Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NwiRpVbAJnMKzQ3uKyv4aiUxrzo.roa
File:                     NwiRpVbAJnMKzQ3uKyv4aiUxrzo.roa (raw, json)
Hash identifier:          rWVAZUWzOL57jicIQAYHUl7+MCs3f1yLbWH9Av83/DI=
Subject key identifier:   37:08:91:A5:56:C0:26:73:0A:CD:0D:EE:2B:2B:F8:6A:25:31:AF:3A
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFABC9EB7B19B60D7635F81C7406E7
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NwiRpVbAJnMKzQ3uKyv4aiUxrzo.roa
Signing time:             Tue 02 Jan 2024 06:32:30 +0000
ROA not before:           Tue 02 Jan 2024 06:32:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207569
IP address blocks:        139.28.221.0/24 maxlen: 24
                          139.28.220.0/24 maxlen: 24
                          5.180.136.0/24 maxlen: 24
                          5.180.137.0/24 maxlen: 24
                          185.94.167.0/24 maxlen: 24
                          45.133.245.0/24 maxlen: 24
                          185.188.181.0/24 maxlen: 24
                          95.214.8.0/24 maxlen: 24
                          185.17.2.0/24 maxlen: 24
                          194.53.54.0/24 maxlen: 24
                          85.209.0.0/24 maxlen: 24
                          185.105.118.0/24 maxlen: 24
                          195.66.87.0/24 maxlen: 24
                          5.252.116.0/24 maxlen: 24
                          193.109.84.0/24 maxlen: 24
                          45.89.64.0/24 maxlen: 24
                          194.67.200.0/24 maxlen: 24
                          185.104.250.0/24 maxlen: 24
                          46.17.106.0/24 maxlen: 24
                          2a0a:9300:1::/48 maxlen: 48
                          2a0a:9300:aaaa::/48 maxlen: 48
                          2a0a:9300::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 17 Jan 2024 12:30:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:ab:c9:eb:7b:19:b6:0d:76:35:f8:1c:74:06:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=370891a556c026730acd0dee2b2bf86a2531af3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f6:64:74:29:74:3c:fd:bd:e6:b9:69:0c:48:
                    c0:81:ca:2a:c8:aa:10:67:04:cf:71:b5:30:2f:17:
                    69:dc:47:df:aa:d6:81:42:89:34:c8:9a:2b:d4:bf:
                    da:56:93:79:9d:3c:78:18:96:6e:da:1f:b2:42:cb:
                    d9:0a:3b:9e:24:18:30:c1:0b:8b:c6:cd:a3:51:e0:
                    9e:a8:ed:c5:90:af:1f:f5:4d:52:50:9c:5a:a9:90:
                    25:ed:73:e8:b4:b5:a6:25:49:6c:5b:bd:73:f9:a0:
                    6a:a4:c5:09:d2:b9:f0:17:a0:34:1b:26:2b:6b:3a:
                    64:ea:ec:5c:f3:43:57:23:6c:4b:04:08:4a:ea:9c:
                    6f:32:f7:31:ea:5d:dc:30:56:4a:5c:93:54:7f:47:
                    8d:56:d6:4b:fd:bc:4c:53:17:ae:71:d7:4a:ff:93:
                    35:74:92:d2:1a:05:12:b1:29:49:cd:83:98:62:20:
                    5a:24:c5:a7:c9:fd:d1:4c:29:5f:e9:c7:c5:df:b3:
                    ad:fb:7c:46:fa:e2:d1:69:43:af:c5:b6:f1:01:54:
                    4f:93:fe:c1:56:75:26:f1:e5:84:75:b1:99:86:4e:
                    6b:fa:b4:02:a7:34:ac:38:db:c7:47:05:73:3a:ce:
                    c3:7c:72:04:40:4b:9d:7c:71:77:fd:c2:c3:37:12:
