Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/mAl3I-LEWFhhwocBh7N81VsOn40.roa
File:                     mAl3I-LEWFhhwocBh7N81VsOn40.roa (raw, json)
Hash identifier:          rTo0ikWAW+5HAPvzCTVDL45KsVX/wdzvfclwAF1vQ5g=
Subject key identifier:   98:09:77:23:E2:C4:58:58:61:C2:87:01:87:B3:7C:D5:5B:0E:9F:8D
Certificate issuer:       /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial:       018940173C1D635236770E57D480C7C4E85F
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/mAl3I-LEWFhhwocBh7N81VsOn40.roa
Signing time:             Mon 10 Jul 2023 13:56:51 +0000
ROA not before:           Mon 10 Jul 2023 13:56:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     31122
IP address blocks:        78.137.128.0/18 maxlen: 18
                          93.92.8.0/21 maxlen: 21
                          92.51.192.0/18 maxlen: 18
                          84.203.0.0/16 maxlen: 16
                          185.53.32.0/24 maxlen: 24
                          185.53.35.0/24 maxlen: 24
                          83.147.128.0/18 maxlen: 18
                          212.126.32.0/19 maxlen: 19
                          46.183.104.0/23 maxlen: 23
                          212.126.60.0/22 maxlen: 22
                          185.233.176.0/22 maxlen: 22
                          94.247.48.0/21 maxlen: 21
                          92.51.208.0/20 maxlen: 20
                          185.182.72.0/22 maxlen: 22
                          185.242.236.0/23 maxlen: 23
                          89.234.64.0/18 maxlen: 18
                          176.52.216.0/22 maxlen: 22
                          176.52.220.0/23 maxlen: 23
                          80.93.16.0/20 maxlen: 20
                          185.205.228.0/22 maxlen: 22
                          217.78.0.0/20 maxlen: 20
                          37.46.16.0/21 maxlen: 21
                          2a0a:e780::/29 maxlen: 30
                          2001:1bb8::/32 maxlen: 32
                          2a00:15b8:400::/40 maxlen: 40
                          2a00:15b8::/32 maxlen: 32
                          2a02:220::/32 maxlen: 32
                          2a01:258::/32 maxlen: 32
                          2a01:8aa0::/32 maxlen: 32
                          2a0b:bc0::/29 maxlen: 30

Validation:               Failed, certificate revoked on Wed 23 Aug 2023 09:32:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:40:17:3c:1d:63:52:36:77:0e:57:d4:80:c7:c4:e8:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
        Validity
            Not Before: Jul 10 13:56:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=98097723e2c4585861c2870187b37cd55b0e9f8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:de:1b:66:4e:56:88:48:ea:3d:4a:39:0d:c7:
                    d1:9c:0b:d8:c4:c0:3a:31:7d:05:4d:ca:21:f2:19:
                    61:11:0d:bb:a8:9c:65:64:11:17:fc:8e:8e:c9:fd:
                    ba:c1:6f:24:70:7f:ea:4c:97:2b:24:c2:f1:0f:c3:
                    cc:11:f7:4b:98:3a:5f:9f:34:6b:61:31:cf:a2:2d:
                    72:d3:31:57:df:eb:30:4b:7c:f2:80:e1:a4:c0:96:
                    6f:f4:ee:82:70:f4:3c:f8:ce:4e:72:83:2a:75:da:
                    76:f0:30:c2:ef:02:95:e2:b2:fe:4a:95:fc:3f:45:
                    8f:73:d0:fe:c3:dd:23:8e:8b:42:3f:79:e5:33:67:
                    7e:23:dc:90:77:46:f0:32:76:57:d1:36:45:a6:07:
                    77:b3:45:38:da:e3:25:60:db:83:49:ee:98:3f:25:
                    e0:cb:b5:1f:f5:87:a3:09:50:63:8c:29:77:86:41:
                    ab:a3:f3:ce:89:b4:72:28:8c:7c:50:f4:93:e0:11:
                    f6:45:6c:ac:59:92:98:55:ac:53:5b:dc:07:33:35:
                    e3:90:b3:15:5b:e9:65:5e:cd:06:c4:b7:41:5a:99:
                    fd:c2:26:f9:0a:30:37:b2:6d:4e:65:25:48:79:ea:
                    56:6e:c7:46:6b:cc:6d:ed:09:73:a6:5f:86:b1:d5:
                    56:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:09:77:23:E2:C4:58:58:61:C2:87:01:87:B3:7C:D5:5B:0E:9F:8D
            X509v3 Authority Key Identifier:
                keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/mAl3I-LEWFhhwocBh7N81VsOn40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.46.16.0/21
                  46.183.104.0/23
                  78.137.128.0/18
                  80.93.16.0/20
                  83.147.128.0/18
                  84.203.0.0/16
                  89.234.64.0/18
                  92.51.192.0/18
                  93.92.8.0/21
                  94.247.48.0/21
                  176.52.216.0-176.52.221.255
                  185.53.32.0/24
                  185.53.35.0/24
                  185.182.72.0/22
                  185.205.228.0/22
                  185.233.176.0/22
                  185.242.236.0/23
                  212.126.32.0/19
                  217.78.0.0/20
                IPv6:
                  2001:1bb8::/32
                  2a00:15b8::/32
                  2a01:258::/32
                  2a01:8aa0::/32
                  2a02:220::/32
                  2a0a:e780::/29
                  2a0b:bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:ef:a4:36:3f:7a:a5:14:b8:59:ea:35:32:55:7d:27:76:29:
         63:56:86:8c:61:0d:e8:2d:3b:a4:54:86:d2:04:8e:b9:7c:18:
         66:2a:ed:c5:f2:4a:53:b5:5f:70:4c:ba:48:44:30:a1:5d:01:
         cd:9c:29:cc:93:1c:c4:af:2b:7d:68:62:03:a5:60:17:85:20:
         a7:6f:c1:b6:25:fc:79:83:ff:8f:11:1a:79:1f:01:f4:d3:cd:
         63:89:3a:7b:45:ad:cb:bd:00:75:60:17:a3:20:f6:6b:32:97:
         ba:61:0c:68:39:3c:4c:73:ce:93:b4:46:f8:e7:fe:9a:0b:f1:
         7a:41:02:3a:dc:8e:e7:ad:95:8e:47:52:1a:09:7f:7f:20:10:
         41:ac:1e:01:1f:d9:19:a2:a3:3e:c0:0a:4e:a0:30:f9:32:79:
         d6:ed:27:90:0a:98:69:2b:7d:01:4c:88:f4:c0:bf:d9:31:c2:
         a2:94:a9:bb:c3:07:23:2b:c5:93:57:16:f4:72:f9:65:45:db:
         92:25:34:5d:34:e6:a5:8c:e4:16:92:56:54:4b:95:1f:dc:dc:
         59:9c:a0:2d:3b:a8:c0:f5:64:a3:7f:de:48:fb:be:ef:ad:27:
         65:84:c1:52:c6:aa:aa:44:1a:73:74:27:9a:6b:dd:02:31:3e:
         68:1d:13:e7
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYlAFzwdY1I2dw5X1IDHxOhfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjMwNzEwMTM1NjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODA5NzcyM2UyYzQ1ODU4NjFjMjg3MDE4N2IzN2NkNTViMGU5ZjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6t4bZk5WiEjqPUo5DcfRnAvYxMA6
MX0FTcoh8hlhEQ27qJxlZBEX/I6Oyf26wW8kcH/qTJcrJMLxD8PMEfdLmDpfnzRr
YTHPoi1y0zFX3+swS3zygOGkwJZv9O6CcPQ8+M5OcoMqddp28DDC7wKV4rL+SpX8
P0WPc9D+w90jjotCP3nlM2d+I9yQd0bwMnZX0TZFpgd3s0U42uMlYNuDSe6YPyXg
y7Uf9YejCVBjjCl3hkGro/POibRyKIx8UPST4BH2RWysWZKYVaxTW9wHMzXjkLMV
W+llXs0GxLdBWpn9wib5CjA3sm1OZSVIeepWbsdGa8xt7Qlzpl+GsdVW3wIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFJgJdyPixFhYYcKHAYezfNVbDp+NMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvbUFsM0ktTEVXRmhod29jQmg3TjgxVnNPbjQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujB/BAIAATB5AwQDJS4Q
AwQBLrdoAwQGTomAAwQEUF0QAwQGU5OAAwMAVMsDBAZZ6kADBAZcM8ADBANdXAgD
BANe9zAwDAMEA7A02AMEAbA03AMEALk1IAMEALk1IwMEArm2SAMEArnN5AMEArnp
sAMEAbny7AMEBdR+IAMEBNlOADA3BAIAAjAxAwUAIAEbuAMFACoAFbgDBQAqAQJY
AwUAKgGKoAMFACoCAiADBQMqCueAAwUDKgsLwDANBgkqhkiG9w0BAQsFAAOCAQEA
LO+kNj96pRS4Weo1MlV9J3YpY1aGjGEN6C07pFSG0gSOuXwYZirtxfJKU7VfcEy6
SEQwoV0BzZwpzJMcxK8rfWhiA6VgF4Ugp2/BtiX8eYP/jxEaeR8B9NPNY4k6e0Wt
y70AdWAXoyD2azKXumEMaDk8THPOk7RG+Of+mgvxekECOtyO562VjkdSGgl/fyAQ
QaweAR/ZGaKjPsAKTqAw+TJ51u0nkAqYaSt9AUyI9MC/2THCopSpu8MHIyvFk1cW
9HL5ZUXbkiU0XTTmpYzkFpJWVEuVH9zcWZygLTuowPVko3/eSPu+760nZYTBUsaq
qkQac3QnmmvdAjE+aB0T5w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:46 2024 by rpki-client on console-fra.rpki-client.org