Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/1-dhZMG_fYfF8UzRgP5hQmOul2vE.roa
File:                     1-dhZMG_fYfF8UzRgP5hQmOul2vE.roa (raw, json)
Hash identifier:          pU1iZxruOcHMNgK/S/La/3np5Z3SZ93ap6xKMqpmYh8=
Subject key identifier:   F9:D8:59:30:6F:DF:61:F1:7C:53:34:60:3F:98:50:98:EB:A5:DA:F1
Certificate issuer:       /CN=84e1429a53e6463b3c74f5a3f17c5d4a51ebd0b8
Certificate serial:       018B2849EFF9766115390418F102D2572128
Authority key identifier: 84:E1:42:9A:53:E6:46:3B:3C:74:F5:A3:F1:7C:5D:4A:51:EB:D0:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/1-dhZMG_fYfF8UzRgP5hQmOul2vE.roa
Signing time:             Fri 13 Oct 2023 09:06:56 +0000
ROA not before:           Fri 13 Oct 2023 09:06:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62000
IP address blocks:        45.147.98.0/24 maxlen: 24
                          45.147.96.0/23 maxlen: 24
                          45.147.99.0/24 maxlen: 24
                          193.168.144.0/24 maxlen: 24
                          193.168.145.0/24 maxlen: 24
                          193.168.147.0/24 maxlen: 24
                          193.168.146.0/24 maxlen: 24
                          45.155.168.0/22 maxlen: 24
                          45.155.168.0/24 maxlen: 24
                          185.157.245.0/24 maxlen: 24
                          185.157.244.0/24 maxlen: 24
                          185.216.24.0/24 maxlen: 24
                          185.216.25.0/24 maxlen: 24
                          185.216.27.0/24 maxlen: 24
                          185.216.26.0/24 maxlen: 24
                          2a07:abc0::/29 maxlen: 64
                          2a0b:b140::/29 maxlen: 64
                          2a09:6383::/32 maxlen: 64
                          2a09:6385::/32 maxlen: 64
                          2a09:6382::/32 maxlen: 64
                          2a09:6384::/32 maxlen: 64

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:28:49:ef:f9:76:61:15:39:04:18:f1:02:d2:57:21:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84e1429a53e6463b3c74f5a3f17c5d4a51ebd0b8
        Validity
            Not Before: Oct 13 09:06:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f9d859306fdf61f17c5334603f985098eba5daf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:71:3c:40:eb:3b:9b:59:5e:0c:75:91:4c:fd:
                    99:54:7e:eb:52:fe:6d:d4:e2:5b:c0:80:1f:a4:f3:
                    03:ba:b6:34:2b:04:e3:a9:16:48:77:a5:18:21:0c:
                    80:c5:5d:2d:b1:dd:9c:a9:56:27:e0:31:d7:e9:45:
                    da:75:8e:1d:06:5e:e4:bb:61:23:b6:33:59:b1:e1:
                    40:44:0c:0b:2b:20:9e:2c:22:7e:90:79:47:5b:02:
                    89:bd:35:7f:90:cb:5f:18:cd:d4:c5:8e:86:2b:28:
                    c9:91:39:b1:9e:f1:d9:ad:47:71:63:2f:27:61:1e:
                    73:62:56:4d:fd:e8:41:2e:4d:2f:24:8d:14:30:36:
                    7f:59:6a:07:33:7a:d0:6a:25:52:fa:51:46:1b:d7:
                    fa:13:1b:77:b9:14:b0:d6:87:0b:3e:b8:3e:82:80:
                    88:fe:4d:29:a5:86:dd:a5:e3:e4:6e:05:10:b5:d5:
                    15:9c:3a:5f:19:ef:02:cc:9a:30:53:01:1d:62:a3:
                    e4:a2:0a:67:9a:8f:a7:f5:7c:ab:6d:20:2a:4b:91:
                    ad:a7:e3:7b:73:7d:7a:f8:6b:2e:ea:d5:33:84:6c:
                    30:76:2d:5b:de:15:5f:b9:cb:d2:e9:99:92:85:e8:
                    12:aa:d6:d6:0c:c8:53:4e:a5:65:86:6d:10:bf:e8:
                    18:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:D8:59:30:6F:DF:61:F1:7C:53:34:60:3F:98:50:98:EB:A5:DA:F1
