Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/cu7Fxpo0pylNSGPYP1lag70KJCo.roa
File:                     cu7Fxpo0pylNSGPYP1lag70KJCo.roa (raw, json)
Hash identifier:          YFARbLzjZneWuU/3FNT9hX/HgaeP7IuBz7gMGTb4Iug=
Subject key identifier:   72:EE:C5:C6:9A:34:A7:29:4D:48:63:D8:3F:59:5A:83:BD:0A:24:2A
Certificate issuer:       /CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
Certificate serial:       018B47D5F80E8844A40F0F79D462D2243708
Authority key identifier: A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/cu7Fxpo0pylNSGPYP1lag70KJCo.roa
Signing time:             Thu 19 Oct 2023 12:08:06 +0000
ROA not before:           Thu 19 Oct 2023 12:08:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48854
IP address blocks:        185.134.28.0/22 maxlen: 22
                          195.178.14.0/23 maxlen: 23
                          80.70.0.0/23 maxlen: 23
                          185.21.40.0/22 maxlen: 22
                          80.70.6.0/23 maxlen: 23
                          80.70.7.0/24 maxlen: 24
                          212.97.132.0/22 maxlen: 22
                          212.97.143.0/24 maxlen: 24
                          212.97.140.0/24 maxlen: 24
                          212.97.140.0/22 maxlen: 22
                          212.97.142.0/24 maxlen: 24
                          212.97.141.0/24 maxlen: 24
                          94.143.8.0/21 maxlen: 21
                          93.191.152.0/21 maxlen: 21
                          93.191.152.0/22 maxlen: 22
                          217.61.236.0/22 maxlen: 22
                          93.191.156.0/24 maxlen: 24
                          93.191.158.0/24 maxlen: 24
                          93.191.157.0/24 maxlen: 24
                          89.188.72.0/21 maxlen: 21
                          185.25.142.0/24 maxlen: 24
                          185.25.141.0/24 maxlen: 24
                          185.25.143.0/24 maxlen: 24
                          94.231.96.0/20 maxlen: 20
                          94.231.103.0/24 maxlen: 24
                          185.223.24.0/22 maxlen: 22
                          185.221.36.0/22 maxlen: 22
                          212.237.248.0/23 maxlen: 23
                          194.150.112.0/22 maxlen: 22
                          185.20.204.0/22 maxlen: 22
                          185.20.205.0/24 maxlen: 24
                          185.20.206.0/23 maxlen: 23
                          2a06:eac0::/29 maxlen: 48
                          2a03:2740::/47 maxlen: 48
                          2a02:2338::/32 maxlen: 48
                          2a02:2339:4000::/34 maxlen: 48

Validation:               Failed, certificate revoked on Thu 19 Oct 2023 12:17:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:47:d5:f8:0e:88:44:a4:0f:0f:79:d4:62:d2:24:37:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
        Validity
            Not Before: Oct 19 12:08:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=72eec5c69a34a7294d4863d83f595a83bd0a242a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:61:20:e6:f8:f9:dd:9e:95:df:ac:9b:a3:a9:
                    58:97:8b:77:61:5c:8c:76:b1:28:57:f5:43:ee:08:
                    f2:0e:c6:c0:d1:fe:35:5a:da:90:b2:a2:65:18:ea:
                    df:e3:4e:a3:be:b6:f3:b2:70:67:ab:23:3c:37:8c:
                    7f:55:85:17:f9:0d:6d:28:f5:77:ad:b1:55:d7:92:
                    5c:df:a5:79:04:00:e6:ee:f1:65:ff:70:11:ab:22:
                    8a:dc:28:03:13:1a:b5:03:fd:03:19:fe:65:68:fb:
                    23:0d:b3:9d:d0:b2:7a:71:05:20:30:49:2f:6c:b9:
                    fe:f3:53:e5:8e:a7:05:33:9a:7e:3c:c8:0e:d4:d2:
                    51:c7:ba:c1:90:8e:1b:49:6d:e4:20:88:22:ea:3b:
                    ae:a2:f8:fb:70:fa:19:06:a0:19:37:fe:01:e1:f9:
                    d1:cd:3c:21:4d:73:ce:bd:81:0b:d6:6d:24:f9:b9:
                    1a:c8:a0:74:a1:42:2d:d6:ff:d9:34:a1:aa:18:b4:
                    bd:fb:06:2e:c4:46:88:14:39:1c:49:5a:05:d3:1a:
                    8c:34:75:8d:57:34:f1:4a:af:22:74:08:7e:62:2d:
                    69:2e:9a:f9:9a:5a:bf:42:32:86:79:32:6e:fb:35:
