Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/IFpAmOPc8bTL8_-pO0WREbG5T2w.roa
File:                     IFpAmOPc8bTL8_-pO0WREbG5T2w.roa (raw, json)
Hash identifier:          cQ/fTbJLQc6PCNoLID6xSfhd8hkVFbOH+MyetQP2AYk=
Subject key identifier:   20:5A:40:98:E3:DC:F1:B4:CB:F3:FF:A9:3B:45:91:11:B1:B9:4F:6C
Certificate issuer:       /CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
Certificate serial:       0185714C211B0964350E42B197E2D0DA47B4
Authority key identifier: F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/IFpAmOPc8bTL8_-pO0WREbG5T2w.roa
Signing time:             Mon 02 Jan 2023 07:04:52 +0000
ROA not before:           Mon 02 Jan 2023 07:04:52 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35244
IP address blocks:        95.157.0.0/18 maxlen: 18
                          195.234.128.0/24 maxlen: 24
                          46.128.0.0/16 maxlen: 16
                          94.139.0.0/19 maxlen: 19
                          94.139.0.0/20 maxlen: 20
                          83.243.112.0/21 maxlen: 21
                          194.105.96.0/21 maxlen: 21
                          94.139.16.0/20 maxlen: 20
                          193.25.118.0/23 maxlen: 23
                          109.125.64.0/18 maxlen: 18
                          77.47.0.0/17 maxlen: 17
                          195.46.44.0/22 maxlen: 22
                          85.233.32.0/19 maxlen: 19
                          185.169.204.0/22 maxlen: 22
                          88.215.64.0/18 maxlen: 18
                          2a02:2455::/33 maxlen: 33
                          2001:4c50::/32 maxlen: 32
                          2a02:2457:300::/40 maxlen: 40

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:4c:21:1b:09:64:35:0e:42:b1:97:e2:d0:da:47:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b769a53dd86352d3440f222bdf907cf09c2dba
        Validity
            Not Before: Jan  2 07:04:52 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=205a4098e3dcf1b4cbf3ffa93b459111b1b94f6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:4f:12:ad:8d:27:7e:85:32:55:ff:8e:7c:9d:
                    6d:d4:3d:78:a8:74:26:8b:53:32:1f:1b:53:e1:33:
                    14:60:59:d1:7f:77:8e:37:f2:a0:fd:a8:a8:61:f5:
                    5c:d2:23:60:4b:f8:ff:fd:25:57:c1:3d:ec:93:36:
                    17:7e:d4:48:f7:9e:86:62:25:0c:d4:ba:f4:f6:39:
                    05:81:77:75:43:ce:88:64:6f:63:ce:70:f0:4f:50:
                    2d:2c:99:6f:3b:6a:49:92:38:42:5d:fe:f3:a0:91:
                    84:98:fb:63:98:ae:6a:91:6b:5c:0f:ca:73:ec:2b:
                    c7:44:54:c0:de:30:52:e7:51:00:b4:93:1e:76:49:
                    82:9f:11:58:ab:1e:d2:90:45:b4:60:4d:66:07:78:
                    26:ce:ae:da:89:f9:16:0f:c6:77:c8:08:02:fc:d6:
                    92:4b:f3:6e:8c:c4:1d:1c:c3:e4:10:e9:8e:78:b9:
                    0a:a3:22:41:a2:0a:37:13:68:36:c9:cf:cb:b3:ea:
                    72:24:c1:cb:77:a1:b0:ab:41:e9:8f:49:29:ac:b9:
                    45:c7:71:0f:01:e8:c5:8b:a9:15:2b:da:33:97:e9:
                    8b:3f:0a:3f:7a:03:80:5f:93:0c:ee:e6:dd:32:b0:
                    3c:c2:22:4d:b6:53:3f:e6:93:39:f7:24:7e:bd:dd:
                    56:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:5A:40:98:E3:DC:F1:B4:CB:F3:FF:A9:3B:45:91:11:B1:B9:4F:6C
            X509v3 Authority Key Identifier:
                keyid:F4:B7:69:A5:3D:D8:63:52:D3:44:0F:22:2B:DF:90:7C:F0:9C:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdppT3YY1LTRA8iK9-QfPCcLbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/IFpAmOPc8bTL8_-pO0WREbG5T2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/70d50f-ff3c-4f63-8dec-d7c36c27c087/1/9LdppT3YY1LTRA8iK9-QfPCcLbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.128.0.0/16
                  77.47.0.0/17
                  83.243.112.0/21
                  85.233.32.0/19
                  88.215.64.0/18
                  94.139.0.0/19
                  95.157.0.0/18
                  109.125.64.0/18
                  185.169.204.0/22
                  193.25.118.0/23
                  194.105.96.0/21
                  195.46.44.0/22
                  195.234.128.0/24
                IPv6:
                  2001:4c50::/32
                  2a02:2455::/33
                  2a02:2457:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:cc:cb:d6:d4:3d:fc:99:0d:e1:43:a9:01:59:57:83:dd:7b:
         1a:53:9d:f2:dc:5a:93:42:a5:1a:83:b9:b1:e1:34:6d:3e:26:
         93:d1:c9:d6:e9:51:0a:b6:3c:7e:89:45:f9:94:96:e6:8f:dc:
         c4:ff:5b:4f:97:43:71:43:52:5b:d7:f6:d6:c1:50:27:1c:e2:
         d8:03:f2:db:a2:54:bd:c0:cc:65:40:53:a3:2e:90:c4:17:70:
         e6:6f:92:1d:8a:14:02:07:42:0d:68:2f:d1:bc:b8:fb:51:be:
         3f:40:ac:35:95:97:6e:ec:ac:12:6a:eb:df:61:7d:e0:34:30:
         77:9e:d8:6a:9f:89:b0:45:fa:52:ab:59:43:cb:87:1b:2e:ef:
         8e:77:51:78:8e:f5:c4:cd:07:0a:46:15:f9:67:c2:98:42:9d:
         39:ac:cf:e5:c5:10:89:de:bc:0e:b7:3f:4f:2f:4e:76:58:94:
         82:9e:67:6f:72:47:23:73:bf:c8:4d:ac:e1:ac:91:29:7b:9d:
         de:1e:62:9b:eb:bf:a0:40:14:d6:89:b1:23:f9:67:c7:f0:97:
         f1:5b:14:fe:45:29:70:d8:23:05:11:99:53:0d:6e:b2:8f:2e:
         c2:7a:8b:0e:3e:59:a8:a2:aa:3a:32:ca:50:f3:f5:e4:00:f7:
         ec:5a:28:6b
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYVxTCEbCWQ1DkKxl+LQ2ke0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2OWE1M2RkODYzNTJkMzQ0MGYyMjJiZGY5MDdjZjA5
YzJkYmEwHhcNMjMwMTAyMDcwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDVhNDA5OGUzZGNmMWI0Y2JmM2ZmYTkzYjQ1OTExMWIxYjk0ZjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkk8SrY0nfoUyVf+OfJ1t1D14qHQm
i1MyHxtT4TMUYFnRf3eON/Kg/aioYfVc0iNgS/j//SVXwT3skzYXftRI956GYiUM
1Lr09jkFgXd1Q86IZG9jznDwT1AtLJlvO2pJkjhCXf7zoJGEmPtjmK5qkWtcD8pz
7CvHRFTA3jBS51EAtJMedkmCnxFYqx7SkEW0YE1mB3gmzq7aifkWD8Z3yAgC/NaS
S/NujMQdHMPkEOmOeLkKoyJBogo3E2g2yc/Ls+pyJMHLd6Gwq0Hpj0kprLlFx3EP
AejFi6kVK9ozl+mLPwo/egOAX5MM7ubdMrA8wiJNtlM/5pM59yR+vd1W7wIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFCBaQJjj3PG0y/P/qTtFkRGxuU9sMB8GA1UdIwQY
MBaAFPS3aaU92GNS00QPIivfkHzwnC26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMt
ZDdjMzZjMjdjMDg3LzEvSUZwQW1PUGM4YlRMOF8tcE8wV1JFYkc1VDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83MGQ1MGYtZmYzYy00ZjYzLThkZWMtZDdjMzZjMjdjMDg3
LzEvOUxkcHBUM1lZMUxUUkE4aUs5LVFmUENjTGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwUwQCAAEwTQMDAC6AAwQH
TS8AAwQDU/NwAwQFVekgAwQGWNdAAwQFXosAAwQGX50AAwQGbX1AAwQCuanMAwQB
wRl2AwQDwmlgAwQCwy4sAwQAw+qAMB0EAgACMBcDBQAgAUxQAwYHKgIkVQADBgAq
AiRXAzANBgkqhkiG9w0BAQsFAAOCAQEAKszL1tQ9/JkN4UOpAVlXg917GlOd8txa
k0KlGoO5seE0bT4mk9HJ1ulRCrY8folF+ZSW5o/cxP9bT5dDcUNSW9f21sFQJxzi
2APy26JUvcDMZUBToy6QxBdw5m+SHYoUAgdCDWgv0by4+1G+P0CsNZWXbuysEmrr
32F94DQwd57Yap+JsEX6UqtZQ8uHGy7vjndReI71xM0HCkYV+WfCmEKdOazP5cUQ
id68Drc/Ty9OdliUgp5nb3JHI3O/yE2s4ayRKXud3h5im+u/oEAU1omxI/lnx/CX
8VsU/kUpcNgjBRGZUw1uso8uwnqLDj5ZqKKqOjLKUPP15AD37Fooaw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:42 2024 by rpki-client on console-fra.rpki-client.org