Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/M6wyeHS0aN2-Qz8HotqfITy3_Ls.roa
File:                     M6wyeHS0aN2-Qz8HotqfITy3_Ls.roa (raw, json)
Hash identifier:          GfixMYUgg7dNZv3DguM9nmqH9l51s+DKzLO+nRud72w=
Subject key identifier:   33:AC:32:78:74:B4:68:DD:BE:43:3F:07:A2:DA:9F:21:3C:B7:FC:BB
Certificate issuer:       /CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
Certificate serial:       01856F5DABAF17F66CA9D7B56DF87944A687
Authority key identifier: DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/M6wyeHS0aN2-Qz8HotqfITy3_Ls.roa
Signing time:             Sun 01 Jan 2023 22:04:47 +0000
ROA not before:           Sun 01 Jan 2023 22:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31317
IP address blocks:        31.220.112.0/21 maxlen: 32
                          185.95.112.0/22 maxlen: 32
                          195.192.192.0/21 maxlen: 32
                          45.119.124.0/22 maxlen: 32
                          185.156.28.0/22 maxlen: 32
                          195.192.200.0/21 maxlen: 32
                          185.114.140.0/22 maxlen: 32
                          37.251.224.0/21 maxlen: 32
                          185.178.56.0/22 maxlen: 32
                          37.251.232.0/21 maxlen: 32
                          2a05:fb80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 10:34:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:5d:ab:af:17:f6:6c:a9:d7:b5:6d:f8:79:44:a6:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
        Validity
            Not Before: Jan  1 22:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=33ac327874b468ddbe433f07a2da9f213cb7fcbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4c:46:6c:75:41:57:e5:b1:ec:66:fe:94:b8:
                    52:3c:8c:d8:18:e6:b6:6f:25:4a:01:bd:61:cc:ad:
                    e3:cd:aa:4b:a4:bb:bb:20:d6:77:5e:4b:6e:7e:42:
                    c5:29:77:78:60:0d:7b:b7:f5:88:41:34:f6:c4:b4:
                    83:b2:33:c3:27:df:71:9d:5c:f8:a4:92:e8:f6:2c:
                    55:a2:88:0f:0f:13:08:82:35:4f:ea:49:73:c4:f5:
                    72:6f:6d:9a:ba:83:10:97:05:af:f0:26:7b:cc:c2:
                    ce:1f:8a:9a:86:93:49:9c:70:74:30:1c:90:45:d8:
                    77:12:b6:10:9b:05:dc:73:26:71:7e:cc:9d:20:32:
                    c4:88:22:65:02:76:02:a3:25:f5:75:ab:ec:b7:40:
                    5d:b7:2c:5f:f8:a0:5e:06:aa:92:05:e5:43:39:3e:
                    f7:4f:76:f1:1d:71:05:7e:9d:42:b4:df:f8:4a:57:
                    e0:fb:d7:b4:f8:bb:6f:e7:b4:43:59:96:6d:a1:8a:
                    4b:27:74:8a:14:1d:1a:20:ac:92:c6:08:d8:16:ac:
                    4d:aa:8d:a7:71:4f:c6:93:cb:8a:83:7b:4e:fa:da:
                    ae:1e:a6:9f:4b:97:f5:48:97:1a:57:0b:b9:3b:b0:
                    48:4e:16:2e:2f:73:6e:75:88:7b:0d:df:08:95:bc:
                    a5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:AC:32:78:74:B4:68:DD:BE:43:3F:07:A2:DA:9F:21:3C:B7:FC:BB
            X509v3 Authority Key Identifier:
                keyid:DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/M6wyeHS0aN2-Qz8HotqfITy3_Ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/3AWXDmUMKq8atqOjOoNzJGahUS4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.220.112.0/21
