Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WG7yohiqymD0HoF-_MrfOwr8mYE.roa
File:                     WG7yohiqymD0HoF-_MrfOwr8mYE.roa (raw, json)
Hash identifier:          BPOuaAfSHlEtQXYkW2gAnZiELdGhc1V77XvUmfkBy74=
Subject key identifier:   58:6E:F2:A2:18:AA:CA:60:F4:1E:81:7E:FC:CA:DF:3B:0A:FC:99:81
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DFB135BB5D9E93444511149C15AE00
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WG7yohiqymD0HoF-_MrfOwr8mYE.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        185.174.137.0/24 maxlen: 24
                          185.229.65.0/24 maxlen: 24
                          185.174.136.0/24 maxlen: 24
                          185.229.66.0/24 maxlen: 24
                          94.142.138.0/24 maxlen: 24
                          185.106.94.0/24 maxlen: 24
                          185.106.93.0/24 maxlen: 24
                          185.112.83.0/24 maxlen: 24
                          91.103.252.0/23 maxlen: 23
                          45.142.122.0/24 maxlen: 24
                          185.17.0.0/24 maxlen: 24
                          45.138.74.0/24 maxlen: 24
                          5.252.118.0/24 maxlen: 24
                          194.67.201.0/24 maxlen: 24
                          2a0e:d607::/48 maxlen: 48
                          2a0e:d602:3::/48 maxlen: 48
                          2a0e:d602:2::/48 maxlen: 48
                          2a0e:d606::/48 maxlen: 48
                          2a0e:d602:1::/48 maxlen: 48
                          2a0e:d602::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 05 Jan 2024 17:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b1:35:bb:5d:9e:93:44:45:11:14:9c:15:ae:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=586ef2a218aaca60f41e817efccadf3b0afc9981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:57:03:8f:9d:b3:a2:39:52:e2:65:08:1f:b7:
                    e6:01:f2:03:90:2f:8f:26:59:47:e9:e0:fd:ea:da:
                    f2:f0:5a:7b:a1:df:2f:da:9c:29:6c:9d:a5:ad:33:
                    8c:8d:b5:88:0f:4d:15:38:ec:96:f9:f0:3e:23:92:
                    96:a2:cc:92:ce:19:d6:14:f4:12:1d:3f:5d:5b:b9:
                    d4:fb:6c:af:3a:58:c0:20:86:b4:6a:8f:2a:d4:b8:
                    f5:85:fc:f0:b6:da:6e:85:3e:a8:8a:89:53:0f:58:
                    e3:55:72:af:1b:c0:86:45:19:19:3c:65:bc:63:c4:
                    7e:b3:a6:13:ba:cc:3d:be:32:3e:21:41:07:d3:ab:
                    fd:b7:40:d5:23:52:3c:12:17:9b:5e:51:6d:36:19:
                    80:2b:b2:91:d8:31:34:56:72:86:0a:88:fa:0f:2b:
                    b4:7c:d0:e3:39:84:9e:ac:48:da:ea:b0:3b:67:e7:
                    d1:14:d4:51:ac:dc:9e:e6:cb:29:17:f4:77:9e:83:
                    d0:fb:93:9c:63:05:d1:86:e0:92:4d:86:d9:cb:e9:
                    a7:4f:5d:ed:91:b0:1e:b3:29:1c:2e:bf:fb:43:d5:
                    ca:08:98:5e:21:72:d1:fc:bc:cb:c4:2f:ed:ec:57:
                    4b:69:02:9b:89:74:d1:00:9c:d8:cf:aa:49:96:bc:
                    ae:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:6E:F2:A2:18:AA:CA:60:F4:1E:81:7E:FC:CA:DF:3B:0A:FC:99:81
