Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/dZzmKvOrWYi60JAXzwi44GqxGF8.roa
File:                     dZzmKvOrWYi60JAXzwi44GqxGF8.roa (raw, json)
Hash identifier:          maPiTgXD7Yd0tKujzWSq0oixPRfRvhs5JnGuNqIgeJ4=
Subject key identifier:   75:9C:E6:2A:F3:AB:59:88:BA:D0:90:17:CF:08:B8:E0:6A:B1:18:5F
Certificate issuer:       /CN=ff29e70af2f7e18cbc19f97cca8fd6c05099741d
Certificate serial:       01870F18F6A1DCD4C07A1D5EC1237E09847C
Authority key identifier: FF:29:E7:0A:F2:F7:E1:8C:BC:19:F9:7C:CA:8F:D6:C0:50:99:74:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_ynnCvL34Yy8Gfl8yo_WwFCZdB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/dZzmKvOrWYi60JAXzwi44GqxGF8.roa
Signing time:             Thu 23 Mar 2023 15:31:46 +0000
ROA not before:           Thu 23 Mar 2023 15:31:46 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     13178
IP address blocks:        185.61.192.0/24 maxlen: 24
                          185.61.195.0/24 maxlen: 24
                          91.204.20.0/24 maxlen: 24
                          91.204.21.0/24 maxlen: 24
                          185.58.124.0/22 maxlen: 22
                          93.88.128.0/20 maxlen: 20
                          185.175.72.0/22 maxlen: 22
                          185.59.192.0/22 maxlen: 22
                          185.55.40.0/22 maxlen: 22
                          185.58.152.0/22 maxlen: 22
                          91.205.44.0/22 maxlen: 22
                          93.187.120.0/21 maxlen: 21
                          2a0b:d700::/29 maxlen: 29
                          2a04:ed40::/29 maxlen: 29
                          2a04:e080::/29 maxlen: 29
                          2a03:6c0::/32 maxlen: 32
                          2a00:8040::/32 maxlen: 32
                          2a02:6160::/32 maxlen: 32
                          2a03:ed80::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0f:18:f6:a1:dc:d4:c0:7a:1d:5e:c1:23:7e:09:84:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff29e70af2f7e18cbc19f97cca8fd6c05099741d
        Validity
            Not Before: Mar 23 15:31:46 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=759ce62af3ab5988bad09017cf08b8e06ab1185f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:21:f8:f1:1b:65:b4:1d:ba:7c:c2:7a:98:4d:
                    37:de:3f:5c:98:0d:e2:b1:45:7d:e9:ae:61:b1:fe:
                    81:6a:b5:eb:dd:5c:1e:b4:62:87:5a:15:9f:ee:e7:
                    09:66:f2:8d:f4:4a:b4:dc:ef:5b:1c:81:9e:b4:f3:
                    21:8b:b2:aa:6a:bc:48:25:e5:01:11:dc:77:42:3f:
                    7f:5a:3f:a3:bb:fc:75:19:63:db:3a:08:6a:3e:2a:
                    26:c1:f3:b6:ba:15:b9:fd:34:ff:5d:5a:13:e9:47:
                    bf:28:f7:d9:e1:df:3e:5a:de:b6:8b:4c:d1:9a:d5:
                    b9:d9:42:42:71:60:3a:c6:ad:ae:44:e7:6c:5c:8b:
                    a0:ca:6f:8d:f2:f3:63:11:89:5c:55:b2:f9:d0:a9:
                    85:5b:36:d3:df:73:98:9c:2e:3c:c2:f0:13:88:a7:
                    17:0a:90:73:00:d6:5f:ca:b1:60:36:94:e6:08:cf:
                    8a:f7:98:98:12:97:cd:58:95:70:d1:56:53:57:66:
                    cc:37:3e:09:32:dc:11:ca:f2:48:d7:68:c9:9d:6d:
                    e9:51:19:aa:ee:63:c3:2f:e6:9b:34:e4:f4:da:23:
                    0e:97:63:16:9b:2a:f4:a3:78:c7:dc:5e:27:7b:f0:
                    8a:2a:e3:26:62:19:63:82:e0:3b:f2:4c:78:f1:48:
                    37:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:9C:E6:2A:F3:AB:59:88:BA:D0:90:17:CF:08:B8:E0:6A:B1:18:5F
            X509v3 Authority Key Identifier:
                keyid:FF:29:E7:0A:F2:F7:E1:8C:BC:19:F9:7C:CA:8F:D6:C0:50:99:74:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_ynnCvL34Yy8Gfl8yo_WwFCZdB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/dZzmKvOrWYi60JAXzwi44GqxGF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/ec2d89-44dd-4bab-ae7a-cf20e5b67fc8/1/_ynnCvL34Yy8Gfl8yo_WwFCZdB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.20.0/23
                  91.205.44.0/22
                  93.88.128.0/20
                  93.187.120.0/21
                  185.55.40.0/22
                  185.58.124.0/22
                  185.58.152.0/22
                  185.59.192.0/22
                  185.61.192.0/24
                  185.61.195.0/24
                  185.175.72.0/22
                IPv6:
                  2a00:8040::/32
                  2a02:6160::/32
                  2a03:6c0::/32
                  2a03:ed80::/32
                  2a04:e080::/29
                  2a04:ed40::/29
                  2a0b:d700::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:45:18:0c:84:2c:78:54:1b:16:2e:27:1d:37:60:84:40:2a:
         1c:f8:e2:a5:60:f7:0a:1e:77:0c:56:25:37:c4:f8:bd:f6:30:
         00:be:fd:05:32:5a:68:fc:d8:a9:26:d8:d6:65:bb:79:a9:5b:
         31:92:a1:e8:12:60:ae:59:09:45:cb:b7:ca:62:34:ab:82:5a:
         a7:39:10:b9:f6:d4:a7:1d:27:da:6a:fd:c6:0e:c9:28:44:f1:
         9b:1a:47:e9:b0:b6:90:88:22:3d:eb:28:c5:bf:a9:7e:9b:0d:
         bd:b1:8d:58:68:f6:71:83:aa:2f:09:0f:e8:9f:40:5a:c2:bb:
         3e:fb:54:e6:7e:92:ef:53:87:a4:eb:1d:da:e4:29:b2:d0:17:
         da:97:41:e7:7a:44:37:31:3e:06:98:b0:08:3b:e2:67:80:6b:
         a5:c2:00:02:41:9b:c4:cc:cc:dd:94:29:22:3b:b5:25:67:ef:
         98:0c:7e:3e:cc:c8:4b:bb:59:55:7c:8d:80:ae:35:c6:e5:61:
         53:30:35:19:00:57:d8:09:0b:f6:c9:3e:2c:9b:74:d1:d1:ed:
         d6:27:82:fe:6c:5e:f2:b6:9c:bc:53:09:4f:bc:55:96:31:99:
         6d:71:e1:92:f1:c0:3a:41:5a:5b:69:ed:9e:22:fb:42:3f:a8:
         63:84:4a:b2
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYcPGPah3NTAeh1ewSN+CYR8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMjllNzBhZjJmN2UxOGNiYzE5Zjk3Y2NhOGZkNmMwNTA5
OTc0MWQwHhcNMjMwMzIzMTUzMTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTljZTYyYWYzYWI1OTg4YmFkMDkwMTdjZjA4YjhlMDZhYjExODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSH48RtltB26fMJ6mE033j9cmA3i
sUV96a5hsf6BarXr3VwetGKHWhWf7ucJZvKN9Eq03O9bHIGetPMhi7KqarxIJeUB
Edx3Qj9/Wj+ju/x1GWPbOghqPiomwfO2uhW5/TT/XVoT6Ue/KPfZ4d8+Wt62i0zR
mtW52UJCcWA6xq2uROdsXIugym+N8vNjEYlcVbL50KmFWzbT33OYnC48wvATiKcX
CpBzANZfyrFgNpTmCM+K95iYEpfNWJVw0VZTV2bMNz4JMtwRyvJI12jJnW3pURmq
7mPDL+abNOT02iMOl2MWmyr0o3jH3F4ne/CKKuMmYhljguA78kx48Ug3LQIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFHWc5irzq1mIutCQF88IuOBqsRhfMB8GA1UdIwQY
MBaAFP8p5wry9+GMvBn5fMqP1sBQmXQdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3lubkN2TDM0WXk4R2ZsOHlvX1d3RkNaZEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9lYzJkODktNDRkZC00YmFiLWFlN2Et
Y2YyMGU1YjY3ZmM4LzEvZFp6bUt2T3JXWWk2MEpBWHp3aTQ0R3F4R0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9lYzJkODktNDRkZC00YmFiLWFlN2EtY2YyMGU1YjY3ZmM4
LzEvX3lubkN2TDM0WXk4R2ZsOHlvX1d3RkNaZEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzBIBAIAATBCAwQBW8wU
AwQCW80sAwQEXViAAwQDXbt4AwQCuTcoAwQCuTp8AwQCuTqYAwQCuTvAAwQAuT3A
AwQAuT3DAwQCua9IMDcEAgACMDEDBQAqAIBAAwUAKgJhYAMFACoDBsADBQAqA+2A
AwUDKgTggAMFAyoE7UADBQMqC9cAMA0GCSqGSIb3DQEBCwUAA4IBAQAWRRgMhCx4
VBsWLicdN2CEQCoc+OKlYPcKHncMViU3xPi99jAAvv0FMlpo/NipJtjWZbt5qVsx
kqHoEmCuWQlFy7fKYjSrglqnORC59tSnHSfaav3GDskoRPGbGkfpsLaQiCI96yjF
v6l+mw29sY1YaPZxg6ovCQ/on0Bawrs++1TmfpLvU4ek6x3a5Cmy0Bfal0HnekQ3
MT4GmLAIO+JngGulwgACQZvEzMzdlCkiO7UlZ++YDH4+zMhLu1lVfI2ArjXG5WFT
MDUZAFfYCQv2yT4sm3TR0e3WJ4L+bF7ytpy8UwlPvFWWMZltceGS8cA6QVpbae2e
IvtCP6hjhEqy
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:56 2024 by rpki-client on console-fra.rpki-client.org