Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/rdnZhyYIriaKEa8am1fc7ahM2sA.roa
File:                     rdnZhyYIriaKEa8am1fc7ahM2sA.roa (raw, json)
Hash identifier:          I+cAKK8C8ahCjwt7kVeSemSyG2/sGNIihCYilCql6Ic=
Subject key identifier:   AD:D9:D9:87:26:08:AE:26:8A:11:AF:1A:9B:57:DC:ED:A8:4C:DA:C0
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0185710C3FF9EEF642C9F5059D7FEF5859A0
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/rdnZhyYIriaKEa8am1fc7ahM2sA.roa
Signing time:             Mon 02 Jan 2023 05:55:06 +0000
ROA not before:           Mon 02 Jan 2023 05:55:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     210644
IP address blocks:        185.174.137.0/24 maxlen: 24
                          185.229.65.0/24 maxlen: 24
                          185.174.136.0/24 maxlen: 24
                          185.229.66.0/24 maxlen: 24
                          185.106.94.0/24 maxlen: 24
                          185.112.83.0/24 maxlen: 24
                          45.142.122.0/24 maxlen: 24
                          185.17.0.0/24 maxlen: 24
                          45.138.74.0/24 maxlen: 24
                          5.252.118.0/24 maxlen: 24
                          2a0e:d607::/48 maxlen: 48
                          2a0e:d606::/48 maxlen: 48
                          2a0e:d602:1::/48 maxlen: 48
                          2a0e:d602::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 21 Mar 2023 13:48:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:0c:3f:f9:ee:f6:42:c9:f5:05:9d:7f:ef:58:59:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 05:55:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=add9d9872608ae268a11af1a9b57dceda84cdac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:db:e6:bd:14:ff:95:a2:26:bc:5a:b4:ed:0f:
                    5d:dc:d8:23:bc:46:7a:71:f9:d9:60:02:a5:1d:bf:
                    8d:3a:11:33:7d:81:31:e5:70:18:37:62:30:92:54:
                    7b:1b:98:52:2d:1f:c8:e0:11:24:89:03:b3:14:06:
                    3c:4e:be:50:92:0c:a9:3e:40:04:33:b7:16:77:57:
                    93:26:da:02:b8:9b:59:36:17:7d:ff:f7:94:4d:58:
                    ef:88:a4:50:29:3f:7e:67:70:8a:fa:59:16:f6:3e:
                    a4:cc:89:0f:be:4a:09:83:b6:c6:fe:14:9d:77:ef:
                    1a:1e:47:46:50:1a:08:fa:fa:09:dc:90:06:3c:20:
                    a8:ea:5c:84:de:56:0b:4a:b6:88:27:5c:3f:43:8d:
                    df:65:93:17:27:3a:41:c4:af:80:91:f3:c5:6e:8e:
                    d7:ad:26:83:c2:7e:6e:a3:39:3e:75:a1:9f:b6:0d:
                    26:b0:21:cc:a7:16:c9:64:aa:ac:6c:45:c6:c5:82:
                    67:a1:32:0d:f1:6d:78:56:31:12:85:4b:7e:80:5d:
                    bb:74:92:b6:3b:36:ac:40:75:aa:8a:39:90:a4:69:
                    9c:c3:56:fb:be:1e:fe:26:bd:3b:a3:20:fe:67:93:
                    08:4b:ae:86:5e:06:cc:a2:50:c3:74:11:78:5d:02:
                    78:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:D9:D9:87:26:08:AE:26:8A:11:AF:1A:9B:57:DC:ED:A8:4C:DA:C0
