Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/GGl0jHeHeR7WDBmojs4ClMNt3ds.roa
File:                     GGl0jHeHeR7WDBmojs4ClMNt3ds.roa (raw, json)
Hash identifier:          88VANbNah0Th1Mc7VvGGnSE+l/xmb5TTzj1oqlYr8xE=
Subject key identifier:   18:69:74:8C:77:87:79:1E:D6:0C:19:A8:8E:CE:02:94:C3:6D:DD:DB
Certificate issuer:       /CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
Certificate serial:       0185B97718AC2A19D67A68C7F2770554A4DC
Authority key identifier: 30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/GGl0jHeHeR7WDBmojs4ClMNt3ds.roa
Signing time:             Mon 16 Jan 2023 07:24:28 +0000
ROA not before:           Mon 16 Jan 2023 07:24:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     3352
IP address blocks:        83.60.0.0/16 maxlen: 16
                          81.39.0.0/16 maxlen: 16
                          83.34.0.0/16 maxlen: 16
                          88.13.0.0/16 maxlen: 16
                          79.144.0.0/16 maxlen: 16
                          88.16.0.0/16 maxlen: 16
                          83.59.0.0/16 maxlen: 16
                          88.11.0.0/16 maxlen: 16
                          81.38.0.0/16 maxlen: 16
                          79.145.0.0/16 maxlen: 16
                          88.15.0.0/16 maxlen: 16
                          88.10.0.0/16 maxlen: 16
                          83.37.0.0/16 maxlen: 16
                          81.37.0.0/16 maxlen: 16
                          88.24.0.0/16 maxlen: 16
                          88.8.0.0/16 maxlen: 16
                          79.147.0.0/16 maxlen: 16
                          83.35.0.0/16 maxlen: 16
                          88.14.0.0/16 maxlen: 16
                          88.9.0.0/16 maxlen: 16
                          2.137.0.0/16 maxlen: 16
                          88.25.0.0/16 maxlen: 16
                          83.57.0.0/16 maxlen: 16

Validation:               Failed, certificate revoked on Tue 17 Jan 2023 07:24:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:b9:77:18:ac:2a:19:d6:7a:68:c7:f2:77:05:54:a4:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307f5fe2740a2b6de4c3709d2964115b3c967da1
        Validity
            Not Before: Jan 16 07:24:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1869748c7787791ed60c19a88ece0294c36ddddb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:7c:99:40:bf:b4:09:d9:2c:85:91:20:e2:cd:
                    91:8e:96:6e:72:01:80:42:6a:34:ef:ff:4b:02:8a:
                    10:25:7d:16:0d:30:5a:c5:bb:17:65:76:45:a1:e1:
                    1f:30:1f:b4:86:4a:84:f7:03:38:e2:5f:40:fa:7e:
                    ec:c5:b2:fd:bb:ae:21:b3:4c:3d:a0:e1:2b:11:1c:
                    d6:a0:ef:71:c5:ba:09:d9:94:ef:e8:69:b7:13:f6:
                    20:10:65:6f:90:08:99:de:58:93:87:fc:14:71:0d:
                    e3:56:f2:cb:be:93:01:29:7b:8e:32:70:cf:c2:ea:
                    f1:37:05:9d:a6:ef:51:60:93:51:7f:ca:ae:c3:65:
                    2f:a4:6c:a8:e8:51:48:b1:20:6c:af:91:6f:29:83:
                    c6:7c:0c:47:fa:bc:56:24:bf:97:7f:0b:b5:8a:75:
                    19:4b:29:e2:f2:29:31:73:99:17:ca:26:b8:b1:82:
                    77:eb:95:16:c8:82:ea:ed:8b:aa:b6:7a:d9:35:07:
                    1e:23:8c:20:41:2a:d3:3f:b8:fd:55:58:84:33:5b:
                    ca:c6:2b:0a:a3:f2:7b:74:16:96:08:38:7d:8c:dc:
                    d4:3f:ec:18:fc:5f:a1:b9:ff:56:b7:45:99:98:ef:
                    10:a2:2c:12:79:e9:c1:ab:76:64:2e:68:0c:95:16:
                    f2:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:69:74:8C:77:87:79:1E:D6:0C:19:A8:8E:CE:02:94:C3:6D:DD:DB
