Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/rkUDYCRo16DBodZURADJ0fJUefE.roa
File:                     rkUDYCRo16DBodZURADJ0fJUefE.roa (raw, json)
Hash identifier:          FAXuJutoHfRzlQa81OVdNpqKfYVNwK9fehIUU3F7TVU=
Subject key identifier:   AE:45:03:60:24:68:D7:A0:C1:A1:D6:54:44:00:C9:D1:F2:54:79:F1
Certificate issuer:       /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial:       018D59661847C53D308D7608C4AE7141C71C
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/rkUDYCRo16DBodZURADJ0fJUefE.roa
Signing time:             Tue 30 Jan 2024 08:04:39 +0000
ROA not before:           Tue 30 Jan 2024 08:04:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42337
IP address blocks:        95.38.96.0/21 maxlen: 21
                          95.38.96.0/24 maxlen: 24
                          95.38.97.0/24 maxlen: 24
                          95.38.98.0/24 maxlen: 24
                          95.38.99.0/24 maxlen: 24
                          95.38.100.0/24 maxlen: 24
                          95.38.101.0/24 maxlen: 24
                          95.38.102.0/24 maxlen: 24
                          95.38.103.0/24 maxlen: 24
                          95.38.104.0/22 maxlen: 22
                          95.38.104.0/24 maxlen: 24
                          95.38.105.0/24 maxlen: 24
                          95.38.106.0/24 maxlen: 24
                          95.38.107.0/24 maxlen: 24
                          95.38.130.0/23 maxlen: 23
                          95.38.132.0/22 maxlen: 22
                          95.38.132.0/24 maxlen: 24
                          95.38.133.0/24 maxlen: 24
                          95.38.134.0/24 maxlen: 24
                          95.38.135.0/24 maxlen: 24
                          95.38.136.0/22 maxlen: 22
                          95.38.136.0/24 maxlen: 24
                          95.38.137.0/24 maxlen: 24
                          95.38.138.0/24 maxlen: 24
                          95.38.139.0/24 maxlen: 24
                          95.38.140.0/22 maxlen: 22
                          95.38.140.0/24 maxlen: 24
                          95.38.141.0/24 maxlen: 24
                          95.38.142.0/24 maxlen: 24
                          95.38.143.0/24 maxlen: 24
                          95.38.152.0/21 maxlen: 21
                          95.38.152.0/24 maxlen: 24
                          95.38.153.0/24 maxlen: 24
                          95.38.154.0/24 maxlen: 24
                          95.38.155.0/24 maxlen: 24
                          95.38.156.0/24 maxlen: 24
                          95.38.157.0/24 maxlen: 24
                          95.38.158.0/24 maxlen: 24
                          95.38.159.0/24 maxlen: 24
                          95.38.168.0/22 maxlen: 22
                          95.38.168.0/24 maxlen: 24
                          95.38.169.0/24 maxlen: 24
                          95.38.174.0/24 maxlen: 24
                          95.38.200.0/22 maxlen: 22
                          95.38.208.0/22 maxlen: 22
                          95.38.240.0/21 maxlen: 21
                          95.38.240.0/24 maxlen: 24
                          95.38.241.0/24 maxlen: 24
                          95.38.242.0/24 maxlen: 24
                          95.38.243.0/24 maxlen: 24
                          95.38.244.0/24 maxlen: 24
                          95.38.245.0/24 maxlen: 24
                          95.38.246.0/24 maxlen: 24
                          95.38.247.0/24 maxlen: 24
                          95.38.248.0/22 maxlen: 22
                          95.38.248.0/24 maxlen: 24
                          95.38.249.0/24 maxlen: 24
                          95.38.250.0/24 maxlen: 24
                          95.38.251.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 09:45:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:66:18:47:c5:3d:30:8d:76:08:c4:ae:71:41:c7:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
        Validity
            Not Before: Jan 30 08:04:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae4503602468d7a0c1a1d6544400c9d1f25479f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c6:71:b0:38:e4:45:1c:33:14:27:f7:fb:c7:
