Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/Oya0D7BXwa9sTpZijsAxqSyC38w.roa
File:                     Oya0D7BXwa9sTpZijsAxqSyC38w.roa (raw, json)
Hash identifier:          SCA42ErL3sJyN5vIZtkdnQGo1zNydTO9YfJr5/+kAEk=
Subject key identifier:   3B:26:B4:0F:B0:57:C1:AF:6C:4E:96:62:8E:C0:31:A9:2C:82:DF:CC
Certificate issuer:       /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial:       018B4CCCDD556F9FEE7805AAD4D9DBD7A0E5
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/Oya0D7BXwa9sTpZijsAxqSyC38w.roa
Signing time:             Fri 20 Oct 2023 11:16:16 +0000
ROA not before:           Fri 20 Oct 2023 11:16:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     33438
IP address blocks:        81.171.61.0/24 maxlen: 24
                          81.171.68.0/24 maxlen: 24
                          81.171.66.0/24 maxlen: 24
                          81.171.70.0/23 maxlen: 23
                          81.171.70.64/26 maxlen: 26
                          81.171.105.0/24 maxlen: 24
                          81.171.106.0/24 maxlen: 24
                          81.171.106.64/26 maxlen: 26
                          81.171.116.0/24 maxlen: 24
                          2001:4de0:2105::/48 maxlen: 48
                          2001:4de0:4000::/40 maxlen: 40
                          2001:4de0:200::/40 maxlen: 40
                          2001:4de0:6000::/40 maxlen: 40
                          2001:4de0:500::/40 maxlen: 40
                          2001:4de0:2000::/40 maxlen: 40
                          2001:4de0:6300::/40 maxlen: 40
                          2001:4de0:4300::/40 maxlen: 40
                          2001:4de0:3000::/40 maxlen: 40
                          2001:4de0:4100::/40 maxlen: 40
                          2001:4de0:2200::/40 maxlen: 40
                          2001:4de0:6200::/40 maxlen: 40
                          2001:4de0:700::/40 maxlen: 40
                          2001:4de0:400::/40 maxlen: 40
                          2001:4de0:2300::/40 maxlen: 40
                          2001:4de0:3100::/40 maxlen: 40
                          2001:4de0:600::/40 maxlen: 40
                          2001:4de0:2100::/40 maxlen: 40
                          2001:4de0:1000::/48 maxlen: 48
                          2001:4de0:7003::/48 maxlen: 48
                          2001:4de0:402::/48 maxlen: 48
                          2001:4de0:2202::/48 maxlen: 48
                          2001:4de0:6102::/48 maxlen: 48
                          2001:4de0:7002::/48 maxlen: 48
                          2001:4de0:5010::/48 maxlen: 48
                          2001:4de0:ac13::/48 maxlen: 48
                          2001:4de0:3004::/48 maxlen: 48
                          2001:4de0:7001::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:4c:cc:dd:55:6f:9f:ee:78:05:aa:d4:d9:db:d7:a0:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
        Validity
            Not Before: Oct 20 11:16:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3b26b40fb057c1af6c4e96628ec031a92c82dfcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:7e:dd:91:b9:0e:e4:58:7e:e1:47:e1:fd:85:
                    d5:fd:bd:3f:a7:8f:2b:7b:6b:89:4e:a8:72:97:46:
                    26:79:be:44:5d:c5:97:f5:70:b4:76:70:3b:4d:45:
                    8b:4d:5a:e8:a7:71:01:77:c5:d5:41:45:50:2b:2c:
                    82:ee:0e:e1:0c:71:eb:b9:63:eb:d8:eb:15:28:63:
                    b7:d7:06:49:c4:2e:ee:dc:cf:5e:d9:33:b0:44:12:
                    90:3c:c5:fe:89:78:84:39:cc:2d:5c:d8:19:a5:98:
                    d1:42:75:13:da:f0:5e:58:cd:95:2b:2a:db:15:8a:
                    c5:51:4e:bd:2e:c4:9a:08:ea:06:3f:de:ee:16:ce:
                    73:14:e3:38:05:e3:af:8f:4c:65:e7:d8:c1:26:4c:
                    bb:82:dc:4b:33:1c:26:9b:13:14:9d:79:30:b2:9b:
                    57:0a:76:f7:ff:52:84:bf:f0:3c:3c:66:bf:a2:e3:
                    62:38:62:37:eb:75:eb:ac:a2:ab:0a:08:b6:43:77:
                    88:b3:b1:4f:3b:ba:96:a6:74:7c:e4:8d:da:22:c5:
