Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/IzOrBTOsRpvcHv3wl4m7ioO8zs8.roa
File:                     IzOrBTOsRpvcHv3wl4m7ioO8zs8.roa (raw, json)
Hash identifier:          /Xq7jAxwXu3t06xiZSZ++bAECrPbznmj5Krf4doQZLM=
Subject key identifier:   23:33:AB:05:33:AC:46:9B:DC:1E:FD:F0:97:89:BB:8A:83:BC:CE:CF
Certificate issuer:       /CN=edb04a943332768017266f4e5f56c006d98ebbb4
Certificate serial:       01856CAF01D0D777646FDBC6CD30DD03E7E2
Authority key identifier: ED:B0:4A:94:33:32:76:80:17:26:6F:4E:5F:56:C0:06:D9:8E:BB:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/IzOrBTOsRpvcHv3wl4m7ioO8zs8.roa
Signing time:             Sun 01 Jan 2023 09:34:46 +0000
ROA not before:           Sun 01 Jan 2023 09:34:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     202276
IP address blocks:        185.251.8.0/23 maxlen: 23
                          185.251.10.0/23 maxlen: 23
                          2a03:b8c0:1::/48 maxlen: 48
                          2a03:b8c0:5::/48 maxlen: 48
                          2a03:b8c0:10::/48 maxlen: 48
                          2a03:b8c0::/48 maxlen: 48
                          2a03:b8c0:13::/48 maxlen: 48
                          2a03:b8c0:3::/48 maxlen: 48
                          2a03:b8c0:9::/48 maxlen: 48
                          2a03:b8c0:14::/48 maxlen: 48
                          2a03:b8c0:7::/48 maxlen: 48
                          2a03:b8c0:2::/48 maxlen: 48
                          2a03:b8c0:12::/48 maxlen: 48
                          2a03:b8c0:8::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:33:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:af:01:d0:d7:77:64:6f:db:c6:cd:30:dd:03:e7:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=edb04a943332768017266f4e5f56c006d98ebbb4
        Validity
            Not Before: Jan  1 09:34:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=2333ab0533ac469bdc1efdf09789bb8a83bccecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:73:57:08:b9:c5:24:b3:a4:6b:7f:c1:c2:86:
                    58:95:a8:ed:e3:96:bb:87:30:29:4e:2d:c4:9e:92:
                    64:71:fa:d6:cd:58:ba:d5:0e:9a:58:e8:01:a3:1b:
                    ab:d2:70:1a:48:54:a7:f7:5a:a6:38:3a:27:be:cf:
                    a3:70:cb:62:1e:76:36:42:79:42:58:6d:00:2b:ca:
                    87:d3:95:f1:ba:09:2b:48:d7:f7:cf:85:32:65:52:
                    8b:c5:22:5f:25:24:0a:b7:0e:39:a9:c8:78:72:83:
                    7d:24:b8:56:56:57:7f:9d:c2:89:ac:39:ad:9d:0c:
                    d8:e6:57:2f:fd:af:4c:97:70:ca:e2:02:0b:ef:2d:
                    30:b2:1e:d0:56:9a:dc:14:b6:89:12:66:69:30:15:
                    89:25:37:3c:20:3a:74:1c:a6:98:62:9e:4c:4b:b9:
                    84:16:67:50:3e:fd:1c:e5:f3:f5:f5:c7:00:d9:43:
                    ed:b7:a5:d8:72:41:42:f6:be:d9:6f:ff:a2:bd:cf:
                    b1:e2:57:ae:0e:b7:b3:8e:9c:6e:f0:e4:29:58:01:
                    bf:e1:5e:8c:b9:07:30:de:40:18:7d:22:9a:79:06:
                    b9:65:72:e4:84:b2:e2:ce:5c:f1:70:cc:2a:3a:df:
                    9b:ab:0e:f9:46:ac:ea:d7:0c:ea:04:ea:29:a1:c3:
                    0a:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:33:AB:05:33:AC:46:9B:DC:1E:FD:F0:97:89:BB:8A:83:BC:CE:CF
            X509v3 Authority Key Identifier:
                keyid:ED:B0:4A:94:33:32:76:80:17:26:6F:4E:5F:56:C0:06:D9:8E:BB:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7bBKlDMydoAXJm9OX1bABtmOu7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/IzOrBTOsRpvcHv3wl4m7ioO8zs8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/50a4c4-91d1-4311-b67b-e45fa64d4d2d/1/7bBKlDMydoAXJm9OX1bABtmOu7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.251.8.0/22
                IPv6:
                  2a03:b8c0::/46
                  2a03:b8c0:5::/48
                  2a03:b8c0:7::-2a03:b8c0:9:ffff:ffff:ffff:ffff:ffff
                  2a03:b8c0:10::/48
                  2a03:b8c0:12::-2a03:b8c0:14:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         06:c9:51:e5:5e:0f:d9:54:83:e7:11:6a:4c:37:33:49:c9:bc:
         5a:5e:4b:a1:6a:41:8a:22:f9:44:16:be:a4:af:c1:85:a0:54:
         ec:bc:ca:6c:03:1c:4d:78:08:b9:a8:a9:ac:be:a3:ff:3e:2c:
         46:3b:47:b5:99:1a:b5:d8:42:84:b3:79:2f:21:26:f0:78:11:
         3e:7b:a2:41:0c:36:ff:c3:73:36:b8:d0:68:35:ec:d5:83:e0:
         7d:82:8f:04:e4:81:97:72:78:29:dc:b8:40:80:43:8a:d8:fc:
         4a:99:48:b4:1a:37:b0:c9:56:a1:67:69:f8:5c:b3:66:ca:ff:
         35:97:b6:75:31:56:26:f5:e6:c9:9e:52:af:04:87:e9:60:a4:
         e7:d2:84:54:1d:2d:1b:67:4f:8a:d5:98:8c:9c:d2:40:dd:f7:
         72:48:c2:28:cc:75:88:b4:f5:76:08:b3:d9:d8:bb:02:cf:cd:
         e9:9b:d1:c9:44:43:8a:e8:de:0f:eb:32:ae:ab:59:85:39:d1:
         f4:92:d7:75:3e:7f:96:91:8c:ef:2e:14:26:3f:d1:53:55:12:
         6a:76:c1:c2:fb:80:15:06:1e:8b:20:1a:98:90:da:80:0a:f8:
         f2:6f:2c:57:1c:ad:58:ae:26:f8:66:4a:f0:a2:46:a4:c7:5c:
         34:75:2a:66
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVsrwHQ13dkb9vGzTDdA+fiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkYjA0YTk0MzMzMjc2ODAxNzI2NmY0ZTVmNTZjMDA2ZDk4
ZWJiYjQwHhcNMjMwMTAxMDkzNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMzYWIwNTMzYWM0NjliZGMxZWZkZjA5Nzg5YmI4YTgzYmNjZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnNXCLnFJLOka3/BwoZYlajt45a7
hzApTi3EnpJkcfrWzVi61Q6aWOgBoxur0nAaSFSn91qmODonvs+jcMtiHnY2QnlC
WG0AK8qH05XxugkrSNf3z4UyZVKLxSJfJSQKtw45qch4coN9JLhWVld/ncKJrDmt
nQzY5lcv/a9Ml3DK4gIL7y0wsh7QVprcFLaJEmZpMBWJJTc8IDp0HKaYYp5MS7mE
FmdQPv0c5fP19ccA2UPtt6XYckFC9r7Zb/+ivc+x4leuDrezjpxu8OQpWAG/4V6M
uQcw3kAYfSKaeQa5ZXLkhLLizlzxcMwqOt+bqw75Rqzq1wzqBOopocMKJwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFCMzqwUzrEab3B798JeJu4qDvM7PMB8GA1UdIwQY
MBaAFO2wSpQzMnaAFyZvTl9WwAbZjru0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2JCS2xETXlkb0FYSm05T1gxYkFCdG1PdTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC81MGE0YzQtOTFkMS00MzExLWI2N2It
ZTQ1ZmE2NGQ0ZDJkLzEvSXpPckJUT3NScHZjSHYzd2w0bTdpb084enM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC81MGE0YzQtOTFkMS00MzExLWI2N2ItZTQ1ZmE2NGQ0ZDJk
LzEvN2JCS2xETXlkb0FYSm05T1gxYkFCdG1PdTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTAMBAIAATAGAwQCufsIMEkE
AgACMEMDBwIqA7jAAAADBwAqA7jAAAUwEgMHACoDuMAABwMHASoDuMAACAMHACoD
uMAAEDASAwcBKgO4wAASAwcAKgO4wAAUMA0GCSqGSIb3DQEBCwUAA4IBAQAGyVHl
Xg/ZVIPnEWpMNzNJybxaXkuhakGKIvlEFr6kr8GFoFTsvMpsAxxNeAi5qKmsvqP/
PixGO0e1mRq12EKEs3kvISbweBE+e6JBDDb/w3M2uNBoNezVg+B9go8E5IGXcngp
3LhAgEOK2PxKmUi0GjewyVahZ2n4XLNmyv81l7Z1MVYm9ebJnlKvBIfpYKTn0oRU
HS0bZ0+K1ZiMnNJA3fdySMIozHWItPV2CLPZ2LsCz83pm9HJREOK6N4P6zKuq1mF
OdH0ktd1Pn+WkYzvLhQmP9FTVRJqdsHC+4AVBh6LIBqYkNqACvjybyxXHK1Yrib4
Zkrwokakx1w0dSpm
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:05 2024 by rpki-client on console-fra.rpki-client.org