                    fb:61:ee:4b:c8:9e:4a:f7:97:c7:00:20:35:69:a9:
                    5c:4d:1c:93:c5:7f:1f:1b:bc:f9:0e:a8:5e:51:9b:
                    dc:7b:f1:4e:a5:62:0f:76:c1:6c:48:8f:93:88:32:
                    90:85:52:af:d2:f7:1f:15:8b:3a:c8:49:bb:67:99:
                    89:b4:e2:01:de:a6:07:01:41:cb:39:24:c5:35:61:
                    22:f0:d1:0d:43:b4:7d:56:f1:47:39:fc:e8:ad:de:
                    01:e1:35:25:59:70:c8:21:77:81:fe:fd:24:19:52:
                    83:97:5a:30:17:57:3e:a5:51:6a:c3:6e:4e:0f:93:
                    8d:7c:e9:b1:d9:49:fd:ad:4b:db:7d:59:2c:db:f8:
                    33:e7:62:92:ee:7b:3e:67:63:a5:8b:1f:87:a0:0e:
                    1e:2f:d2:05:ef:51:83:f4:c7:60:76:3f:a5:89:ac:
                    aa:96:5f:b0:b9:ad:78:d0:fc:e7:f8:41:41:a9:8c:
                    09:d2:35:15:a0:e2:fd:a0:23:f3:34:25:f7:13:8c:
                    8c:aa:9d:ed:ae:22:a3:10:df:36:82:81:4d:87:f7:
                    eb:58:79:c4:31:93:8d:80:7a:73:68:90:13:5c:e6:
                    05:60:19:a9:e6:28:be:89:03:49:21:ec:00:1d:90:
                    29:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:45:03:60:24:68:D7:A0:C1:A1:D6:54:44:00:C9:D1:F2:54:79:F1
            X509v3 Authority Key Identifier:
                keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/rkUDYCRo16DBodZURADJ0fJUefE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.38.96.0-95.38.107.255
                  95.38.130.0-95.38.143.255
                  95.38.152.0/21
                  95.38.168.0/22
                  95.38.174.0/24
                  95.38.200.0/22
                  95.38.208.0/22
                  95.38.240.0-95.38.251.255

    Signature Algorithm: sha256WithRSAEncryption
         11:34:a9:38:ae:1f:4c:8a:d3:c6:b5:89:90:61:24:a0:96:ed:
         28:5f:24:a3:6f:79:52:e0:26:74:c7:65:f5:d1:c2:07:2b:31:
         92:3d:af:f5:c2:30:97:94:30:71:ce:ca:08:43:22:cb:84:e7:
         cc:ad:83:7d:7f:fb:ee:97:4b:24:f4:de:fb:04:54:e0:b3:bd:
         2f:8a:45:14:e4:cc:d5:65:71:67:aa:3c:b5:0f:66:ab:ea:a4:
         2b:00:1a:91:a5:3c:54:83:f8:3b:17:ef:be:b0:54:42:07:0f:
         66:8d:c1:12:a6:5c:83:dd:17:45:dc:9b:4f:39:29:05:56:b6:
         a8:d4:8b:cd:03:b9:0d:22:c0:ce:d6:63:b5:ab:ce:7c:ae:d0:
         c7:5a:c2:58:05:30:8d:0f:98:f6:93:2e:70:c9:df:56:66:ea:
         e4:16:4d:6b:6c:df:05:1d:b6:52:90:a0:d0:d0:b8:b8:4a:95:
         34:ac:fe:90:31:d8:22:4d:0c:00:7d:5e:86:06:7d:c5:a4:cf:
         cd:0d:23:e1:1f:50:2a:98:79:ec:c1:8d:93:f3:6a:77:90:70:
         8f:35:67:b9:ff:45:02:ca:fa:28:71:84:fc:0c:cc:da:2b:fe:
         a9:f6:d8:73:67:61:0b:8b:b6:09:24:fc:58:cf:65:1d:41:1c:
         b6:37:9b:bc
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY1ZZhhHxT0wjXYIxK5xQcccMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjQwMTMwMDgwNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTQ1MDM2MDI0NjhkN2EwYzFhMWQ2NTQ0NDAwYzlkMWYyNTQ3OWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysZxsDjkRRwzFCf3+8f7Ye5LyJ5K
95fHACA1aalcTRyTxX8fG7z5DqheUZvce/FOpWIPdsFsSI+TiDKQhVKv0vcfFYs6
yEm7Z5mJtOIB3qYHAUHLOSTFNWEi8NENQ7R9VvFHOfzord4B4TUlWXDIIXeB/v0k
GVKDl1owF1c+pVFqw25OD5ONfOmx2Un9rUvbfVks2/gz52KS7ns+Z2Olix+HoA4e
L9IF71GD9Mdgdj+liayqll+wua140Pzn+EFBqYwJ0jUVoOL9oCPzNCX3E4yMqp3t
riKjEN82goFNh/frWHnEMZONgHpzaJATXOYFYBmp5ii+iQNJIewAHZApQQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFK5FA2AkaNegwaHWVEQAydHyVHnxMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvcmtVRFlDUm8xNkRCb2RaVVJBREowZkpVZWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIMAwDBAVfJmAD
BAJfJmgwDAMEAV8mggMEBF8mgAMEA18mmAMEAl8mqAMEAF8mrgMEAl8myAMEAl8m
0DAMAwQEXybwAwQCXyb4MA0GCSqGSIb3DQEBCwUAA4IBAQARNKk4rh9MitPGtYmQ
YSSglu0oXySjb3lS4CZ0x2X10cIHKzGSPa/1wjCXlDBxzsoIQyLLhOfMrYN9f/vu
l0sk9N77BFTgs70vikUU5MzVZXFnqjy1D2ar6qQrABqRpTxUg/g7F+++sFRCBw9m
jcESplyD3RdF3JtPOSkFVrao1IvNA7kNIsDO1mO1q858rtDHWsJYBTCND5j2ky5w
yd9WZurkFk1rbN8FHbZSkKDQ0Li4SpU0rP6QMdgiTQwAfV6GBn3FpM/NDSPhH1Aq
mHnswY2T82p3kHCPNWe5/0UCyvoocYT8DMzaK/6p9thzZ2ELi7YJJPxYz2UdQRy2
N5u8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:54 2024 by rpki-client on console-fra.rpki-client.org