Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/eixm6Qp293Mh_X3aclTHOUi1-lc.roa
File:                     eixm6Qp293Mh_X3aclTHOUi1-lc.roa (raw, json)
Hash identifier:          pMzHRL8gqXbpP/WTkSB11Z0b49IKd/8KqMjl2sWFjzE=
Subject key identifier:   7A:2C:66:E9:0A:76:F7:73:21:FD:7D:DA:72:54:C7:39:48:B5:FA:57
Certificate issuer:       /CN=9a1e69368abd34538fe77ddaabcdc835af595eba
Certificate serial:       018DE47104D1CBDA82B9F873BBE44EF05391
Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/eixm6Qp293Mh_X3aclTHOUi1-lc.roa
Signing time:             Mon 26 Feb 2024 08:03:48 +0000
ROA not before:           Mon 26 Feb 2024 08:03:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34918
IP address blocks:        85.9.96.0/20 maxlen: 20
                          85.9.96.0/21 maxlen: 21
                          85.9.96.0/22 maxlen: 22
                          85.9.100.0/22 maxlen: 22
                          85.9.104.0/21 maxlen: 21
                          85.9.106.0/24 maxlen: 24
                          85.9.111.0/24 maxlen: 24
                          85.9.112.0/22 maxlen: 22
                          85.9.120.0/21 maxlen: 21
                          85.9.120.0/22 maxlen: 22
                          85.9.124.0/22 maxlen: 22
                          185.126.0.0/20 maxlen: 20
                          185.126.0.0/21 maxlen: 21
                          185.126.0.0/22 maxlen: 22
                          185.126.0.0/24 maxlen: 24
                          185.126.1.0/24 maxlen: 24
                          185.126.2.0/24 maxlen: 24
                          185.126.3.0/24 maxlen: 24
                          185.126.4.0/24 maxlen: 24
                          185.126.5.0/24 maxlen: 24
                          185.126.6.0/24 maxlen: 24
                          185.126.7.0/24 maxlen: 24
                          185.126.8.0/21 maxlen: 21
                          185.126.8.0/24 maxlen: 24
                          185.126.9.0/24 maxlen: 24
                          185.126.10.0/24 maxlen: 24
                          185.126.11.0/24 maxlen: 24
                          185.126.12.0/24 maxlen: 24
                          185.126.13.0/24 maxlen: 24
                          185.126.14.0/24 maxlen: 24
                          185.126.15.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 07:57:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e4:71:04:d1:cb:da:82:b9:f8:73:bb:e4:4e:f0:53:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba
        Validity
            Not Before: Feb 26 08:03:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a2c66e90a76f77321fd7dda7254c73948b5fa57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:17:84:25:58:4f:d1:4d:56:29:a9:5c:66:e7:
                    35:d6:4b:60:18:52:93:77:e3:f7:19:d9:33:4f:24:
                    92:70:3d:ac:03:1f:1f:1a:7b:db:76:7a:35:d8:26:
                    44:bd:4f:b1:57:42:fa:e6:37:6e:66:0a:e4:02:d5:
                    28:00:59:59:74:5e:26:c2:68:30:75:81:09:ae:68:
                    35:0d:94:ac:62:fd:82:0b:cf:b1:e3:12:ea:bc:c9:
                    a7:93:ed:10:a4:da:08:9b:8a:c0:9a:30:36:db:a3:
                    7a:dd:eb:3a:9e:ef:45:32:2b:b8:da:a6:a0:cb:71:
                    94:cb:fb:0c:cc:a2:dc:7b:47:8e:06:14:17:62:10:
                    39:5e:30:75:e5:18:51:4f:77:37:70:39:09:9c:e5:
                    21:13:03:28:f6:a6:6f:21:62:98:e3:bb:45:56:7b:
                    58:2a:c5:93:11:53:4a:e6:1b:19:8b:56:39:0b:c4:
                    14:20:ab:11:29:1e:3c:6e:2e:f2:99:bd:0f:38:e8:
                    99:8e:4f:63:ca:5a:2c:7e:78:9d:0c:2f:3a:99:ab:
                    f3:08:36:98:7b:76:e0:d6:23:c3:5a:7a:25:c7:91:
                    e5:14:d8:e1:e8:00:f6:8a:15:ab:4f:56:f4:94:16:
                    c5:f2:ec:7a:43:91:93:aa:68:62:07:b1:4f:c5:1c:
                    d4:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:2C:66:E9:0A:76:F7:73:21:FD:7D:DA:72:54:C7:39:48:B5:FA:57
            X509v3 Authority Key Identifier:
                keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/eixm6Qp293Mh_X3aclTHOUi1-lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.9.96.0-85.9.115.255
                  85.9.120.0/21
                  185.126.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         ba:ac:d5:04:10:d9:02:e9:be:64:f2:f9:f8:94:9a:bb:4f:e8:
         8c:79:63:75:49:cf:e4:51:20:14:1c:76:c5:18:74:e0:fb:94:
         fe:e5:c6:e9:49:94:7c:ef:e9:16:a2:1e:e8:30:b0:66:1d:dd:
         c1:53:e7:c6:a5:f9:88:53:63:49:ed:32:50:48:28:b9:e3:59:
         9f:1f:15:49:8a:02:0a:da:b5:b8:d6:96:51:de:3f:c6:d1:ad:
         ac:0e:fb:66:92:6c:92:c6:b4:3b:95:47:53:58:e6:3c:8e:f0:
         3b:e2:8a:aa:09:70:0f:f5:dc:f5:e7:a7:40:be:5e:d7:bb:2c:
         33:8e:db:57:bb:a1:ac:22:81:d8:25:25:cb:f4:d1:27:f7:ac:
         a2:76:f9:d5:c1:a5:29:1d:6e:1d:17:aa:6d:c7:78:99:c4:42:
         58:74:a4:b1:f1:4f:77:f0:8d:fa:94:63:86:8f:b8:b4:da:0b:
         68:31:24:cb:f5:64:cc:30:2e:85:1e:0c:7b:d6:f3:0e:02:13:
         bd:f7:b6:22:e6:d1:36:28:43:cb:d2:ca:30:87:d3:e6:51:81:
         ec:38:ed:0e:32:57:99:1e:f7:93:12:da:03:07:d0:bf:6e:81:
         f1:4e:00:21:da:0d:09:d1:a3:d0:7f:c4:b7:28:ad:7a:81:43:
         1a:06:e2:cb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY3kcQTRy9qCufhzu+RO8FORMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1
OTVlYmEwHhcNMjQwMjI2MDgwMzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTJjNjZlOTBhNzZmNzczMjFmZDdkZGE3MjU0YzczOTQ4YjVmYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxheEJVhP0U1WKalcZuc11ktgGFKT
d+P3GdkzTySScD2sAx8fGnvbdno12CZEvU+xV0L65jduZgrkAtUoAFlZdF4mwmgw
dYEJrmg1DZSsYv2CC8+x4xLqvMmnk+0QpNoIm4rAmjA226N63es6nu9FMiu42qag
y3GUy/sMzKLce0eOBhQXYhA5XjB15RhRT3c3cDkJnOUhEwMo9qZvIWKY47tFVntY
KsWTEVNK5hsZi1Y5C8QUIKsRKR48bi7ymb0POOiZjk9jylosfnidDC86mavzCDaY
e3bg1iPDWnolx5HlFNjh6AD2ihWrT1b0lBbF8ux6Q5GTqmhiB7FPxRzUTwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFHosZukKdvdzIf192nJUxzlItfpXMB8GA1UdIwQY
MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt
MTA5ODJlMDQwZDUzLzEvZWl4bTZRcDI5M01oX1gzYWNsVEhPVWkxLWxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz
LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAVVCWAD
BAJVCXADBANVCXgDBAS5fgAwDQYJKoZIhvcNAQELBQADggEBALqs1QQQ2QLpvmTy
+fiUmrtP6Ix5Y3VJz+RRIBQcdsUYdOD7lP7lxulJlHzv6RaiHugwsGYd3cFT58al
+YhTY0ntMlBIKLnjWZ8fFUmKAgratbjWllHeP8bRrawO+2aSbJLGtDuVR1NY5jyO
8DviiqoJcA/13PXnp0C+Xte7LDOO21e7oawigdglJcv00Sf3rKJ2+dXBpSkdbh0X
qm3HeJnEQlh0pLHxT3fwjfqUY4aPuLTaC2gxJMv1ZMwwLoUeDHvW8w4CE733tiLm
0TYoQ8vSyjCH0+ZRgew47Q4yV5ke95MS2gMH0L9ugfFOACHaDQnRo9B/xLcorXqB
QxoG4ss=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:34 2024 by rpki-client on console-ams.rpki-client.org