Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/8IIZtmQtsz_oN2BsPpY8QOn9tWM.roa
File:                     8IIZtmQtsz_oN2BsPpY8QOn9tWM.roa (raw, json)
Hash identifier:          zVmNRyRPPrlurbcEkbMToUZwZkY22s114/4YD8yvhsE=
Subject key identifier:   F0:82:19:B6:64:2D:B3:3F:E8:37:60:6C:3E:96:3C:40:E9:FD:B5:63
Certificate issuer:       /CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
Certificate serial:       018CFD1290D029FA10E69DC28AC0F30BB8BD
Authority key identifier: 6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/8IIZtmQtsz_oN2BsPpY8QOn9tWM.roa
Signing time:             Fri 12 Jan 2024 09:48:21 +0000
ROA not before:           Fri 12 Jan 2024 09:48:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56582
IP address blocks:        185.33.63.0/24 maxlen: 24
                          31.169.65.0/24 maxlen: 24
                          31.169.70.0/24 maxlen: 24
                          31.169.69.0/24 maxlen: 24
                          31.169.71.0/24 maxlen: 24
                          31.169.67.0/24 maxlen: 24
                          31.169.66.0/24 maxlen: 24
                          31.169.72.0/24 maxlen: 24
                          31.169.77.0/24 maxlen: 24
                          31.169.76.0/24 maxlen: 24
                          31.169.78.0/24 maxlen: 24
                          31.169.74.0/24 maxlen: 24
                          31.169.81.0/24 maxlen: 24
                          31.169.88.0/24 maxlen: 24
                          31.169.93.0/24 maxlen: 24
                          31.169.92.0/24 maxlen: 24
                          31.169.94.0/24 maxlen: 24
                          31.169.95.0/24 maxlen: 24
                          31.169.64.0/24 maxlen: 24
                          2a00:5740::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 26 Feb 2024 13:23:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:12:90:d0:29:fa:10:e6:9d:c2:8a:c0:f3:0b:b8:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d69da44ae067fc1a98a5f6f05f12e545d0fc62a
        Validity
            Not Before: Jan 12 09:48:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f08219b6642db33fe837606c3e963c40e9fdb563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c1:da:30:67:e3:92:2a:00:47:9e:d2:5e:be:
                    49:01:2b:a9:45:cd:b9:e3:47:60:8f:6c:c4:c1:26:
                    fe:61:bb:02:fe:bd:8e:9d:fa:2a:61:6e:48:d9:2e:
                    c8:33:ad:92:c5:c5:fe:c4:c1:36:e7:a5:f0:89:83:
                    39:1e:d3:7c:c1:fb:9f:a5:b7:a6:b7:1a:bc:20:3c:
                    1e:ff:16:8f:d1:e2:e8:f1:e6:5d:a0:04:c3:0a:47:
                    91:9c:02:80:99:bc:e8:24:f9:2e:ce:93:5c:6e:84:
                    58:cf:aa:76:d6:f4:71:d6:11:00:da:69:b1:88:8f:
                    3c:c0:a3:1c:01:f8:79:30:f3:5b:f8:fe:df:30:2b:
                    60:40:15:61:40:ec:84:ea:47:ae:0d:f4:8b:1a:f3:
                    b2:1a:bc:00:bb:47:de:3b:80:a2:17:d3:ce:96:5a:
                    28:cf:6b:30:02:3b:12:f9:73:cb:d8:27:11:a6:21:
                    cd:c9:a9:23:bf:4f:f3:25:b6:16:85:78:22:45:f6:
                    47:b3:84:70:e5:a8:c9:dc:c9:80:4b:37:60:8b:70:
                    d5:0a:86:02:ac:29:e8:20:3d:c5:c6:8a:e6:7d:0e:
                    8d:76:8a:29:1c:07:ec:7e:15:bc:e4:1c:3d:97:53:
                    9b:be:f0:72:4f:7f:4b:e7:f4:b0:cf:73:85:14:a7:
                    1f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:82:19:B6:64:2D:B3:3F:E8:37:60:6C:3E:96:3C:40:E9:FD:B5:63
