Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/S1yskY8hM_QJgWwuors101gz3xg.roa
File:                     S1yskY8hM_QJgWwuors101gz3xg.roa (raw, json)
Hash identifier:          E7u+5PYNM/SdsWTvNdUcP7x9aPAxM0Av9DTlteN9gDo=
Subject key identifier:   4B:5C:AC:91:8F:21:33:F4:09:81:6C:2E:A2:BB:35:D3:58:33:DF:18
Certificate issuer:       /CN=20ca2d4cb3e56b5d29970a97fc645eb2fd6876a1
Certificate serial:       018B427957C3A58522752E0F3BEEAEA55FAB
Authority key identifier: 20:CA:2D:4C:B3:E5:6B:5D:29:97:0A:97:FC:64:5E:B2:FD:68:76:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/S1yskY8hM_QJgWwuors101gz3xg.roa
Signing time:             Wed 18 Oct 2023 11:08:50 +0000
ROA not before:           Wed 18 Oct 2023 11:08:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198770
IP address blocks:        141.101.228.0/24 maxlen: 24
                          141.101.231.0/24 maxlen: 24
                          85.92.116.0/24 maxlen: 24
                          85.92.117.0/24 maxlen: 24
                          85.92.118.0/24 maxlen: 24
                          37.230.152.0/24 maxlen: 24
                          37.230.153.0/24 maxlen: 24
                          37.230.154.0/24 maxlen: 24
                          37.230.155.0/24 maxlen: 24
                          37.18.74.0/24 maxlen: 24
                          37.18.75.0/24 maxlen: 24
                          37.18.76.0/24 maxlen: 24
                          37.18.77.0/24 maxlen: 24
                          37.230.248.0/24 maxlen: 24
                          128.0.66.0/24 maxlen: 24
                          128.0.67.0/24 maxlen: 24
                          62.113.62.0/24 maxlen: 24
                          62.113.63.0/24 maxlen: 24
                          62.113.60.0/24 maxlen: 24
                          141.101.204.0/24 maxlen: 24
                          178.170.225.0/24 maxlen: 24
                          2a0d:b1c0:abc0::/44 maxlen: 44
                          2a0d:b1c0:c0::/44 maxlen: 44
                          2a0d:b1c0:500::/44 maxlen: 48
                          2a0d:b1c0:ffff::/48 maxlen: 48
                          2a0d:b1c0:d0::/44 maxlen: 44
                          2a0d:b1c0:aaaa::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:29:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:42:79:57:c3:a5:85:22:75:2e:0f:3b:ee:ae:a5:5f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20ca2d4cb3e56b5d29970a97fc645eb2fd6876a1
        Validity
            Not Before: Oct 18 11:08:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4b5cac918f2133f409816c2ea2bb35d35833df18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:1d:eb:b5:a5:d2:d9:08:47:9c:7f:a9:14:42:
                    fc:8b:ee:ba:d6:c7:84:cb:33:3d:10:e2:0b:6d:73:
                    3e:f9:ad:d4:e9:44:f9:5f:7f:17:1d:5e:dd:d2:1e:
                    d9:41:55:73:b4:c6:3e:f8:90:48:5e:f6:0a:61:0b:
                    04:d3:00:0b:c6:b4:f4:5b:19:6a:b2:9b:4a:f8:ca:
                    ce:d2:d8:49:60:b8:db:bf:f2:f5:28:e7:57:13:f1:
                    d6:a6:07:51:7c:9c:d8:f2:b9:a0:71:d3:c3:a3:d4:
                    62:f5:2f:69:09:15:2a:84:eb:3e:a4:b7:81:6f:a0:
                    8f:d3:ff:a1:2b:69:71:c2:8a:70:22:d9:df:69:be:
                    ae:c6:04:1a:ca:b3:b9:9b:65:ee:ab:8d:36:23:f8:
                    c3:2a:46:a4:cf:d9:fe:e8:ef:1a:82:02:34:fd:2a:
                    fd:6d:58:01:ed:0a:b0:dd:b0:67:c0:1c:48:8a:2c:
                    6a:83:05:89:3c:9c:be:69:9a:69:fd:fa:5d:f1:10:
                    15:49:b6:90:f5:c4:6d:39:73:85:a3:a7:f2:1c:66:
                    ce:5a:6a:96:df:37:9d:e4:be:85:8c:f8:49:6a:94:
                    7a:94:af:3a:eb:da:17:23:a3:80:26:d4:88:9f:a4:
                    d4:27:0b:db:72:b3:e4:2e:9f:ad:af:8c:75:a2:a6:
                    7a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:5C:AC:91:8F:21:33:F4:09:81:6C:2E:A2:BB:35:D3:58:33:DF:18