            X509v3 Authority Key Identifier:
                keyid:84:E1:42:9A:53:E6:46:3B:3C:74:F5:A3:F1:7C:5D:4A:51:EB:D0:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/1-dhZMG_fYfF8UzRgP5hQmOul2vE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/72dbdf-c71d-4e59-8076-c41dcca8b775/1/hOFCmlPmRjs8dPWj8XxdSlHr0Lg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.96.0/22
                  45.155.168.0/22
                  185.157.244.0/23
                  185.216.24.0/22
                  193.168.144.0/22
                IPv6:
                  2a07:abc0::/29
                  2a09:6382::-2a09:6385:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0b:b140::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:7b:31:43:cf:2a:99:90:d0:32:76:6d:af:24:ba:14:5e:9e:
         a7:b5:ee:09:71:1f:41:97:70:cc:15:87:56:8d:44:82:2e:67:
         59:de:12:c9:e9:83:40:81:bf:f4:09:22:d5:d9:f9:44:77:8a:
         a9:2b:6a:70:85:d2:8a:f9:70:82:41:25:ca:36:62:30:d3:77:
         6a:1e:75:cb:2d:d5:71:dc:55:b3:8a:4a:38:67:8a:05:c9:e2:
         81:e6:6b:a6:de:95:8a:e4:11:03:28:d4:09:8f:fc:fb:a3:31:
         0d:55:7b:68:84:33:a2:3b:e9:5f:87:23:28:ad:b4:88:88:7f:
         c9:13:15:6b:39:c9:81:a2:52:06:ae:85:19:f6:4c:64:83:7f:
         cd:da:c7:92:a3:e9:12:9c:3c:68:8e:ca:ae:a7:8c:67:b3:1b:
         d5:be:fb:03:60:15:39:19:42:23:a1:72:3e:97:0c:8b:c3:4c:
         0a:23:a0:ff:62:32:03:c4:fa:ef:a0:40:83:6e:3d:d6:f8:5f:
         dd:be:10:af:38:56:15:d3:9f:ae:af:62:a6:96:61:35:97:fa:
         e5:bb:26:a6:fb:de:7e:67:d3:fa:1e:04:98:b6:84:fb:47:05:
         96:b7:6c:13:2d:d2:64:90:cd:5f:e7:bf:5f:c2:25:dc:97:48:
         a0:d8:75:db
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYsoSe/5dmEVOQQY8QLSVyEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZTE0MjlhNTNlNjQ2M2IzYzc0ZjVhM2YxN2M1ZDRhNTFl
YmQwYjgwHhcNMjMxMDEzMDkwNjU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWQ4NTkzMDZmZGY2MWYxN2M1MzM0NjAzZjk4NTA5OGViYTVkYWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3E8QOs7m1leDHWRTP2ZVH7rUv5t
1OJbwIAfpPMDurY0KwTjqRZId6UYIQyAxV0tsd2cqVYn4DHX6UXadY4dBl7ku2Ej
tjNZseFARAwLKyCeLCJ+kHlHWwKJvTV/kMtfGM3UxY6GKyjJkTmxnvHZrUdxYy8n
YR5zYlZN/ehBLk0vJI0UMDZ/WWoHM3rQaiVS+lFGG9f6Ext3uRSw1ocLPrg+goCI
/k0ppYbdpePkbgUQtdUVnDpfGe8CzJowUwEdYqPkogpnmo+n9XyrbSAqS5Gtp+N7
c316+Gsu6tUzhGwwdi1b3hVfucvS6ZmShegSqtbWDMhTTqVlhm0Qv+gYzQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPnYWTBv32HxfFM0YD+YUJjrpdrxMB8GA1UdIwQY
MBaAFIThQppT5kY7PHT1o/F8XUpR69C4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE9GQ21sUG1SanM4ZFBXajhYeGRTbEhyMExnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83MmRiZGYtYzcxZC00ZTU5LTgwNzYt
YzQxZGNjYThiNzc1LzEvMS1kaFpNR19mWWZGOFV6UmdQNWhRbU91bDJ2RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjEvNzJkYmRmLWM3MWQtNGU1OS04MDc2LWM0MWRjY2E4Yjc3
NS8xL2hPRkNtbFBtUmpzOGRQV2o4WHhkU2xIcjBMZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBdBggrBgEFBQcBBwEB/wROMEwwJAQCAAEwHgMEAi2TYAME
Ai2bqAMEAbmd9AMEArnYGAMEAsGokDAkBAIAAjAeAwUDKgerwDAOAwUBKgljggMF
ASoJY4QDBQMqC7FAMA0GCSqGSIb3DQEBCwUAA4IBAQBnezFDzyqZkNAydm2vJLoU
Xp6nte4JcR9Bl3DMFYdWjUSCLmdZ3hLJ6YNAgb/0CSLV2flEd4qpK2pwhdKK+XCC
QSXKNmIw03dqHnXLLdVx3FWziko4Z4oFyeKB5mum3pWK5BEDKNQJj/z7ozENVXto
hDOiO+lfhyMorbSIiH/JExVrOcmBolIGroUZ9kxkg3/N2seSo+kSnDxojsqup4xn
sxvVvvsDYBU5GUIjoXI+lwyLw0wKI6D/YjIDxPrvoECDbj3W+F/dvhCvOFYV05+u
r2KmlmE1l/rluyam+95+Z9P6HgSYtoT7RwWWt2wTLdJkkM1f579fwiXcl0ig2HXb
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:15 2024 by rpki-client on console-fra.rpki-client.org