Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/U1-Kn40exg0uGy9M5eWLHIUNnnA.roa
File:                     U1-Kn40exg0uGy9M5eWLHIUNnnA.roa (raw, json)
Hash identifier:          IYc58vmahBbvg+kCoTB1w2g01aa0Jo+/D50Rl4liK6U=
Subject key identifier:   53:5F:8A:9F:8D:1E:C6:0D:2E:1B:2F:4C:E5:E5:8B:1C:85:0D:9E:70
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01862C023E57D9C99C396E7D49DA8ED34EA9
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/U1-Kn40exg0uGy9M5eWLHIUNnnA.roa
Signing time:             Tue 07 Feb 2023 13:13:09 +0000
ROA not before:           Tue 07 Feb 2023 13:13:09 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203380
IP address blocks:        82.118.245.0/24 maxlen: 24
                          79.124.7.0/24 maxlen: 24
                          91.148.141.0/24 maxlen: 24
                          78.128.99.0/24 maxlen: 24
                          94.72.140.0/23 maxlen: 24
                          94.72.141.0/24 maxlen: 24
                          94.72.143.0/24 maxlen: 24
                          82.118.227.0/24 maxlen: 24
                          82.118.230.0/24 maxlen: 24
                          82.118.234.0/24 maxlen: 24
                          82.118.235.0/24 maxlen: 24
                          130.185.251.0/24 maxlen: 24
                          79.124.77.0/24 maxlen: 24
                          78.128.127.0/24 maxlen: 24
                          2a01:8740:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 08 Nov 2023 10:37:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:2c:02:3e:57:d9:c9:9c:39:6e:7d:49:da:8e:d3:4e:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Feb  7 13:13:09 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=535f8a9f8d1ec60d2e1b2f4ce5e58b1c850d9e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:28:c7:6f:3e:e1:a5:b1:a3:c7:b4:27:ab:2f:
                    4c:d2:9f:44:12:5a:4c:b8:b2:71:2b:85:7f:c7:73:
                    ce:78:b8:cc:1d:47:cb:09:4e:39:74:8f:aa:f1:93:
                    35:c6:59:11:46:af:2c:4b:7b:17:14:5a:72:83:a7:
                    4b:60:cd:60:c7:e7:2d:ac:8e:88:f1:b9:54:c6:a8:
                    0b:fb:0b:a9:64:fd:db:61:93:93:e4:6b:ed:84:77:
                    26:32:93:2d:f6:ba:27:8e:f6:50:0d:5e:ee:6a:a1:
                    11:88:59:9c:bf:d6:47:35:c0:c7:46:d6:2e:5c:f9:
                    7d:f4:1e:45:62:94:0e:9e:29:c9:25:f2:de:69:fe:
                    c4:7d:14:74:a4:0d:cf:ac:6d:d7:5c:b4:85:3c:8d:
                    31:03:b7:6f:6a:cb:cd:d0:e5:d6:ea:f5:31:97:4f:
                    61:88:ae:17:b8:ce:c8:e8:26:f3:58:fa:fe:84:eb:
                    2e:31:4e:80:64:48:34:9c:c6:1d:ce:04:ee:79:18:
                    97:0a:f7:97:de:b3:2f:54:11:38:57:fd:4d:2d:c9:
                    c0:3c:7e:3c:99:73:fa:8a:fa:82:fe:67:e4:bd:7c:
                    f4:51:7d:b5:e2:f1:ac:e1:d5:bd:ff:94:14:12:18:
                    85:df:88:90:6d:25:72:43:e2:58:c8:c9:df:e9:22:
                    34:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:5F:8A:9F:8D:1E:C6:0D:2E:1B:2F:4C:E5:E5:8B:1C:85:0D:9E:70
