Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/n9nEAJrjcjZWc8gceAOaf89y884.roa
File:                     n9nEAJrjcjZWc8gceAOaf89y884.roa (raw, json)
Hash identifier:          kLBOwqif8khDbsSn8JtnNvZOl382HhQ19v9x+cvtHMI=
Subject key identifier:   9F:D9:C4:00:9A:E3:72:36:56:73:C8:1C:78:03:9A:7F:CF:72:F3:CE
Certificate issuer:       /CN=2c40fcd53987b209f8af39ca1211f27060a8902e
Certificate serial:       01856B80E60C314B797FF050729EAE993A9D
Authority key identifier: 2C:40:FC:D5:39:87:B2:09:F8:AF:39:CA:12:11:F2:70:60:A8:90:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LED81TmHsgn4rznKEhHycGCokC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/n9nEAJrjcjZWc8gceAOaf89y884.roa
Signing time:             Sun 01 Jan 2023 04:04:47 +0000
ROA not before:           Sun 01 Jan 2023 04:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208800
IP address blocks:        188.116.28.0/22 maxlen: 22
                          77.242.240.0/24 maxlen: 24
                          77.242.240.0/22 maxlen: 22
                          77.242.240.0/23 maxlen: 23
                          77.242.240.0/21 maxlen: 21
                          77.242.242.0/23 maxlen: 23
                          77.242.242.0/24 maxlen: 24
                          77.242.241.0/24 maxlen: 24
                          77.242.245.0/24 maxlen: 24
                          77.242.244.0/22 maxlen: 22
                          77.242.244.0/23 maxlen: 23
                          77.242.244.0/24 maxlen: 24
                          77.242.243.0/24 maxlen: 24
                          77.242.246.0/24 maxlen: 24
                          77.242.246.0/23 maxlen: 23
                          77.242.249.0/24 maxlen: 24
                          77.242.248.0/24 maxlen: 24
                          77.242.247.0/24 maxlen: 24
                          77.242.250.0/24 maxlen: 24
                          77.242.255.0/24 maxlen: 24
                          91.201.4.0/24 maxlen: 24
                          91.201.4.0/22 maxlen: 22
                          91.201.7.0/24 maxlen: 24
                          91.201.6.0/24 maxlen: 24
                          91.201.5.0/24 maxlen: 24
                          2a0e:6e80::/44 maxlen: 44

Validation:               Failed, certificate revoked on Fri 12 May 2023 10:37:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:80:e6:0c:31:4b:79:7f:f0:50:72:9e:ae:99:3a:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c40fcd53987b209f8af39ca1211f27060a8902e
        Validity
            Not Before: Jan  1 04:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9fd9c4009ae372365673c81c78039a7fcf72f3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:53:da:e6:17:96:7a:f8:25:51:73:47:2b:d3:
                    56:7f:13:61:2f:c7:76:88:01:5e:85:2f:0f:ca:fa:
                    d4:8e:d7:62:e4:71:4e:b6:f0:0e:73:cc:4b:f0:63:
                    9f:20:c4:8a:c9:27:3b:d1:33:8f:3c:f7:bc:12:db:
                    49:eb:0a:07:30:59:01:3a:a0:d6:f4:e7:e2:10:a0:
                    ba:95:b1:c0:40:d6:29:bb:b3:f8:e6:13:c9:85:3c:
                    d0:cb:65:b0:f7:a1:8e:2a:d0:13:dc:3f:20:e2:a8:
                    49:74:7f:ba:a5:26:39:d7:8b:14:46:cf:86:53:83:
                    00:2f:d5:4d:29:4b:b0:81:9a:57:92:00:4c:77:bc:
                    6e:3f:f4:71:1b:bc:ef:02:64:2a:26:eb:6a:ff:9b:
                    4b:4d:68:40:7e:77:81:0d:56:48:27:60:48:51:43:
                    80:f3:32:df:07:a5:08:aa:3f:10:90:a9:45:b4:94:
                    38:0a:8f:ad:85:7d:4e:5c:91:5a:8c:04:b4:9a:bc:
                    2a:ac:b3:f4:d8:36:02:6b:53:5e:19:c3:76:06:52:
                    9c:2e:e4:67:2b:71:a7:02:2f:75:ed:55:b4:ca:28:
                    b3:37:34:25:9d:45:18:3a:d2:01:a0:64:50:66:f4:
                    98:14:c6:a9:fb:f9:86:56:ca:f5:e3:5e:3a:d3:60:
                    33:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D9:C4:00:9A:E3:72:36:56:73:C8:1C:78:03:9A:7F:CF:72:F3:CE
            X509v3 Authority Key Identifier:
                keyid:2C:40:FC:D5:39:87:B2:09:F8:AF:39:CA:12:11:F2:70:60:A8:90:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LED81TmHsgn4rznKEhHycGCokC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/n9nEAJrjcjZWc8gceAOaf89y884.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/709fc9-68ef-411e-a1cc-e1e807ecd4df/1/LED81TmHsgn4rznKEhHycGCokC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.242.240.0-77.242.250.255
                  77.242.255.0/24
                  91.201.4.0/22
                  188.116.28.0/22
                IPv6:
                  2a0e:6e80::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:68:fa:d2:d7:43:14:1e:dd:a4:df:51:93:7a:ab:14:85:df:
         1d:99:73:d3:2c:cb:06:47:fd:e1:06:b3:09:2f:b1:43:a3:f3:
         d1:f5:79:36:97:8a:34:73:2b:1b:81:d4:bb:7c:59:6c:05:a7:
         13:47:f3:d9:46:e7:17:3a:6a:a3:cf:0f:c3:a5:62:38:8b:18:
         25:8d:39:0d:b4:54:ac:ec:39:98:b7:91:fc:7b:c0:fd:52:2b:
         4d:23:dc:4f:6c:36:c1:60:44:84:af:9a:36:df:bb:05:e1:fb:
         ca:a0:6b:53:99:bd:e6:d2:09:b2:88:fa:3a:ed:dc:51:2a:e2:
         30:f0:8c:ea:25:62:e8:ff:c0:52:78:c2:d8:09:67:ea:2e:64:
         aa:25:16:d3:82:63:6c:55:1f:00:0b:7d:66:86:f2:3f:fe:1c:
         1f:f5:58:45:0b:40:90:d3:06:39:8c:65:c0:26:09:12:3b:2a:
         77:0a:40:43:32:99:2b:dc:15:38:09:c0:ac:91:f4:c1:ec:ef:
         31:9d:5b:47:72:f6:e7:be:62:eb:65:75:4c:ed:92:12:0b:19:
         c6:ab:15:a8:24:de:88:ba:fb:0a:74:2b:e5:6d:24:77:96:3b:
         91:42:c7:00:71:17:65:23:72:4c:ef:81:c9:b3:cc:f7:33:79:
         af:c6:54:c3
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYVrgOYMMUt5f/BQcp6umTqdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNDBmY2Q1Mzk4N2IyMDlmOGFmMzljYTEyMTFmMjcwNjBh
ODkwMmUwHhcNMjMwMTAxMDQwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQ5YzQwMDlhZTM3MjM2NTY3M2M4MWM3ODAzOWE3ZmNmNzJmM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VPa5heWevglUXNHK9NWfxNhL8d2
iAFehS8PyvrUjtdi5HFOtvAOc8xL8GOfIMSKySc70TOPPPe8EttJ6woHMFkBOqDW
9OfiEKC6lbHAQNYpu7P45hPJhTzQy2Ww96GOKtAT3D8g4qhJdH+6pSY514sURs+G
U4MAL9VNKUuwgZpXkgBMd7xuP/RxG7zvAmQqJutq/5tLTWhAfneBDVZIJ2BIUUOA
8zLfB6UIqj8QkKlFtJQ4Co+thX1OXJFajAS0mrwqrLP02DYCa1NeGcN2BlKcLuRn
K3GnAi917VW0yiizNzQlnUUYOtIBoGRQZvSYFMap+/mGVsr1414602Az8wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFJ/ZxACa43I2VnPIHHgDmn/PcvPOMB8GA1UdIwQY
MBaAFCxA/NU5h7IJ+K85yhIR8nBgqJAuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEVEODFUbUhzZ240cnpuS0VoSHljR0Nva0M0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy83MDlmYzktNjhlZi00MTFlLWExY2Mt
ZTFlODA3ZWNkNGRmLzEvbjluRUFKcmpjalpXYzhnY2VBT2FmODl5ODg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy83MDlmYzktNjhlZi00MTFlLWExY2MtZTFlODA3ZWNkNGRm
LzEvTEVEODFUbUhzZ240cnpuS0VoSHljR0Nva0M0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAmBAIAATAgMAwDBARN8vAD
BABN8voDBABN8v8DBAJbyQQDBAK8dBwwDwQCAAIwCQMHBCoOboAAADANBgkqhkiG
9w0BAQsFAAOCAQEAb2j60tdDFB7dpN9Rk3qrFIXfHZlz0yzLBkf94QazCS+xQ6Pz
0fV5NpeKNHMrG4HUu3xZbAWnE0fz2UbnFzpqo88Pw6ViOIsYJY05DbRUrOw5mLeR
/HvA/VIrTSPcT2w2wWBEhK+aNt+7BeH7yqBrU5m95tIJsoj6Ou3cUSriMPCM6iVi
6P/AUnjC2Aln6i5kqiUW04JjbFUfAAt9ZobyP/4cH/VYRQtAkNMGOYxlwCYJEjsq
dwpAQzKZK9wVOAnArJH0wezvMZ1bR3L2575i62V1TO2SEgsZxqsVqCTeiLr7CnQr
5W0kd5Y7kULHAHEXZSNyTO+BybPM9zN5r8ZUww==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:50 2024 by rpki-client on console-ams.rpki-client.org