Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/BxY5e76PHkLkZ47hlCtvsNlIdZQ.roa
File:                     BxY5e76PHkLkZ47hlCtvsNlIdZQ.roa (raw, json)
Hash identifier:          JlWVpCAOfK8AW4Ifi8oFq2/RiJ6Mqix8qn4RLBqo6Ig=
Subject key identifier:   07:16:39:7B:BE:8F:1E:42:E4:67:8E:E1:94:2B:6F:B0:D9:48:75:94
Certificate issuer:       /CN=1e36de27974727aa0046b3e9c8d0624674541255
Certificate serial:       018B27B85CDD0F1A229496D2522758378C8B
Authority key identifier: 1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/BxY5e76PHkLkZ47hlCtvsNlIdZQ.roa
Signing time:             Fri 13 Oct 2023 06:27:55 +0000
ROA not before:           Fri 13 Oct 2023 06:27:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     51032
IP address blocks:        62.122.88.0/21 maxlen: 24
                          178.216.176.0/21 maxlen: 21
                          91.123.80.0/20 maxlen: 20
                          89.23.146.0/24 maxlen: 24
                          89.23.147.0/24 maxlen: 24
                          89.23.160.0/19 maxlen: 19
                          89.23.168.0/21 maxlen: 21
                          178.212.80.0/21 maxlen: 24
                          89.23.176.0/21 maxlen: 21
                          91.202.204.0/22 maxlen: 22
                          89.23.128.0/19 maxlen: 19
                          89.23.128.0/21 maxlen: 24
                          89.23.144.0/20 maxlen: 24
                          31.128.128.0/19 maxlen: 24
                          2a13:2c80::/29 maxlen: 32

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:27:b8:5c:dd:0f:1a:22:94:96:d2:52:27:58:37:8c:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e36de27974727aa0046b3e9c8d0624674541255
        Validity
            Not Before: Oct 13 06:27:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0716397bbe8f1e42e4678ee1942b6fb0d9487594
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:6d:ba:9d:39:80:5b:37:18:0a:56:2f:1b:26:
                    6a:7e:06:dc:2c:4e:5b:0f:74:71:c9:3c:7b:28:71:
                    b9:a5:d9:df:8a:1e:2b:c9:79:17:90:0f:1c:35:72:
                    cb:06:3b:2c:e9:75:5e:68:b2:3b:48:31:d0:6b:2a:
                    ba:6a:08:ac:d6:e3:01:71:f3:e0:51:10:f2:16:ab:
                    8a:3a:2d:bc:b9:db:c6:b0:ee:7d:09:5b:ca:56:3e:
                    de:ab:1e:38:40:aa:b8:7e:9b:45:7f:1d:91:a4:61:
                    71:d6:25:ae:55:18:ba:e2:98:59:19:70:cf:81:a2:
                    3c:ea:7d:5d:d3:c7:37:25:27:31:4a:58:1b:38:d8:
                    ee:22:01:af:80:90:dc:5d:3c:b0:38:a3:ba:b4:64:
                    33:f9:32:d1:70:8f:b4:76:b1:7f:d4:b5:f6:7c:cc:
                    d8:4c:a9:2d:c9:ff:3c:e9:de:de:8a:84:4c:a6:6b:
                    20:a3:5c:f1:cc:0f:ad:92:13:f1:a6:d3:17:39:2c:
                    06:9b:0f:f4:9f:f5:17:10:de:61:4d:83:ec:92:4d:
                    18:de:9c:e2:bf:64:a4:65:82:f0:ab:3b:2b:2b:97:
                    21:30:5d:7b:a9:57:57:3b:44:85:34:3c:00:48:0d:
                    8e:cf:15:13:94:cf:5a:74:b2:92:52:55:6f:c4:46:
                    5a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:16:39:7B:BE:8F:1E:42:E4:67:8E:E1:94:2B:6F:B0:D9:48:75:94