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/U1-Kn40exg0uGy9M5eWLHIUNnnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.128.99.0/24
                  78.128.127.0/24
                  79.124.7.0/24
                  79.124.77.0/24
                  82.118.227.0/24
                  82.118.230.0/24
                  82.118.234.0/23
                  82.118.245.0/24
                  91.148.141.0/24
                  94.72.140.0/23
                  94.72.143.0/24
                  130.185.251.0/24
                IPv6:
                  2a01:8740:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         c9:30:a5:9b:49:84:88:c9:07:52:be:a6:1e:c8:a7:62:37:d3:
         33:c1:f7:ea:19:db:77:c7:05:f9:0e:d2:b1:fc:08:9e:df:c8:
         58:6b:6d:8b:22:36:6c:08:64:a9:2b:5b:a9:70:17:3a:53:3e:
         c5:76:d5:2a:fb:cb:0d:7e:15:26:17:92:59:f1:a6:ef:34:9a:
         51:49:6b:b0:7e:d7:29:4f:b1:a1:37:14:f7:69:da:cf:97:43:
         a6:55:94:c9:50:0c:71:83:11:0e:32:d5:8c:2e:3a:fd:01:12:
         66:f3:6b:48:15:bd:b6:bb:b2:05:96:50:70:0b:86:cd:4a:33:
         c1:50:91:5c:08:4d:e4:e0:3a:7e:a6:7c:fb:26:1e:84:7f:94:
         c3:b3:d1:9e:ae:71:06:81:ba:f4:24:d7:84:a6:97:9e:de:f4:
         91:84:c4:e2:2c:6f:e2:0b:02:63:6b:59:95:a6:d5:1f:41:9f:
         59:bf:18:41:31:26:47:0c:30:d7:e8:7e:ae:1b:22:fb:d7:a5:
         59:46:8b:2c:69:ee:b9:ff:57:bf:92:51:da:09:3d:94:d9:a6:
         79:8f:27:08:ac:ce:1b:4d:0a:fd:4d:63:fa:5d:cd:85:21:42:
         a1:8a:ea:ea:cd:c2:4b:2e:ac:0b:1a:2d:41:77:5d:7d:d2:44:
         65:d3:36:82
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAYYsAj5X2cmcOW59SdqO006pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjMwMjA3MTMxMzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzVmOGE5ZjhkMWVjNjBkMmUxYjJmNGNlNWU1OGIxYzg1MGQ5ZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSjHbz7hpbGjx7Qnqy9M0p9EElpM
uLJxK4V/x3POeLjMHUfLCU45dI+q8ZM1xlkRRq8sS3sXFFpyg6dLYM1gx+ctrI6I
8blUxqgL+wupZP3bYZOT5GvthHcmMpMt9ronjvZQDV7uaqERiFmcv9ZHNcDHRtYu
XPl99B5FYpQOninJJfLeaf7EfRR0pA3PrG3XXLSFPI0xA7dvasvN0OXW6vUxl09h
iK4XuM7I6CbzWPr+hOsuMU6AZEg0nMYdzgTueRiXCveX3rMvVBE4V/1NLcnAPH48
mXP6ivqC/mfkvXz0UX214vGs4dW9/5QUEhiF34iQbSVyQ+JYyMnf6SI0FQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFFNfip+NHsYNLhsvTOXlixyFDZ5wMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvVTEtS240MGV4ZzB1R3k5TTVlV0xISVVObm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBOBAIAATBIAwQAToBjAwQA
ToB/AwQAT3wHAwQAT3xNAwQAUnbjAwQAUnbmAwQBUnbqAwQAUnb1AwQAW5SNAwQB
XkiMAwQAXkiPAwQAgrn7MA8EAgACMAkDBwAqAYdAAAEwDQYJKoZIhvcNAQELBQAD
ggEBAMkwpZtJhIjJB1K+ph7Ip2I30zPB9+oZ23fHBfkO0rH8CJ7fyFhrbYsiNmwI
ZKkrW6lwFzpTPsV21Sr7yw1+FSYXklnxpu80mlFJa7B+1ylPsaE3FPdp2s+XQ6ZV
lMlQDHGDEQ4y1YwuOv0BEmbza0gVvba7sgWWUHALhs1KM8FQkVwITeTgOn6mfPsm
HoR/lMOz0Z6ucQaBuvQk14Sml57e9JGExOIsb+ILAmNrWZWm1R9Bn1m/GEExJkcM
MNfofq4bIvvXpVlGiyxp7rn/V7+SUdoJPZTZpnmPJwiszhtNCv1NY/pdzYUhQqGK
6urNwksurAsaLUF3XX3SRGXTNoI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:15 2024 by rpki-client on console-fra.rpki-client.org