Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I5x3RdVN5sRHuGPITf-2MaibGmo.roa
File:                     I5x3RdVN5sRHuGPITf-2MaibGmo.roa (raw, json)
Hash identifier:          U6cEQpjbfZT9FOwu8iMDbO48zVGtPAFIHl/nzRmIPr0=
Subject key identifier:   23:9C:77:45:D5:4D:E6:C4:47:B8:63:C8:4D:FF:B6:31:A8:9B:1A:6A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0186267385702E0F36B76751D6C215DEBB1C
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I5x3RdVN5sRHuGPITf-2MaibGmo.roa
Signing time:             Mon 06 Feb 2023 11:19:10 +0000
ROA not before:           Mon 06 Feb 2023 11:19:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207569
IP address blocks:        139.28.221.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          5.180.139.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          45.133.245.0/24 maxlen: 24
                          185.188.181.0/24 maxlen: 24
                          95.214.8.0/24 maxlen: 24
                          185.17.2.0/24 maxlen: 24
                          194.53.54.0/24 maxlen: 24
                          85.209.0.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          193.109.84.0/24 maxlen: 24
                          45.89.64.0/24 maxlen: 24
                          185.104.250.0/24 maxlen: 24
                          46.17.106.0/24 maxlen: 24
                          2a0a:9300:1::/48 maxlen: 48
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 07 Feb 2023 15:13:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:26:73:85:70:2e:0f:36:b7:67:51:d6:c2:15:de:bb:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Feb  6 11:19:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=239c7745d54de6c447b863c84dffb631a89b1a6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:dc:3d:39:51:a8:38:a7:e8:1f:65:f9:b2:ff:
                    50:67:19:30:f9:8a:f2:04:7c:6a:65:b6:3f:e6:41:
                    95:69:88:5c:22:8e:9a:ab:5f:c1:d1:31:8d:01:80:
                    25:ce:35:b1:1d:04:0e:f0:ef:fc:88:01:6b:1d:97:
                    0d:fc:65:ea:4c:f6:fe:fe:d3:5d:34:14:12:45:70:
                    eb:65:43:46:16:8c:3d:74:18:0f:1f:a3:92:d2:98:
                    ad:b6:82:3b:ab:c9:7d:2b:00:8a:fb:36:d1:a5:8b:
                    b4:a9:4f:68:9e:39:ab:f6:7f:dc:a3:6d:90:84:4c:
                    f3:ec:09:f5:c0:32:5d:30:27:06:96:1a:a4:55:94:
                    58:ec:a3:4a:2e:75:ad:4c:b8:28:4d:00:8d:48:00:
                    40:f5:da:9d:b2:5b:c1:98:22:08:d3:ae:a5:a7:a4:
                    f7:30:81:5d:43:9e:83:f2:ce:b9:3f:b9:85:92:4c:
                    3d:eb:d3:98:35:e1:48:ea:ab:b3:34:d7:f4:e9:0c:
                    01:28:b1:54:5b:0d:fc:c8:7e:48:bf:d2:0a:7b:d4:
                    f4:48:fb:74:e0:50:57:5a:d6:be:2a:de:ea:0f:69:
                    50:ad:d7:39:c5:b9:73:57:bd:12:7b:3f:49:a1:3f:
                    4c:8a:15:3e:ba:73:97:91:a0:0e:2f:74:82:ec:4a:
                    3f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:9C:77:45:D5:4D:E6:C4:47:B8:63:C8:4D:FF:B6:31:A8:9B:1A:6A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/I5x3RdVN5sRHuGPITf-2MaibGmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/23
