Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/thmCJeEwn9FqgqfawuqHfrUjC2s.roa
File:                     thmCJeEwn9FqgqfawuqHfrUjC2s.roa (raw, json)
Hash identifier:          yvC5xwIL5/816Pq7W6SxR+Lz1YEp1qv8czDk1lQLK+Y=
Subject key identifier:   B6:19:82:25:E1:30:9F:D1:6A:82:A7:DA:C2:EA:87:7E:B5:23:0B:6B
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018B9A44194F7AA524C55F26C2B8DDC961C7
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/thmCJeEwn9FqgqfawuqHfrUjC2s.roa
Signing time:             Sat 04 Nov 2023 12:17:16 +0000
ROA not before:           Sat 04 Nov 2023 12:17:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9123
IP address blocks:        91.186.198.0/24 maxlen: 24
                          91.186.199.0/24 maxlen: 24
                          91.186.196.0/24 maxlen: 24
                          91.186.197.0/24 maxlen: 24
                          94.241.138.0/24 maxlen: 24
                          94.241.139.0/24 maxlen: 24
                          94.241.141.0/24 maxlen: 24
                          94.241.142.0/24 maxlen: 24
                          94.241.143.0/24 maxlen: 24
                          94.241.140.0/24 maxlen: 24
                          94.241.168.0/24 maxlen: 24
                          94.241.169.0/24 maxlen: 24
                          94.241.170.0/24 maxlen: 24
                          94.241.171.0/24 maxlen: 24
                          178.253.40.0/24 maxlen: 24
                          178.253.41.0/24 maxlen: 24
                          178.253.42.0/24 maxlen: 24
                          178.253.43.0/24 maxlen: 24
                          83.147.244.0/24 maxlen: 24
                          83.147.245.0/24 maxlen: 24
                          83.147.246.0/24 maxlen: 24
                          83.147.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 23 Nov 2023 09:02:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:9a:44:19:4f:7a:a5:24:c5:5f:26:c2:b8:dd:c9:61:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Nov  4 12:17:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b6198225e1309fd16a82a7dac2ea877eb5230b6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:01:38:c3:d9:77:6d:cd:dc:f8:72:54:f6:77:
                    76:1f:8d:04:dd:46:d6:8c:e6:10:c6:be:29:05:fc:
                    70:45:37:59:ca:41:d4:19:47:c1:b2:6a:e3:c8:ea:
                    e9:54:99:49:dc:2c:ac:3a:b1:c8:1a:b9:ce:00:85:
                    61:d0:e8:9b:30:3b:45:ab:65:bb:70:e3:1f:92:16:
                    82:b2:ce:9b:67:f6:cd:af:e0:91:44:21:92:2a:28:
                    4d:18:5e:11:45:ca:55:59:17:19:2e:9a:4e:37:5e:
                    ea:18:5c:1d:34:8c:12:e0:c2:e2:f9:97:1b:5d:e6:
                    09:4d:28:76:44:28:25:e1:4b:bc:be:1d:d0:ff:61:
                    ec:32:73:91:3e:bc:e3:74:ba:65:dd:85:96:23:0c:
                    99:c4:7f:73:eb:ff:f7:c7:64:77:9d:d4:04:1a:a6:
                    4e:61:86:59:0d:25:89:b5:87:e5:cc:69:5f:dc:a3:
                    84:df:da:62:15:23:51:27:31:c0:cf:72:d3:f4:16:
                    88:48:dc:2c:5b:92:39:c9:59:cb:6f:d7:c0:c1:43:
                    b4:9d:3e:b5:bb:a7:85:46:1f:f0:f6:e4:bc:e3:df:
                    37:ad:95:4b:82:f1:f0:ef:1b:8f:a6:44:7b:79:ea:
                    6f:91:07:25:b8:26:46:1c:f0:6e:55:4f:53:e2:21:
                    1e:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:19:82:25:E1:30:9F:D1:6A:82:A7:DA:C2:EA:87:7E:B5:23:0B:6B
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/thmCJeEwn9FqgqfawuqHfrUjC2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.244.0/22
                  91.186.196.0/22
                  94.241.138.0-94.241.143.255
                  94.241.168.0/22
                  178.253.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         04:c0:c2:df:f9:fd:56:4b:2c:a1:5e:7e:2b:75:94:58:92:cd:
         31:65:51:b4:c4:c9:3d:e0:3f:86:e5:1c:a0:38:cd:2d:dc:1a:
         1d:96:ac:d5:7c:6b:30:63:f2:06:44:2e:cc:d2:69:e7:aa:8d:
         47:fd:e2:48:76:73:45:85:95:ce:2c:09:18:78:42:10:91:ba:
         cd:f5:be:c5:ba:ec:d0:f5:e2:37:f6:89:2e:e5:60:39:13:cc:
         e3:a7:cf:1c:68:7a:cb:41:06:c8:f3:4f:93:bd:d9:97:fa:92:
         95:eb:8d:e8:15:4c:a5:ad:c5:04:27:a3:e1:4f:5d:05:87:b9:
         66:f7:2a:fc:a2:50:53:82:e4:e1:c5:e4:52:50:cf:45:ac:90:
         62:2a:63:4a:79:bd:41:9f:1d:ba:49:29:7e:a3:e8:0f:ef:bc:
         6d:9d:c2:bc:d6:33:d6:9f:28:67:ab:f3:e9:6c:57:e8:12:5d:
         df:ce:93:b6:e8:31:fb:26:2f:b0:91:ad:df:86:5d:d0:f3:75:
         58:c0:3c:b9:09:9b:d5:26:6c:b7:48:d6:4d:b5:e9:fb:d9:21:
         1d:b8:7d:31:3d:b5:ab:b7:1e:48:94:91:89:ed:fc:39:4f:d5:
         bc:08:f8:63:10:fb:4a:2e:43:c4:5e:3e:39:8a:a8:8a:5c:6b:
         dd:c8:88:78
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYuaRBlPeqUkxV8mwrjdyWHHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjMxMTA0MTIxNzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjE5ODIyNWUxMzA5ZmQxNmE4MmE3ZGFjMmVhODc3ZWI1MjMwYjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwE4w9l3bc3c+HJU9nd2H40E3UbW
jOYQxr4pBfxwRTdZykHUGUfBsmrjyOrpVJlJ3CysOrHIGrnOAIVh0OibMDtFq2W7
cOMfkhaCss6bZ/bNr+CRRCGSKihNGF4RRcpVWRcZLppON17qGFwdNIwS4MLi+Zcb
XeYJTSh2RCgl4Uu8vh3Q/2HsMnORPrzjdLpl3YWWIwyZxH9z6//3x2R3ndQEGqZO
YYZZDSWJtYflzGlf3KOE39piFSNRJzHAz3LT9BaISNwsW5I5yVnLb9fAwUO0nT61
u6eFRh/w9uS84983rZVLgvHw7xuPpkR7eepvkQcluCZGHPBuVU9T4iEefwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLYZgiXhMJ/RaoKn2sLqh361IwtrMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvdGhtQ0plRXduOUZxZ3FmYXd1cUhmclVqQzJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCU5P0AwQC
W7rEMAwDBAFe8YoDBARe8YADBAJe8agDBAKy/SgwDQYJKoZIhvcNAQELBQADggEB
AATAwt/5/VZLLKFefit1lFiSzTFlUbTEyT3gP4blHKA4zS3cGh2WrNV8azBj8gZE
LszSaeeqjUf94kh2c0WFlc4sCRh4QhCRus31vsW67ND14jf2iS7lYDkTzOOnzxxo
estBBsjzT5O92Zf6kpXrjegVTKWtxQQno+FPXQWHuWb3KvyiUFOC5OHF5FJQz0Ws
kGIqY0p5vUGfHbpJKX6j6A/vvG2dwrzWM9afKGer8+lsV+gSXd/Ok7boMfsmL7CR
rd+GXdDzdVjAPLkJm9UmbLdI1k216fvZIR24fTE9tau3HkiUkYnt/DlP1bwI+GMQ
+0ouQ8RePjmKqIpca93IiHg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:20 2024 by rpki-client on console-ams.rpki-client.org