            X509v3 Authority Key Identifier:
                keyid:30:7F:5F:E2:74:0A:2B:6D:E4:C3:70:9D:29:64:11:5B:3C:96:7D:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MH9f4nQKK23kw3CdKWQRWzyWfaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/GGl0jHeHeR7WDBmojs4ClMNt3ds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/dcfd48-c54a-4c78-a4ed-4ba2f8f1f83b/1/MH9f4nQKK23kw3CdKWQRWzyWfaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.137.0.0/16
                  79.144.0.0/15
                  79.147.0.0/16
                  81.37.0.0-81.39.255.255
                  83.34.0.0/15
                  83.37.0.0/16
                  83.57.0.0/16
                  83.59.0.0-83.60.255.255
                  88.8.0.0/14
                  88.13.0.0-88.16.255.255
                  88.24.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         aa:83:55:b4:12:3e:36:31:bf:a4:47:6e:31:34:26:a8:f3:ae:
         2f:b2:fb:53:03:db:28:11:68:4e:41:44:24:f7:8f:e9:6c:42:
         df:c8:a6:95:42:67:61:59:89:b2:20:43:1d:9e:a3:39:cc:dd:
         c8:9c:b7:9d:46:96:00:7d:fb:81:98:2a:6e:a5:7e:7a:25:7e:
         49:71:d3:06:4d:6d:28:17:a0:79:6c:d2:d8:80:b2:12:f8:27:
         c1:23:49:50:2f:d5:46:94:bc:03:94:30:a6:fd:3e:aa:cb:25:
         ba:34:c7:7c:d3:09:f8:86:a9:fb:43:ce:af:b6:94:76:7c:05:
         8f:d5:fd:a9:e7:4a:15:9e:07:3c:2a:71:d8:01:3e:5b:df:e8:
         15:4b:6a:21:7d:38:03:19:a4:f3:d9:80:c3:29:65:c9:11:55:
         32:41:eb:04:b7:6c:60:2f:43:4d:df:48:83:49:25:40:da:48:
         52:ab:a3:df:54:24:4a:44:3f:ab:a7:17:0c:37:8d:c8:9f:3d:
         5c:5f:c8:23:42:c9:2a:39:94:cb:fb:eb:28:2c:4b:3f:8e:5b:
         31:ef:9f:55:33:db:4a:f0:18:5a:e4:cd:7b:01:4c:40:2d:fc:
         5b:24:bb:28:e8:dc:b1:87:f2:41:fc:22:0d:d8:18:71:d7:65:
         4f:a4:46:86
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYW5dxisKhnWemjH8ncFVKTcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2Y1ZmUyNzQwYTJiNmRlNGMzNzA5ZDI5NjQxMTViM2M5
NjdkYTEwHhcNMjMwMTE2MDcyNDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODY5NzQ4Yzc3ODc3OTFlZDYwYzE5YTg4ZWNlMDI5NGMzNmRkZGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3yZQL+0CdkshZEg4s2RjpZucgGA
Qmo07/9LAooQJX0WDTBaxbsXZXZFoeEfMB+0hkqE9wM44l9A+n7sxbL9u64hs0w9
oOErERzWoO9xxboJ2ZTv6Gm3E/YgEGVvkAiZ3liTh/wUcQ3jVvLLvpMBKXuOMnDP
wurxNwWdpu9RYJNRf8quw2UvpGyo6FFIsSBsr5FvKYPGfAxH+rxWJL+Xfwu1inUZ
Syni8ikxc5kXyia4sYJ365UWyILq7YuqtnrZNQceI4wgQSrTP7j9VViEM1vKxisK
o/J7dBaWCDh9jNzUP+wY/F+huf9Wt0WZmO8QoiwSeenBq3ZkLmgMlRbycwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFBhpdIx3h3ke1gwZqI7OApTDbd3bMB8GA1UdIwQY
MBaAFDB/X+J0Citt5MNwnSlkEVs8ln2hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQt
NGJhMmY4ZjFmODNiLzEvR0dsMGpIZUhlUjdXREJtb2pzNENsTU50M2RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9kY2ZkNDgtYzU0YS00Yzc4LWE0ZWQtNGJhMmY4ZjFmODNi
LzEvTUg5ZjRuUUtLMjNrdzNDZEtXUVJXenlXZmFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwMAAokDAwFP
kAMDAE+TMAoDAwBRJQMDA1EgAwMBUyIDAwBTJQMDAFM5MAoDAwBTOwMDAFM8AwMC
WAgwCgMDAFgNAwMAWBADAwFYGDANBgkqhkiG9w0BAQsFAAOCAQEAqoNVtBI+NjG/
pEduMTQmqPOuL7L7UwPbKBFoTkFEJPeP6WxC38imlUJnYVmJsiBDHZ6jOczdyJy3
nUaWAH37gZgqbqV+eiV+SXHTBk1tKBegeWzS2ICyEvgnwSNJUC/VRpS8A5Qwpv0+
qsslujTHfNMJ+Iap+0POr7aUdnwFj9X9qedKFZ4HPCpx2AE+W9/oFUtqIX04Axmk
89mAwyllyRFVMkHrBLdsYC9DTd9Ig0klQNpIUquj31QkSkQ/q6cXDDeNyJ89XF/I
I0LJKjmUy/vrKCxLP45bMe+fVTPbSvAYWuTNewFMQC38WyS7KOjcsYfyQfwiDdgY
cddlT6RGhg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:05 2024 by rpki-client on console-fra.rpki-client.org