            X509v3 Authority Key Identifier:
                keyid:1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/BxY5e76PHkLkZ47hlCtvsNlIdZQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.128.128.0/19
                  62.122.88.0/21
                  89.23.128.0/18
                  91.123.80.0/20
                  91.202.204.0/22
                  178.212.80.0/21
                  178.216.176.0/21
                IPv6:
                  2a13:2c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:17:fb:7c:6a:4d:97:cf:4d:b1:eb:e6:cb:85:40:53:d5:91:
         cc:a8:b5:bc:d3:cf:be:63:8e:ae:dd:b0:91:ed:9e:64:bb:03:
         b1:b1:35:14:d4:04:7e:6b:b0:8b:90:cb:c4:9c:2a:f4:a4:d0:
         b7:26:da:e5:a9:c9:c9:fd:dd:05:b0:f8:ba:19:f7:4e:75:9d:
         ab:4b:b6:43:4a:18:dd:a4:88:92:cb:0c:5b:5f:fa:0c:38:60:
         b2:be:20:77:8a:9c:8a:7e:24:2f:59:30:e6:ee:be:9e:24:83:
         0f:c2:7d:a0:ca:eb:3d:99:36:64:28:e4:b8:27:d6:ec:de:a4:
         31:e6:ad:2d:21:f5:7d:76:52:36:5e:53:16:26:c4:41:b2:3a:
         0e:a1:cc:72:00:74:49:eb:40:79:f3:95:6a:91:0e:3b:2d:cc:
         0c:d5:45:6b:9c:cf:2a:95:f8:53:8f:65:77:f2:40:88:d7:c1:
         c6:8d:f9:ff:07:18:fa:48:f9:91:4e:ae:82:a6:43:7a:60:56:
         01:cc:5a:d7:30:9b:c6:42:a7:8b:93:c9:aa:bc:ac:31:e6:99:
         36:52:74:4b:d5:03:6b:15:a0:0c:57:0d:4a:b5:d9:a2:3d:ca:
         f9:81:50:4e:86:66:5c:8d:92:55:04:83:80:df:c7:18:30:e9:
         13:28:ac:5d
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYsnuFzdDxoilJbSUidYN4yLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzZkZTI3OTc0NzI3YWEwMDQ2YjNlOWM4ZDA2MjQ2NzQ1
NDEyNTUwHhcNMjMxMDEzMDYyNzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzE2Mzk3YmJlOGYxZTQyZTQ2NzhlZTE5NDJiNmZiMGQ5NDg3NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg226nTmAWzcYClYvGyZqfgbcLE5b
D3RxyTx7KHG5pdnfih4ryXkXkA8cNXLLBjss6XVeaLI7SDHQayq6agis1uMBcfPg
URDyFquKOi28udvGsO59CVvKVj7eqx44QKq4fptFfx2RpGFx1iWuVRi64phZGXDP
gaI86n1d08c3JScxSlgbONjuIgGvgJDcXTywOKO6tGQz+TLRcI+0drF/1LX2fMzY
TKktyf886d7eioRMpmsgo1zxzA+tkhPxptMXOSwGmw/0n/UXEN5hTYPskk0Y3pzi
v2SkZYLwqzsrK5chMF17qVdXO0SFNDwASA2OzxUTlM9adLKSUlVvxEZaKwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAcWOXu+jx5C5GeO4ZQrb7DZSHWUMB8GA1UdIwQY
MBaAFB423ieXRyeqAEaz6cjQYkZ0VBJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzkt
ZGY3OTNhOTQwYmFiLzEvQnhZNWU3NlBIa0xrWjQ3aGxDdHZzTmxJZFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzktZGY3OTNhOTQwYmFi
LzEvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQFH4CAAwQD
PnpYAwQGWReAAwQEW3tQAwQCW8rMAwQDstRQAwQDstiwMA0EAgACMAcDBQMqEyyA
MA0GCSqGSIb3DQEBCwUAA4IBAQA4F/t8ak2Xz02x6+bLhUBT1ZHMqLW808++Y46u
3bCR7Z5kuwOxsTUU1AR+a7CLkMvEnCr0pNC3JtrlqcnJ/d0FsPi6GfdOdZ2rS7ZD
ShjdpIiSywxbX/oMOGCyviB3ipyKfiQvWTDm7r6eJIMPwn2gyus9mTZkKOS4J9bs
3qQx5q0tIfV9dlI2XlMWJsRBsjoOocxyAHRJ60B585VqkQ47LcwM1UVrnM8qlfhT
j2V38kCI18HGjfn/Bxj6SPmRTq6CpkN6YFYBzFrXMJvGQqeLk8mqvKwx5pk2UnRL
1QNrFaAMVw1KtdmiPcr5gVBOhmZcjZJVBIOA38cYMOkTKKxd
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:21 2024 by rpki-client on console-fra.rpki-client.org