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/WG7yohiqymD0HoF-_MrfOwr8mYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.118.0/24
                  45.138.74.0/24
                  45.142.122.0/24
                  91.103.252.0/23
                  94.142.138.0/24
                  185.17.0.0/24
                  185.106.93.0-185.106.94.255
                  185.112.83.0/24
                  185.174.136.0/23
                  185.229.65.0-185.229.66.255
                  194.67.201.0/24
                IPv6:
                  2a0e:d602::/46
                  2a0e:d606::/48
                  2a0e:d607::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:8b:62:bb:80:3a:16:2c:7d:06:57:27:77:08:24:16:a2:22:
         c3:83:ce:49:2c:f0:1b:b2:ef:ff:c5:b2:e8:19:7e:8d:e0:82:
         07:ff:29:7f:3d:62:9e:1f:cc:e8:81:02:41:1f:36:6a:83:a3:
         d4:46:fa:a5:98:de:c0:5c:8a:a4:e1:ca:61:0a:ca:ed:a6:69:
         50:d6:f9:eb:68:e8:31:4c:15:c1:59:f3:2d:fe:6e:45:52:cc:
         1e:d5:fe:29:16:53:fe:08:14:9c:9a:cd:4e:b4:ae:23:bf:ad:
         0b:46:c4:a1:b9:30:3c:49:14:6c:cd:fa:3d:4c:9c:69:34:75:
         e5:10:6b:0c:87:18:71:73:68:bc:36:b7:b4:b8:36:71:87:80:
         57:49:a8:f2:80:ae:bb:13:80:5e:22:ea:fb:aa:24:a5:a0:e9:
         2d:e7:07:72:b3:67:f2:24:c7:f2:66:12:84:45:2d:9f:42:6e:
         ac:a0:ff:25:95:ba:80:61:33:f2:3a:a6:5e:94:b9:05:9b:09:
         61:ab:70:de:f9:12:47:b6:08:37:0e:5d:02:c2:49:3c:63:1e:
         a4:ea:c7:29:d8:5a:08:42:e1:5f:fd:e2:7b:33:8e:7b:68:50:
         4c:a3:a0:2a:10:a3:d7:d2:60:c8:7b:ed:ab:b7:c4:5b:d0:2d:
         d7:9e:89:5c
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYzI37E1u12ek0RFERScFa4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODZlZjJhMjE4YWFjYTYwZjQxZTgxN2VmY2NhZGYzYjBhZmM5OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVcDj52zojlS4mUIH7fmAfIDkC+P
JllH6eD96try8Fp7od8v2pwpbJ2lrTOMjbWID00VOOyW+fA+I5KWosySzhnWFPQS
HT9dW7nU+2yvOljAIIa0ao8q1Lj1hfzwttpuhT6oiolTD1jjVXKvG8CGRRkZPGW8
Y8R+s6YTusw9vjI+IUEH06v9t0DVI1I8EhebXlFtNhmAK7KR2DE0VnKGCoj6Dyu0
fNDjOYSerEja6rA7Z+fRFNRRrNye5sspF/R3noPQ+5OcYwXRhuCSTYbZy+mnT13t
kbAesykcLr/7Q9XKCJheIXLR/LzLxC/t7FdLaQKbiXTRAJzYz6pJlryuPwIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFFhu8qIYqspg9B6BfvzK3zsK/JmBMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvV0c3eW9oaXF5bUQwSG9GLV9NcmZPd3I4bVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wWAQCAAEwUgMEAAX8dgME
AC2KSgMEAC2OegMEAVtn/AMEAF6OigMEALkRADAMAwQAuWpdAwQAuWpeAwQAuXBT
AwQBua6IMAwDBAC55UEDBAC55UIDBADCQ8kwIQQCAAIwGwMHAioO1gIAAAMHACoO
1gYAAAMHACoO1gcAADANBgkqhkiG9w0BAQsFAAOCAQEAeotiu4A6Fix9Blcndwgk
FqIiw4POSSzwG7Lv/8Wy6Bl+jeCCB/8pfz1inh/M6IECQR82aoOj1Eb6pZjewFyK
pOHKYQrK7aZpUNb562joMUwVwVnzLf5uRVLMHtX+KRZT/ggUnJrNTrSuI7+tC0bE
obkwPEkUbM36PUycaTR15RBrDIcYcXNovDa3tLg2cYeAV0mo8oCuuxOAXiLq+6ok
paDpLecHcrNn8iTH8mYShEUtn0JurKD/JZW6gGEz8jqmXpS5BZsJYatw3vkSR7YI
Nw5dAsJJPGMepOrHKdhaCELhX/3iezOOe2hQTKOgKhCj19JgyHvtq7fEW9At156J
XA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org