Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8f3fed-2c53-4eca-a332-4579a38f6d08/1/vn6wMxrOZpKzjRip_FOArh0xwOg.roa
File:                     vn6wMxrOZpKzjRip_FOArh0xwOg.roa (raw, json)
Hash identifier:          zIUVzckyqHbqaKgIw57X/mdy6V8C0j58dHg4uENSPKA=
Subject key identifier:   BE:7E:B0:33:1A:CE:66:92:B3:8D:18:A9:FC:53:80:AE:1D:31:C0:E8
Certificate issuer:       /CN=5f4a8f04ef2febe54f9db6a9a2f856594b6e2f08
Certificate serial:       018AE1C775945BB144D26798F90AFB49F5B3
Authority key identifier: 5F:4A:8F:04:EF:2F:EB:E5:4F:9D:B6:A9:A2:F8:56:59:4B:6E:2F:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X0qPBO8v6-VPnbapovhWWUtuLwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8f3fed-2c53-4eca-a332-4579a38f6d08/1/vn6wMxrOZpKzjRip_FOArh0xwOg.roa
Signing time:             Fri 29 Sep 2023 16:30:59 +0000
ROA not before:           Fri 29 Sep 2023 16:30:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     16178
IP address blocks:        178.77.0.0/18 maxlen: 18
                          178.77.0.0/20 maxlen: 20
                          178.77.0.0/19 maxlen: 19
                          185.14.124.0/22 maxlen: 22
                          85.158.36.0/22 maxlen: 22
                          85.158.32.0/24 maxlen: 24
                          85.158.35.0/24 maxlen: 24
                          85.158.32.0/21 maxlen: 21
                          217.75.192.0/24 maxlen: 24
                          217.75.192.0/20 maxlen: 20
                          217.75.192.0/21 maxlen: 21
                          217.75.193.0/24 maxlen: 24
                          217.75.194.0/24 maxlen: 24
                          217.75.196.0/24 maxlen: 24
                          217.75.197.0/24 maxlen: 24
                          217.75.198.0/24 maxlen: 24
                          217.75.199.0/24 maxlen: 24
                          178.77.16.0/20 maxlen: 20
                          46.36.160.0/19 maxlen: 19
                          178.77.32.0/19 maxlen: 19
                          217.75.204.0/24 maxlen: 24
                          217.75.205.0/24 maxlen: 24
                          217.75.206.0/24 maxlen: 24
                          217.75.200.0/21 maxlen: 21
                          217.75.200.0/24 maxlen: 24
                          217.75.201.0/24 maxlen: 24
                          217.75.203.0/24 maxlen: 24
                          217.75.207.0/24 maxlen: 24
                          79.142.0.0/20 maxlen: 20
                          2a00:fe8::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 02 Oct 2023 09:20:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:e1:c7:75:94:5b:b1:44:d2:67:98:f9:0a:fb:49:f5:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f4a8f04ef2febe54f9db6a9a2f856594b6e2f08
        Validity
            Not Before: Sep 29 16:30:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=be7eb0331ace6692b38d18a9fc5380ae1d31c0e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:11:23:1e:eb:8e:aa:67:1a:d4:ea:36:58:b8:
                    16:84:15:a6:db:6c:6c:25:87:2a:6c:65:e5:42:76:
                    d9:01:9c:2c:04:85:b9:31:7d:7d:aa:62:c1:4f:e6:
                    af:0d:8f:60:e7:d1:bc:18:80:67:89:68:b3:8b:cf:
                    a8:21:03:19:ea:5d:fb:e2:49:b5:4a:92:e7:c2:c2:
                    62:3a:a9:1c:0f:dd:a8:50:45:5d:5d:8c:aa:a7:ce:
                    b2:19:d5:50:25:2c:3d:b2:dc:dd:27:43:17:7c:88:
                    dc:90:95:3d:72:a1:0b:24:1e:99:80:d7:1d:fc:30:
                    e4:5f:55:a7:ee:aa:a2:aa:c2:a9:7f:d1:2a:b9:14:
                    14:c1:9c:91:81:34:1a:b3:86:88:2e:4f:0c:7d:c2:
                    3f:87:00:41:12:ad:17:26:df:70:1a:aa:90:11:1f:
                    a0:7c:85:c7:e1:8a:20:90:b7:d1:d8:85:08:19:85:
                    c8:25:8c:9f:1d:3c:ab:f0:61:31:39:db:5a:1b:13:
                    7f:b7:c7:dc:b5:dd:87:00:2b:8d:7d:b7:9e:95:18:
                    a8:0a:a2:30:93:75:3d:4b:cc:2a:b5:68:37:8c:82:
                    7e:6d:5f:d6:be:ee:5e:0d:e0:75:6e:19:2d:17:9b:
                    50:26:2a:cd:65:89:2d:21:c6:72:fe:21:87:74:a5:
                    08:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:7E:B0:33:1A:CE:66:92:B3:8D:18:A9:FC:53:80:AE:1D:31:C0:E8
            X509v3 Authority Key Identifier:
                keyid:5F:4A:8F:04:EF:2F:EB:E5:4F:9D:B6:A9:A2:F8:56:59:4B:6E:2F:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X0qPBO8v6-VPnbapovhWWUtuLwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8f3fed-2c53-4eca-a332-4579a38f6d08/1/vn6wMxrOZpKzjRip_FOArh0xwOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8f3fed-2c53-4eca-a332-4579a38f6d08/1/X0qPBO8v6-VPnbapovhWWUtuLwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.160.0/19
                  79.142.0.0/20
                  85.158.32.0/21
                  178.77.0.0/18
                  185.14.124.0/22
                  217.75.192.0/20
                IPv6:
                  2a00:fe8::/32

    Signature Algorithm: sha256WithRSAEncryption
         71:34:bc:19:15:a0:7e:42:4b:7f:08:e1:fd:80:bc:7b:68:3c:
         fe:f7:01:a8:22:7e:8c:d4:f8:18:85:03:2a:29:37:01:43:16:
         64:bc:d9:bb:1b:1d:e4:c8:60:4f:dd:37:30:19:d4:66:58:9c:
         9d:6e:0e:96:94:64:86:42:41:7a:ba:9f:2c:d5:7c:fd:4d:25:
         db:98:fa:96:f8:89:cc:7d:8d:27:16:52:d5:44:c1:7b:d9:39:
         3a:0f:fc:af:2b:83:64:62:83:b2:bb:41:3d:03:1f:7e:ce:93:
         54:6a:4a:44:09:5e:c6:8b:e8:eb:a7:fb:9b:67:1a:ba:43:c0:
         e9:20:ad:30:73:3d:02:3c:92:a6:2e:d2:45:e8:91:ef:b1:86:
         6a:f0:2c:db:6d:25:b4:c5:aa:4b:4b:34:7e:46:06:57:4b:3f:
         04:5b:3c:24:25:40:bc:79:96:6d:95:92:44:2c:a5:72:3c:0e:
         9f:fe:39:6d:d0:81:25:75:bf:a6:a3:93:d6:c2:4a:25:3e:b1:
         ac:a6:f7:ea:f3:3b:fa:f1:51:2f:a4:5d:b7:74:e0:4f:b6:74:
         2b:e1:b6:17:90:5d:75:b0:a9:7d:41:3a:84:c6:8c:29:b8:5b:
         8e:18:08:b5:55:0d:c1:ab:0e:0c:d9:9b:47:65:2e:a6:fa:01:
         d3:ac:4e:a2
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYrhx3WUW7FE0meY+Qr7SfWzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNGE4ZjA0ZWYyZmViZTU0ZjlkYjZhOWEyZjg1NjU5NGI2
ZTJmMDgwHhcNMjMwOTI5MTYzMDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTdlYjAzMzFhY2U2NjkyYjM4ZDE4YTlmYzUzODBhZTFkMzFjMGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixEjHuuOqmca1Oo2WLgWhBWm22xs
JYcqbGXlQnbZAZwsBIW5MX19qmLBT+avDY9g59G8GIBniWizi8+oIQMZ6l374km1
SpLnwsJiOqkcD92oUEVdXYyqp86yGdVQJSw9stzdJ0MXfIjckJU9cqELJB6ZgNcd
/DDkX1Wn7qqiqsKpf9EquRQUwZyRgTQas4aILk8MfcI/hwBBEq0XJt9wGqqQER+g
fIXH4YogkLfR2IUIGYXIJYyfHTyr8GExOdtaGxN/t8fctd2HACuNfbeelRioCqIw
k3U9S8wqtWg3jIJ+bV/Wvu5eDeB1bhktF5tQJirNZYktIcZy/iGHdKUIEwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFL5+sDMazmaSs40YqfxTgK4dMcDoMB8GA1UdIwQY
MBaAFF9KjwTvL+vlT522qaL4VllLbi8IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDBxUEJPOHY2LVZQbmJhcG92aFdXVXR1THdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZjNmZWQtMmM1My00ZWNhLWEzMzIt
NDU3OWEzOGY2ZDA4LzEvdm42d014ck9acEt6alJpcF9GT0FyaDB4d09nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZjNmZWQtMmM1My00ZWNhLWEzMzItNDU3OWEzOGY2ZDA4
LzEvWDBxUEJPOHY2LVZQbmJhcG92aFdXVXR1THdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFLiSgAwQE
T44AAwQDVZ4gAwQGsk0AAwQCuQ58AwQE2UvAMA0EAgACMAcDBQAqAA/oMA0GCSqG
SIb3DQEBCwUAA4IBAQBxNLwZFaB+Qkt/COH9gLx7aDz+9wGoIn6M1PgYhQMqKTcB
QxZkvNm7Gx3kyGBP3TcwGdRmWJydbg6WlGSGQkF6up8s1Xz9TSXbmPqW+InMfY0n
FlLVRMF72Tk6D/yvK4NkYoOyu0E9Ax9+zpNUakpECV7Gi+jrp/ubZxq6Q8DpIK0w
cz0CPJKmLtJF6JHvsYZq8CzbbSW0xapLSzR+RgZXSz8EWzwkJUC8eZZtlZJELKVy
PA6f/jlt0IEldb+mo5PWwkolPrGspvfq8zv68VEvpF23dOBPtnQr4bYXkF11sKl9
QTqExowpuFuOGAi1VQ3Bqw4M2ZtHZS6m+gHTrE6i
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:35 2024 by rpki-client on console-ams.rpki-client.org