Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/zKk_A8xQZO1dyvpE56bg8H94-oQ.roa
File:                     zKk_A8xQZO1dyvpE56bg8H94-oQ.roa (raw, json)
Hash identifier:          w6PNL1grpkJXNGhy7GLKDtLCMjz4/VlI2d8ivp0PXRU=
Subject key identifier:   CC:A9:3F:03:CC:50:64:ED:5D:CA:FA:44:E7:A6:E0:F0:7F:78:FA:84
Certificate issuer:       /CN=a952d0d266557385836aab7ae3fdced4ca74ad89
Certificate serial:       018B61D429ECF93196F352142E5BC78CDFFF
Authority key identifier: A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/zKk_A8xQZO1dyvpE56bg8H94-oQ.roa
Signing time:             Tue 24 Oct 2023 13:16:16 +0000
ROA not before:           Tue 24 Oct 2023 13:16:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210079
IP address blocks:        217.144.96.0/24 maxlen: 24
                          217.144.98.0/24 maxlen: 24
                          217.144.97.0/24 maxlen: 24
                          217.144.99.0/24 maxlen: 24
                          217.144.103.0/24 maxlen: 24
                          217.144.101.0/24 maxlen: 24
                          217.144.100.0/24 maxlen: 24
                          185.221.152.0/22 maxlen: 22
                          185.221.155.0/24 maxlen: 24
                          185.221.154.0/24 maxlen: 24
                          185.22.232.0/23 maxlen: 23
                          185.22.234.0/23 maxlen: 23
                          91.218.230.0/23 maxlen: 23
                          91.218.228.0/23 maxlen: 23
                          95.181.224.0/24 maxlen: 24
                          95.181.226.0/24 maxlen: 24
                          95.181.225.0/24 maxlen: 24
                          5.35.100.0/24 maxlen: 24
                          5.35.102.0/24 maxlen: 24
                          5.35.101.0/24 maxlen: 24
                          91.201.40.0/22 maxlen: 22
                          212.8.247.0/24 maxlen: 24
                          185.12.92.0/22 maxlen: 22
                          95.183.8.0/23 maxlen: 23
                          95.183.11.0/24 maxlen: 24
                          95.183.10.0/24 maxlen: 24
                          95.183.15.0/24 maxlen: 24
                          95.183.14.0/24 maxlen: 24
                          95.183.13.0/24 maxlen: 24
                          95.183.12.0/24 maxlen: 24
                          37.143.10.0/23 maxlen: 23
                          37.143.8.0/23 maxlen: 23
                          37.143.14.0/23 maxlen: 23
                          37.143.12.0/23 maxlen: 23
                          46.254.16.0/23 maxlen: 23
                          46.254.23.0/24 maxlen: 24
                          46.254.22.0/24 maxlen: 24
                          46.254.20.0/23 maxlen: 23
                          46.254.18.0/23 maxlen: 23
                          95.181.228.0/24 maxlen: 24
                          95.181.227.0/24 maxlen: 24
                          95.181.231.0/24 maxlen: 24
                          95.181.230.0/24 maxlen: 24
                          95.181.229.0/24 maxlen: 24
                          185.87.192.0/24 maxlen: 24
                          185.87.195.0/24 maxlen: 24
                          185.87.194.0/24 maxlen: 24
                          185.87.193.0/24 maxlen: 24
                          185.87.199.0/24 maxlen: 24
                          185.87.198.0/24 maxlen: 24
                          185.87.197.0/24 maxlen: 24
