Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/tbd-YnF7meUeRYDXwfpjQti3394.roa
File:                     tbd-YnF7meUeRYDXwfpjQti3394.roa (raw, json)
Hash identifier:          I9wAMvROMiChcCpZpFoj935SObKT+1r9AytXt/U3blI=
Subject key identifier:   B5:B7:7E:62:71:7B:99:E5:1E:45:80:D7:C1:FA:63:42:D8:B7:DF:DE
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018BECB05749446142FCA504DF2FBF3C8CBB
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/tbd-YnF7meUeRYDXwfpjQti3394.roa
Signing time:             Mon 20 Nov 2023 12:24:21 +0000
ROA not before:           Mon 20 Nov 2023 12:24:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        91.186.216.0/22 maxlen: 24
                          94.241.168.0/21 maxlen: 24
                          83.147.216.0/24 maxlen: 24
                          178.253.26.0/23 maxlen: 24
                          83.147.244.0/22 maxlen: 24
                          83.147.252.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Thu 23 Nov 2023 19:37:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:ec:b0:57:49:44:61:42:fc:a5:04:df:2f:bf:3c:8c:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Nov 20 12:24:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b5b77e62717b99e51e4580d7c1fa6342d8b7dfde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f1:a9:26:ad:8a:c4:9d:29:1e:e5:7d:c7:8a:
                    65:b1:f3:17:c6:3c:23:b3:a2:f7:2f:35:16:b6:7b:
                    01:f1:6d:f6:db:58:2c:2f:0a:45:51:1a:9e:fe:5d:
                    80:fa:11:e4:71:c7:af:d7:3e:a1:5e:e3:b1:f2:ef:
                    21:3b:a6:49:16:9d:e8:b1:51:93:7f:48:c4:38:ff:
                    f9:1e:ef:79:ee:16:5e:34:19:1c:4a:93:c3:31:b8:
                    2b:8e:43:88:28:7f:06:a0:bd:66:a4:ae:91:7a:08:
                    f3:e6:1d:06:45:c6:0f:8d:9d:08:32:14:8b:04:c0:
                    e3:9b:37:09:90:84:5f:41:45:ed:d7:63:d4:b3:4b:
                    07:ea:21:5e:ad:d3:66:1f:c6:9f:30:57:f0:d6:0e:
                    d5:4f:1e:e3:3c:19:fd:b8:57:d1:bf:73:08:58:36:
                    15:67:1b:e3:9b:97:be:50:49:13:27:ff:ce:71:8a:
                    ad:ad:af:ec:d5:c6:8b:44:16:d3:4c:b0:3c:36:c6:
                    86:6e:62:52:45:1c:bb:15:42:5e:d6:72:36:3f:9c:
                    d6:d8:30:64:3d:ab:19:87:4d:84:04:9d:88:0f:32:
                    03:39:c0:bf:e1:88:2f:e2:36:05:86:e4:bc:ae:52:
                    3a:99:b1:4a:0b:de:dc:f5:30:c5:da:3b:0e:57:98:
                    50:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B7:7E:62:71:7B:99:E5:1E:45:80:D7:C1:FA:63:42:D8:B7:DF:DE
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/tbd-YnF7meUeRYDXwfpjQti3394.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.216.0/24
                  83.147.244.0/22
                  83.147.252.0/22
                  91.186.216.0/22
                  94.241.168.0/21
                  178.253.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:89:5d:5f:52:a9:b3:dc:71:3e:bf:78:94:50:1a:7e:29:65:
         fc:c9:82:0d:e1:e8:af:9c:a6:12:0c:8e:f5:10:39:5d:80:20:
         51:f6:c3:7a:4b:90:a1:59:3f:b4:50:ad:cb:6a:61:51:2f:07:
         cf:3d:c8:20:96:d1:e6:0e:91:2c:25:55:d4:ed:9a:6e:4d:0a:
         ac:72:ae:c7:17:78:be:7c:10:27:ce:1e:b3:b9:5c:43:a9:7f:
         14:c7:76:38:df:85:eb:97:d2:7d:a2:5c:83:0a:d5:74:97:d8:
         bf:2f:dd:ed:a0:66:41:70:1d:dc:5f:f3:fb:55:b8:4b:33:f8:
         94:73:f8:03:8c:dc:95:9f:50:dc:d2:8b:14:8c:6d:1e:a8:43:
         27:5f:c0:b8:20:e8:f8:3e:0a:ea:29:f1:c8:6d:4e:58:09:8b:
         20:b4:3d:35:a0:da:a6:2f:0e:ef:89:a6:89:16:33:79:9b:a5:
         ff:08:18:5c:18:dd:16:0d:eb:46:1b:4c:2f:a9:7e:61:dd:0e:
         78:0b:60:46:6f:6f:3b:77:af:4b:b7:c0:b8:c8:c0:0d:f8:0f:
         03:99:7f:bf:4e:d1:53:4e:86:b8:e6:e8:d7:80:02:9c:11:33:
         1c:21:99:97:63:fe:32:40:33:fb:c2:06:da:d9:ff:5d:5b:04:
         e7:d4:2e:b6
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYvssFdJRGFC/KUE3y+/PIy7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjMxMTIwMTIyNDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI3N2U2MjcxN2I5OWU1MWU0NTgwZDdjMWZhNjM0MmQ4YjdkZmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvGpJq2KxJ0pHuV9x4plsfMXxjwj
s6L3LzUWtnsB8W3221gsLwpFURqe/l2A+hHkccev1z6hXuOx8u8hO6ZJFp3osVGT
f0jEOP/5Hu957hZeNBkcSpPDMbgrjkOIKH8GoL1mpK6Regjz5h0GRcYPjZ0IMhSL
BMDjmzcJkIRfQUXt12PUs0sH6iFerdNmH8afMFfw1g7VTx7jPBn9uFfRv3MIWDYV
Zxvjm5e+UEkTJ//OcYqtra/s1caLRBbTTLA8NsaGbmJSRRy7FUJe1nI2P5zW2DBk
PasZh02EBJ2IDzIDOcC/4Ygv4jYFhuS8rlI6mbFKC97c9TDF2jsOV5hQLwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLW3fmJxe5nlHkWA18H6Y0LYt9/eMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdGJkLVluRjdtZVVlUllEWHdmcGpRdGkzMzk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAU5PYAwQC
U5P0AwQCU5P8AwQCW7rYAwQDXvGoAwQBsv0aMA0GCSqGSIb3DQEBCwUAA4IBAQAg
iV1fUqmz3HE+v3iUUBp+KWX8yYIN4eivnKYSDI71EDldgCBR9sN6S5ChWT+0UK3L
amFRLwfPPcggltHmDpEsJVXU7ZpuTQqscq7HF3i+fBAnzh6zuVxDqX8Ux3Y434Xr
l9J9olyDCtV0l9i/L93toGZBcB3cX/P7VbhLM/iUc/gDjNyVn1Dc0osUjG0eqEMn
X8C4IOj4PgrqKfHIbU5YCYsgtD01oNqmLw7viaaJFjN5m6X/CBhcGN0WDetGG0wv
qX5h3Q54C2BGb287d69Lt8C4yMAN+A8DmX+/TtFTToa45ujXgAKcETMcIZmXY/4y
QDP7wgba2f9dWwTn1C62
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:20 2024 by rpki-client on console-ams.rpki-client.org