Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/TB4ycHC2O9MZmbJNUYIJ8MTYXd4.roa
File:                     TB4ycHC2O9MZmbJNUYIJ8MTYXd4.roa (raw, json)
Hash identifier:          bRdd5Mt4hbmxZQqqG3TXu+fHrHyCLdNCw4DHQh/bxRI=
Subject key identifier:   4C:1E:32:70:70:B6:3B:D3:19:99:B2:4D:51:82:09:F0:C4:D8:5D:DE
Certificate issuer:       /CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
Certificate serial:       018CC802F9E9805B81CEEB75D464519E28E6
Authority key identifier: 8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/TB4ycHC2O9MZmbJNUYIJ8MTYXd4.roa
Signing time:             Tue 02 Jan 2024 02:31:27 +0000
ROA not before:           Tue 02 Jan 2024 02:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8468
IP address blocks:        81.31.96.0/19 maxlen: 19
                          185.220.12.0/22 maxlen: 22
                          195.74.96.0/19 maxlen: 19
                          87.127.0.0/16 maxlen: 16
                          188.39.0.0/16 maxlen: 16
                          79.143.144.0/20 maxlen: 20
                          84.45.128.0/17 maxlen: 17
                          78.32.0.0/15 maxlen: 15
                          62.249.192.0/18 maxlen: 18
                          2001:4d48::/32 maxlen: 32
                          2001:4d48::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 20 Aug 2024 09:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:f9:e9:80:5b:81:ce:eb:75:d4:64:51:9e:28:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f78963b3c4f2dd187c20437df1d7d9c168cab81
        Validity
            Not Before: Jan  2 02:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4c1e327070b63bd31999b24d518209f0c4d85dde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fc:a7:12:4d:07:8f:e7:53:f0:51:9a:0f:5b:
                    7e:f6:bb:4d:52:0c:c5:13:b3:78:f6:28:8b:2b:fc:
                    d2:5e:5e:9a:cb:fd:7b:da:1d:82:c9:47:a4:2e:58:
                    bc:49:d4:46:1b:40:a1:7c:19:b7:f8:78:01:69:39:
                    eb:e9:06:aa:80:b4:0e:d8:e5:d5:8c:e9:f3:e6:b9:
                    e8:9c:b4:22:74:23:5b:c6:70:84:c4:ce:d3:3d:43:
                    a9:40:63:af:9b:dd:ca:81:62:49:c8:f6:e0:6f:42:
                    1d:3e:e0:be:5c:c4:15:31:53:d2:9b:3a:27:45:02:
                    c6:52:2b:ad:0c:d9:bc:32:55:13:e3:8c:3b:27:32:
                    a3:41:22:d0:b2:3b:bf:60:be:9a:cb:47:13:18:67:
                    ea:75:78:1d:cb:ff:92:c5:01:2d:5c:7b:e4:4d:38:
                    86:f5:55:4a:c8:a2:7d:5c:40:28:2a:4a:46:28:2c:
                    6d:5b:ac:55:d7:2e:32:4b:bf:ff:15:07:1b:d2:5b:
                    8d:71:c2:50:aa:41:8b:6c:a4:91:ac:76:d8:ef:e8:
                    d8:90:2c:42:c5:c8:c6:04:6f:50:20:f8:cd:24:2a:
                    db:eb:46:08:71:d9:34:83:c8:90:74:da:3b:88:2a:
                    cc:50:1a:4f:d1:d2:c3:5f:ab:26:b9:81:36:c3:33:
                    b6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:1E:32:70:70:B6:3B:D3:19:99:B2:4D:51:82:09:F0:C4:D8:5D:DE
            X509v3 Authority Key Identifier:
                keyid:8F:78:96:3B:3C:4F:2D:D1:87:C2:04:37:DF:1D:7D:9C:16:8C:AB:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j3iWOzxPLdGHwgQ33x19nBaMq4E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/TB4ycHC2O9MZmbJNUYIJ8MTYXd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dbfca1-2b94-4d0b-9dd8-1ef9f2319522/1/j3iWOzxPLdGHwgQ33x19nBaMq4E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.249.192.0/18
                  78.32.0.0/15
                  79.143.144.0/20
                  81.31.96.0/19
                  84.45.128.0/17
                  87.127.0.0/16
                  185.220.12.0/22
                  188.39.0.0/16
                  195.74.96.0/19
                IPv6:
                  2001:4d48::/29

    Signature Algorithm: sha256WithRSAEncryption
         8c:a5:96:e8:87:fe:de:48:01:70:d5:d0:81:99:f6:1a:81:63:
         e1:86:83:dc:99:88:62:6c:eb:b0:e5:96:78:ea:4b:8f:9b:14:
         97:1f:e9:33:1e:70:a0:d0:b1:53:5b:36:b4:3b:86:e7:59:60:
         5e:56:46:7b:92:87:e5:36:8b:57:4a:e6:8c:89:04:25:3d:21:
         5c:b3:30:72:1d:1e:59:c7:c8:12:13:ce:88:d7:29:72:72:5a:
         d7:d8:85:3f:5c:d9:90:76:a5:89:6d:3d:8b:04:86:02:9a:41:
         b0:e0:29:64:dc:69:d0:9b:c6:03:91:5f:61:43:79:35:37:8a:
         6f:de:f7:62:92:61:3a:0c:e6:60:3f:2d:c6:65:b1:f2:f2:66:
         d6:e3:37:ee:45:e3:35:0e:f6:ff:39:34:ae:61:c6:13:e6:83:
         b7:38:06:e8:b9:b7:b8:30:09:1f:5e:97:d4:f2:95:4f:5f:6a:
         1a:ca:8b:e8:48:7e:02:16:f5:2e:9d:88:a4:01:0d:a3:48:1b:
         9f:ce:24:2c:3a:60:0d:4b:d1:4b:83:25:ab:e7:0a:64:dc:e9:
         26:25:71:cb:16:0b:bf:88:e1:8e:78:a6:0f:c7:d1:a7:f2:78:
         3a:77:4c:57:27:b1:af:5d:97:75:07:51:30:d8:e8:cd:09:01:
         a8:cb:72:86
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYzIAvnpgFuBzut11GRRnijmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNzg5NjNiM2M0ZjJkZDE4N2MyMDQzN2RmMWQ3ZDljMTY4
Y2FiODEwHhcNMjQwMTAyMDIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzFlMzI3MDcwYjYzYmQzMTk5OWIyNGQ1MTgyMDlmMGM0ZDg1ZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPynEk0Hj+dT8FGaD1t+9rtNUgzF
E7N49iiLK/zSXl6ay/172h2CyUekLli8SdRGG0ChfBm3+HgBaTnr6QaqgLQO2OXV
jOnz5rnonLQidCNbxnCExM7TPUOpQGOvm93KgWJJyPbgb0IdPuC+XMQVMVPSmzon
RQLGUiutDNm8MlUT44w7JzKjQSLQsju/YL6ay0cTGGfqdXgdy/+SxQEtXHvkTTiG
9VVKyKJ9XEAoKkpGKCxtW6xV1y4yS7//FQcb0luNccJQqkGLbKSRrHbY7+jYkCxC
xcjGBG9QIPjNJCrb60YIcdk0g8iQdNo7iCrMUBpP0dLDX6smuYE2wzO2NwIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFEweMnBwtjvTGZmyTVGCCfDE2F3eMB8GA1UdIwQY
MBaAFI94ljs8Ty3Rh8IEN98dfZwWjKuBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgt
MWVmOWYyMzE5NTIyLzEvVEI0eWNIQzJPOU1abWJKTlVZSUo4TVRZWGQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kYmZjYTEtMmI5NC00ZDBiLTlkZDgtMWVmOWYyMzE5NTIy
LzEvajNpV096eFBMZEdId2dRMzN4MTluQmFNcTRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjA5BAIAATAzAwQGPvnAAwMB
TiADBARPj5ADBAVRH2ADBAdULYADAwBXfwMEArncDAMDALwnAwQFw0pgMA0EAgAC
MAcDBQMgAU1IMA0GCSqGSIb3DQEBCwUAA4IBAQCMpZboh/7eSAFw1dCBmfYagWPh
hoPcmYhibOuw5ZZ46kuPmxSXH+kzHnCg0LFTWza0O4bnWWBeVkZ7koflNotXSuaM
iQQlPSFcszByHR5Zx8gSE86I1ylyclrX2IU/XNmQdqWJbT2LBIYCmkGw4Clk3GnQ
m8YDkV9hQ3k1N4pv3vdikmE6DOZgPy3GZbHy8mbW4zfuReM1Dvb/OTSuYcYT5oO3
OAboube4MAkfXpfU8pVPX2oayovoSH4CFvUunYikAQ2jSBufziQsOmANS9FLgyWr
5wpk3OkmJXHLFgu/iOGOeKYPx9Gn8ng6d0xXJ7GvXZd1B1Ew2OjNCQGoy3KG
-----END CERTIFICATE-----
Generated at Tue Aug 20 12:44:31 2024 by rpki-client on console-fra.rpki-client.org