Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/YCDCQAau9nn8UcJELZjCqzeCMeY.roa
File:                     YCDCQAau9nn8UcJELZjCqzeCMeY.roa (raw, json)
Hash identifier:          LtCFVQK0Lx94lga34iiIEdEv6aC18DiV3rkaJi7yKnY=
Subject key identifier:   60:20:C2:40:06:AE:F6:79:FC:51:C2:44:2D:98:C2:AB:37:82:31:E6
Certificate issuer:       /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial:       0186366E1478D57A1CEB7BF66955757CC602
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/YCDCQAau9nn8UcJELZjCqzeCMeY.roa
Signing time:             Thu 09 Feb 2023 13:47:09 +0000
ROA not before:           Thu 09 Feb 2023 13:47:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200000
IP address blocks:        185.233.120.0/22 maxlen: 22
                          185.124.8.0/22 maxlen: 22
                          185.233.136.0/22 maxlen: 22
                          37.139.64.0/21 maxlen: 21
                          185.39.224.0/22 maxlen: 22
                          185.233.152.0/22 maxlen: 23
                          185.149.40.0/22 maxlen: 22
                          185.233.116.0/22 maxlen: 22
                          185.235.168.0/22 maxlen: 22
                          109.205.96.0/21 maxlen: 21
                          45.154.218.0/24 maxlen: 24
                          173.242.48.0/20 maxlen: 20
                          185.104.44.0/22 maxlen: 22
                          185.104.45.0/24 maxlen: 24
                          185.65.244.0/22 maxlen: 22
                          217.173.208.0/20 maxlen: 20
                          185.226.24.0/22 maxlen: 22
                          185.225.212.0/22 maxlen: 22
                          185.25.116.0/22 maxlen: 22
                          185.68.16.0/24 maxlen: 24
                          185.68.16.0/22 maxlen: 22
                          185.233.36.0/22 maxlen: 22
                          185.233.40.0/22 maxlen: 22
                          185.233.44.0/22 maxlen: 22
                          185.130.120.0/22 maxlen: 22
                          185.209.168.0/22 maxlen: 22
                          185.69.152.0/22 maxlen: 22
                          185.239.180.0/22 maxlen: 22
                          185.234.176.0/22 maxlen: 22
                          2a0c:c80::/29 maxlen: 29
                          2a0c:6080::/29 maxlen: 29
                          2a0c:684::/30 maxlen: 30
                          2a0c:d80::/29 maxlen: 29
                          2a0c:e80::/29 maxlen: 29
                          2a04:8000::/29 maxlen: 29
                          2a0d:6500::/29 maxlen: 29
                          2a0d:1100::/29 maxlen: 29
                          2a05:480::/29 maxlen: 29
                          2a0c:680::/29 maxlen: 29
                          2a0c:780::/29 maxlen: 29
                          2a00:7a60::/32 maxlen: 32
                          2a06:6440::/29 maxlen: 29
                          2a0c:681::/32 maxlen: 32
                          2a0c:682::/31 maxlen: 31
                          2a0c:a80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 14 Feb 2023 08:52:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:36:6e:14:78:d5:7a:1c:eb:7b:f6:69:55:75:7c:c6:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
        Validity
            Not Before: Feb  9 13:47:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6020c24006aef679fc51c2442d98c2ab378231e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:1a:d0:b2:68:4e:6a:ff:a7:25:f3:42:fd:
                    12:da:df:2e:16:da:eb:5e:64:47:06:44:71:c0:1b:
                    b7:8c:50:65:5b:95:5b:04:f2:40:4e:b2:21:f1:19:
                    a8:cc:33:06:3b:bf:7a:03:46:8a:bc:b6:46:e7:2d:
                    5a:60:cc:46:dc:54:56:4b:02:9c:72:1b:77:3c:10:
                    94:47:d1:11:cf:37:47:60:7b:72:98:a8:a1:15:3d:
                    85:32:17:8d:e2:03:52:0d:86:0c:d4:04:5c:d3:f8:
                    6d:84:fb:b9:a5:ac:26:e7:88:fa:1f:14:36:39:4d:
                    21:7d:7e:a8:51:7f:a9:dc:c7:14:c5:eb:80:de:1d:
                    c5:dc:11:3f:7c:e4:df:df:a2:e0:c5:63:9c:4f:c1:
                    43:03:95:51:1c:9f:67:97:cc:6f:7b:09:23:99:16:
                    b4:bd:e2:34:53:78:fd:12:a5:41:c8:c2:aa:45:44:
                    63:4b:8d:b4:d8:a7:26:2e:61:88:90:65:e8:e4:75:
                    84:11:1a:7e:52:9d:e5:d5:c8:a1:9c:7f:67:cf:d4:
                    bd:4f:bd:88:e1:ec:ee:74:a7:a6:97:ae:0b:ba:f8:
                    38:10:22:b0:ba:6c:b4:66:5a:4d:a3:8a:65:05:e4:
                    e8:4a:01:34:46:53:bc:6f:db:78:87:0f:a6:56:09:
                    73:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:20:C2:40:06:AE:F6:79:FC:51:C2:44:2D:98:C2:AB:37:82:31:E6
            X509v3 Authority Key Identifier:
                keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/YCDCQAau9nn8UcJELZjCqzeCMeY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.139.64.0/21
                  45.154.218.0/24
                  109.205.96.0/21
                  173.242.48.0/20
                  185.25.116.0/22
                  185.39.224.0/22
                  185.65.244.0/22
                  185.68.16.0/22
                  185.69.152.0/22
                  185.104.44.0/22
                  185.124.8.0/22
                  185.130.120.0/22
                  185.149.40.0/22
                  185.209.168.0/22
                  185.225.212.0/22
                  185.226.24.0/22
                  185.233.36.0-185.233.47.255
                  185.233.116.0-185.233.123.255
                  185.233.136.0/22
                  185.233.152.0/22
                  185.234.176.0/22
                  185.235.168.0/22
                  185.239.180.0/22
                  217.173.208.0/20
                IPv6:
                  2a00:7a60::/32
                  2a04:8000::/29
                  2a05:480::/29
                  2a06:6440::/29
                  2a0c:680::/29
                  2a0c:780::/29
                  2a0c:a80::/29
                  2a0c:c80::/29
                  2a0c:d80::/29
                  2a0c:e80::/29
                  2a0c:6080::/29
                  2a0d:1100::/29
                  2a0d:6500::/29

    Signature Algorithm: sha256WithRSAEncryption
         92:b5:d1:a8:05:b9:1c:46:37:01:54:a4:98:73:76:c9:9c:3d:
         48:12:74:70:81:77:5d:df:b2:cc:1d:80:63:55:34:9f:32:99:
         5c:1e:e2:09:dc:91:4a:93:08:c6:af:41:99:e8:4d:10:1a:c1:
         2f:6d:b5:bb:c9:ab:2e:07:26:b1:3b:10:97:64:78:07:8c:94:
         64:05:e2:bd:94:eb:7c:63:c2:01:b9:de:f7:4c:78:5a:f5:ca:
         5e:b3:68:42:51:90:b5:37:14:3f:b8:ad:fb:75:f6:68:42:96:
         46:17:cb:73:93:52:db:ca:e2:f6:89:fb:32:9a:94:08:ed:5a:
         81:90:e6:64:ee:e0:c1:fb:db:03:2b:44:df:64:40:4c:56:9a:
         dc:06:9a:54:af:df:57:52:71:62:ed:b1:c2:59:c7:27:8c:0f:
         42:04:69:53:47:27:68:8a:de:38:5a:27:04:2e:9d:79:31:3f:
         76:f2:bc:c0:ad:f5:43:9a:1f:c6:92:15:b0:cb:20:15:dc:11:
         55:82:78:7d:3d:2d:1e:f6:fb:54:14:17:c0:50:0e:db:90:42:
         77:5b:7a:ba:d1:ed:f6:5b:82:bd:0e:87:2d:dc:fd:ee:8a:c4:
         52:48:9c:7b:a4:f3:16:30:f7:2a:7f:89:ea:af:b8:53:e8:dd:
         25:c8:f7:bf
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAYY2bhR41Xoc63v2aVV1fMYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjMwMjA5MTM0NzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIwYzI0MDA2YWVmNjc5ZmM1MWMyNDQyZDk4YzJhYjM3ODIzMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujIa0LJoTmr/pyXzQv0S2t8uFtrr
XmRHBkRxwBu3jFBlW5VbBPJATrIh8RmozDMGO796A0aKvLZG5y1aYMxG3FRWSwKc
cht3PBCUR9ERzzdHYHtymKihFT2FMheN4gNSDYYM1ARc0/hthPu5pawm54j6HxQ2
OU0hfX6oUX+p3McUxeuA3h3F3BE/fOTf36LgxWOcT8FDA5VRHJ9nl8xvewkjmRa0
veI0U3j9EqVByMKqRURjS4202KcmLmGIkGXo5HWEERp+Up3l1cihnH9nz9S9T72I
4ezudKeml64Luvg4ECKwumy0ZlpNo4plBeToSgE0RlO8b9t4hw+mVglzbwIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFGAgwkAGrvZ5/FHCRC2Ywqs3gjHmMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvWUNEQ1FBYXU5bm44VWNKRUxaakNxemVDTWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCBpwQCAAEwgaAD
BAMli0ADBAAtmtoDBANtzWADBASt8jADBAK5GXQDBAK5J+ADBAK5QfQDBAK5RBAD
BAK5RZgDBAK5aCwDBAK5fAgDBAK5gngDBAK5lSgDBAK50agDBAK54dQDBAK54hgw
DAMEArnpJAMEBLnpIDAMAwQCuel0AwQCuel4AwQCuemIAwQCuemYAwQCueqwAwQC
ueuoAwQCue+0AwQE2a3QMGEEAgACMFsDBQAqAHpgAwUDKgSAAAMFAyoFBIADBQMq
BmRAAwUDKgwGgAMFAyoMB4ADBQMqDAqAAwUDKgwMgAMFAyoMDYADBQMqDA6AAwUD
KgxggAMFAyoNEQADBQMqDWUAMA0GCSqGSIb3DQEBCwUAA4IBAQCStdGoBbkcRjcB
VKSYc3bJnD1IEnRwgXdd37LMHYBjVTSfMplcHuIJ3JFKkwjGr0GZ6E0QGsEvbbW7
yasuByaxOxCXZHgHjJRkBeK9lOt8Y8IBud73THha9cpes2hCUZC1NxQ/uK37dfZo
QpZGF8tzk1LbyuL2ifsympQI7VqBkOZk7uDB+9sDK0TfZEBMVprcBppUr99XUnFi
7bHCWccnjA9CBGlTRydoit44WicELp15MT928rzArfVDmh/GkhWwyyAV3BFVgnh9
PS0e9vtUFBfAUA7bkEJ3W3q60e32W4K9Doct3P3uisRSSJx7pPMWMPcqf4nqr7hT
6N0lyPe/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:07 2024 by rpki-client on console-ams.rpki-client.org