Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/9TX8CZ0WxioUQK1wuIITr8fqNhY.roa
File:                     9TX8CZ0WxioUQK1wuIITr8fqNhY.roa (raw, json)
Hash identifier:          gLoz/oq2h3RVn2KhDraOZYLoMtXA7vV3ZllR9iznHHM=
Subject key identifier:   F5:35:FC:09:9D:16:C6:2A:14:40:AD:70:B8:82:13:AF:C7:EA:36:16
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018BD54E41ABE72F7BF4CDC9008B1F379974
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/9TX8CZ0WxioUQK1wuIITr8fqNhY.roa
Signing time:             Wed 15 Nov 2023 23:25:57 +0000
ROA not before:           Wed 15 Nov 2023 23:25:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210644
IP address blocks:        185.174.137.0/24 maxlen: 24
                          185.229.65.0/24 maxlen: 24
                          185.174.136.0/24 maxlen: 24
                          185.229.66.0/24 maxlen: 24
                          185.106.94.0/24 maxlen: 24
                          185.112.83.0/24 maxlen: 24
                          91.103.252.0/23 maxlen: 23
                          45.142.122.0/24 maxlen: 24
                          185.17.0.0/24 maxlen: 24
                          45.138.74.0/24 maxlen: 24
                          5.252.118.0/24 maxlen: 24
                          194.67.201.0/24 maxlen: 24
                          2a0e:d607::/48 maxlen: 48
                          2a0e:d602:3::/48 maxlen: 48
                          2a0e:d602:2::/48 maxlen: 48
                          2a0e:d606::/48 maxlen: 48
                          2a0e:d602:1::/48 maxlen: 48
                          2a0e:d602::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 16 Nov 2023 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:d5:4e:41:ab:e7:2f:7b:f4:cd:c9:00:8b:1f:37:99:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Nov 15 23:25:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f535fc099d16c62a1440ad70b88213afc7ea3616
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:00:db:e4:60:9d:20:76:23:66:5c:ab:e2:d4:
                    9f:7b:31:d2:f2:b2:ef:15:24:eb:de:a2:08:5e:e4:
                    d9:ec:5c:de:76:00:c1:ad:f2:83:50:0c:48:7d:de:
                    4e:2a:8e:fd:4e:37:11:a3:5a:d5:b3:ce:12:b2:bd:
                    f0:8e:9a:f8:d4:24:89:46:30:86:ce:86:0d:8f:ba:
                    3d:61:e2:f3:dc:f6:f0:ee:7a:76:e8:ef:1e:03:54:
                    be:d3:ce:75:0f:d3:4c:c1:9c:21:27:9b:a9:ea:c9:
                    74:bc:c2:54:44:c6:51:62:93:bc:16:61:6e:8a:88:
                    3c:b0:f8:d4:9c:9c:0d:d4:99:cd:66:aa:6f:82:fc:
                    9e:ca:94:3d:73:80:98:69:1d:d2:f1:2e:12:f8:1a:
                    e8:7f:5e:a1:ca:68:7a:80:ab:68:5f:62:af:06:77:
                    f4:35:26:89:ee:8c:4a:ec:38:ec:cc:98:cb:76:d1:
                    4c:2b:51:04:2f:2b:f5:46:96:b4:1e:92:7c:d5:5f:
                    e4:1d:eb:4d:09:c9:50:97:9c:87:7e:4f:61:1f:a1:
                    40:a2:2f:a7:2d:92:6a:58:8d:f6:b3:d7:2c:6d:ee:
                    31:67:c3:a3:c1:9a:27:a5:e9:e7:a5:6f:db:c2:2b:
                    60:65:26:cc:d6:10:7c:be:9c:8e:b8:3a:58:61:8a:
                    64:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:35:FC:09:9D:16:C6:2A:14:40:AD:70:B8:82:13:AF:C7:EA:36:16
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/9TX8CZ0WxioUQK1wuIITr8fqNhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.118.0/24
                  45.138.74.0/24
                  45.142.122.0/24
                  91.103.252.0/23
                  185.17.0.0/24
                  185.106.94.0/24
                  185.112.83.0/24
                  185.174.136.0/23
                  185.229.65.0-185.229.66.255
                  194.67.201.0/24
                IPv6:
                  2a0e:d602::/46
                  2a0e:d606::/48
                  2a0e:d607::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:b6:7e:21:7d:af:21:36:83:0d:1a:94:0b:ca:3b:12:80:96:
         21:ef:f5:5c:94:dc:9d:4d:1a:d9:20:aa:e2:ac:40:ca:ff:f6:
         ef:9b:dd:2a:58:5e:52:68:c6:66:13:20:5d:b4:e2:14:03:57:
         63:f1:5a:60:b4:f4:a1:bd:d3:e0:32:cd:b7:1a:34:9f:73:cc:
         65:67:e6:58:1b:31:eb:3c:18:b8:f1:55:5c:70:43:98:07:11:
         f9:b4:c2:6f:90:d3:77:84:6b:25:0e:b1:15:4c:b5:05:2e:5d:
         28:bd:ce:6e:31:99:a9:52:5a:f7:fa:93:9f:ff:7d:51:fd:b3:
         04:e1:47:47:3b:59:33:bb:51:dd:ba:ae:9a:8f:85:b0:ae:97:
         6e:00:3e:8f:36:e9:cb:cc:08:d4:72:aa:4e:25:4a:bd:c5:10:
         a7:10:3c:0b:8d:f3:6b:3a:1b:d3:54:2c:0c:91:a0:a2:35:a0:
         76:ed:ad:4b:d8:23:b9:48:98:95:8b:08:67:10:b5:0b:af:18:
         23:01:49:25:78:e2:b2:e2:32:2b:d8:c5:7e:ee:17:d5:d1:0c:
         51:c7:96:50:22:16:77:aa:2d:89:2a:fa:0c:c8:41:75:5d:b2:
         2a:ff:95:b6:1e:c6:72:ea:f5:54:da:78:0f:84:e7:7f:5f:89:
         ef:d6:dc:a2
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgISAYvVTkGr5y979M3JAIsfN5l0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMTE1MjMyNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTM1ZmMwOTlkMTZjNjJhMTQ0MGFkNzBiODgyMTNhZmM3ZWEzNjE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuADb5GCdIHYjZlyr4tSfezHS8rLv
FSTr3qIIXuTZ7FzedgDBrfKDUAxIfd5OKo79TjcRo1rVs84Ssr3wjpr41CSJRjCG
zoYNj7o9YeLz3Pbw7np26O8eA1S+0851D9NMwZwhJ5up6sl0vMJURMZRYpO8FmFu
iog8sPjUnJwN1JnNZqpvgvyeypQ9c4CYaR3S8S4S+Brof16hymh6gKtoX2KvBnf0
NSaJ7oxK7DjszJjLdtFMK1EELyv1Rpa0HpJ81V/kHetNCclQl5yHfk9hH6FAoi+n
LZJqWI32s9csbe4xZ8OjwZonpennpW/bwitgZSbM1hB8vpyOuDpYYYpkjwIDAQAB
o4ICazCCAmcwHQYDVR0OBBYEFPU1/AmdFsYqFECtcLiCE6/H6jYWMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvOVRYOENaMFd4aW9VUUsxd3VJSVRyOGZxTmhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGABggrBgEFBQcBBwEB/wRxMG8wSgQCAAEwRAMEAAX8dgME
AC2KSgMEAC2OegMEAVtn/AMEALkRAAMEALlqXgMEALlwUwMEAbmuiDAMAwQAueVB
AwQAueVCAwQAwkPJMCEEAgACMBsDBwIqDtYCAAADBwAqDtYGAAADBwAqDtYHAAAw
DQYJKoZIhvcNAQELBQADggEBAHe2fiF9ryE2gw0alAvKOxKAliHv9VyU3J1NGtkg
quKsQMr/9u+b3SpYXlJoxmYTIF204hQDV2PxWmC09KG90+AyzbcaNJ9zzGVn5lgb
Mes8GLjxVVxwQ5gHEfm0wm+Q03eEayUOsRVMtQUuXSi9zm4xmalSWvf6k5//fVH9
swThR0c7WTO7Ud26rpqPhbCul24APo826cvMCNRyqk4lSr3FEKcQPAuN82s6G9NU
LAyRoKI1oHbtrUvYI7lImJWLCGcQtQuvGCMBSSV44rLiMivYxX7uF9XRDFHHllAi
FneqLYkq+gzIQXVdsir/lbYexnLq9VTaeA+E539fie/W3KI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org