Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/biQCi0iOXtwebueTVAcrBG3snxU.roa
File:                     biQCi0iOXtwebueTVAcrBG3snxU.roa (raw, json)
Hash identifier:          4Mu/l5sX4zZoe4VyuXZT347ppgn26N3OIw5+Fj2M9q0=
Subject key identifier:   6E:24:02:8B:48:8E:5E:DC:1E:6E:E7:93:54:07:2B:04:6D:EC:9F:15
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       0196C54A1B90EB4C18C7C51CA5BB8EE4153C
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/biQCi0iOXtwebueTVAcrBG3snxU.roa
Signing time:             Mon 12 May 2025 16:18:10 +0000
ROA not before:           Mon 12 May 2025 16:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3170
IP address blocks:        83.97.16.0/22 maxlen: 24
                          83.97.16.0/24 maxlen: 32
                          91.240.224.0/24 maxlen: 24
                          185.17.196.0/22 maxlen: 24
                          185.175.90.0/24 maxlen: 24
                          188.64.34.0/23 maxlen: 24
                          188.64.36.0/22 maxlen: 24
                          193.35.56.0/22 maxlen: 24
                          193.105.188.0/24 maxlen: 24
                          194.69.165.0/24 maxlen: 24
                          195.74.52.0/22 maxlen: 24
                          195.144.8.0/24 maxlen: 24
                          195.191.218.0/23 maxlen: 24
                          195.191.219.0/24 maxlen: 32
                          2a03:ee40::/32 maxlen: 32
                          2a07:240::/29 maxlen: 48
                          2a10:4740::/29 maxlen: 48
                          2a11:2640::/32 maxlen: 32
                          2a11:2641::/32 maxlen: 32
                          2a11:2647::/32 maxlen: 32
Validation:               Failed, certificate revoked on Tue 13 May 2025 15:52:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:4a:1b:90:eb:4c:18:c7:c5:1c:a5:bb:8e:e4:15:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: May 12 16:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6e24028b488e5edc1e6ee79354072b046dec9f15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:0c:e7:f2:bd:7b:38:1f:2b:e5:b3:05:c2:9f:
                    8a:6b:69:1a:11:74:19:9d:f3:87:38:06:92:99:41:
                    2a:5b:b1:32:f7:23:e3:dd:db:8e:90:41:8a:b9:ec:
                    b2:bf:e8:83:a1:70:9c:12:b1:fe:04:d2:21:f3:68:
                    f5:a1:c5:99:6c:df:25:ed:2b:bc:06:44:ac:52:f5:
                    3c:cc:03:a6:b9:09:35:a0:f2:32:11:a4:15:35:21:
                    1e:7f:a8:f6:2f:91:bd:ff:59:90:4d:27:3d:40:1e:
                    6b:ad:a1:0f:77:dd:73:f1:74:52:12:80:71:a4:1a:
                    8b:ce:09:49:c9:31:21:fb:b3:b8:18:bb:33:9a:28:
                    11:7d:ed:0a:9d:cf:48:d0:a9:27:40:63:7a:e2:2f:
                    b0:be:11:aa:4b:b4:f9:0d:ac:aa:67:0f:0e:73:03:
                    25:e4:cf:22:19:52:9c:d2:f2:4f:44:83:31:83:b7:
                    e7:44:1e:7c:fb:32:c3:3e:f9:7a:fd:40:13:d4:ed:
                    d5:93:1f:d9:bc:9d:7c:ff:95:40:7b:05:6d:0c:ce:
                    bb:5c:e1:9a:ab:e6:84:66:c9:c2:26:89:5b:1f:a7:
                    bc:70:c7:ca:18:af:f9:32:71:54:76:58:d0:7a:80:
                    9e:c8:74:66:47:07:a8:66:f4:33:00:ac:ea:74:7e:
                    1f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:24:02:8B:48:8E:5E:DC:1E:6E:E7:93:54:07:2B:04:6D:EC:9F:15
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/biQCi0iOXtwebueTVAcrBG3snxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.16.0/22
                  91.240.224.0/24
                  185.17.196.0/22
                  185.175.90.0/24
                  188.64.34.0-188.64.39.255
                  193.35.56.0/22
                  193.105.188.0/24
                  194.69.165.0/24
                  195.74.52.0/22
                  195.144.8.0/24
                  195.191.218.0/23
                IPv6:
                  2a03:ee40::/32
                  2a07:240::/29
                  2a10:4740::/29
                  2a11:2640::/31
                  2a11:2647::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:07:3b:94:2d:2f:b1:41:ca:5b:5c:fe:80:f6:ff:b5:b9:25:
         6a:17:62:cc:e7:1b:50:4d:95:cd:97:b1:2d:82:04:fa:b4:82:
         28:73:7a:90:80:62:1b:2e:b6:1e:c0:dd:42:d1:67:79:68:23:
         84:48:f8:50:06:87:6a:52:83:09:bb:f2:59:75:dc:15:ee:59:
         9f:24:29:15:a9:14:ae:56:92:0b:b9:f0:c5:cd:e9:b7:0d:9f:
         50:38:42:df:69:85:a2:03:bf:f3:cb:0b:3b:81:37:bb:5e:64:
         06:ee:24:f1:9b:92:90:09:24:4b:dc:09:24:0f:ef:75:f9:9b:
         5a:1d:f1:9c:74:26:e1:d6:38:79:ed:72:cc:57:08:17:dd:28:
         12:35:21:85:49:6a:af:97:43:87:57:9e:d5:64:eb:09:4e:e9:
         03:41:2c:37:dd:e4:2e:b0:b7:fb:24:6f:29:79:e6:a6:0c:cc:
         40:46:0d:3e:5b:69:6c:97:fa:bc:ec:12:c7:cb:6c:37:2f:a7:
         e8:0c:1d:09:33:7f:09:17:1c:fc:f0:b3:f3:0b:95:9f:f1:6f:
         d6:d3:64:55:0b:07:aa:5f:d6:f7:a7:86:a0:de:fa:71:70:be:
         be:ae:28:fc:47:0c:2d:e6:2c:94:17:e0:4e:95:c9:5e:54:ee:
         6b:40:70:5a
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAZbFShuQ60wYx8UcpbuO5BU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjUwNTEyMTYxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTI0MDI4YjQ4OGU1ZWRjMWU2ZWU3OTM1NDA3MmIwNDZkZWM5ZjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Qzn8r17OB8r5bMFwp+Ka2kaEXQZ
nfOHOAaSmUEqW7Ey9yPj3duOkEGKueyyv+iDoXCcErH+BNIh82j1ocWZbN8l7Su8
BkSsUvU8zAOmuQk1oPIyEaQVNSEef6j2L5G9/1mQTSc9QB5rraEPd91z8XRSEoBx
pBqLzglJyTEh+7O4GLszmigRfe0Knc9I0KknQGN64i+wvhGqS7T5DayqZw8OcwMl
5M8iGVKc0vJPRIMxg7fnRB58+zLDPvl6/UAT1O3Vkx/ZvJ18/5VAewVtDM67XOGa
q+aEZsnCJolbH6e8cMfKGK/5MnFUdljQeoCeyHRmRweoZvQzAKzqdH4f2wIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFG4kAotIjl7cHm7nk1QHKwRt7J8VMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvYmlRQ2kwaU9YdHdlYnVlVFZBY3JCRzNzbnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wUAQCAAEwSgMEAlNhEAME
AFvw4AMEArkRxAMEALmvWjAMAwQBvEAiAwQDvEAgAwQCwSM4AwQAwWm8AwQAwkWl
AwQCw0o0AwQAw5AIAwQBw7/aMCkEAgACMCMDBQAqA+5AAwUDKgcCQAMFAyoQR0AD
BQEqESZAAwUAKhEmRzANBgkqhkiG9w0BAQsFAAOCAQEAPAc7lC0vsUHKW1z+gPb/
tbklahdizOcbUE2VzZexLYIE+rSCKHN6kIBiGy62HsDdQtFneWgjhEj4UAaHalKD
CbvyWXXcFe5ZnyQpFakUrlaSC7nwxc3ptw2fUDhC32mFogO/88sLO4E3u15kBu4k
8ZuSkAkkS9wJJA/vdfmbWh3xnHQm4dY4ee1yzFcIF90oEjUhhUlqr5dDh1ee1WTr
CU7pA0EsN93kLrC3+yRvKXnmpgzMQEYNPltpbJf6vOwSx8tsNy+n6AwdCTN/CRcc
/PCz8wuVn/Fv1tNkVQsHql/W96eGoN76cXC+vq4o/EcMLeYslBfgTpXJXlTua0Bw
Wg==
-----END CERTIFICATE-----
Generated at Tue Jun 10 19:30:47 2025 by rpki-client