Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/VTXkvsE5dEwdD6pldj8hX3tK7yo.roa
File:                     VTXkvsE5dEwdD6pldj8hX3tK7yo.roa (raw, json)
Hash identifier:          VF7PJOpRcWIR8y6M5d8hWs69jU3yi6N9VSHxEjN6pZM=
Subject key identifier:   55:35:E4:BE:C1:39:74:4C:1D:0F:AA:65:76:3F:21:5F:7B:4A:EF:2A
Certificate issuer:       /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial:       0185BB5CD62C40558E03C214056B1A5C01A7
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/VTXkvsE5dEwdD6pldj8hX3tK7yo.roa
Signing time:             Mon 16 Jan 2023 16:15:01 +0000
ROA not before:           Mon 16 Jan 2023 16:15:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200000
IP address blocks:        185.233.120.0/22 maxlen: 22
                          185.124.8.0/22 maxlen: 22
                          185.233.136.0/22 maxlen: 22
                          37.139.64.0/21 maxlen: 21
                          185.39.224.0/22 maxlen: 22
                          185.233.152.0/22 maxlen: 23
                          185.149.40.0/22 maxlen: 22
                          185.233.116.0/22 maxlen: 22
                          185.235.168.0/22 maxlen: 22
                          45.154.218.0/24 maxlen: 24
                          109.205.96.0/21 maxlen: 21
                          185.104.44.0/22 maxlen: 22
                          185.104.45.0/24 maxlen: 24
                          185.65.244.0/22 maxlen: 22
                          217.173.208.0/20 maxlen: 20
                          185.226.24.0/22 maxlen: 22
                          185.225.212.0/22 maxlen: 22
                          185.25.116.0/22 maxlen: 22
                          185.68.16.0/24 maxlen: 24
                          185.68.16.0/22 maxlen: 22
                          185.233.36.0/22 maxlen: 22
                          185.233.40.0/22 maxlen: 22
                          185.233.44.0/22 maxlen: 22
                          185.130.120.0/22 maxlen: 22
                          185.209.168.0/22 maxlen: 22
                          185.69.152.0/22 maxlen: 22
                          185.239.180.0/22 maxlen: 22
                          185.234.176.0/22 maxlen: 22
                          2a0c:c80::/29 maxlen: 29
                          2a0c:6080::/29 maxlen: 29
                          2a0c:684::/30 maxlen: 30
                          2a0c:d80::/29 maxlen: 29
                          2a0c:e80::/29 maxlen: 29
                          2a04:8000::/29 maxlen: 29
                          2a0d:6500::/29 maxlen: 29
                          2a0d:1100::/29 maxlen: 29
                          2a05:480::/29 maxlen: 29
                          2a0c:680::/29 maxlen: 29
                          2a0c:780::/29 maxlen: 29
                          2a00:7a60::/32 maxlen: 32
                          2a06:6440::/29 maxlen: 29
                          2a0c:681::/32 maxlen: 32
                          2a0c:682::/31 maxlen: 31
                          2a0c:a80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 09 Feb 2023 13:47:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:bb:5c:d6:2c:40:55:8e:03:c2:14:05:6b:1a:5c:01:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
        Validity
            Not Before: Jan 16 16:15:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5535e4bec139744c1d0faa65763f215f7b4aef2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:14:cb:6a:75:46:3a:c2:b4:03:96:eb:30:e3:
                    4b:6e:e8:25:ec:54:c3:aa:ee:de:a9:c0:06:08:fa:
                    d2:45:99:77:ba:36:79:c6:f9:08:c9:1d:35:18:bd:
                    36:21:07:9a:f3:2d:9a:4b:8c:64:15:b3:bd:45:17:
                    50:9a:93:55:be:11:2d:71:52:cd:8f:12:39:e9:59:
                    0b:a8:9a:b7:ac:ae:c1:22:d1:03:7c:f8:d9:3c:4c:
                    0c:33:d4:ab:fc:bb:46:9d:15:6a:c7:2d:2e:8f:84:
                    d1:ab:21:0f:0f:11:a9:98:15:e9:89:b5:ce:d7:22:
                    d4:75:a3:a8:25:15:33:bd:fb:8d:4c:8d:c6:23:9b:
                    85:96:0c:de:f4:e6:17:25:7c:61:39:00:c4:35:89:
                    69:78:b8:d2:3b:d7:e3:ef:c3:2b:7a:6b:e8:cf:5a:
                    e6:37:ec:0f:b0:17:b5:36:c1:51:00:e9:69:51:70:
                    36:df:a0:9d:c7:26:26:41:91:ed:bd:8c:df:9c:40:
                    ef:f7:d1:44:13:f8:0b:42:29:93:c4:11:49:e8:1c:
                    47:17:ee:6e:ff:ab:58:99:1b:01:70:b5:6e:b4:d4:
