Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/IcWgWgWBc-7u6fZikP8hxwgY8Ws.roa
File:                     IcWgWgWBc-7u6fZikP8hxwgY8Ws.roa (raw, json)
Hash identifier:          UVgSLq+E+egUjhYggAshSEhx2cr/H8lFJbxz6h9DrrI=
Subject key identifier:   21:C5:A0:5A:05:81:73:EE:EE:E9:F6:62:90:FF:21:C7:08:18:F1:6B
Certificate issuer:       /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial:       018A293BCD93F4EB683B68BBF6B6E9B158B7
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/IcWgWgWBc-7u6fZikP8hxwgY8Ws.roa
Signing time:             Thu 24 Aug 2023 20:28:19 +0000
ROA not before:           Thu 24 Aug 2023 20:28:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     8849
IP address blocks:        91.192.81.0/24 maxlen: 24
                          185.140.210.0/24 maxlen: 24
                          185.140.211.0/24 maxlen: 24
                          95.174.71.0/24 maxlen: 24
                          95.174.68.0/24 maxlen: 24
                          95.174.69.0/24 maxlen: 24
                          95.174.70.0/24 maxlen: 24
                          89.40.226.0/24 maxlen: 24
                          88.210.36.0/23 maxlen: 24
                          2a06:f902:4000::/36 maxlen: 36
                          2a06:f901:4000::/36 maxlen: 36
                          2a06:f901:8000::/36 maxlen: 36
                          2a06:f901:c000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Fri 25 Aug 2023 12:16:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:29:3b:cd:93:f4:eb:68:3b:68:bb:f6:b6:e9:b1:58:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
        Validity
            Not Before: Aug 24 20:28:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=21c5a05a058173eeeee9f66290ff21c70818f16b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b5:38:38:db:fb:41:1d:b1:67:a3:e7:4c:58:
                    71:b7:c3:1e:1f:f8:8d:33:0c:d7:dd:41:99:a9:8b:
                    de:e9:ff:33:da:c2:2b:53:62:6d:31:3a:b7:5b:aa:
                    8f:49:7b:c5:9b:8e:6d:a8:91:2a:5a:42:b7:eb:9d:
                    de:3a:ea:da:5f:75:17:4f:70:fa:53:35:92:18:5e:
                    26:88:91:f2:5e:9b:7d:a1:a5:ba:de:78:12:83:a2:
                    21:8d:3a:5f:2e:63:33:96:1d:08:c4:ff:f0:66:e6:
                    20:79:e4:a6:3c:b1:62:10:c2:f4:59:83:40:dd:91:
                    7b:de:a6:fc:97:11:18:5d:75:a7:87:2d:a6:d9:8b:
                    65:76:60:35:cc:3a:ea:c7:b4:29:d0:08:f2:8d:7a:
                    07:b6:6b:d5:88:7b:8c:ad:c2:a8:13:71:61:92:aa:
                    2d:12:1c:99:b2:f1:01:ee:6f:f5:0c:85:63:aa:d4:
                    ea:19:7b:a2:35:e2:9b:f4:cf:59:bd:cd:de:c2:87:
                    c3:f2:43:95:66:ee:42:5e:82:12:d5:ef:e9:8a:95:
                    58:84:06:41:0c:9c:74:ac:06:af:ec:d1:d1:c2:2b:
                    ca:98:2d:e2:a7:42:2a:4d:3d:33:42:31:d4:f0:f1:
                    00:43:0b:38:c7:3f:2f:65:be:c1:67:72:2d:01:07:
                    49:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C5:A0:5A:05:81:73:EE:EE:E9:F6:62:90:FF:21:C7:08:18:F1:6B
