Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/SrZyh2wXqfkH_in5C2_oQM6UC-c.roa
File:                     SrZyh2wXqfkH_in5C2_oQM6UC-c.roa (raw, json)
Hash identifier:          ntg7I2kMrCzrlf816ENFj+UDLmP/STNrzGg0HSO6N8U=
Subject key identifier:   4A:B6:72:87:6C:17:A9:F9:07:FE:29:F9:0B:6F:E8:40:CE:94:0B:E7
Certificate issuer:       /CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
Certificate serial:       01872D013F9FE94AE0E3E3B290605F853C9E
Authority key identifier: D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/SrZyh2wXqfkH_in5C2_oQM6UC-c.roa
Signing time:             Wed 29 Mar 2023 10:54:29 +0000
ROA not before:           Wed 29 Mar 2023 10:54:29 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207990
IP address blocks:        194.41.120.0/22 maxlen: 32
                          80.240.98.0/23 maxlen: 32
                          217.194.136.0/23 maxlen: 32
                          217.194.139.0/24 maxlen: 32
                          217.194.144.0/24 maxlen: 32
                          193.31.56.0/22 maxlen: 32
                          212.107.0.0/22 maxlen: 32
                          217.194.152.0/24 maxlen: 32
                          217.194.151.0/24 maxlen: 32
                          213.255.204.0/24 maxlen: 32
                          213.255.207.0/24 maxlen: 32
                          185.4.226.0/24 maxlen: 32
                          78.138.8.0/24 maxlen: 32
                          83.229.0.0/23 maxlen: 32
                          83.229.7.0/24 maxlen: 32
                          91.196.180.0/22 maxlen: 32
                          194.31.176.0/22 maxlen: 32
                          213.255.194.0/24 maxlen: 32
                          213.255.193.0/24 maxlen: 32
                          213.255.199.0/24 maxlen: 32
                          213.255.196.0/24 maxlen: 32
                          83.229.66.0/24 maxlen: 32
                          83.229.92.0/24 maxlen: 32
                          83.229.110.0/24 maxlen: 32
                          83.229.116.0/22 maxlen: 32
                          83.229.114.0/24 maxlen: 32
                          83.229.12.0/23 maxlen: 32
                          78.138.41.0/24 maxlen: 32
                          83.229.27.0/24 maxlen: 32
                          83.229.30.0/24 maxlen: 32
                          188.190.104.0/22 maxlen: 32
                          83.229.36.0/23 maxlen: 32
                          193.42.56.0/22 maxlen: 32
                          78.138.53.0/24 maxlen: 32
                          78.138.54.0/23 maxlen: 32
                          78.138.63.0/24 maxlen: 32
                          195.3.136.0/22 maxlen: 32
                          83.229.58.0/23 maxlen: 32
                          188.190.120.0/22 maxlen: 32
                          194.187.36.0/22 maxlen: 32
                          83.229.60.0/24 maxlen: 32
                          217.194.130.0/23 maxlen: 32
                          31.40.228.0/22 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:01:3f:9f:e9:4a:e0:e3:e3:b2:90:60:5f:85:3c:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d63156c1836f16c3b430effbb72ac69932ea9b