                    bc:0d:ed:b3:d4:34:09:22:b8:0b:0d:cf:aa:33:22:
                    bc:b7:b8:fd:df:63:52:2f:56:27:28:0b:a0:28:98:
                    d7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:35:E4:BE:C1:39:74:4C:1D:0F:AA:65:76:3F:21:5F:7B:4A:EF:2A
            X509v3 Authority Key Identifier:
                keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/VTXkvsE5dEwdD6pldj8hX3tK7yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.64.0/21
                  45.154.218.0/24
                  109.205.96.0/21
                  185.25.116.0/22
                  185.39.224.0/22
                  185.65.244.0/22
                  185.68.16.0/22
                  185.69.152.0/22
                  185.104.44.0/22
                  185.124.8.0/22
                  185.130.120.0/22
                  185.149.40.0/22
                  185.209.168.0/22
                  185.225.212.0/22
                  185.226.24.0/22
                  185.233.36.0-185.233.47.255
                  185.233.116.0-185.233.123.255
                  185.233.136.0/22
                  185.233.152.0/22
                  185.234.176.0/22
                  185.235.168.0/22
                  185.239.180.0/22
                  217.173.208.0/20
                IPv6:
                  2a00:7a60::/32
                  2a04:8000::/29
                  2a05:480::/29
                  2a06:6440::/29
                  2a0c:680::/29
                  2a0c:780::/29
                  2a0c:a80::/29
                  2a0c:c80::/29
                  2a0c:d80::/29
                  2a0c:e80::/29
                  2a0c:6080::/29
                  2a0d:1100::/29
                  2a0d:6500::/29

    Signature Algorithm: sha256WithRSAEncryption
         3a:78:8f:c9:11:6e:91:70:1d:89:c0:9e:4d:ee:f2:d7:f7:92:
         3c:a1:32:f5:7c:34:67:33:94:39:e7:c1:98:33:35:c7:c3:ce:
         2a:d2:9f:7b:26:67:0a:44:cf:eb:fc:ba:86:98:95:be:89:2a:
         b0:cc:73:98:52:c6:38:30:c6:46:c4:99:19:0e:ea:e6:8c:84:
         e4:68:87:9d:bc:e0:64:6f:32:b9:92:8e:2a:7f:e7:fb:73:32:
         cc:ad:10:c1:3a:56:6e:65:4d:09:04:21:96:4c:06:09:ce:f7:
         1a:a9:7e:f0:00:79:2f:1d:ee:a3:83:ae:7a:a3:c0:b2:31:49:
         25:0a:f4:d2:fa:67:9c:40:06:09:74:69:ef:b5:ea:1f:99:e5:
         38:1a:51:19:38:8c:b9:31:1b:00:03:17:5f:d8:6a:ce:8e:b9:
         f7:72:92:9e:f5:85:25:d7:e4:0e:22:6e:2a:ba:ce:9c:d7:c8:
         35:e3:59:3c:bd:d8:00:1d:e3:db:5f:53:a2:d7:db:e7:f7:ab:
         81:c1:3d:a8:89:ce:d9:cd:88:7d:63:41:5a:00:79:80:36:fb:
         22:a4:21:5d:98:18:e4:ef:cd:bc:4d:ca:f4:96:d1:f6:c2:5e:
         47:36:4e:cc:4b:ff:a2:cb:ae:77:c5:44:0d:dc:37:79:1a:58:
         cd:4f:4a:a3
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAYW7XNYsQFWOA8IUBWsaXAGnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjMwMTE2MTYxNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTM1ZTRiZWMxMzk3NDRjMWQwZmFhNjU3NjNmMjE1ZjdiNGFlZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxTLanVGOsK0A5brMONLbugl7FTD
qu7eqcAGCPrSRZl3ujZ5xvkIyR01GL02IQea8y2aS4xkFbO9RRdQmpNVvhEtcVLN
jxI56VkLqJq3rK7BItEDfPjZPEwMM9Sr/LtGnRVqxy0uj4TRqyEPDxGpmBXpibXO
1yLUdaOoJRUzvfuNTI3GI5uFlgze9OYXJXxhOQDENYlpeLjSO9fj78Mremvoz1rm
N+wPsBe1NsFRAOlpUXA236CdxyYmQZHtvYzfnEDv99FEE/gLQimTxBFJ6BxHF+5u
/6tYmRsBcLVutNS8De2z1DQJIrgLDc+qMyK8t7j932NSL1YnKAugKJjXjwIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFFU15L7BOXRMHQ+qZXY/IV97Su8qMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvVlRYa3ZzRTVkRXdkRDZwbGRqOGhYM3RLN3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCBoQQCAAEwgZoD
BAMli0ADBAAtmtoDBANtzWADBAK5GXQDBAK5J+ADBAK5QfQDBAK5RBADBAK5RZgD
BAK5aCwDBAK5fAgDBAK5gngDBAK5lSgDBAK50agDBAK54dQDBAK54hgwDAMEArnp
JAMEBLnpIDAMAwQCuel0AwQCuel4AwQCuemIAwQCuemYAwQCueqwAwQCueuoAwQC
ue+0AwQE2a3QMGEEAgACMFsDBQAqAHpgAwUDKgSAAAMFAyoFBIADBQMqBmRAAwUD
KgwGgAMFAyoMB4ADBQMqDAqAAwUDKgwMgAMFAyoMDYADBQMqDA6AAwUDKgxggAMF
AyoNEQADBQMqDWUAMA0GCSqGSIb3DQEBCwUAA4IBAQA6eI/JEW6RcB2JwJ5N7vLX
95I8oTL1fDRnM5Q558GYMzXHw84q0p97JmcKRM/r/LqGmJW+iSqwzHOYUsY4MMZG
xJkZDurmjITkaIedvOBkbzK5ko4qf+f7czLMrRDBOlZuZU0JBCGWTAYJzvcaqX7w
AHkvHe6jg656o8CyMUklCvTS+mecQAYJdGnvteofmeU4GlEZOIy5MRsAAxdf2GrO
jrn3cpKe9YUl1+QOIm4qus6c18g141k8vdgAHePbX1Oi19vn96uBwT2oic7ZzYh9
Y0FaAHmANvsipCFdmBjk7828Tcr0ltH2wl5HNk7MS/+iy653xUQN3Dd5GljNT0qj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:43 2024 by rpki-client on console-fra.rpki-client.org