Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/a9l7UfrKSKifDOaRlzGnSdtr9aI.roa
File:                     a9l7UfrKSKifDOaRlzGnSdtr9aI.roa (raw, json)
Hash identifier:          /cuejNraKDKEwgd/PpwbXXzuhKoLhfBnYSe4K0973aU=
Subject key identifier:   6B:D9:7B:51:FA:CA:48:A8:9F:0C:E6:91:97:31:A7:49:DB:6B:F5:A2
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0185710C1B6B31F4F91390F3597E7B673C99
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/a9l7UfrKSKifDOaRlzGnSdtr9aI.roa
Signing time:             Mon 02 Jan 2023 05:54:56 +0000
ROA not before:           Mon 02 Jan 2023 05:54:56 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35196
IP address blocks:        185.5.248.0/23 maxlen: 23
                          185.5.250.0/23 maxlen: 23
                          185.5.248.0/22 maxlen: 22
                          185.5.250.0/24 maxlen: 24
                          185.87.48.0/22 maxlen: 22
                          185.87.50.0/24 maxlen: 24
                          185.87.48.0/24 maxlen: 24
                          185.87.49.0/24 maxlen: 24
                          185.87.51.0/24 maxlen: 24
                          185.117.152.0/22 maxlen: 22
                          139.28.220.0/24 maxlen: 24
                          45.89.67.0/24 maxlen: 24
                          45.89.65.0/24 maxlen: 24
                          45.89.66.0/24 maxlen: 24
                          91.217.80.0/24 maxlen: 24
                          95.214.10.0/24 maxlen: 24
                          95.214.11.0/24 maxlen: 24
                          95.214.9.0/24 maxlen: 24
                          45.9.73.184/32 maxlen: 32
                          195.66.87.0/24 maxlen: 24
                          45.9.73.179/32 maxlen: 32
                          94.142.136.0/21 maxlen: 21
                          94.142.138.0/24 maxlen: 24
                          185.105.119.0/24 maxlen: 24
                          94.142.139.0/24 maxlen: 24
                          94.142.143.0/24 maxlen: 24
                          185.87.48.18/32 maxlen: 32
                          185.125.218.0/23 maxlen: 23
                          185.125.216.0/22 maxlen: 22
                          94.142.136.67/32 maxlen: 32
                          185.105.116.0/24 maxlen: 24
                          185.105.118.0/24 maxlen: 24
                          185.105.117.0/24 maxlen: 24
                          185.58.206.0/24 maxlen: 24
                          185.58.204.0/22 maxlen: 22
                          185.125.229.0/24 maxlen: 24
                          185.125.231.0/24 maxlen: 24
                          185.125.228.0/22 maxlen: 22
                          185.125.228.0/24 maxlen: 24
                          185.125.230.0/24 maxlen: 24
                          45.9.73.236/32 maxlen: 32
                          194.67.192.0/19 maxlen: 19
                          194.67.196.0/22 maxlen: 22
                          194.67.194.0/23 maxlen: 23
                          193.124.176.0/20 maxlen: 20
                          45.128.176.0/24 maxlen: 24
                          45.128.178.0/24 maxlen: 24
                          45.128.177.0/24 maxlen: 24
                          45.128.179.0/24 maxlen: 24
                          195.47.250.0/24 maxlen: 24
                          194.67.200.0/21 maxlen: 21
                          194.67.208.0/20 maxlen: 20
                          2a0a:9300:1000::/48 maxlen: 48
                          2a0a:9301:1::/48 maxlen: 48
                          2a0a:9301::/48 maxlen: 48
                          2a0a:9301:2::/48 maxlen: 48
                          2a0a:9302::/32 maxlen: 32
                          2a09:5302:ffff::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 19 Jan 2023 14:56:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:0c:1b:6b:31:f4:f9:13:90:f3:59:7e:7b:67:3c:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 05:54:56 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6bd97b51faca48a89f0ce6919731a749db6bf5a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:74:95:76:fe:41:bc:11:c0:a6:22:ae:a3:30:
                    9c:10:90:c6:fb:e2:ed:e4:da:bd:3c:7e:26:4b:96:
                    c9:42:80:ea:45:5a:ae:02:db:c8:13:ab:7a:f1:a4:
                    97:28:db:50:3c:58:09:2b:a7:98:fa:a7:21:db:e9:
                    38:68:2e:f3:ac:67:43:7d:bf:fc:f3:a3:8a:c1:11:
                    28:2b:d1:c5:bb:f6:f5:02:62:52:c9:2e:d9:fb:ed:
                    34:c2:65:c5:0a:bc:b8:41:5d:89:9e:4f:27:ad:4b:
                    d6:6c:d3:fe:8e:25:89:83:01:7e:2b:00:ba:af:7d:
                    e5:ff:36:82:e5:05:0b:98:cc:81:34:76:1d:2b:ff:
                    d8:ae:5e:b4:ba:79:b5:2a:88:21:23:70:76:d6:16:
                    52:3e:c8:c5:f7:2a:f5:f0:14:d8:1e:8b:dc:dd:57:
                    f7:64:dd:e8:80:9e:43:fd:a0:a4:ac:26:b6:af:06:
                    80:ff:98:b4:2c:6c:6c:04:28:d4:c2:99:b6:ae:42:
                    2a:3a:49:ae:80:83:24:8c:fe:08:b1:15:17:9f:0f:
                    1f:52:75:64:75:a8:3e:8c:f3:22:af:3d:a5:d6:b3:
                    17:e1:9c:79:8c:c0:a0:73:f8:30:59:67:b6:3a:3c:
                    9d:a4:a7:8f:80:33:d1:56:65:f4:7f:3a:48:66:d5:
                    dc:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D9:7B:51:FA:CA:48:A8:9F:0C:E6:91:97:31:A7:49:DB:6B:F5:A2
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/a9l7UfrKSKifDOaRlzGnSdtr9aI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.73.179/32
                  45.9.73.184/32
                  45.9.73.236/32
                  45.89.65.0-45.89.67.255
                  45.128.176.0/22
                  91.217.80.0/24
                  94.142.136.0/21
                  95.214.9.0-95.214.11.255
                  139.28.220.0/24
                  185.5.248.0/22
                  185.58.204.0/22
                  185.87.48.0/22
                  185.105.116.0/22
                  185.117.152.0/22
                  185.125.216.0/22
                  185.125.228.0/22
                  193.124.176.0/20
                  194.67.192.0/19
                  195.47.250.0/24
                  195.66.87.0/24
                IPv6:
                  2a09:5302:ffff::/48
                  2a0a:9300:1000::/48
                  2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
                  2a0a:9302::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:ab:73:fa:87:f5:cd:77:59:b1:7f:53:5c:20:58:fc:e5:75:
         2e:ab:3d:cc:af:84:1f:97:f7:81:f0:2c:7e:83:4c:02:d5:a3:
         6e:74:f1:49:2b:9c:54:5b:b9:71:01:0d:58:f2:0b:df:df:9f:
         c3:e1:3b:e8:53:70:45:78:81:c6:73:2d:1a:ed:2e:76:83:0b:
         98:bf:13:cb:35:48:fa:07:e2:e3:8e:53:40:d2:b6:a8:cf:f0:
         94:81:a3:b3:0e:42:48:29:45:1e:40:39:f1:8e:e8:06:e7:2a:
         57:06:d1:57:db:7b:af:c5:f8:8e:e4:8a:c4:c1:6f:ad:1d:ec:
         6f:1b:23:62:1f:e4:54:2b:be:1c:9f:2e:e7:31:fe:45:71:f2:
         07:e8:76:0b:31:68:64:19:cb:8c:6a:3d:2e:a9:26:0c:69:d9:
         35:92:74:9c:01:86:8b:af:b0:df:19:93:e1:02:f9:59:4c:4a:
         45:b4:bc:e6:2d:1a:b9:5f:59:a5:87:c8:d4:3f:ce:41:2f:9f:
         14:85:62:88:8c:a0:5f:9d:90:c1:33:79:02:51:c2:07:b8:62:
         0f:33:a9:36:5c:12:35:d0:c3:9e:e6:f2:d6:61:7f:a0:50:a3:
         6c:9d:42:de:06:bc:4a:bc:8d:9b:c0:45:d1:0d:c5:f2:f2:da:
         db:a3:89:5d
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYVxDBtrMfT5E5DzWX57ZzyZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMTAyMDU1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQ5N2I1MWZhY2E0OGE4OWYwY2U2OTE5NzMxYTc0OWRiNmJmNWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiXSVdv5BvBHApiKuozCcEJDG++Lt
5Nq9PH4mS5bJQoDqRVquAtvIE6t68aSXKNtQPFgJK6eY+qch2+k4aC7zrGdDfb/8
86OKwREoK9HFu/b1AmJSyS7Z++00wmXFCry4QV2Jnk8nrUvWbNP+jiWJgwF+KwC6
r33l/zaC5QULmMyBNHYdK//Yrl60unm1KoghI3B21hZSPsjF9yr18BTYHovc3Vf3
ZN3ogJ5D/aCkrCa2rwaA/5i0LGxsBCjUwpm2rkIqOkmugIMkjP4IsRUXnw8fUnVk
dag+jPMirz2l1rMX4Zx5jMCgc/gwWWe2OjydpKePgDPRVmX0fzpIZtXcWQIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFGvZe1H6ykionwzmkZcxp0nba/WiMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvYTlsN1VmcktTS2lmRE9hUmx6R25TZHRyOWFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBkgQCAAEwgYsDBQAt
CUmzAwUALQlJuAMFAC0JSewwDAMEAC1ZQQMEAi1ZQAMEAi2AsAMEAFvZUAMEA16O
iDAMAwQAX9YJAwQCX9YIAwQAixzcAwQCuQX4AwQCuTrMAwQCuVcwAwQCuWl0AwQC
uXWYAwQCuX3YAwQCuX3kAwQEwXywAwQFwkPAAwQAwy/6AwQAw0JXMDEEAgACMCsD
BwAqCVMC//8DBwAqCpMAEAAwEAMFACoKkwEDBwAqCpMBAAIDBQAqCpMCMA0GCSqG
SIb3DQEBCwUAA4IBAQCYq3P6h/XNd1mxf1NcIFj85XUuqz3Mr4Qfl/eB8Cx+g0wC
1aNudPFJK5xUW7lxAQ1Y8gvf35/D4TvoU3BFeIHGcy0a7S52gwuYvxPLNUj6B+Lj
jlNA0raoz/CUgaOzDkJIKUUeQDnxjugG5ypXBtFX23uvxfiO5IrEwW+tHexvGyNi
H+RUK74cny7nMf5FcfIH6HYLMWhkGcuMaj0uqSYMadk1knScAYaLr7DfGZPhAvlZ
TEpFtLzmLRq5X1mlh8jUP85BL58UhWKIjKBfnZDBM3kCUcIHuGIPM6k2XBI10MOe
5vLWYX+gUKNsnULeBrxKvI2bwEXRDcXy8trbo4ld
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org