            X509v3 Authority Key Identifier:
                keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/IcWgWgWBc-7u6fZikP8hxwgY8Ws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.210.36.0/23
                  89.40.226.0/24
                  91.192.81.0/24
                  95.174.68.0/22
                  185.140.210.0/23
                IPv6:
                  2a06:f901:4000::/36
                  2a06:f901:8000::/36
                  2a06:f901:c000::/36
                  2a06:f902:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         65:7b:f2:e5:c0:71:b9:e5:4b:17:38:4b:22:5b:51:8a:56:38:
         6f:57:ee:1c:11:ff:a7:63:46:c6:e5:4b:13:76:78:26:27:b7:
         ca:ef:b9:bd:95:2c:ce:1d:6f:28:89:64:7d:3d:ac:f9:35:3f:
         ef:db:d8:d4:2f:63:06:3b:fb:5a:74:e1:53:3c:0d:23:0e:4b:
         0c:77:66:76:5a:2f:8a:d8:cc:25:c4:be:9f:cb:53:fc:44:ce:
         81:d0:68:02:55:56:2b:29:74:f1:95:8a:3e:fe:87:85:e1:9d:
         0d:87:08:f4:f6:f6:8c:fe:be:b7:7d:a4:1b:2a:d1:16:0c:2c:
         61:2a:9e:d5:cf:b9:b7:1c:58:9a:f7:62:b5:30:8f:10:d9:ba:
         a3:26:b1:f0:da:38:2e:ce:06:34:ab:a1:17:81:99:9a:e9:65:
         ab:5c:70:60:98:25:d9:d6:28:12:e8:8a:a1:fc:29:62:b8:d6:
         21:94:67:e1:df:7a:d7:b3:1e:f2:84:7c:a7:58:cc:c2:5e:0f:
         88:5c:7d:40:02:16:ac:50:2d:71:d7:e7:cc:f5:cf:12:28:b2:
         ad:db:3f:83:45:48:a4:92:af:a9:16:9f:77:f8:69:9e:7f:d9:
         fe:0b:ee:3f:6c:87:d4:e8:1f:4d:e1:ed:61:a0:af:be:40:83:
         2d:00:9e:3d
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYopO82T9OtoO2i79rbpsVi3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3
NDIxYTYwHhcNMjMwODI0MjAyODE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWM1YTA1YTA1ODE3M2VlZWVlOWY2NjI5MGZmMjFjNzA4MThmMTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbU4ONv7QR2xZ6PnTFhxt8MeH/iN
MwzX3UGZqYve6f8z2sIrU2JtMTq3W6qPSXvFm45tqJEqWkK3653eOuraX3UXT3D6
UzWSGF4miJHyXpt9oaW63ngSg6IhjTpfLmMzlh0IxP/wZuYgeeSmPLFiEML0WYNA
3ZF73qb8lxEYXXWnhy2m2YtldmA1zDrqx7Qp0AjyjXoHtmvViHuMrcKoE3Fhkqot
EhyZsvEB7m/1DIVjqtTqGXuiNeKb9M9Zvc3ewofD8kOVZu5CXoIS1e/pipVYhAZB
DJx0rAav7NHRwivKmC3ip0IqTT0zQjHU8PEAQws4xz8vZb7BZ3ItAQdJyQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFCHFoFoFgXPu7un2YpD/IccIGPFrMB8GA1UdIwQY
MBaAFA/r+/1vk3xa454+OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGIt
N2Q3MDM3NGQ3NmQyLzEvSWNXZ1dnV0JjLTd1NmZaaWtQOGh4d2dZOFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQy
LzEvRC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjAkBAIAATAeAwQBWNIkAwQA
WSjiAwQAW8BRAwQCX65EAwQBuYzSMCYEAgACMCADBgQqBvkBQAMGBCoG+QGAAwYE
Kgb5AcADBgQqBvkCQDANBgkqhkiG9w0BAQsFAAOCAQEAZXvy5cBxueVLFzhLIltR
ilY4b1fuHBH/p2NGxuVLE3Z4Jie3yu+5vZUszh1vKIlkfT2s+TU/79vY1C9jBjv7
WnThUzwNIw5LDHdmdlovitjMJcS+n8tT/ETOgdBoAlVWKyl08ZWKPv6HheGdDYcI
9Pb2jP6+t32kGyrRFgwsYSqe1c+5txxYmvditTCPENm6oyax8No4Ls4GNKuhF4GZ
mullq1xwYJgl2dYoEuiKofwpYrjWIZRn4d9617Me8oR8p1jMwl4PiFx9QAIWrFAt
cdfnzPXPEiiyrds/g0VIpJKvqRafd/hpnn/Z/gvuP2yH1OgfTeHtYaCvvkCDLQCe
PQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:04 2024 by rpki-client on console-fra.rpki-client.org