                  5.180.139.0/24
                  5.252.116.0/24
                  45.89.64.0/24
                  45.133.245.0/24
                  46.17.106.0/24
                  85.209.0.0/24
                  95.214.8.0/24
                  139.28.221.0/24
                  185.17.2.0/24
                  185.94.167.0/24
                  185.104.250.0/24
                  185.188.181.0/24
                  193.109.84.0/24
                  194.53.54.0/24
                IPv6:
                  2a0a:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         b1:0e:ec:6e:a5:4d:61:cf:f0:91:ab:65:20:ef:ff:9c:05:ae:
         21:a3:1e:81:18:ac:71:52:80:a7:e8:df:07:81:17:d4:9c:c1:
         37:25:83:2e:1a:05:5a:04:1d:4d:e9:88:b5:38:ad:8f:f0:fe:
         d2:e3:d4:2c:98:b7:3d:54:34:b9:b0:2f:c6:85:e4:d2:eb:fc:
         1b:77:37:a7:fd:a2:99:9e:f1:50:d1:2e:4d:09:16:e7:dd:e1:
         66:52:dd:51:1a:c8:e0:9f:f7:d5:41:0a:90:dc:50:d7:2f:6e:
         4a:24:2b:a3:0f:13:ba:75:b1:e9:2b:c7:fc:70:b2:92:6c:4a:
         65:50:de:e5:29:87:9d:20:af:ab:f1:67:a2:a2:2a:9d:9d:7d:
         6b:f5:c4:2f:92:d0:d2:50:5d:71:ed:27:96:bf:71:48:b6:c9:
         cd:2f:8f:9a:9d:9b:78:8a:30:6a:7f:01:a1:a0:03:28:1d:0f:
         af:86:b2:2f:c8:e7:33:1e:f4:b0:3c:8d:5a:b2:86:2d:ce:75:
         89:eb:d3:53:f9:9e:e9:f4:c3:0b:f3:18:d4:1f:2b:37:b9:e8:
         c3:bc:a9:bc:d9:c0:b2:fa:38:e9:b2:a2:12:cc:e9:ea:9a:14:
         cf:ac:12:c9:79:65:4c:43:ad:67:d3:ec:34:36:c0:1e:7b:49:
         2e:47:2f:ea
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYYmc4VwLg82t2dR1sIV3rscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMjA2MTExOTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzljNzc0NWQ1NGRlNmM0NDdiODYzYzg0ZGZmYjYzMWE4OWIxYTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtw9OVGoOKfoH2X5sv9QZxkw+Yry
BHxqZbY/5kGVaYhcIo6aq1/B0TGNAYAlzjWxHQQO8O/8iAFrHZcN/GXqTPb+/tNd
NBQSRXDrZUNGFow9dBgPH6OS0pittoI7q8l9KwCK+zbRpYu0qU9onjmr9n/co22Q
hEzz7An1wDJdMCcGlhqkVZRY7KNKLnWtTLgoTQCNSABA9dqdslvBmCII066lp6T3
MIFdQ56D8s65P7mFkkw969OYNeFI6quzNNf06QwBKLFUWw38yH5Iv9IKe9T0SPt0
4FBXWta+Kt7qD2lQrdc5xblzV70Sez9JoT9MihU+unOXkaAOL3SC7Eo/fQIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFCOcd0XVTebER7hjyE3/tjGomxpqMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSTV4M1JkVk41c1JIdUdQSVRmLTJNYWliR21vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEAQW0iAME
AAW0iwMEAAX8dAMEAC1ZQAMEAC2F9QMEAC4RagMEAFXRAAMEAF/WCAMEAIsc3QME
ALkRAgMEALlepwMEALlo+gMEALm8tQMEAMFtVAMEAMI1NjANBAIAAjAHAwUAKgqT
ADANBgkqhkiG9w0BAQsFAAOCAQEAsQ7sbqVNYc/wkatlIO//nAWuIaMegRiscVKA
p+jfB4EX1JzBNyWDLhoFWgQdTemItTitj/D+0uPULJi3PVQ0ubAvxoXk0uv8G3c3
p/2imZ7xUNEuTQkW593hZlLdURrI4J/31UEKkNxQ1y9uSiQrow8TunWx6SvH/HCy
kmxKZVDe5SmHnSCvq/FnoqIqnZ19a/XEL5LQ0lBdce0nlr9xSLbJzS+Pmp2beIow
an8BoaADKB0Pr4ayL8jnMx70sDyNWrKGLc51ievTU/me6fTDC/MY1B8rN7now7yp
vNnAsvo46bKiEszp6poUz6wSyXllTEOtZ9PsNDbAHntJLkcv6g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org