                    08:c3:b6:fc:f5:f4:74:86:c4:c2:0f:0b:46:e9:50:
                    ce:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:EE:C5:C6:9A:34:A7:29:4D:48:63:D8:3F:59:5A:83:BD:0A:24:2A
            X509v3 Authority Key Identifier:
                keyid:A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/cu7Fxpo0pylNSGPYP1lag70KJCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/pOcgX11BJXpruV-QDuwKESPnUWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.70.0.0/23
                  80.70.6.0/23
                  89.188.72.0/21
                  93.191.152.0/21
                  94.143.8.0/21
                  94.231.96.0/20
                  185.20.204.0/22
                  185.21.40.0/22
                  185.25.141.0-185.25.143.255
                  185.134.28.0/22
                  185.221.36.0/22
                  185.223.24.0/22
                  194.150.112.0/22
                  195.178.14.0/23
                  212.97.132.0/22
                  212.97.140.0/22
                  212.237.248.0/23
                  217.61.236.0/22
                IPv6:
                  2a02:2338::/32
                  2a02:2339:4000::/34
                  2a03:2740::/47
                  2a06:eac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:eb:aa:3e:fa:bf:16:c3:9d:df:d5:1a:97:19:c6:be:1a:63:
         4e:ea:32:31:0b:8c:2c:d8:54:4d:b0:ed:ef:65:2c:e4:16:a3:
         cf:c1:eb:5c:68:ae:61:14:b2:c7:fb:c2:d5:34:3f:07:3f:1a:
         f5:e1:35:0d:33:9a:e9:e5:e8:43:45:70:06:a7:6a:28:e6:a1:
         42:31:cb:0a:16:7f:fb:4b:b1:12:25:64:aa:29:61:91:06:05:
         37:30:e5:63:25:c6:52:06:8a:3c:13:7f:c8:6c:95:87:29:02:
         2e:b9:c6:a2:d3:e4:c7:bc:9c:ea:75:02:e3:01:dc:a9:58:f2:
         55:31:15:ab:fb:96:b8:2f:51:42:c5:02:4a:40:1f:58:ee:40:
         d1:39:59:5c:93:fb:2b:50:b9:4c:2b:64:00:04:7c:46:5c:f8:
         d2:58:91:2e:62:08:99:61:af:ab:54:23:e3:4d:3d:3c:7a:7f:
         9c:7c:c5:35:af:45:d1:b0:2e:3d:d9:a7:9f:9b:c4:f0:93:bb:
         57:d0:09:29:96:8e:0d:bf:97:42:f4:79:ee:f3:02:be:df:cb:
         7a:df:ab:bf:1c:62:25:a9:81:ce:e9:b8:b8:cf:2f:3e:3f:17:
         9e:5d:95:da:b7:d4:51:1a:1d:f9:19:00:ee:d9:2b:f7:d5:f5:
         31:fa:cb:30
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYtH1fgOiESkDw951GLSJDcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZTcyMDVmNWQ0MTI1N2E2YmI5NWY5MDBlZWMwYTExMjNl
NzUxNjQwHhcNMjMxMDE5MTIwODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmVlYzVjNjlhMzRhNzI5NGQ0ODYzZDgzZjU5NWE4M2JkMGEyNDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWEg5vj53Z6V36ybo6lYl4t3YVyM
drEoV/VD7gjyDsbA0f41WtqQsqJlGOrf406jvrbzsnBnqyM8N4x/VYUX+Q1tKPV3
rbFV15Jc36V5BADm7vFl/3ARqyKK3CgDExq1A/0DGf5laPsjDbOd0LJ6cQUgMEkv
bLn+81PljqcFM5p+PMgO1NJRx7rBkI4bSW3kIIgi6juuovj7cPoZBqAZN/4B4fnR
zTwhTXPOvYEL1m0k+bkayKB0oUIt1v/ZNKGqGLS9+wYuxEaIFDkcSVoF0xqMNHWN
VzTxSq8idAh+Yi1pLpr5mlq/QjKGeTJu+zUIw7b89fR0hsTCDwtG6VDOaQIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFHLuxcaaNKcpTUhj2D9ZWoO9CiQqMB8GA1UdIwQY
MBaAFKTnIF9dQSV6a7lfkA7sChEj51FkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE9jZ1gxMUJKWHBydVYtUUR1d0tFU1BuVVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9mNzYxYmQtNWMzYS00ZDJmLThjZDkt
M2U1OWNlNDQ1YjFjLzEvY3U3RnhwbzBweWxOU0dQWVAxbGFnNzBLSkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9mNzYxYmQtNWMzYS00ZDJmLThjZDktM2U1OWNlNDQ1YjFj
LzEvcE9jZ1gxMUJKWHBydVYtUUR1d0tFU1BuVVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozB6BAIAATB0AwQBUEYA
AwQBUEYGAwQDWbxIAwQDXb+YAwQDXo8IAwQEXudgAwQCuRTMAwQCuRUoMAwDBAC5
GY0DBAS5GYADBAK5hhwDBAK53SQDBAK53xgDBALClnADBAHDsg4DBALUYYQDBALU
YYwDBAHU7fgDBALZPewwJQQCAAIwHwMFACoCIzgDBgYqAiM5QAMHASoDJ0AAAAMF
AyoG6sAwDQYJKoZIhvcNAQELBQADggEBAHrrqj76vxbDnd/VGpcZxr4aY07qMjEL
jCzYVE2w7e9lLOQWo8/B61xormEUssf7wtU0Pwc/GvXhNQ0zmunl6ENFcAanaijm
oUIxywoWf/tLsRIlZKopYZEGBTcw5WMlxlIGijwTf8hslYcpAi65xqLT5Me8nOp1
AuMB3KlY8lUxFav7lrgvUULFAkpAH1juQNE5WVyT+ytQuUwrZAAEfEZc+NJYkS5i
CJlhr6tUI+NNPTx6f5x8xTWvRdGwLj3Zp5+bxPCTu1fQCSmWjg2/l0L0ee7zAr7f
y3rfq78cYiWpgc7puLjPLz4/F55dldq31FEaHfkZAO7ZK/fV9TH6yzA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:23 2024 by rpki-client on console-fra.rpki-client.org