                    a9:36:24:43:9d:33:55:60:29:5f:d6:5e:4c:d4:d4:
                    8b:74:fb:16:54:81:38:98:a3:4f:93:8d:4a:06:f6:
                    37:a0:4f:9d:c0:15:e2:79:58:01:c8:ef:b9:f0:d9:
                    34:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:26:B4:0F:B0:57:C1:AF:6C:4E:96:62:8E:C0:31:A9:2C:82:DF:CC
            X509v3 Authority Key Identifier:
                keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/Oya0D7BXwa9sTpZijsAxqSyC38w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.171.61.0/24
                  81.171.66.0/24
                  81.171.68.0/24
                  81.171.70.0/23
                  81.171.105.0-81.171.106.255
                  81.171.116.0/24
                IPv6:
                  2001:4de0:200::/40
                  2001:4de0:400::/38
                  2001:4de0:1000::/48
                  2001:4de0:2000::/38
                  2001:4de0:3000::/39
                  2001:4de0:4000::/39
                  2001:4de0:4300::/40
                  2001:4de0:5010::/48
                  2001:4de0:6000::/40
                  2001:4de0:6102::/48
                  2001:4de0:6200::/39
                  2001:4de0:7001::-2001:4de0:7003:ffff:ffff:ffff:ffff:ffff
                  2001:4de0:ac13::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:e4:c2:0f:19:75:2d:a7:c7:80:bf:25:55:74:cb:46:0b:50:
         d8:62:bd:0b:f1:7c:d7:4c:81:c4:d8:fb:c3:cd:93:96:1b:6d:
         5e:ad:82:b5:af:ed:10:ae:8c:bb:54:f5:67:f8:e1:5c:62:88:
         1c:01:72:a0:43:1c:7d:a0:82:c0:6c:74:e5:18:a2:f7:f8:79:
         11:2b:5f:f6:b2:e4:8a:f4:bc:7a:53:3b:57:16:20:1e:20:0f:
         c8:9e:b3:9d:a4:47:70:06:bf:52:9e:a8:0e:f6:93:b3:e8:83:
         44:2a:b3:de:0d:bf:6c:ae:05:04:0d:c6:d8:88:86:bd:b4:91:
         f0:9c:3c:b8:3f:f0:c1:6e:f0:e0:3d:7f:a2:47:13:00:f7:06:
         79:0c:70:cf:9c:d7:6d:66:2c:14:f9:09:73:9a:ef:51:d8:d9:
         a1:25:97:c4:c1:cb:39:e2:e5:6c:76:dc:24:1a:70:a5:13:2a:
         e6:57:f7:c6:82:a4:78:66:fa:3e:07:4a:45:50:83:1b:86:f3:
         27:e6:1d:67:f6:03:e3:d5:e1:51:8a:bc:ae:a1:a0:38:51:3d:
         90:4c:30:13:6e:3d:3d:9f:52:75:8f:2f:d8:88:1f:c2:4f:a8:
         18:7e:4f:89:0f:09:31:b0:78:18:cc:ae:b3:22:75:0c:d3:17:
         03:f7:a5:f6
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYtMzN1Vb5/ueAWq1Nnb16DlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWJiYTI4MDVhOTg4OTU0ZTRmZWM0MjU3MDUzMGYxNmY5
ZTcwOTMwHhcNMjMxMDIwMTExNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjI2YjQwZmIwNTdjMWFmNmM0ZTk2NjI4ZWMwMzFhOTJjODJkZmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm37dkbkO5Fh+4Ufh/YXV/b0/p48r
e2uJTqhyl0Ymeb5EXcWX9XC0dnA7TUWLTVrop3EBd8XVQUVQKyyC7g7hDHHruWPr
2OsVKGO31wZJxC7u3M9e2TOwRBKQPMX+iXiEOcwtXNgZpZjRQnUT2vBeWM2VKyrb
FYrFUU69LsSaCOoGP97uFs5zFOM4BeOvj0xl59jBJky7gtxLMxwmmxMUnXkwsptX
Cnb3/1KEv/A8PGa/ouNiOGI363XrrKKrCgi2Q3eIs7FPO7qWpnR85I3aIsWpNiRD
nTNVYClf1l5M1NSLdPsWVIE4mKNPk41KBvY3oE+dwBXieVgByO+58Nk0twIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFDsmtA+wV8GvbE6WYo7AMaksgt/MMB8GA1UdIwQY
MBaAFKebuigFqYiVTk/sQlcFMPFvnnCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMt
ZTFlZDlkZDJhMDJhLzEvT3lhMEQ3Qlh3YTlzVHBaaWpzQXhxU3lDMzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMtZTFlZDlkZDJhMDJh
LzEvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDAyBAIAATAsAwQAUas9
AwQAUatCAwQAUatEAwQBUatGMAwDBABRq2kDBABRq2oDBABRq3QwfgQCAAIweAMG
ACABTeACAwYCIAFN4AQDBwAgAU3gEAADBgIgAU3gIAMGASABTeAwAwYBIAFN4EAD
BgAgAU3gQwMHACABTeBQEAMGACABTeBgAwcAIAFN4GECAwYBIAFN4GIwEgMHACAB
TeBwAQMHAiABTeBwAAMHACABTeCsEzANBgkqhkiG9w0BAQsFAAOCAQEA1uTCDxl1
LafHgL8lVXTLRgtQ2GK9C/F810yBxNj7w82TlhttXq2Cta/tEK6Mu1T1Z/jhXGKI
HAFyoEMcfaCCwGx05Rii9/h5EStf9rLkivS8elM7VxYgHiAPyJ6znaRHcAa/Up6o
DvaTs+iDRCqz3g2/bK4FBA3G2IiGvbSR8Jw8uD/wwW7w4D1/okcTAPcGeQxwz5zX
bWYsFPkJc5rvUdjZoSWXxMHLOeLlbHbcJBpwpRMq5lf3xoKkeGb6PgdKRVCDG4bz
J+YdZ/YD49XhUYq8rqGgOFE9kEwwE249PZ9SdY8v2Igfwk+oGH5PiQ8JMbB4GMyu
syJ1DNMXA/el9g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:51 2024 by rpki-client on console-fra.rpki-client.org