Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/a9uj62TR0H3TvKyC_0HE34leKgI.roa
File:                     a9uj62TR0H3TvKyC_0HE34leKgI.roa (raw, json)
Hash identifier:          f9wypxDZrmJzJkw6qp2HgJsczikWHpSc1Q8DxnkVCZI=
Subject key identifier:   6B:DB:A3:EB:64:D1:D0:7D:D3:BC:AC:82:FF:41:C4:DF:89:5E:2A:02
Certificate issuer:       /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial:       018C81A112EDD9990365C16BD9F2A66CC031
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/a9uj62TR0H3TvKyC_0HE34leKgI.roa
Signing time:             Tue 19 Dec 2023 10:31:06 +0000
ROA not before:           Tue 19 Dec 2023 10:31:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     15435
IP address blocks:        217.102.240.0/20 maxlen: 24
                          213.34.224.0/19 maxlen: 24
                          212.115.192.0/19 maxlen: 24
                          204.168.128.0/17 maxlen: 24
                          217.63.64.0/19 maxlen: 24
                          149.143.64.0/18 maxlen: 24
                          87.99.128.0/17 maxlen: 24
                          81.172.128.0/17 maxlen: 24
                          141.224.192.0/18 maxlen: 24
                          185.200.96.0/22 maxlen: 24
                          149.143.32.0/19 maxlen: 24
                          212.92.64.0/19 maxlen: 24
                          62.238.0.0/16 maxlen: 24
                          2a02:f68::/29 maxlen: 48
                          2a07:31c0::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 22:30:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:81:a1:12:ed:d9:99:03:65:c1:6b:d9:f2:a6:6c:c0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
        Validity
            Not Before: Dec 19 10:31:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6bdba3eb64d1d07dd3bcac82ff41c4df895e2a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:44:d5:27:92:1f:d5:0f:61:76:be:09:5d:a0:
                    2d:ae:1c:cf:8d:a9:4c:fe:11:88:fb:61:4d:19:26:
                    63:29:66:7a:d7:5b:3b:7c:52:ae:81:4e:ea:d8:c3:
                    78:98:a7:be:cb:80:a0:19:4c:c3:35:5e:4b:4e:5a:
                    e2:99:b1:f7:42:c5:35:12:60:5a:d6:16:de:99:17:
                    47:f0:a7:d4:fe:ca:f6:8b:fe:d8:14:d1:61:50:4e:
                    72:d0:6f:cb:cc:7c:c9:84:43:32:f8:f2:95:ad:f2:
                    ac:0c:00:48:ee:5f:2e:0a:b1:db:c4:1b:cf:67:d6:
                    93:f7:a2:b6:06:10:e5:c0:7d:aa:ba:c6:91:3b:a7:
                    dd:02:9a:35:69:89:b2:8c:a9:f0:0d:6c:1e:d9:22:
                    62:38:aa:68:54:9f:04:85:24:8e:4b:15:71:bb:72:
                    b2:80:98:ab:de:8c:e9:49:13:45:48:21:16:b2:7c:
                    f6:6d:72:bc:0a:b6:e9:73:37:2b:19:d0:b8:bf:37:
                    f9:d8:17:65:1f:74:8c:6d:fa:ba:be:75:e4:f9:6e:
                    12:78:00:ca:38:71:17:7d:6f:b5:83:16:69:3f:db:
                    48:69:8b:f0:00:d2:fe:64:f8:3b:2b:e7:68:d9:af:
                    dc:18:d2:e2:ce:c2:e0:d3:52:4f:9e:4d:d2:89:8d:
                    d3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:DB:A3:EB:64:D1:D0:7D:D3:BC:AC:82:FF:41:C4:DF:89:5E:2A:02
            X509v3 Authority Key Identifier:
                keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/a9uj62TR0H3TvKyC_0HE34leKgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.238.0.0/16