            X509v3 Authority Key Identifier:
                keyid:20:CA:2D:4C:B3:E5:6B:5D:29:97:0A:97:FC:64:5E:B2:FD:68:76:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IMotTLPla10plwqX_GResv1odqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/S1yskY8hM_QJgWwuors101gz3xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/2c2817-3701-4783-8fbd-eec4885c4f8d/1/IMotTLPla10plwqX_GResv1odqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.18.74.0-37.18.77.255
                  37.230.152.0/22
                  37.230.248.0/24
                  62.113.60.0/24
                  62.113.62.0/23
                  85.92.116.0-85.92.118.255
                  128.0.66.0/23
                  141.101.204.0/24
                  141.101.228.0/24
                  141.101.231.0/24
                  178.170.225.0/24
                IPv6:
                  2a0d:b1c0:c0::/43
                  2a0d:b1c0:500::/44
                  2a0d:b1c0:aaaa::/48
                  2a0d:b1c0:abc0::/44
                  2a0d:b1c0:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:c2:78:60:3a:15:16:83:cc:aa:7f:75:99:49:bc:72:6d:45:
         86:3c:0f:01:17:61:3b:6d:43:2b:3b:95:1d:61:0e:3e:91:81:
         fe:12:f2:fc:c5:db:6b:50:7b:f9:71:7b:cb:85:fe:06:0f:72:
         35:65:60:c8:9d:7d:22:ac:34:cf:c6:f8:8d:77:32:ac:51:de:
         40:9b:66:46:83:56:dd:1e:23:f4:18:50:19:88:ae:a7:94:8a:
         6b:28:0a:a7:b5:26:c9:09:4c:48:2c:a8:99:4a:ac:7a:3a:fe:
         b1:93:87:10:09:49:1b:cd:c6:83:49:15:1d:70:b0:5f:a1:7b:
         9f:ac:7b:93:b8:1f:85:9a:84:78:93:03:c6:f1:c2:3d:c8:73:
         39:d9:8d:4c:15:de:07:0a:81:2b:80:b3:c3:91:66:20:c4:c2:
         48:19:fd:96:e8:f2:2e:06:8a:4a:3b:18:76:27:20:dd:62:27:
         6f:24:53:42:24:9d:99:c0:ed:27:8a:bc:6d:fe:e7:23:af:a1:
         25:0e:d9:37:7b:81:2c:9e:c6:ef:ac:76:c8:bb:64:89:c3:94:
         3e:11:c5:0e:1f:24:af:dd:d8:1c:5b:0f:1a:1e:26:5a:b7:49:
         ab:44:22:2c:02:04:15:89:b4:22:7b:45:13:cb:f5:7c:d6:b3:
         db:71:4a:00
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgISAYtCeVfDpYUidS4PO+6upV+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwY2EyZDRjYjNlNTZiNWQyOTk3MGE5N2ZjNjQ1ZWIyZmQ2
ODc2YTEwHhcNMjMxMDE4MTEwODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjVjYWM5MThmMjEzM2Y0MDk4MTZjMmVhMmJiMzVkMzU4MzNkZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhh3rtaXS2QhHnH+pFEL8i+661seE
yzM9EOILbXM++a3U6UT5X38XHV7d0h7ZQVVztMY++JBIXvYKYQsE0wALxrT0Wxlq
sptK+MrO0thJYLjbv/L1KOdXE/HWpgdRfJzY8rmgcdPDo9Ri9S9pCRUqhOs+pLeB
b6CP0/+hK2lxwopwItnfab6uxgQayrO5m2Xuq402I/jDKkakz9n+6O8aggI0/Sr9
bVgB7Qqw3bBnwBxIiixqgwWJPJy+aZpp/fpd8RAVSbaQ9cRtOXOFo6fyHGbOWmqW
3zed5L6FjPhJapR6lK8669oXI6OAJtSIn6TUJwvbcrPkLp+tr4x1oqZ6tQIDAQAB
o4ICjTCCAokwHQYDVR0OBBYEFEtcrJGPITP0CYFsLqK7NdNYM98YMB8GA1UdIwQY
MBaAFCDKLUyz5WtdKZcKl/xkXrL9aHahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU1vdFRMUGxhMTBwbHdxWF9HUmVzdjFvZHFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8yYzI4MTctMzcwMS00NzgzLThmYmQt
ZWVjNDg4NWM0ZjhkLzEvUzF5c2tZOGhNX1FKZ1d3dW9yczEwMWd6M3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8yYzI4MTctMzcwMS00NzgzLThmYmQtZWVjNDg4NWM0Zjhk
LzEvSU1vdFRMUGxhMTBwbHdxWF9HUmVzdjFvZHFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGiBggrBgEFBQcBBwEB/wSBkjCBjzBYBAIAATBSMAwDBAEl
EkoDBAElEkwDBAIl5pgDBAAl5vgDBAA+cTwDBAE+cT4wDAMEAlVcdAMEAFVcdgME
AYAAQgMEAI1lzAMEAI1l5AMEAI1l5wMEALKq4TAzBAIAAjAtAwcFKg2xwADAAwcE
Kg2xwAUAAwcAKg2xwKqqAwcEKg2xwKvAAwcAKg2xwP//MA0GCSqGSIb3DQEBCwUA
A4IBAQAZwnhgOhUWg8yqf3WZSbxybUWGPA8BF2E7bUMrO5UdYQ4+kYH+EvL8xdtr
UHv5cXvLhf4GD3I1ZWDInX0irDTPxviNdzKsUd5Am2ZGg1bdHiP0GFAZiK6nlIpr
KAqntSbJCUxILKiZSqx6Ov6xk4cQCUkbzcaDSRUdcLBfoXufrHuTuB+FmoR4kwPG
8cI9yHM52Y1MFd4HCoErgLPDkWYgxMJIGf2W6PIuBopKOxh2JyDdYidvJFNCJJ2Z
wO0nirxt/ucjr6ElDtk3e4EsnsbvrHbIu2SJw5Q+EcUOHySv3dgcWw8aHiZat0mr
RCIsAgQVibQie0UTy/V81rPbcUoA
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:16 2024 by rpki-client on console-ams.rpki-client.org