Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/1babfc-79e6-45df-8c40-72568f06fe10/1/ZwKvsLj2HIX_NB8VAE2GTWRSQGs.roa
File:                     ZwKvsLj2HIX_NB8VAE2GTWRSQGs.roa (raw, json)
Hash identifier:          D5hEKqDtfuVbe1ctJ0RgRywGwBlNbgYf/cYsPc7GKe0=
Subject key identifier:   67:02:AF:B0:B8:F6:1C:85:FF:34:1F:15:00:4D:86:4D:64:52:40:6B
Certificate issuer:       /CN=212be0ea71cf437e08efdf3fe798eaf984131c46
Certificate serial:       0185704BE352C2EB46B0DEA5B913DB8F15AE
Authority key identifier: 21:2B:E0:EA:71:CF:43:7E:08:EF:DF:3F:E7:98:EA:F9:84:13:1C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ISvg6nHPQ34I798_55jq-YQTHEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/1babfc-79e6-45df-8c40-72568f06fe10/1/ZwKvsLj2HIX_NB8VAE2GTWRSQGs.roa
Signing time:             Mon 02 Jan 2023 02:24:59 +0000
ROA not before:           Mon 02 Jan 2023 02:24:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9063
IP address blocks:        91.184.160.0/19 maxlen: 19
                          109.75.80.0/20 maxlen: 20
                          185.231.252.0/22 maxlen: 22
                          185.194.151.0/24 maxlen: 24
                          212.88.128.0/19 maxlen: 19
                          37.230.0.0/19 maxlen: 19
                          176.126.64.0/23 maxlen: 23
                          176.126.71.0/24 maxlen: 24
                          176.126.68.0/23 maxlen: 23
                          176.126.75.0/24 maxlen: 24
                          176.126.76.0/24 maxlen: 24
                          176.126.72.0/23 maxlen: 23
                          185.168.11.0/24 maxlen: 24
                          185.168.8.0/24 maxlen: 24
                          217.24.224.0/20 maxlen: 20
                          185.186.144.0/23 maxlen: 23
                          212.82.48.0/20 maxlen: 20
                          185.203.123.0/24 maxlen: 24
                          185.222.139.0/24 maxlen: 24
                          194.35.184.0/23 maxlen: 23
                          194.35.188.0/23 maxlen: 23
                          176.126.82.0/24 maxlen: 24
                          185.166.190.0/23 maxlen: 23
                          185.166.189.0/24 maxlen: 24
                          176.126.80.0/23 maxlen: 23
                          176.126.79.0/24 maxlen: 24
                          185.35.109.0/24 maxlen: 24
                          185.35.110.0/23 maxlen: 23
                          185.161.200.0/23 maxlen: 23
                          93.186.0.0/20 maxlen: 20
                          2a02:5a0::/29 maxlen: 29
                          2a02:5a0::/32 maxlen: 128

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 18:30:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:4b:e3:52:c2:eb:46:b0:de:a5:b9:13:db:8f:15:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=212be0ea71cf437e08efdf3fe798eaf984131c46
        Validity