            X509v3 Authority Key Identifier:
                keyid:6D:69:DA:44:AE:06:7F:C1:A9:8A:5F:6F:05:F1:2E:54:5D:0F:C6:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/8IIZtmQtsz_oN2BsPpY8QOn9tWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/b1a82a-490f-43fb-986e-26170da4a0b1/1/bWnaRK4Gf8Gpil9vBfEuVF0Pxio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.169.64.0/22
                  31.169.69.0-31.169.72.255
                  31.169.74.0/24
                  31.169.76.0-31.169.78.255
                  31.169.81.0/24
                  31.169.88.0/24
                  31.169.92.0/22
                  185.33.63.0/24
                IPv6:
                  2a00:5740::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:72:01:d3:31:cb:b2:81:ce:6b:c0:02:2a:15:2a:50:a5:44:
         9c:3b:70:e0:94:c1:4b:a9:0c:b4:65:da:01:f8:ed:59:80:7d:
         78:a8:a4:29:71:6b:24:0c:36:32:c8:57:6e:56:e0:7b:e1:66:
         00:a4:6b:67:0a:87:c5:4d:1f:60:4e:6b:e2:af:27:63:c7:0e:
         33:0b:63:93:49:d9:54:9f:5e:e8:f8:6a:b5:c8:c7:84:bb:59:
         83:4e:6e:28:62:a2:41:39:7e:e2:f7:ba:2b:a4:6c:6f:9f:b4:
         33:12:00:f8:c6:b8:5d:96:b9:33:29:54:ff:0d:d6:e4:45:62:
         f9:28:71:ae:f3:ac:b9:42:7f:f6:09:81:29:68:ca:d8:1c:48:
         c9:f9:6c:a1:25:0c:cb:1a:45:93:25:b7:b2:7b:62:5f:01:2e:
         1f:dc:59:11:c6:d9:19:7f:87:2e:f7:db:98:69:1f:f4:78:68:
         06:38:38:49:75:24:43:0d:59:7e:98:5d:45:ab:97:ed:64:b3:
         a6:c5:bc:15:01:aa:55:b5:9d:f3:7e:c5:c0:90:f1:b1:7c:cb:
         2b:1c:b9:5e:74:10:a9:89:a2:41:1a:47:bd:4c:ec:c7:aa:e3:
         9c:a4:a5:9e:22:cf:fe:67:e4:b8:03:97:cd:93:b2:83:5b:8d:
         a2:6e:23:d8
-----BEGIN CERTIFICATE-----
MIIFRjCCBC6gAwIBAgISAYz9EpDQKfoQ5p3CisDzC7i9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNjlkYTQ0YWUwNjdmYzFhOThhNWY2ZjA1ZjEyZTU0NWQw
ZmM2MmEwHhcNMjQwMTEyMDk0ODIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDgyMTliNjY0MmRiMzNmZTgzNzYwNmMzZTk2M2M0MGU5ZmRiNTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsHaMGfjkioAR57SXr5JASupRc25
40dgj2zEwSb+YbsC/r2OnfoqYW5I2S7IM62SxcX+xME256XwiYM5HtN8wfufpbem
txq8IDwe/xaP0eLo8eZdoATDCkeRnAKAmbzoJPkuzpNcboRYz6p21vRx1hEA2mmx
iI88wKMcAfh5MPNb+P7fMCtgQBVhQOyE6keuDfSLGvOyGrwAu0feO4CiF9POlloo
z2swAjsS+XPL2CcRpiHNyakjv0/zJbYWhXgiRfZHs4Rw5ajJ3MmASzdgi3DVCoYC
rCnoID3FxormfQ6NdoopHAfsfhW85Bw9l1ObvvByT39L5/Swz3OFFKcfmwIDAQAB
o4ICUjCCAk4wHQYDVR0OBBYEFPCCGbZkLbM/6DdgbD6WPEDp/bVjMB8GA1UdIwQY
MBaAFG1p2kSuBn/BqYpfbwXxLlRdD8YqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUt
MjYxNzBkYTRhMGIxLzEvOElJWnRtUXRzel9vTjJCc1BwWThRT245dFdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9iMWE4MmEtNDkwZi00M2ZiLTk4NmUtMjYxNzBkYTRhMGIx
LzEvYlduYVJLNEdmOEdwaWw5dkJmRXVWRjBQeGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGgGCCsGAQUFBwEHAQH/BFkwVzBGBAIAATBAAwQCH6lAMAwD
BAAfqUUDBAAfqUgDBAAfqUowDAMEAh+pTAMEAB+pTgMEAB+pUQMEAB+pWAMEAh+p
XAMEALkhPzANBAIAAjAHAwUDKgBXQDANBgkqhkiG9w0BAQsFAAOCAQEAGXIB0zHL
soHOa8ACKhUqUKVEnDtw4JTBS6kMtGXaAfjtWYB9eKikKXFrJAw2MshXblbge+Fm
AKRrZwqHxU0fYE5r4q8nY8cOMwtjk0nZVJ9e6PhqtcjHhLtZg05uKGKiQTl+4ve6
K6Rsb5+0MxIA+Ma4XZa5MylU/w3W5EVi+ShxrvOsuUJ/9gmBKWjK2BxIyflsoSUM
yxpFkyW3sntiXwEuH9xZEcbZGX+HLvfbmGkf9HhoBjg4SXUkQw1ZfphdRauX7WSz
psW8FQGqVbWd837FwJDxsXzLKxy5XnQQqYmiQRpHvUzsx6rjnKSlniLP/mfkuAOX
zZOyg1uNom4j2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:47 2024 by rpki-client on console-ams.rpki-client.org