                          185.87.196.0/24 maxlen: 24
                          178.57.218.0/23 maxlen: 23
                          178.57.216.0/23 maxlen: 23
                          178.57.222.0/23 maxlen: 23
                          178.57.220.0/23 maxlen: 23
                          2a03:c980:b916::/48 maxlen: 48
                          2a03:c980:5fb5::/48 maxlen: 48
                          2a03:c980:d990::/48 maxlen: 48
                          2a03:80c0::/48 maxlen: 48
                          2a03:c980:b957::/48 maxlen: 48
                          2a03:c980:e5::/48 maxlen: 48
                          2a03:c980:db::/48 maxlen: 48
                          2a03:c980:b239::/48 maxlen: 48
                          2a03:80c0:1::/48 maxlen: 48
                          2a03:c980:beef::/48 maxlen: 48
                          2a03:c980:dead::/48 maxlen: 48
                          2a03:c980:5fb7::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 16 Nov 2023 13:55:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:61:d4:29:ec:f9:31:96:f3:52:14:2e:5b:c7:8c:df:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a952d0d266557385836aab7ae3fdced4ca74ad89
        Validity
            Not Before: Oct 24 13:16:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=cca93f03cc5064ed5dcafa44e7a6e0f07f78fa84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8c:f4:57:5c:0a:96:f7:ce:f2:f0:56:76:d2:
                    10:67:f6:bb:7c:c7:1d:38:9a:b6:15:76:40:a6:b6:
                    46:b0:e0:1d:3f:af:df:c6:0b:bb:b4:1f:2f:ab:80:
                    c8:95:03:59:58:8a:4b:f3:f2:c6:6a:50:ea:8d:88:
                    01:19:68:2d:ed:32:0d:a2:34:1b:9c:72:d8:2f:c3:
                    a3:14:8d:df:ee:63:27:59:6f:28:1d:93:7a:49:0e:
                    a3:af:76:6d:83:2c:00:b5:03:40:ca:78:25:b8:6d:
                    bb:db:ee:d5:05:25:fd:8a:2c:77:8e:95:29:5a:dc:
                    d8:28:07:10:90:cc:c0:84:2b:a2:38:3b:e7:05:72:
                    6a:96:ae:a4:4a:f6:bb:8e:f5:0e:ca:d2:34:8a:cc:
                    ad:b6:64:09:b2:e6:e3:e6:0a:f4:5d:f8:0c:b9:f9:
                    65:8a:92:4d:f2:ad:26:db:74:be:51:a9:b2:0b:40:
                    d4:06:9d:4b:2c:ff:83:a8:f6:69:35:33:86:a0:44:
                    69:fb:56:5d:b0:e1:45:83:d4:c8:50:f7:89:20:f2:
                    2d:11:ff:f3:8a:0b:c4:d6:73:d3:3e:b4:0c:aa:9b:
                    62:8c:da:10:96:e9:60:4e:7d:99:31:87:1e:b8:08:
                    e1:e8:14:0b:32:a0:aa:72:11:82:93:36:e8:a3:81:
                    3c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:A9:3F:03:CC:50:64:ED:5D:CA:FA:44:E7:A6:E0:F0:7F:78:FA:84
            X509v3 Authority Key Identifier:
                keyid:A9:52:D0:D2:66:55:73:85:83:6A:AB:7A:E3:FD:CE:D4:CA:74:AD:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/zKk_A8xQZO1dyvpE56bg8H94-oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/270a91-cbfd-4503-b960-4c21a505f346/1/qVLQ0mZVc4WDaqt64_3O1Mp0rYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.35.100.0-5.35.102.255
                  37.143.8.0/21
                  46.254.16.0/21
                  91.201.40.0/22
                  91.218.228.0/22
                  95.181.224.0/21
                  95.183.8.0/21
                  178.57.216.0/21
                  185.12.92.0/22
                  185.22.232.0/22
                  185.87.192.0/21
                  185.221.152.0/22
                  212.8.247.0/24