            Not Before: Jan  2 02:24:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6702afb0b8f61c85ff341f15004d864d6452406b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:50:26:a1:4b:e6:ed:12:47:79:11:fa:d8:e5:
                    43:ed:96:d1:af:2a:27:6c:67:ce:8d:10:61:64:18:
                    ae:a0:9b:60:14:99:da:da:20:f9:e8:42:05:6e:62:
                    86:e2:c2:35:34:18:96:e4:bf:84:cd:05:c2:83:6a:
                    be:17:5e:72:57:63:48:72:4e:4e:d0:2b:1a:fd:04:
                    5e:78:d3:8f:09:75:3e:fc:70:f7:6c:14:6c:75:0b:
                    82:24:5a:4d:13:dd:95:a3:91:27:18:26:cd:50:69:
                    0e:0d:dc:c2:d5:d7:b4:dc:a1:1b:17:6d:25:29:ea:
                    57:72:68:eb:d2:57:a8:19:7d:6b:21:19:23:98:a1:
                    3d:ac:d0:14:05:ca:10:d9:9d:13:3b:b2:4e:f2:1f:
                    a7:2d:01:c4:19:0a:b5:ba:1d:af:58:4e:d9:68:b1:
                    80:a3:45:95:77:29:dc:47:d3:4b:35:49:f7:2e:30:
                    a2:12:90:99:e1:61:e9:dd:50:2c:0f:c9:78:70:ee:
                    3e:ee:08:f6:17:3f:0d:78:b0:18:1e:38:c6:c1:c2:
                    ca:6e:85:cb:3c:80:af:d7:23:19:84:5a:72:df:db:
                    6e:47:17:b8:de:98:37:f5:90:d4:64:61:44:14:97:
                    10:ed:f4:5d:15:3a:1b:21:c5:ee:df:bc:ed:4c:3a:
                    e0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:02:AF:B0:B8:F6:1C:85:FF:34:1F:15:00:4D:86:4D:64:52:40:6B
            X509v3 Authority Key Identifier:
                keyid:21:2B:E0:EA:71:CF:43:7E:08:EF:DF:3F:E7:98:EA:F9:84:13:1C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ISvg6nHPQ34I798_55jq-YQTHEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1babfc-79e6-45df-8c40-72568f06fe10/1/ZwKvsLj2HIX_NB8VAE2GTWRSQGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/1babfc-79e6-45df-8c40-72568f06fe10/1/ISvg6nHPQ34I798_55jq-YQTHEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.0.0/19
                  91.184.160.0/19
                  93.186.0.0/20
                  109.75.80.0/20
                  176.126.64.0/23
                  176.126.68.0/23
                  176.126.71.0-176.126.73.255
                  176.126.75.0-176.126.76.255
                  176.126.79.0-176.126.82.255
                  185.35.109.0-185.35.111.255
                  185.161.200.0/23
                  185.166.189.0-185.166.191.255
                  185.168.8.0/24
                  185.168.11.0/24
                  185.186.144.0/23
                  185.194.151.0/24
                  185.203.123.0/24
                  185.222.139.0/24
                  185.231.252.0/22
                  194.35.184.0/23
                  194.35.188.0/23
                  212.82.48.0/20
                  212.88.128.0/19
                  217.24.224.0/20
                IPv6:
                  2a02:5a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5c:3d:ab:92:c3:48:6d:2f:c1:47:c7:35:b3:c8:0c:6b:20:a9:
         65:22:7c:f6:39:9f:f5:ce:de:aa:1f:8e:6c:77:59:ad:a8:11:
         6f:e4:1a:4f:bc:39:bb:b1:42:9a:66:47:46:b6:ad:c7:c4:f2:
         9f:68:10:bc:7f:90:00:f7:c9:44:5f:04:c2:b2:b7:ed:9d:81:
         9e:93:dd:cc:0b:d0:47:3b:d5:37:5d:d0:3c:d1:8e:f1:43:64:
         7b:a4:70:c6:c7:0d:6e:03:a0:99:a8:7d:a3:e4:46:0b:59:c7:
         92:7a:59:de:cb:82:30:c8:80:db:3e:2d:c5:2c:2b:24:37:8f:
         56:cb:ec:e5:3a:e6:4f:63:0c:e2:71:79:df:3b:86:77:05:cf:
         bf:f4:ca:de:84:fb:cc:bb:08:91:e1:d6:0a:bb:5c:41:58:e4:
         ef:a5:57:88:0c:fb:c7:2e:9f:aa:e3:8d:8d:1c:2d:b3:e3:a3:
         9b:16:2d:24:11:62:9a:03:97:ca:9d:4d:36:24:45:17:cd:b3:
         ba:55:36:ea:db:ca:99:b0:f9:84:90:78:ae:6b:9e:1e:8d:09:
         d3:80:24:f0:72:01:2a:a6:20:23:ee:ad:33:90:59:16:78:8d:
         ac:0a:30:48:39:55:d5:43:63:a5:35:f6:16:79:ef:f2:2d:e4:
         03:29:7a:c0
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAYVwS+NSwutGsN6luRPbjxWuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMmJlMGVhNzFjZjQzN2UwOGVmZGYzZmU3OThlYWY5ODQx
MzFjNDYwHhcNMjMwMTAyMDIyNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzAyYWZiMGI4ZjYxYzg1ZmYzNDFmMTUwMDRkODY0ZDY0NTI0MDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVAmoUvm7RJHeRH62OVD7ZbRryon
bGfOjRBhZBiuoJtgFJna2iD56EIFbmKG4sI1NBiW5L+EzQXCg2q+F15yV2NIck5O
0Csa/QReeNOPCXU+/HD3bBRsdQuCJFpNE92Vo5EnGCbNUGkODdzC1de03KEbF20l
KepXcmjr0leoGX1rIRkjmKE9rNAUBcoQ2Z0TO7JO8h+nLQHEGQq1uh2vWE7ZaLGA
o0WVdyncR9NLNUn3LjCiEpCZ4WHp3VAsD8l4cO4+7gj2Fz8NeLAYHjjGwcLKboXL
PICv1yMZhFpy39tuRxe43pg39ZDUZGFEFJcQ7fRdFTobIcXu37ztTDrgGwIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFGcCr7C49hyF/zQfFQBNhk1kUkBrMB8GA1UdIwQY
MBaAFCEr4Opxz0N+CO/fP+eY6vmEExxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVN2ZzZuSFBRMzRJNzk4XzU1anEtWVFUSEVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8xYmFiZmMtNzllNi00NWRmLThjNDAt
NzI1NjhmMDZmZTEwLzEvWndLdnNMajJISVhfTkI4VkFFMkdUV1JTUUdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8xYmFiZmMtNzllNi00NWRmLThjNDAtNzI1NjhmMDZmZTEw
LzEvSVN2ZzZuSFBRMzRJNzk4XzU1anEtWVFUSEVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHkBggrBgEFBQcBBwEB/wSB1DCB0TCBvwQCAAEwgbgDBAUl
5gADBAVbuKADBARdugADBARtS1ADBAGwfkADBAGwfkQwDAMEALB+RwMEAbB+SDAM
AwQAsH5LAwQAsH5MMAwDBACwfk8DBACwflIwDAMEALkjbQMEBLkjYAMEAbmhyDAM
AwQAuaa9AwQGuaaAAwQAuagIAwQAuagLAwQBubqQAwQAucKXAwQAuct7AwQAud6L
AwQCuef8AwQBwiO4AwQBwiO8AwQE1FIwAwQF1FiAAwQE2RjgMA0EAgACMAcDBQMq
AgWgMA0GCSqGSIb3DQEBCwUAA4IBAQBcPauSw0htL8FHxzWzyAxrIKllInz2OZ/1
zt6qH45sd1mtqBFv5BpPvDm7sUKaZkdGtq3HxPKfaBC8f5AA98lEXwTCsrftnYGe
k93MC9BHO9U3XdA80Y7xQ2R7pHDGxw1uA6CZqH2j5EYLWceSelney4IwyIDbPi3F
LCskN49Wy+zlOuZPYwzicXnfO4Z3Bc+/9MrehPvMuwiR4dYKu1xBWOTvpVeIDPvH
Lp+q442NHC2z46ObFi0kEWKaA5fKnU02JEUXzbO6VTbq28qZsPmEkHiua54ejQnT
gCTwcgEqpiAj7q0zkFkWeI2sCjBIOVXVQ2OlNfYWee/yLeQDKXrA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:40 2024 by rpki-client on console-ams.rpki-client.org