                    41:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:08:91:A5:56:C0:26:73:0A:CD:0D:EE:2B:2B:F8:6A:25:31:AF:3A
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/NwiRpVbAJnMKzQ3uKyv4aiUxrzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.136.0/23
                  5.252.116.0/24
                  45.89.64.0/24
                  45.133.245.0/24
                  46.17.106.0/24
                  85.209.0.0/24
                  95.214.8.0/24
                  139.28.220.0/23
                  185.17.2.0/24
                  185.94.167.0/24
                  185.104.250.0/24
                  185.105.118.0/24
                  185.188.181.0/24
                  193.109.84.0/24
                  194.53.54.0/24
                  194.67.200.0/24
                  195.66.87.0/24
                IPv6:
                  2a0a:9300::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:08:0e:fe:ed:f4:da:e1:9e:68:cb:bd:b0:c3:04:72:ef:29:
         b3:ae:b1:5b:28:08:48:75:70:33:8c:b0:1a:0f:7a:c5:5f:2c:
         22:91:49:9b:6b:65:35:ca:40:57:15:19:28:0e:72:e3:58:cd:
         74:a2:aa:00:f3:09:ad:01:2e:4b:1a:67:11:1c:73:95:53:d6:
         23:6c:0a:49:88:b4:3e:c3:a9:96:f3:43:90:7b:83:42:0a:95:
         41:37:40:4c:a2:74:9f:4b:e5:c7:1d:3a:17:14:e3:d2:fc:8b:
         b9:6c:0a:47:ab:b5:d8:5e:1d:0f:2e:6d:5d:b4:61:b4:a4:9a:
         69:3c:87:e1:b8:51:9e:25:34:89:41:63:bb:c8:5a:e9:1c:87:
         43:e7:c0:71:c9:9f:51:5c:64:8c:39:ca:7e:5a:88:9c:ef:b3:
         6a:44:1a:0e:f6:55:c9:0e:74:76:0b:76:e0:ff:ad:ec:c3:36:
         26:a8:fa:9d:7b:d5:1e:1f:3b:a9:3b:18:92:f0:54:e3:8c:d8:
         a8:a1:ee:ba:f9:cb:7c:05:e8:66:e8:19:79:c5:77:90:25:ff:
         98:55:d0:90:99:8b:06:45:d0:0d:a6:7b:6a:2d:a3:ac:e3:0c:
         6b:ce:c4:64:ec:6e:dc:31:44:40:3f:e3:00:42:7a:91:e6:2f:
         00:50:63:bb
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYzI36vJ63sZtg12NfgcdAbnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA4OTFhNTU2YzAyNjczMGFjZDBkZWUyYjJiZjg2YTI1MzFhZjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPZkdCl0PP295rlpDEjAgcoqyKoQ
ZwTPcbUwLxdp3EffqtaBQok0yJor1L/aVpN5nTx4GJZu2h+yQsvZCjueJBgwwQuL
xs2jUeCeqO3FkK8f9U1SUJxaqZAl7XPotLWmJUlsW71z+aBqpMUJ0rnwF6A0GyYr
azpk6uxc80NXI2xLBAhK6pxvMvcx6l3cMFZKXJNUf0eNVtZL/bxMUxeucddK/5M1
dJLSGgUSsSlJzYOYYiBaJMWnyf3RTClf6cfF37Ot+3xG+uLRaUOvxbbxAVRPk/7B
VnUm8eWEdbGZhk5r+rQCpzSsONvHRwVzOs7DfHIEQEudfHF3/cLDNxJBZQIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFDcIkaVWwCZzCs0N7isr+GolMa86MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvTndpUnBWYkFKbk1LelEzdUt5djRhaVV4cnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAQW0iAME
AAX8dAMEAC1ZQAMEAC2F9QMEAC4RagMEAFXRAAMEAF/WCAMEAYsc3AMEALkRAgME
ALlepwMEALlo+gMEALlpdgMEALm8tQMEAMFtVAMEAMI1NgMEAMJDyAMEAMNCVzAN
BAIAAjAHAwUAKgqTADANBgkqhkiG9w0BAQsFAAOCAQEAWQgO/u302uGeaMu9sMME
cu8ps66xWygISHVwM4ywGg96xV8sIpFJm2tlNcpAVxUZKA5y41jNdKKqAPMJrQEu
SxpnERxzlVPWI2wKSYi0PsOplvNDkHuDQgqVQTdATKJ0n0vlxx06FxTj0vyLuWwK
R6u12F4dDy5tXbRhtKSaaTyH4bhRniU0iUFju8ha6RyHQ+fAccmfUVxkjDnKflqI
nO+zakQaDvZVyQ50dgt24P+t7MM2Jqj6nXvVHh87qTsYkvBU44zYqKHuuvnLfAXo
ZugZecV3kCX/mFXQkJmLBkXQDaZ7ai2jrOMMa87EZOxu3DFEQD/jAEJ6keYvAFBj
uw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org