Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/rKKk9u0_A-1UCgCDR67ZvpgiqE8.roa
File:                     rKKk9u0_A-1UCgCDR67ZvpgiqE8.roa (raw, json)
Hash identifier:          yOkiJMKCOD4p1+ZBqKDlJIWLsr3DegSALRSTpT3iAN8=
Subject key identifier:   AC:A2:A4:F6:ED:3F:03:ED:54:0A:00:83:47:AE:D9:BE:98:22:A8:4F
Certificate issuer:       /CN=a79bba2805a988954e4fec42570530f16f9e7093
Certificate serial:       018BA9F83601F9D47563EB53FAC8FD6A3405
Authority key identifier: A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/rKKk9u0_A-1UCgCDR67ZvpgiqE8.roa
Signing time:             Tue 07 Nov 2023 13:28:18 +0000
ROA not before:           Tue 07 Nov 2023 13:28:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     34343
IP address blocks:        81.171.64.0/23 maxlen: 24
                          81.171.64.0/20 maxlen: 20
                          81.171.67.0/24 maxlen: 24
                          81.171.74.0/24 maxlen: 24
                          81.171.73.0/24 maxlen: 24
                          81.171.72.0/24 maxlen: 24
                          81.171.83.0/24 maxlen: 24
                          81.171.88.0/21 maxlen: 24
                          81.171.88.0/22 maxlen: 24
                          81.171.32.0/20 maxlen: 24
                          185.90.196.0/22 maxlen: 22
                          81.171.96.0/24 maxlen: 24
                          81.171.92.0/23 maxlen: 24
                          81.171.100.0/22 maxlen: 24
                          193.108.27.0/24 maxlen: 24
                          2001:4de0:1005::/48 maxlen: 48
                          2001:4de0::/32 maxlen: 48
                          2001:4de0:3::/48 maxlen: 48
                          2001:4de0:2::/48 maxlen: 48
                          2001:4de0:aaa0::/44 maxlen: 48
                          2001:4de0::/46 maxlen: 48
                          2001:4de0:1004::/48 maxlen: 48
                          2001:4de0:aaad::/48 maxlen: 48
                          2001:4de0:1::/48 maxlen: 48
                          2001:4de0:101::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 06:29:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a9:f8:36:01:f9:d4:75:63:eb:53:fa:c8:fd:6a:34:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a79bba2805a988954e4fec42570530f16f9e7093
        Validity
            Not Before: Nov  7 13:28:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=aca2a4f6ed3f03ed540a008347aed9be9822a84f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:f3:1a:73:fc:09:75:a1:65:ff:5c:21:f9:1a:
                    64:11:bf:66:a8:53:d8:56:98:8c:a0:fd:d2:01:2b:
                    6a:d2:31:eb:fb:6d:7c:5a:9d:e4:4d:cf:7c:e6:fc:
                    1e:2c:a8:ca:d8:89:18:13:f6:62:fe:dc:e4:5f:7b:
                    aa:a8:5e:3a:66:f4:cc:25:eb:20:05:36:77:b7:ec:
                    c5:b8:bf:fd:e0:8f:f9:d1:e2:ef:33:c7:d3:0e:8e:
                    8f:e1:f5:4a:0f:f2:0b:52:d8:bd:5c:31:be:73:3e:
                    ea:1a:22:5c:d8:ac:35:3e:87:d8:0b:16:d8:5b:34:
                    07:e4:b5:eb:0d:4a:95:3f:00:b7:76:8f:29:ff:01:
                    2e:64:96:0b:d5:55:c6:10:e9:db:e4:9f:bb:47:38:
                    1f:d6:f9:0e:3d:1b:83:eb:47:a8:4f:ad:9f:d9:88:
                    40:cb:8f:ec:27:c4:c0:4e:5d:dd:a2:53:64:e4:75:
                    e8:9b:59:e3:07:8a:22:ae:ec:f4:18:bb:3f:40:12:
                    ef:c7:58:31:9c:8d:e0:47:a6:9a:c8:5d:7a:d4:c3:
                    7f:3a:fb:35:30:cb:70:82:fc:c5:b2:df:a9:ef:9e:
                    a5:89:58:95:a8:fe:cb:b6:8b:4d:2a:c3:93:ac:9f:
                    0c:16:41:10:d2:84:de:02:72:47:d9:20:a2:d8:ed:
                    26:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:A2:A4:F6:ED:3F:03:ED:54:0A:00:83:47:AE:D9:BE:98:22:A8:4F
            X509v3 Authority Key Identifier:
                keyid:A7:9B:BA:28:05:A9:88:95:4E:4F:EC:42:57:05:30:F1:6F:9E:70:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p5u6KAWpiJVOT-xCVwUw8W-ecJM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/rKKk9u0_A-1UCgCDR67ZvpgiqE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/d140fb-03ae-45d9-8ddc-e1ed9dd2a02a/1/p5u6KAWpiJVOT-xCVwUw8W-ecJM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.171.32.0/20
                  81.171.64.0/20
                  81.171.83.0/24
                  81.171.88.0-81.171.96.255
                  81.171.100.0/22
                  185.90.196.0/22
                  193.108.27.0/24
                IPv6:
                  2001:4de0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c2:61:ba:58:cf:08:69:b3:52:80:bc:20:b7:7b:f5:14:1c:5e:
         42:82:72:24:fb:6d:b3:10:07:fd:d9:db:f9:ec:e9:7f:c7:ff:
         f0:14:b5:58:f2:17:bc:7a:43:15:58:05:b0:8e:93:d3:14:72:
         30:11:06:5d:c4:d6:35:a2:70:23:cd:4b:b2:ac:52:dc:77:f3:
         3e:9e:6c:8e:74:c4:5e:20:6b:03:a7:58:24:8f:ed:0a:2c:07:
         4c:b3:bd:ae:8f:94:04:5f:40:47:85:d4:dd:fb:c0:47:9c:eb:
         99:b7:2c:8e:ef:eb:58:6b:09:91:df:2a:d0:8c:62:9a:47:d2:
         a5:1f:c2:72:54:fd:21:12:36:a7:e3:09:c0:e8:a9:53:d8:e3:
         6d:40:e3:67:76:cc:8c:a6:df:40:67:d7:95:e4:7a:52:78:e9:
         da:05:5f:b3:87:a3:1b:56:53:34:65:b1:bc:57:54:e1:7d:63:
         b2:e2:11:ab:d4:0b:34:b0:30:24:67:85:10:fd:82:bb:7a:a8:
         e6:73:7d:b6:c2:26:03:e5:50:b0:0e:3d:bf:12:f6:8b:36:9d:
         7a:05:8c:b8:75:9c:b6:06:5d:81:e5:6f:6b:ad:97:20:0b:15:
         bc:3d:69:2d:61:e0:8a:aa:31:88:fc:0f:80:f7:4f:44:ab:af:
         1f:54:34:09
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYup+DYB+dR1Y+tT+sj9ajQFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3OWJiYTI4MDVhOTg4OTU0ZTRmZWM0MjU3MDUzMGYxNmY5
ZTcwOTMwHhcNMjMxMTA3MTMyODE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2EyYTRmNmVkM2YwM2VkNTQwYTAwODM0N2FlZDliZTk4MjJhODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfMac/wJdaFl/1wh+RpkEb9mqFPY
VpiMoP3SAStq0jHr+218Wp3kTc985vweLKjK2IkYE/Zi/tzkX3uqqF46ZvTMJesg
BTZ3t+zFuL/94I/50eLvM8fTDo6P4fVKD/ILUti9XDG+cz7qGiJc2Kw1PofYCxbY
WzQH5LXrDUqVPwC3do8p/wEuZJYL1VXGEOnb5J+7Rzgf1vkOPRuD60eoT62f2YhA
y4/sJ8TATl3dolNk5HXom1njB4oiruz0GLs/QBLvx1gxnI3gR6aayF161MN/Ovs1
MMtwgvzFst+p756liViVqP7LtotNKsOTrJ8MFkEQ0oTeAnJH2SCi2O0mDwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFKyipPbtPwPtVAoAg0eu2b6YIqhPMB8GA1UdIwQY
MBaAFKebuigFqYiVTk/sQlcFMPFvnnCTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMt
ZTFlZDlkZDJhMDJhLzEvcktLazl1MF9BLTFVQ2dDRFI2N1p2cGdpcUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9kMTQwZmItMDNhZS00NWQ5LThkZGMtZTFlZDlkZDJhMDJh
LzEvcDV1NktBV3BpSlZPVC14Q1Z3VXc4Vy1lY0pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQEUasgAwQE
UatAAwQAUatTMAwDBANRq1gDBABRq2ADBAJRq2QDBAK5WsQDBADBbBswDQQCAAIw
BwMFACABTeAwDQYJKoZIhvcNAQELBQADggEBAMJhuljPCGmzUoC8ILd79RQcXkKC
ciT7bbMQB/3Z2/ns6X/H//AUtVjyF7x6QxVYBbCOk9MUcjARBl3E1jWicCPNS7Ks
Utx38z6ebI50xF4gawOnWCSP7QosB0yzva6PlARfQEeF1N37wEec65m3LI7v61hr
CZHfKtCMYppH0qUfwnJU/SESNqfjCcDoqVPY421A42d2zIym30Bn15XkelJ46doF
X7OHoxtWUzRlsbxXVOF9Y7LiEavUCzSwMCRnhRD9grt6qOZzfbbCJgPlULAOPb8S
9os2nXoFjLh1nLYGXYHlb2utlyALFbw9aS1h4IqqMYj8D4D3T0Srrx9UNAk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:51 2024 by rpki-client on console-fra.rpki-client.org