAPCHcAD
BALCTxADBAXVnUADBATZHrADBATZlTAwHQQCAAIwFwMHACABBnwAcAMFAyABG8gD
BQMqAVHAMA0GCSqGSIb3DQEBCwUAA4IBAQC2HZewbe2JsKxktxCOo8qfa+Ex2UJI
zjv2iMUkiuDQjf5h6SblxmBNvVqsx9LvcrdC2zMQ470qIi0TITZIii0vOaBTaAWF
TjkaCsXwkrzYirtNAI8uoQfxdu/nXGfF1OpBOhxPoRXdv+3MM85I984U72BJ3nOa
ofBDSSRXvXSaSRkEn/b15RWdGsSOtNJ3t7m/mN1nqZPSYOLOxTUAUe1BfQ2vsMZJ
gYx0zOcNBzOUwysKWFA+COGZ98/tod4dLv/D3X2blRVoeSMejp3CE1IzBImIuO4s
WfCIXIejo4fIQb2FJ9CPlgZ+wfswRj8l2bSVaQ3PwIbfIb7ByXkK20HO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:50 2024 by rpki-client on console-fra.rpki-client.org