                  217.144.96.0-217.144.101.255
                  217.144.103.0/24
                IPv6:
                  2a03:80c0::/47
                  2a03:c980:db::/48
                  2a03:c980:e5::/48
                  2a03:c980:5fb5::/48
                  2a03:c980:5fb7::/48
                  2a03:c980:b239::/48
                  2a03:c980:b916::/48
                  2a03:c980:b957::/48
                  2a03:c980:beef::/48
                  2a03:c980:d990::/48
                  2a03:c980:dead::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:4f:20:e1:87:e4:4c:70:24:c4:f0:0d:9a:58:0f:fc:53:0c:
         57:75:60:b7:cf:0e:78:34:89:64:23:1c:3f:4e:e0:8f:93:5a:
         66:36:6b:74:3b:af:39:91:40:c1:70:1c:d9:cf:3a:bd:88:c6:
         3d:19:1d:bd:bd:cb:b3:15:ed:0e:7b:69:ed:96:9a:77:e6:b7:
         4c:8f:46:43:6d:b1:9b:09:7a:80:61:90:04:80:ca:cd:ee:27:
         e4:d8:da:07:b6:b9:f7:cb:21:b4:7a:52:c2:76:26:49:04:6c:
         77:0c:70:28:7e:31:a9:df:e5:90:8d:50:61:1b:73:89:01:e6:
         36:c2:1e:92:51:4d:70:7e:73:2a:86:b5:bb:eb:e7:19:f9:0c:
         98:d0:95:18:5b:fd:ab:84:ea:e3:8c:07:f3:f6:1e:c9:88:ca:
         e6:92:8f:a5:ce:66:55:36:c7:90:c5:74:08:cb:f7:4f:54:01:
         e3:f6:12:23:c2:78:7c:76:e3:e8:82:cb:bf:36:1d:94:f9:2b:
         24:6e:61:c3:05:16:d2:2c:a8:f5:fc:a8:8e:cd:14:a8:92:cf:
         d1:c3:b1:5a:9b:1d:8b:34:10:38:55:26:32:a2:c6:cf:52:d4:
         0d:68:fe:2c:45:8f:d7:e5:c1:30:60:5e:ff:bf:14:01:8f:2f:
         06:7c:69:36
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgISAYth1Cns+TGW81IULlvHjN//MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5NTJkMGQyNjY1NTczODU4MzZhYWI3YWUzZmRjZWQ0Y2E3
NGFkODkwHhcNMjMxMDI0MTMxNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2E5M2YwM2NjNTA2NGVkNWRjYWZhNDRlN2E2ZTBmMDdmNzhmYTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYz0V1wKlvfO8vBWdtIQZ/a7fMcd
OJq2FXZAprZGsOAdP6/fxgu7tB8vq4DIlQNZWIpL8/LGalDqjYgBGWgt7TINojQb
nHLYL8OjFI3f7mMnWW8oHZN6SQ6jr3ZtgywAtQNAyngluG272+7VBSX9iix3jpUp
WtzYKAcQkMzAhCuiODvnBXJqlq6kSva7jvUOytI0isyttmQJsubj5gr0XfgMufll
ipJN8q0m23S+UamyC0DUBp1LLP+DqPZpNTOGoERp+1ZdsOFFg9TIUPeJIPItEf/z
igvE1nPTPrQMqptijNoQlulgTn2ZMYceuAjh6BQLMqCqchGCkzboo4E8KQIDAQAB
o4IC2zCCAtcwHQYDVR0OBBYEFMypPwPMUGTtXcr6ROem4PB/ePqEMB8GA1UdIwQY
MBaAFKlS0NJmVXOFg2qreuP9ztTKdK2JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAt
NGMyMWE1MDVmMzQ2LzEvektrX0E4eFFaTzFkeXZwRTU2Ymc4SDk0LW9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8yNzBhOTEtY2JmZC00NTAzLWI5NjAtNGMyMWE1MDVmMzQ2
LzEvcVZMUTBtWlZjNFdEYXF0NjRfM08xTXAwcllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHwBggrBgEFBQcBBwEB/wSB4DCB3TBwBAIAATBqMAwDBAIF
I2QDBAAFI2YDBAMljwgDBAMu/hADBAJbySgDBAJb2uQDBANfteADBANftwgDBAOy
OdgDBAK5DFwDBAK5FugDBAO5V8ADBAK53ZgDBADUCPcwDAMEBdmQYAMEAdmQZAME
ANmQZzBpBAIAAjBjAwcBKgOAwAAAAwcAKgPJgADbAwcAKgPJgADlAwcAKgPJgF+1
AwcAKgPJgF+3AwcAKgPJgLI5AwcAKgPJgLkWAwcAKgPJgLlXAwcAKgPJgL7vAwcA
KgPJgNmQAwcAKgPJgN6tMA0GCSqGSIb3DQEBCwUAA4IBAQCqTyDhh+RMcCTE8A2a
WA/8UwxXdWC3zw54NIlkIxw/TuCPk1pmNmt0O685kUDBcBzZzzq9iMY9GR29vcuz
Fe0Oe2ntlpp35rdMj0ZDbbGbCXqAYZAEgMrN7ifk2NoHtrn3yyG0elLCdiZJBGx3
DHAofjGp3+WQjVBhG3OJAeY2wh6SUU1wfnMqhrW76+cZ+QyY0JUYW/2rhOrjjAfz
9h7JiMrmko+lzmZVNseQxXQIy/dPVAHj9hIjwnh8duPogsu/Nh2U+SskbmHDBRbS
LKj1/KiOzRSoks/Rw7Famx2LNBA4VSYyosbPUtQNaP4sRY/X5cEwYF7/vxQBjy8G
fGk2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:45 2024 by rpki-client on console-ams.rpki-client.org