Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/CHIueoZPPINHTSUTk4V-TWvKGlc.roa
File:                     CHIueoZPPINHTSUTk4V-TWvKGlc.roa (raw, json)
Hash identifier:          FztxixU7SJgLfU9bEd+UP5B6v89eaNqG3VtJrDNGC7o=
Subject key identifier:   08:72:2E:7A:86:4F:3C:83:47:4D:25:13:93:85:7E:4D:6B:CA:1A:57
Certificate issuer:       /CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Certificate serial:       018996BA6DB7D59E36800DFEB3F17F84127F
Authority key identifier: 4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/CHIueoZPPINHTSUTk4V-TWvKGlc.roa
Signing time:             Thu 27 Jul 2023 09:42:27 +0000
ROA not before:           Thu 27 Jul 2023 09:42:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198102
IP address blocks:        195.28.8.0/23 maxlen: 24
                          213.225.240.0/20 maxlen: 24
                          89.35.168.0/22 maxlen: 24
                          195.225.40.0/23 maxlen: 24
                          89.45.212.0/22 maxlen: 24
                          195.238.80.0/23 maxlen: 24
                          128.65.204.0/23 maxlen: 24
                          128.65.200.0/23 maxlen: 24
                          86.105.236.0/22 maxlen: 24
                          185.85.192.0/23 maxlen: 24
                          185.85.194.0/24 maxlen: 24
                          78.111.224.0/20 maxlen: 24
                          195.210.40.0/23 maxlen: 24
                          134.255.168.0/22 maxlen: 24
                          91.231.62.0/24 maxlen: 24
                          2a00:4060::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 14:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:96:ba:6d:b7:d5:9e:36:80:0d:fe:b3:f1:7f:84:12:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
        Validity
            Not Before: Jul 27 09:42:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=08722e7a864f3c83474d251393857e4d6bca1a57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c6:02:08:b4:f4:cc:e0:46:99:f2:f9:0a:c6:
                    0b:e5:78:02:b0:d4:6b:70:d4:91:66:15:85:14:da:
                    98:90:fe:d0:67:0e:7e:12:23:cc:65:21:a4:02:ec:
                    9d:e1:76:2b:24:18:8f:6d:8e:00:24:ef:ce:13:4c:
                    05:e8:b5:09:57:47:ab:7b:cb:53:b6:a9:47:07:0f:
                    44:be:4b:e6:83:a3:0b:73:8a:40:35:a6:9b:4a:e8:
                    7b:5e:53:64:f3:56:15:66:b5:01:71:f6:33:d5:65:
                    6e:cb:a7:c0:a3:14:d8:55:b3:86:b4:e3:a0:62:b2:
                    29:9b:c5:bb:b2:8c:0f:ec:b1:b4:5d:41:ce:26:ac:
                    cc:bc:dd:3d:e1:25:7f:81:9e:1d:29:65:d1:15:2c:
                    9b:45:33:16:df:cb:6b:cd:21:18:b3:26:a2:c2:93:
                    fc:b3:04:a3:dc:a0:32:15:1e:57:67:7f:90:ca:31:
                    25:f2:fb:a2:99:32:51:a7:62:ad:cd:c9:17:dc:3a:
                    34:2a:20:2e:6e:90:66:80:db:65:70:d2:51:55:58:
                    81:3f:aa:38:06:07:9f:7e:86:2e:04:98:58:c2:8e:
                    d2:58:4a:1b:fe:75:0e:83:00:b1:13:fc:04:1a:d7:
                    83:7b:5d:83:c3:a9:bb:ae:ec:06:7f:1a:f8:68:be:
                    f3:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:72:2E:7A:86:4F:3C:83:47:4D:25:13:93:85:7E:4D:6B:CA:1A:57
            X509v3 Authority Key Identifier:
                keyid:4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/CHIueoZPPINHTSUTk4V-TWvKGlc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.224.0/20
                  86.105.236.0/22
                  89.35.168.0/22
                  89.45.212.0/22
                  91.231.62.0/24
                  128.65.200.0/23
                  128.65.204.0/23
                  134.255.168.0/22
                  185.85.192.0-185.85.194.255
                  195.28.8.0/23
                  195.210.40.0/23
                  195.225.40.0/23
                  195.238.80.0/23
                  213.225.240.0/20
                IPv6:
                  2a00:4060::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:f8:c8:2e:8f:1e:2d:04:c4:be:9b:4a:24:05:9c:4d:49:4d:
         77:d2:93:a8:5f:42:72:38:48:cc:9d:32:10:36:d0:d2:fc:37:
         cf:44:3e:af:63:9e:1d:e6:d6:6c:4b:d2:36:56:fa:25:24:57:
         b5:2f:a9:eb:a2:30:d3:5a:c5:3a:d1:42:46:91:87:43:d8:87:
         6d:95:8c:0f:ad:2d:54:5d:02:a7:57:ad:3d:8d:4e:b6:0e:3c:
         46:22:5f:bd:43:9b:ef:60:0d:ad:0f:ee:3e:2f:50:86:db:2c:
         90:95:cf:81:47:b2:55:65:31:51:df:c7:26:3b:f8:83:95:49:
         59:ab:bb:b8:6b:16:4c:d0:ef:b9:7d:3e:f7:7c:3e:7e:1a:07:
         27:c1:46:9d:c9:29:c0:74:af:f4:bc:49:83:92:8c:3d:e0:d2:
         93:9d:52:6e:0e:2b:e4:01:28:62:9c:14:df:9d:01:12:fa:4f:
         38:2b:85:56:00:7d:b5:03:ad:9a:d4:7c:a2:b5:a6:9b:8e:5e:
         dc:cf:53:b0:2a:e7:39:60:b3:26:6b:e8:39:15:d8:5b:32:e8:
         d6:33:f3:4a:e6:00:50:08:7a:50:e1:9c:97:37:f1:b1:2f:f8:
         4d:f1:d6:49:cf:54:07:a2:c7:57:f3:32:8a:27:8a:30:f6:fb:
         1c:89:92:48
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYmWum231Z42gA3+s/F/hBJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNTE0NmJiNGUyMTk3NDRmNThjMjY4ZTllYzYyMWMxOGRk
MjI5YzMwHhcNMjMwNzI3MDk0MjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODcyMmU3YTg2NGYzYzgzNDc0ZDI1MTM5Mzg1N2U0ZDZiY2ExYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cYCCLT0zOBGmfL5CsYL5XgCsNRr
cNSRZhWFFNqYkP7QZw5+EiPMZSGkAuyd4XYrJBiPbY4AJO/OE0wF6LUJV0ere8tT
tqlHBw9Evkvmg6MLc4pANaabSuh7XlNk81YVZrUBcfYz1WVuy6fAoxTYVbOGtOOg
YrIpm8W7sowP7LG0XUHOJqzMvN094SV/gZ4dKWXRFSybRTMW38trzSEYsyaiwpP8
swSj3KAyFR5XZ3+QyjEl8vuimTJRp2KtzckX3Do0KiAubpBmgNtlcNJRVViBP6o4
BgeffoYuBJhYwo7SWEob/nUOgwCxE/wEGteDe12Dw6m7ruwGfxr4aL7z8wIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFAhyLnqGTzyDR00lE5OFfk1ryhpXMB8GA1UdIwQY
MBaAFE5RRrtOIZdE9Ywmjp7GIcGN0inDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQt
YzkyMGM1MTdkNjAwLzEvQ0hJdWVvWlBQSU5IVFNVVGs0Vi1UV3ZLR2xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQtYzkyMGM1MTdkNjAw
LzEvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEBE5v4AME
AlZp7AMEAlkjqAMEAlkt1AMEAFvnPgMEAYBByAMEAYBBzAMEAob/qDAMAwQGuVXA
AwQAuVXCAwQBwxwIAwQBw9IoAwQBw+EoAwQBw+5QAwQE1eHwMA0EAgACMAcDBQMq
AEBgMA0GCSqGSIb3DQEBCwUAA4IBAQBW+Mgujx4tBMS+m0okBZxNSU130pOoX0Jy
OEjMnTIQNtDS/DfPRD6vY54d5tZsS9I2VvolJFe1L6nrojDTWsU60UJGkYdD2Idt
lYwPrS1UXQKnV609jU62DjxGIl+9Q5vvYA2tD+4+L1CG2yyQlc+BR7JVZTFR38cm
O/iDlUlZq7u4axZM0O+5fT73fD5+GgcnwUadySnAdK/0vEmDkow94NKTnVJuDivk
AShinBTfnQES+k84K4VWAH21A62a1Hyitaabjl7cz1OwKuc5YLMma+g5FdhbMujW
M/NK5gBQCHpQ4ZyXN/GxL/hN8dZJz1QHosdX8zKKJ4ow9vsciZJI
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:01 2024 by rpki-client on console-fra.rpki-client.org