        Validity
            Not Before: Mar 29 10:54:29 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=4ab672876c17a9f907fe29f90b6fe840ce940be7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4a:08:0c:3f:62:a3:cf:4b:e3:9c:fc:6b:33:
                    b0:c9:2a:e0:05:35:a5:3a:0e:c5:1b:da:3b:06:06:
                    be:d8:4d:96:b7:87:ba:02:7e:6a:e4:9b:3a:ff:55:
                    97:6f:25:79:d6:35:54:f0:40:4e:fa:0e:0d:37:fb:
                    35:b5:1a:10:5d:49:0d:c2:28:b2:07:d3:24:25:b7:
                    9a:10:40:a1:90:ed:b6:42:fe:b0:0e:9e:0d:90:1a:
                    13:0a:a4:fa:b2:43:a5:c7:58:c7:d4:4e:81:48:71:
                    c5:54:b6:20:92:92:91:08:8a:6f:1e:fe:17:8f:bc:
                    ba:c1:10:e4:fa:6d:93:af:e6:e8:35:bd:62:c1:40:
                    e1:b4:14:ef:c7:9f:14:ae:ed:23:61:33:bd:4c:d1:
                    28:18:ca:6a:de:22:e4:c9:49:d1:40:85:15:49:36:
                    65:09:2e:dd:d8:d9:d2:da:aa:ec:8c:9c:95:4b:d6:
                    31:7c:9e:02:23:14:87:58:1e:ef:d9:0d:40:16:ea:
                    0c:42:9f:db:97:7f:99:8b:4b:31:92:03:67:06:6d:
                    33:1f:d1:a4:1e:65:42:a2:63:f9:36:17:70:db:6d:
                    9e:36:b0:0d:b5:85:65:90:0d:e2:85:ad:12:b5:f1:
                    1a:0b:c0:6d:23:d7:2f:44:a6:da:f5:83:e8:a5:87:
                    b7:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B6:72:87:6C:17:A9:F9:07:FE:29:F9:0B:6F:E8:40:CE:94:0B:E7
            X509v3 Authority Key Identifier:
                keyid:D9:D6:31:56:C1:83:6F:16:C3:B4:30:EF:FB:B7:2A:C6:99:32:EA:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dYxVsGDbxbDtDDv-7cqxpky6ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/SrZyh2wXqfkH_in5C2_oQM6UC-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/8f46be-028b-4d03-a973-fda011e5c972/1/2dYxVsGDbxbDtDDv-7cqxpky6ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.228.0/22
                  78.138.8.0/24
                  78.138.41.0/24
                  78.138.53.0-78.138.55.255
                  78.138.63.0/24
                  80.240.98.0/23
                  83.229.0.0/23
                  83.229.7.0/24
                  83.229.12.0/23
                  83.229.27.0/24
                  83.229.30.0/24
                  83.229.36.0/23
                  83.229.58.0-83.229.60.255
                  83.229.66.0/24
                  83.229.92.0/24
                  83.229.110.0/24
                  83.229.114.0/24
                  83.229.116.0/22
                  91.196.180.0/22
                  185.4.226.0/24
                  188.190.104.0/22
                  188.190.120.0/22
                  193.31.56.0/22
                  193.42.56.0/22
                  194.31.176.0/22
                  194.41.120.0/22
                  194.187.36.0/22
                  195.3.136.0/22
                  212.107.0.0/22
                  213.255.193.0-213.255.194.255
                  213.255.196.0/24
                  213.255.199.0/24
                  213.255.204.0/24
                  213.255.207.0/24
