Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/2a98fb-e670-4cf4-81a4-4219022350fa/1/ZDUFck9Xkw_pcxdtGjJQvH38Hi8.roa
File:                     ZDUFck9Xkw_pcxdtGjJQvH38Hi8.roa (raw, json)
Hash identifier:          UVqoLvX8TIG9Z9vXXerfE63azWszDzKR/JhrrJ84j0A=
Subject key identifier:   64:35:05:72:4F:57:93:0F:E9:73:17:6D:1A:32:50:BC:7D:FC:1E:2F
Certificate issuer:       /CN=0608ade86a1ccf7a483b4c2962045db8d0ef826d
Certificate serial:       018570FBD4DE131AF489C6EBEF59C7DE6ED5
Authority key identifier: 06:08:AD:E8:6A:1C:CF:7A:48:3B:4C:29:62:04:5D:B8:D0:EF:82:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bgit6Gocz3pIO0wpYgRduNDvgm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/2a98fb-e670-4cf4-81a4-4219022350fa/1/ZDUFck9Xkw_pcxdtGjJQvH38Hi8.roa
Signing time:             Mon 02 Jan 2023 05:37:10 +0000
ROA not before:           Mon 02 Jan 2023 05:37:10 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16082
IP address blocks:        37.77.176.0/21 maxlen: 21
                          185.15.104.0/22 maxlen: 22
                          87.117.72.0/21 maxlen: 21
                          109.238.64.0/20 maxlen: 20
                          62.133.0.0/19 maxlen: 19
                          83.218.128.0/19 maxlen: 19
                          87.117.112.0/21 maxlen: 21
                          31.24.0.0/21 maxlen: 21
                          87.224.0.0/17 maxlen: 17
                          217.13.128.0/19 maxlen: 19
                          212.237.64.0/19 maxlen: 19
                          2a02:b90::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 08:30:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:70:fb:d4:de:13:1a:f4:89:c6:eb:ef:59:c7:de:6e:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0608ade86a1ccf7a483b4c2962045db8d0ef826d
        Validity
            Not Before: Jan  2 05:37:10 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=643505724f57930fe973176d1a3250bc7dfc1e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e1:a7:de:02:63:31:1e:69:41:0e:3f:3b:35:
                    8d:74:47:59:4f:e6:97:85:91:cd:c2:c8:98:ba:25:
                    0b:36:82:ad:12:a6:09:c0:95:82:3e:2f:df:11:be:
                    9d:3d:04:ce:5e:a1:63:35:62:c9:44:5a:7b:dc:8c:
                    8f:39:cf:14:2e:1f:62:59:8e:89:5b:b0:66:a7:f2:
                    48:3e:1d:f1:4b:5d:ca:d3:58:45:a3:4e:ea:d8:ae:
                    d2:58:1d:67:3e:ac:fe:88:e5:94:bd:5e:ba:96:f5:
                    0e:a8:c3:75:fb:a3:8d:6c:df:94:e4:16:05:75:c1:
                    ee:d5:f3:48:0b:2f:0c:f4:5e:01:cb:d6:1f:e4:1e:
                    50:ea:0b:74:09:2a:59:c3:7e:a3:1b:ac:f6:6b:5a:
                    12:07:c2:43:18:4c:d3:83:8d:6b:6d:7d:3c:3c:7d:
                    32:e7:9d:28:d9:2e:7b:91:a9:26:ec:8e:07:30:57:
                    b0:46:ed:d9:09:44:52:7d:f7:70:2f:ee:af:69:37:
                    bb:b0:60:53:29:da:cb:2b:43:30:88:1b:c2:67:3f:
                    c9:0d:ec:db:d3:dd:a4:ee:f2:eb:ae:76:15:3e:e0:
                    15:83:ed:11:7a:f6:78:08:60:72:0f:ab:5b:a3:c1:
                    42:52:78:94:9b:d2:57:db:4c:96:e6:34:f9:a0:ab:
                    7a:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:35:05:72:4F:57:93:0F:E9:73:17:6D:1A:32:50:BC:7D:FC:1E:2F
            X509v3 Authority Key Identifier:
                keyid:06:08:AD:E8:6A:1C:CF:7A:48:3B:4C:29:62:04:5D:B8:D0:EF:82:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bgit6Gocz3pIO0wpYgRduNDvgm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a98fb-e670-4cf4-81a4-4219022350fa/1/ZDUFck9Xkw_pcxdtGjJQvH38Hi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/2a98fb-e670-4cf4-81a4-4219022350fa/1/Bgit6Gocz3pIO0wpYgRduNDvgm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.0.0/21
                  37.77.176.0/21
                  62.133.0.0/19
                  83.218.128.0/19
                  87.117.72.0/21
                  87.117.112.0/21
                  87.224.0.0/17
                  109.238.64.0/20
                  185.15.104.0/22
                  212.237.64.0/19
                  217.13.128.0/19
                IPv6:
                  2a02:b90::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:a7:29:a4:44:ad:3f:2b:8e:ef:48:d6:3a:ad:ad:2f:ab:c9:
         ef:35:5b:89:e7:d5:df:12:3a:9b:0a:ec:8e:e8:39:ca:79:e9:
         d6:7a:c9:f8:40:50:ef:b9:3e:a2:12:34:f1:dd:45:1a:49:8a:
         39:e8:48:0e:82:b9:9d:b8:05:3a:f9:12:04:a0:47:31:c0:d3:
         aa:b0:01:50:5b:53:91:c3:af:85:ff:66:49:ca:af:42:4e:d8:
         86:5e:8d:cc:6b:d6:62:ec:17:bd:33:47:25:e6:4f:7c:e8:30:
         88:ae:82:c2:58:47:62:d5:d4:d9:a4:fc:e4:a9:1d:8d:97:45:
         fb:58:3a:a1:8e:bd:a7:e9:97:45:a9:d4:2f:7b:2f:dc:5c:98:
         65:4a:b8:11:f7:c5:a6:06:a5:3b:dd:5f:79:89:5b:37:0a:e9:
         96:7d:98:a2:a1:a5:0f:6f:bb:15:8b:58:33:6c:10:6a:a5:bd:
         b3:e9:6d:53:fc:f0:fc:9c:74:36:fb:c9:4a:ab:2a:16:05:13:
         39:49:fe:ae:96:95:e7:44:be:ad:cf:1a:52:ce:91:fe:7d:c5:
         78:11:ca:86:9f:79:b4:36:2d:8a:05:e3:f3:63:a6:b7:18:e7:
         ad:d9:ca:3d:ae:4c:7f:44:8d:03:56:53:b7:21:af:c6:86:b5:
         1e:6f:db:b7
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVw+9TeExr0icbr71nH3m7VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MDhhZGU4NmExY2NmN2E0ODNiNGMyOTYyMDQ1ZGI4ZDBl
ZjgyNmQwHhcNMjMwMTAyMDUzNzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDM1MDU3MjRmNTc5MzBmZTk3MzE3NmQxYTMyNTBiYzdkZmMxZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuGn3gJjMR5pQQ4/OzWNdEdZT+aX
hZHNwsiYuiULNoKtEqYJwJWCPi/fEb6dPQTOXqFjNWLJRFp73IyPOc8ULh9iWY6J
W7Bmp/JIPh3xS13K01hFo07q2K7SWB1nPqz+iOWUvV66lvUOqMN1+6ONbN+U5BYF
dcHu1fNICy8M9F4By9Yf5B5Q6gt0CSpZw36jG6z2a1oSB8JDGEzTg41rbX08PH0y
550o2S57kakm7I4HMFewRu3ZCURSffdwL+6vaTe7sGBTKdrLK0MwiBvCZz/JDezb
092k7vLrrnYVPuAVg+0RevZ4CGByD6tbo8FCUniUm9JX20yW5jT5oKt6gwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFGQ1BXJPV5MP6XMXbRoyULx9/B4vMB8GA1UdIwQY
MBaAFAYIrehqHM96SDtMKWIEXbjQ74JtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmdpdDZHb2N6M3BJTzB3cFlnUmR1TkR2Z20wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8yYTk4ZmItZTY3MC00Y2Y0LTgxYTQt
NDIxOTAyMjM1MGZhLzEvWkRVRmNrOVhrd19wY3hkdEdqSlF2SDM4SGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8yYTk4ZmItZTY3MC00Y2Y0LTgxYTQtNDIxOTAyMjM1MGZh
LzEvQmdpdDZHb2N6M3BJTzB3cFlnUmR1TkR2Z20wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDHxgAAwQD
JU2wAwQFPoUAAwQFU9qAAwQDV3VIAwQDV3VwAwQHV+AAAwQEbe5AAwQCuQ9oAwQF
1O1AAwQF2Q2AMA0EAgACMAcDBQAqAguQMA0GCSqGSIb3DQEBCwUAA4IBAQA8pymk
RK0/K47vSNY6ra0vq8nvNVuJ59XfEjqbCuyO6DnKeenWesn4QFDvuT6iEjTx3UUa
SYo56EgOgrmduAU6+RIEoEcxwNOqsAFQW1ORw6+F/2ZJyq9CTtiGXo3Ma9Zi7Be9
M0cl5k986DCIroLCWEdi1dTZpPzkqR2Nl0X7WDqhjr2n6ZdFqdQvey/cXJhlSrgR
98WmBqU73V95iVs3CumWfZiioaUPb7sVi1gzbBBqpb2z6W1T/PD8nHQ2+8lKqyoW
BRM5Sf6ulpXnRL6tzxpSzpH+fcV4EcqGn3m0Ni2KBePzY6a3GOet2co9rkx/RI0D
VlO3Ia/GhrUeb9u3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:53 2024 by rpki-client on console-ams.rpki-client.org