                  37.251.224.0/20
                  45.119.124.0/22
                  185.95.112.0/22
                  185.114.140.0/22
                  185.156.28.0/22
                  185.178.56.0/22
                  195.192.192.0/20
                IPv6:
                  2a05:fb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:d0:33:6a:af:71:fa:06:33:29:7f:a2:07:72:7c:3f:d9:2e:
         63:e0:b8:35:42:86:36:a6:73:e5:d4:0d:07:1c:8c:e2:7e:ff:
         38:bb:ce:1b:e8:eb:90:ca:67:cc:a8:34:00:a9:68:5c:6d:04:
         e7:cb:de:4c:2d:a7:e0:53:c2:70:3b:97:aa:93:a7:40:bd:3f:
         2f:24:0c:aa:79:8c:60:c1:fb:c4:0f:62:03:6b:d8:48:be:6d:
         eb:61:67:1a:d5:cd:a9:42:2f:bb:d1:49:0a:f7:0f:2b:7e:a2:
         af:47:46:d3:64:5d:d3:72:b3:78:e4:6a:5d:9d:2e:9f:b0:96:
         ed:10:48:96:ae:c3:9e:22:85:31:e8:c0:95:ae:2c:f1:76:13:
         9d:13:ad:92:29:09:3f:44:c6:b9:a3:6c:5a:c1:4b:1f:02:2b:
         0d:36:d0:3b:99:34:0e:16:48:22:27:d3:4d:41:73:8e:f0:ad:
         a5:50:46:72:9c:f6:19:45:f3:48:5e:77:72:2a:0e:ab:35:fc:
         36:bb:ae:c9:0f:b2:b6:7c:8d:95:f2:7f:7c:39:95:ba:a3:ec:
         88:8b:b9:ff:83:79:8f:2e:91:1f:76:4e:34:79:be:41:5b:5b:
         43:f9:31:a2:91:a4:33:1c:9d:64:5f:f4:f6:05:5d:54:32:19:
         38:84:9f:7b
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVvXauvF/Zsqde1bfh5RKaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMDU5NzBlNjUwYzJhYWYxYWI2YTNhMzNhODM3MzI0NjZh
MTUxMmUwHhcNMjMwMTAxMjIwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2FjMzI3ODc0YjQ2OGRkYmU0MzNmMDdhMmRhOWYyMTNjYjdmY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkxGbHVBV+Wx7Gb+lLhSPIzYGOa2
byVKAb1hzK3jzapLpLu7INZ3XktufkLFKXd4YA17t/WIQTT2xLSDsjPDJ99xnVz4
pJLo9ixVoogPDxMIgjVP6klzxPVyb22auoMQlwWv8CZ7zMLOH4qahpNJnHB0MByQ
Rdh3ErYQmwXccyZxfsydIDLEiCJlAnYCoyX1davst0Bdtyxf+KBeBqqSBeVDOT73
T3bxHXEFfp1CtN/4Slfg+9e0+Ltv57RDWZZtoYpLJ3SKFB0aIKySxgjYFqxNqo2n
cU/Gk8uKg3tO+tquHqafS5f1SJcaVwu5O7BIThYuL3NudYh7Dd8IlbylcQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFDOsMnh0tGjdvkM/B6LanyE8t/y7MB8GA1UdIwQY
MBaAFNwFlw5lDCqvGrajozqDcyRmoVEuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0FXWERtVU1LcThhdHFPak9vTnpKR2FoVVM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zYjlhNDgtOGI2My00ZDNiLWEzYTkt
NjdhNTQwZTI5N2YwLzEvTTZ3eWVIUzBhTjItUXo4SG90cWZJVHkzX0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zYjlhNDgtOGI2My00ZDNiLWEzYTktNjdhNTQwZTI5N2Yw
LzEvM0FXWERtVU1LcThhdHFPak9vTnpKR2FoVVM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDH9xwAwQE
JfvgAwQCLXd8AwQCuV9wAwQCuXKMAwQCuZwcAwQCubI4AwQEw8DAMA0EAgACMAcD
BQMqBfuAMA0GCSqGSIb3DQEBCwUAA4IBAQAJ0DNqr3H6BjMpf6IHcnw/2S5j4Lg1
QoY2pnPl1A0HHIzifv84u84b6OuQymfMqDQAqWhcbQTny95MLafgU8JwO5eqk6dA
vT8vJAyqeYxgwfvED2IDa9hIvm3rYWca1c2pQi+70UkK9w8rfqKvR0bTZF3TcrN4
5GpdnS6fsJbtEEiWrsOeIoUx6MCVrizxdhOdE62SKQk/RMa5o2xawUsfAisNNtA7
mTQOFkgiJ9NNQXOO8K2lUEZynPYZRfNIXndyKg6rNfw2u67JD7K2fI2V8n98OZW6
o+yIi7n/g3mPLpEfdk40eb5BW1tD+TGikaQzHJ1kX/T2BV1UMhk4hJ97
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:02 2024 by rpki-client on console-fra.rpki-client.org