                  217.194.130.0/23
                  217.194.136.0/23
                  217.194.139.0/24
                  217.194.144.0/24
                  217.194.151.0-217.194.152.255

    Signature Algorithm: sha256WithRSAEncryption
         77:89:bf:f4:e2:a0:db:e7:ab:49:a6:62:f4:ff:3e:8a:ec:61:
         33:a8:c9:6c:d5:e4:e7:1b:3f:b7:88:65:92:41:94:ca:3c:2b:
         06:88:d8:19:8a:e7:92:de:9c:6b:c8:19:a5:7a:84:12:41:0f:
         48:9e:36:3e:45:74:e8:3c:02:42:d5:38:c6:41:fa:92:6c:55:
         a5:a7:d6:98:8c:e7:80:9d:1e:e4:9e:2f:ef:04:ff:c0:d0:e4:
         01:ac:bd:85:79:d7:5d:23:f1:e7:0b:8d:8b:8d:38:53:08:6e:
         4b:5e:73:26:b8:42:8e:b6:aa:c1:ab:77:29:e3:d9:93:eb:c9:
         a3:44:6d:d6:07:9d:d9:be:5f:3c:99:e4:19:07:53:b8:70:21:
         c4:91:a0:16:8a:ed:5c:d1:51:b7:44:37:d7:bb:16:a7:10:51:
         35:26:f7:d3:dc:4a:d1:ba:ec:b8:33:8c:2d:56:a6:6e:7c:c1:
         c5:ac:2d:cb:8c:99:36:b4:57:5f:ac:45:9d:50:0e:9e:81:1a:
         1c:d6:9a:07:a0:b3:36:b3:6d:50:7b:5b:cb:c8:f2:cb:61:ca:
         f9:7a:70:d3:32:03:78:ee:2a:38:8a:77:8b:9c:2b:e5:f5:49:
         19:8f:95:c4:e1:36:09:bd:ca:40:d9:6e:98:e2:e4:4b:70:78:
         c6:9c:03:e0
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAYctAT+f6Urg4+OykGBfhTyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDYzMTU2YzE4MzZmMTZjM2I0MzBlZmZiYjcyYWM2OTkz
MmVhOWIwHhcNMjMwMzI5MTA1NDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWI2NzI4NzZjMTdhOWY5MDdmZTI5ZjkwYjZmZTg0MGNlOTQwYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUoIDD9io89L45z8azOwySrgBTWl
Og7FG9o7Bga+2E2Wt4e6An5q5Js6/1WXbyV51jVU8EBO+g4NN/s1tRoQXUkNwiiy
B9MkJbeaEEChkO22Qv6wDp4NkBoTCqT6skOlx1jH1E6BSHHFVLYgkpKRCIpvHv4X
j7y6wRDk+m2Tr+boNb1iwUDhtBTvx58Uru0jYTO9TNEoGMpq3iLkyUnRQIUVSTZl
CS7d2NnS2qrsjJyVS9YxfJ4CIxSHWB7v2Q1AFuoMQp/bl3+Zi0sxkgNnBm0zH9Gk
HmVComP5Nhdw222eNrANtYVlkA3iha0StfEaC8BtI9cvRKba9YPopYe3uQIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFEq2codsF6n5B/4p+Qtv6EDOlAvnMB8GA1UdIwQY
MBaAFNnWMVbBg28Ww7Qw7/u3KsaZMuqbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMt
ZmRhMDExZTVjOTcyLzEvU3JaeWgyd1hxZmtIX2luNUMyX29RTTZVQy1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy84ZjQ2YmUtMDI4Yi00ZDAzLWE5NzMtZmRhMDExZTVjOTcy
LzEvMmRZeFZzR0RieGJEdEREdi03Y3F4cGt5NnBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEAh8o5AMEAE6KCAMEAE6KKTAMAwQAToo1AwQDToowAwQAToo/AwQBUPBiAwQB
U+UAAwQAU+UHAwQBU+UMAwQAU+UbAwQAU+UeAwQBU+UkMAwDBAFT5ToDBABT5TwD
BABT5UIDBABT5VwDBABT5W4DBABT5XIDBAJT5XQDBAJbxLQDBAC5BOIDBAK8vmgD
BAK8vngDBALBHzgDBALBKjgDBALCH7ADBALCKXgDBALCuyQDBALDA4gDBALUawAw
DAMEANX/wQMEANX/wgMEANX/xAMEANX/xwMEANX/zAMEANX/zwMEAdnCggMEAdnC
iAMEANnCiwMEANnCkDAMAwQA2cKXAwQA2cKYMA0GCSqGSIb3DQEBCwUAA4IBAQB3
ib/04qDb56tJpmL0/z6K7GEzqMls1eTnGz+3iGWSQZTKPCsGiNgZiueS3pxryBml
eoQSQQ9InjY+RXToPAJC1TjGQfqSbFWlp9aYjOeAnR7kni/vBP/A0OQBrL2Feddd
I/HnC42LjThTCG5LXnMmuEKOtqrBq3cp49mT68mjRG3WB53Zvl88meQZB1O4cCHE
kaAWiu1c0VG3RDfXuxanEFE1JvfT3ErRuuy4M4wtVqZufMHFrC3LjJk2tFdfrEWd
UA6egRoc1poHoLM2s21Qe1vLyPLLYcr5enDTMgN47io4ineLnCvl9UkZj5XE4TYJ
vcpA2W6Y4uRLcHjGnAPg
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:51 2024 by rpki-client on console-ams.rpki-client.org