Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/j2YhpjEh8iFtLaMp2QMTmH6cAJc.roa
File:                     j2YhpjEh8iFtLaMp2QMTmH6cAJc.roa (raw, json)
Hash identifier:          PnMp+JCXOnxZyM83UHsZlHu3Qq1TYyLx9W2bS8EZNcU=
Subject key identifier:   8F:66:21:A6:31:21:F2:21:6D:2D:A3:29:D9:03:13:98:7E:9C:00:97
Certificate issuer:       /CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
Certificate serial:       018CC56ECF14723106DF1773B4402B13CCF4
Authority key identifier: 4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/j2YhpjEh8iFtLaMp2QMTmH6cAJc.roa
Signing time:             Mon 01 Jan 2024 14:30:22 +0000
ROA not before:           Mon 01 Jan 2024 14:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198102
IP address blocks:        195.28.8.0/23 maxlen: 24
                          213.225.240.0/20 maxlen: 24
                          89.35.168.0/22 maxlen: 24
                          195.225.40.0/23 maxlen: 24
                          89.45.212.0/22 maxlen: 24
                          195.238.80.0/23 maxlen: 24
                          128.65.204.0/23 maxlen: 24
                          128.65.200.0/23 maxlen: 24
                          86.105.236.0/22 maxlen: 24
                          185.85.192.0/23 maxlen: 24
                          185.85.194.0/24 maxlen: 24
                          78.111.224.0/20 maxlen: 24
                          195.210.40.0/23 maxlen: 24
                          134.255.168.0/22 maxlen: 24
                          91.231.62.0/24 maxlen: 24
                          2a00:4060::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 28 May 2024 14:49:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:cf:14:72:31:06:df:17:73:b4:40:2b:13:cc:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e5146bb4e219744f58c268e9ec621c18dd229c3
        Validity
            Not Before: Jan  1 14:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f6621a63121f2216d2da329d90313987e9c0097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:68:87:a5:96:bd:87:19:ad:a1:74:f7:f9:2f:
                    af:11:8b:06:7f:c4:0c:88:a0:95:d8:77:30:1f:56:
                    05:d1:f7:fb:e9:9f:98:48:c9:9e:f0:b9:8a:9d:de:
                    57:f2:39:4b:97:92:97:e8:eb:43:46:04:cb:95:c4:
                    e9:75:08:76:40:85:a2:66:41:a2:76:ce:6a:08:cc:
                    05:b8:46:0c:e5:3c:b5:35:b6:df:76:21:06:f1:93:
                    22:14:f1:63:76:8a:24:df:34:22:d0:5d:d9:20:60:
                    63:33:1c:b2:e7:b5:cb:e8:24:9c:a2:cd:27:aa:ec:
                    08:ef:76:79:ff:46:4b:55:ec:91:53:50:ee:b9:78:
                    aa:8b:36:4e:af:9a:90:aa:93:1b:31:84:56:e4:05:
                    3f:ba:94:63:11:ff:37:c1:77:6f:9d:a1:3c:1e:88:
                    72:53:fb:64:dc:3a:c5:73:3e:1e:38:ba:83:fa:dc:
                    ba:8b:ef:27:cf:a6:d7:2c:b7:8c:9f:44:9b:3c:b2:
                    16:40:00:36:aa:9e:f9:f5:fb:d9:5f:91:fd:a1:c7:
                    c9:00:e7:6b:15:02:7c:45:ab:4b:ce:a9:15:b9:ea:
                    34:a5:1a:87:86:60:65:a4:8c:42:9c:fd:3b:69:5b:
                    7d:73:5c:95:49:66:44:95:53:53:bf:c2:9b:e9:c2:
                    6e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:66:21:A6:31:21:F2:21:6D:2D:A3:29:D9:03:13:98:7E:9C:00:97
            X509v3 Authority Key Identifier:
                keyid:4E:51:46:BB:4E:21:97:44:F5:8C:26:8E:9E:C6:21:C1:8D:D2:29:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TlFGu04hl0T1jCaOnsYhwY3SKcM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/j2YhpjEh8iFtLaMp2QMTmH6cAJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/25b54a-e770-44ab-a004-c920c517d600/1/TlFGu04hl0T1jCaOnsYhwY3SKcM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.111.224.0/20
                  86.105.236.0/22
                  89.35.168.0/22
                  89.45.212.0/22
                  91.231.62.0/24
                  128.65.200.0/23
                  128.65.204.0/23
                  134.255.168.0/22
                  185.85.192.0-185.85.194.255
                  195.28.8.0/23
                  195.210.40.0/23
                  195.225.40.0/23
                  195.238.80.0/23
                  213.225.240.0/20
                IPv6:
                  2a00:4060::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:ea:a3:81:86:35:d7:ef:3a:41:2a:4a:b0:2a:af:d6:25:c4:
         a5:f8:0b:1d:00:d6:e2:94:04:ca:2a:fd:65:40:33:6a:9d:ec:
         d9:07:13:79:1a:0a:c8:53:64:0b:75:81:f9:5f:94:66:8b:be:
         b8:ec:82:b9:77:20:b6:b2:46:5b:2b:d6:00:e4:c4:67:42:6f:
         2b:3a:a1:58:a9:ba:c3:b9:c0:25:ef:93:46:77:ad:43:36:cc:
         3c:c9:be:8b:83:04:2f:6a:4c:7b:3f:d8:91:dd:04:73:ca:70:
         ca:5c:49:47:82:7e:ac:04:9d:92:9e:d3:5f:12:f2:10:65:18:
         78:4f:9d:eb:e6:2b:b2:31:9d:01:57:4e:29:87:87:3e:37:eb:
         82:a5:86:4c:8a:70:df:04:d6:28:de:4f:59:50:6b:70:16:55:
         da:59:fc:be:5c:12:ec:58:86:95:31:31:6e:4a:9f:a4:48:d5:
         9d:33:20:5a:d6:04:a8:65:b0:d2:7b:4f:68:af:f8:e1:1a:f6:
         66:d9:27:8e:63:8b:56:bb:65:1b:df:34:9c:67:c4:7b:53:6f:
         a9:23:4e:bb:0e:fb:70:5f:84:0d:e6:4f:c0:dd:61:68:91:22:
         41:11:51:af:a4:d8:66:19:06:64:df:5d:28:41:9f:b6:3e:57:
         32:bc:e5:02
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYzFbs8UcjEG3xdztEArE8z0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNTE0NmJiNGUyMTk3NDRmNThjMjY4ZTllYzYyMWMxOGRk
MjI5YzMwHhcNMjQwMTAxMTQzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjY2MjFhNjMxMjFmMjIxNmQyZGEzMjlkOTAzMTM5ODdlOWMwMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmGiHpZa9hxmtoXT3+S+vEYsGf8QM
iKCV2HcwH1YF0ff76Z+YSMme8LmKnd5X8jlLl5KX6OtDRgTLlcTpdQh2QIWiZkGi
ds5qCMwFuEYM5Ty1NbbfdiEG8ZMiFPFjdook3zQi0F3ZIGBjMxyy57XL6CScos0n
quwI73Z5/0ZLVeyRU1DuuXiqizZOr5qQqpMbMYRW5AU/upRjEf83wXdvnaE8Hohy
U/tk3DrFcz4eOLqD+ty6i+8nz6bXLLeMn0SbPLIWQAA2qp759fvZX5H9ocfJAOdr
FQJ8RatLzqkVueo0pRqHhmBlpIxCnP07aVt9c1yVSWZElVNTv8Kb6cJuHQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFI9mIaYxIfIhbS2jKdkDE5h+nACXMB8GA1UdIwQY
MBaAFE5RRrtOIZdE9Ywmjp7GIcGN0inDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQt
YzkyMGM1MTdkNjAwLzEvajJZaHBqRWg4aUZ0TGFNcDJRTVRtSDZjQUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8yNWI1NGEtZTc3MC00NGFiLWEwMDQtYzkyMGM1MTdkNjAw
LzEvVGxGR3UwNGhsMFQxakNhT25zWWh3WTNTS2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEBE5v4AME
AlZp7AMEAlkjqAMEAlkt1AMEAFvnPgMEAYBByAMEAYBBzAMEAob/qDAMAwQGuVXA
AwQAuVXCAwQBwxwIAwQBw9IoAwQBw+EoAwQBw+5QAwQE1eHwMA0EAgACMAcDBQMq
AEBgMA0GCSqGSIb3DQEBCwUAA4IBAQCG6qOBhjXX7zpBKkqwKq/WJcSl+AsdANbi
lATKKv1lQDNqnezZBxN5GgrIU2QLdYH5X5Rmi7647IK5dyC2skZbK9YA5MRnQm8r
OqFYqbrDucAl75NGd61DNsw8yb6LgwQvakx7P9iR3QRzynDKXElHgn6sBJ2SntNf
EvIQZRh4T53r5iuyMZ0BV04ph4c+N+uCpYZMinDfBNYo3k9ZUGtwFlXaWfy+XBLs
WIaVMTFuSp+kSNWdMyBa1gSoZbDSe09or/jhGvZm2SeOY4tWu2Ub3zScZ8R7U2+p
I067DvtwX4QN5k/A3WFokSJBEVGvpNhmGQZk310oQZ+2PlcyvOUC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:33 2024 by rpki-client on console-ams.rpki-client.org