                  81.172.128.0/17
                  87.99.128.0/17
                  141.224.192.0/18
                  149.143.32.0-149.143.127.255
                  185.200.96.0/22
                  204.168.128.0/17
                  212.92.64.0/19
                  212.115.192.0/19
                  213.34.224.0/19
                  217.63.64.0/19
                  217.102.240.0/20
                IPv6:
                  2a02:f68::/29
                  2a07:31c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:28:93:41:8a:5d:39:54:50:bd:db:8f:0e:4b:dd:5d:d6:93:
         7e:4e:39:1f:c6:32:5c:93:09:b1:12:0c:81:0d:62:bc:78:5b:
         52:98:3f:a2:d4:55:57:83:ea:99:e4:d9:ce:71:1a:7f:d1:3e:
         fd:de:f0:4c:7d:f6:28:90:6e:4a:52:ce:f9:a4:92:fc:56:70:
         8f:71:00:c9:ff:6e:69:3f:09:2c:95:a3:12:3d:77:8a:11:cd:
         96:a8:10:9b:fe:07:67:7b:c1:78:3d:ba:b9:f1:b1:87:e0:2e:
         81:6c:16:0c:24:6e:2d:7a:6b:65:b2:48:e2:bc:a5:21:2f:7c:
         2c:41:4a:7e:c6:ad:ba:ff:6e:37:d9:8e:e7:99:9e:95:42:8d:
         dc:db:25:08:97:11:25:d0:46:c8:55:84:eb:ae:bb:48:d3:98:
         4f:b5:79:d4:3e:aa:f7:a6:34:e5:f9:e9:09:25:0f:1d:ab:b9:
         96:41:93:d5:cf:55:15:86:87:cb:f4:a5:20:de:be:fb:fd:91:
         68:fb:9c:ae:6d:29:ce:64:f2:ec:a3:4c:83:2c:2c:8f:be:49:
         a3:94:86:5c:c9:2f:58:71:be:5d:0c:7b:be:f8:8b:83:9d:95:
         b9:4a:05:48:96:65:e5:e8:9c:cd:c4:f9:b6:c4:15:2c:d3:a8:
         9a:92:d5:d1
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYyBoRLt2ZkDZcFr2fKmbMAxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTRhNjAxY2EzNWM2YzgzNzZiODlhYWY0NDNiNjNlYTQz
OWNkYjgwHhcNMjMxMjE5MTAzMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmRiYTNlYjY0ZDFkMDdkZDNiY2FjODJmZjQxYzRkZjg5NWUyYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuETVJ5If1Q9hdr4JXaAtrhzPjalM
/hGI+2FNGSZjKWZ611s7fFKugU7q2MN4mKe+y4CgGUzDNV5LTlrimbH3QsU1EmBa
1hbemRdH8KfU/sr2i/7YFNFhUE5y0G/LzHzJhEMy+PKVrfKsDABI7l8uCrHbxBvP
Z9aT96K2BhDlwH2qusaRO6fdApo1aYmyjKnwDWwe2SJiOKpoVJ8EhSSOSxVxu3Ky
gJir3ozpSRNFSCEWsnz2bXK8CrbpczcrGdC4vzf52BdlH3SMbfq6vnXk+W4SeADK
OHEXfW+1gxZpP9tIaYvwANL+ZPg7K+do2a/cGNLizsLg01JPnk3SiY3TrwIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFGvbo+tk0dB907ysgv9BxN+JXioCMB8GA1UdIwQY
MBaAFLGkpgHKNcbIN2uJqvRDtj6kOc24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAt
M2E1NjI4Y2M4MWQ5LzEvYTl1ajYyVFIwSDNUdkt5Q18wSEUzNGxlS2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kZmVjNDAtYjg2ZS00OTRjLWJhMTAtM2E1NjI4Y2M4MWQ5
LzEvc2FTbUFjbzF4c2czYTRtcTlFTzJQcVE1emJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBVBAIAATBPAwMAPu4DBAdR
rIADBAdXY4ADBAaN4MAwDAMEBZWPIAMEB5WPAAMEArnIYAMEB8yogAMEBdRcQAME
BdRzwAMEBdUi4AMEBdk/QAMEBNlm8DAUBAIAAjAOAwUDKgIPaAMFAyoHMcAwDQYJ
KoZIhvcNAQELBQADggEBADgok0GKXTlUUL3bjw5L3V3Wk35OOR/GMlyTCbESDIEN
Yrx4W1KYP6LUVVeD6pnk2c5xGn/RPv3e8Ex99iiQbkpSzvmkkvxWcI9xAMn/bmk/
CSyVoxI9d4oRzZaoEJv+B2d7wXg9urnxsYfgLoFsFgwkbi16a2WySOK8pSEvfCxB
Sn7Grbr/bjfZjueZnpVCjdzbJQiXESXQRshVhOuuu0jTmE+1edQ+qvemNOX56Qkl
Dx2ruZZBk9XPVRWGh8v0pSDevvv9kWj7nK5tKc5k8uyjTIMsLI++SaOUhlzJL1hx
vl0Me774i4OdlblKBUiWZeXonM3E+bbEFSzTqJqS1dE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:21 2024 by rpki-client on console-fra.rpki-client.org