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/rdnZhyYIriaKEa8am1fc7ahM2sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.118.0/24
                  45.138.74.0/24
                  45.142.122.0/24
                  185.17.0.0/24
                  185.106.94.0/24
                  185.112.83.0/24
                  185.174.136.0/23
                  185.229.65.0-185.229.66.255
                IPv6:
                  2a0e:d602::/47
                  2a0e:d606::/48
                  2a0e:d607::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:a4:b5:6e:1b:2c:08:aa:2f:2c:32:11:0f:fc:f0:e9:cb:cc:
         4a:97:a2:27:5d:3a:ee:c1:86:e4:52:61:fa:8e:8a:8d:b1:19:
         f7:21:48:c6:2a:6b:ab:b9:e7:b9:7c:30:f0:be:35:15:39:cd:
         5c:0e:88:43:80:08:74:9d:2c:ba:5f:5b:20:14:6c:3b:9d:04:
         40:53:0d:81:f5:df:b0:af:c0:e3:93:09:85:33:fd:45:3f:46:
         09:1d:06:d4:3c:2e:c2:71:ca:64:cb:35:ab:57:28:e1:3c:e7:
         61:7d:2c:0b:ca:46:e4:15:23:5f:c7:fa:a6:21:3d:12:d3:a0:
         b3:a2:95:59:b9:8d:c8:a5:64:21:ab:6c:b0:c9:22:87:de:8f:
         a7:38:7f:c1:31:48:83:f3:40:63:f7:2d:a6:90:1f:8b:b3:9b:
         b7:b7:cd:62:67:92:89:92:18:3b:0e:31:cc:44:96:70:74:6f:
         10:b2:f4:b4:4f:cf:c6:49:ec:b7:6a:4d:d1:4f:97:6d:24:7a:
         da:fe:d6:33:04:e2:b1:ad:a7:b6:f4:37:54:b1:8f:ed:1a:4e:
         42:02:6d:36:d3:c8:f0:40:97:2e:39:42:f0:d3:39:64:45:56:
         3a:ec:de:46:f7:cc:2b:d1:a3:45:08:85:52:98:4e:71:8d:84:
         67:8d:6b:6f
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYVxDD/57vZCyfUFnX/vWFmgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMTAyMDU1NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGQ5ZDk4NzI2MDhhZTI2OGExMWFmMWE5YjU3ZGNlZGE4NGNkYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9vmvRT/laImvFq07Q9d3NgjvEZ6
cfnZYAKlHb+NOhEzfYEx5XAYN2IwklR7G5hSLR/I4BEkiQOzFAY8Tr5QkgypPkAE
M7cWd1eTJtoCuJtZNhd9//eUTVjviKRQKT9+Z3CK+lkW9j6kzIkPvkoJg7bG/hSd
d+8aHkdGUBoI+voJ3JAGPCCo6lyE3lYLSraIJ1w/Q43fZZMXJzpBxK+AkfPFbo7X
rSaDwn5uozk+daGftg0msCHMpxbJZKqsbEXGxYJnoTIN8W14VjEShUt+gF27dJK2
OzasQHWqijmQpGmcw1b7vh7+Jr07oyD+Z5MIS66GXgbMolDDdBF4XQJ4fQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFK3Z2YcmCK4mihGvGptX3O2oTNrAMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcmRuWmh5WUlyaWFLRWE4YW0xZmM3YWhNMnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzA+BAIAATA4AwQABfx2AwQA
LYpKAwQALY56AwQAuREAAwQAuWpeAwQAuXBTAwQBua6IMAwDBAC55UEDBAC55UIw
IQQCAAIwGwMHASoO1gIAAAMHACoO1gYAAAMHACoO1gcAADANBgkqhkiG9w0BAQsF
AAOCAQEAraS1bhssCKovLDIRD/zw6cvMSpeiJ1067sGG5FJh+o6KjbEZ9yFIxipr
q7nnuXww8L41FTnNXA6IQ4AIdJ0sul9bIBRsO50EQFMNgfXfsK/A45MJhTP9RT9G
CR0G1DwuwnHKZMs1q1co4TznYX0sC8pG5BUjX8f6piE9EtOgs6KVWbmNyKVkIats
sMkih96Ppzh/wTFIg/NAY/ctppAfi7Obt7fNYmeSiZIYOw4xzESWcHRvELL0tE/P
xknst2pN0U+XbSR62v7WMwTisa2ntvQ3VLGP7RpOQgJtNtPI8ECXLjlC8NM5ZEVW
OuzeRvfMK9GjRQiFUphOcY2EZ41rbw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org