Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/kZcUGy1ej4BkpbOwyvnWirKkDR4.roa
File:                     kZcUGy1ej4BkpbOwyvnWirKkDR4.roa (raw, json)
Hash identifier:          HGiFB5fyN0/H5aiWcmTFftODzTUVJ7ZfrwsDR1iqRx4=
Subject key identifier:   91:97:14:1B:2D:5E:8F:80:64:A5:B3:B0:CA:F9:D6:8A:B2:A4:0D:1E
Certificate issuer:       /CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
Certificate serial:       018616A8A512D0835AE3864ACD9BF4F5B118
Authority key identifier: A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/kZcUGy1ej4BkpbOwyvnWirKkDR4.roa
Signing time:             Fri 03 Feb 2023 09:43:16 +0000
ROA not before:           Fri 03 Feb 2023 09:43:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     48854
IP address blocks:        185.134.28.0/22 maxlen: 22
                          195.178.14.0/23 maxlen: 23
                          80.70.0.0/23 maxlen: 23
                          185.21.40.0/22 maxlen: 22
                          80.70.6.0/23 maxlen: 23
                          80.70.7.0/24 maxlen: 24
                          212.97.132.0/22 maxlen: 22
                          212.97.140.0/22 maxlen: 22
                          94.143.8.0/21 maxlen: 21
                          93.191.152.0/21 maxlen: 21
                          93.191.152.0/22 maxlen: 22
                          217.61.236.0/22 maxlen: 22
                          93.191.156.0/24 maxlen: 24
                          93.191.158.0/24 maxlen: 24
                          93.191.157.0/24 maxlen: 24
                          89.188.72.0/21 maxlen: 21
                          185.25.141.0/24 maxlen: 24
                          185.25.143.0/24 maxlen: 24
                          94.231.96.0/20 maxlen: 20
                          94.231.103.0/24 maxlen: 24
                          185.223.24.0/22 maxlen: 22
                          185.221.36.0/22 maxlen: 22
                          212.237.248.0/23 maxlen: 23
                          194.150.112.0/22 maxlen: 22
                          185.20.204.0/22 maxlen: 22
                          185.20.205.0/24 maxlen: 24
                          185.20.206.0/23 maxlen: 23
                          2a06:eac0::/29 maxlen: 48
                          2a03:2740::/48 maxlen: 48
                          2a02:2338::/32 maxlen: 48
                          2a02:2339:4000::/34 maxlen: 48

Validation:               Failed, certificate revoked on Fri 14 Jul 2023 07:33:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:16:a8:a5:12:d0:83:5a:e3:86:4a:cd:9b:f4:f5:b1:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4e7205f5d41257a6bb95f900eec0a1123e75164
        Validity
            Not Before: Feb  3 09:43:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9197141b2d5e8f8064a5b3b0caf9d68ab2a40d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:aa:65:a4:54:67:1f:85:10:23:7b:46:ac:f7:
                    a9:a0:9b:3e:5d:14:8e:d0:60:14:e2:59:9c:99:4f:
                    ef:a6:1d:9a:b9:97:02:ac:07:62:09:39:dc:24:bf:
                    05:3b:24:0c:54:84:c8:af:e7:05:2d:a2:b1:e9:17:
                    3f:5f:6d:db:8c:3d:d9:4d:17:39:1f:0f:6f:a3:df:
                    4a:cc:e2:5c:a2:06:d6:b9:46:fc:f4:7c:1d:9d:05:
                    c4:f8:89:6f:09:4d:23:e1:8a:88:f4:b6:29:bb:9e:
                    02:3f:3b:c1:f8:db:1a:38:30:b7:52:d5:84:cd:58:
                    58:34:a4:37:21:3a:d0:b7:63:75:8a:5a:48:f4:67:
                    5a:b4:61:e5:49:b2:22:4b:ee:43:6e:d2:4a:b1:86:
                    9e:9a:da:16:03:1f:fa:10:21:0c:aa:8d:b8:be:11:
                    0e:b6:a6:86:e3:62:7b:87:07:44:da:e6:5c:8e:a7:
                    e0:5b:c6:d3:37:71:d5:9c:cc:18:58:2d:31:ce:99:
                    9f:86:47:ec:37:a4:24:fb:1e:78:11:59:07:20:ff:
                    72:85:61:d9:2f:f3:76:d0:8a:20:8e:1a:6c:17:ce:
                    9c:5d:cb:b8:f0:30:44:04:36:c3:95:e7:50:1f:24:
                    3a:eb:4a:d9:6e:b4:b1:f1:4f:ff:6f:a0:6c:d9:82:
                    a7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:97:14:1B:2D:5E:8F:80:64:A5:B3:B0:CA:F9:D6:8A:B2:A4:0D:1E
            X509v3 Authority Key Identifier:
                keyid:A4:E7:20:5F:5D:41:25:7A:6B:B9:5F:90:0E:EC:0A:11:23:E7:51:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pOcgX11BJXpruV-QDuwKESPnUWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/kZcUGy1ej4BkpbOwyvnWirKkDR4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/f761bd-5c3a-4d2f-8cd9-3e59ce445b1c/1/pOcgX11BJXpruV-QDuwKESPnUWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.70.0.0/23
                  80.70.6.0/23
                  89.188.72.0/21
                  93.191.152.0/21
                  94.143.8.0/21
                  94.231.96.0/20
                  185.20.204.0/22
                  185.21.40.0/22
                  185.25.141.0/24
                  185.25.143.0/24
                  185.134.28.0/22
                  185.221.36.0/22
                  185.223.24.0/22
                  194.150.112.0/22
                  195.178.14.0/23
                  212.97.132.0/22
                  212.97.140.0/22
                  212.237.248.0/23
                  217.61.236.0/22
                IPv6:
                  2a02:2338::/32
                  2a02:2339:4000::/34
                  2a03:2740::/48
                  2a06:eac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:aa:7a:83:1c:ed:5a:2d:e1:c0:9d:5e:d7:0b:c3:ff:65:47:
         43:66:15:72:6e:a7:df:f9:58:78:3e:06:ff:00:6d:1c:7d:0a:
         6d:f7:04:ba:3d:04:8d:22:4a:7c:df:60:2e:3f:1e:4a:ce:d8:
         21:d2:77:1b:b2:27:7b:73:ae:bb:3d:57:de:20:c9:4c:de:0d:
         c3:53:5f:7d:c1:55:03:2f:53:74:29:a4:6a:bf:26:d6:0c:77:
         4a:a1:a5:01:9d:1c:9b:76:ca:fb:96:36:22:88:eb:dd:6e:70:
         4e:ca:3d:a4:d9:4d:7d:1d:c0:9d:4e:ba:f9:96:6a:85:1b:b2:
         6a:46:c0:2c:0b:ce:67:f4:96:f3:fe:f3:69:66:a4:a5:8f:da:
         a6:58:bc:72:a3:eb:13:ad:5d:0f:6c:bc:c8:0c:fa:bd:70:d1:
         aa:ba:64:0d:e0:7c:f9:79:9b:aa:58:54:cc:d1:cc:78:e7:a0:
         eb:5c:b8:1e:97:96:57:47:b2:30:1f:7d:3d:9f:43:e8:a2:67:
         fe:0c:eb:4d:5a:90:b3:79:f7:97:a1:42:aa:54:e8:cb:42:3e:
         35:78:71:9a:6e:7b:0c:e4:4d:e4:99:32:78:04:39:cb:39:bf:
         80:51:65:53:14:d5:0f:d0:86:e3:c5:09:3b:7c:6f:ed:5e:db:
         a2:2e:da:c2
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYYWqKUS0INa44ZKzZv09bEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZTcyMDVmNWQ0MTI1N2E2YmI5NWY5MDBlZWMwYTExMjNl
NzUxNjQwHhcNMjMwMjAzMDk0MzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTk3MTQxYjJkNWU4ZjgwNjRhNWIzYjBjYWY5ZDY4YWIyYTQwZDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqplpFRnH4UQI3tGrPepoJs+XRSO
0GAU4lmcmU/vph2auZcCrAdiCTncJL8FOyQMVITIr+cFLaKx6Rc/X23bjD3ZTRc5
Hw9vo99KzOJcogbWuUb89HwdnQXE+IlvCU0j4YqI9LYpu54CPzvB+NsaODC3UtWE
zVhYNKQ3ITrQt2N1ilpI9GdatGHlSbIiS+5DbtJKsYaemtoWAx/6ECEMqo24vhEO
tqaG42J7hwdE2uZcjqfgW8bTN3HVnMwYWC0xzpmfhkfsN6Qk+x54EVkHIP9yhWHZ
L/N20IogjhpsF86cXcu48DBEBDbDledQHyQ660rZbrSx8U//b6Bs2YKnfwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFJGXFBstXo+AZKWzsMr51oqypA0eMB8GA1UdIwQY
MBaAFKTnIF9dQSV6a7lfkA7sChEj51FkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE9jZ1gxMUJKWHBydVYtUUR1d0tFU1BuVVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9mNzYxYmQtNWMzYS00ZDJmLThjZDkt
M2U1OWNlNDQ1YjFjLzEva1pjVUd5MWVqNEJrcGJPd3l2bldpcktrRFI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9mNzYxYmQtNWMzYS00ZDJmLThjZDktM2U1OWNlNDQ1YjFj
LzEvcE9jZ1gxMUJKWHBydVYtUUR1d0tFU1BuVVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG0BggrBgEFBQcBBwEB/wSBpDCBoTB4BAIAATByAwQBUEYA
AwQBUEYGAwQDWbxIAwQDXb+YAwQDXo8IAwQEXudgAwQCuRTMAwQCuRUoAwQAuRmN
AwQAuRmPAwQCuYYcAwQCud0kAwQCud8YAwQCwpZwAwQBw7IOAwQC1GGEAwQC1GGM
AwQB1O34AwQC2T3sMCUEAgACMB8DBQAqAiM4AwYGKgIjOUADBwAqAydAAAADBQMq
BurAMA0GCSqGSIb3DQEBCwUAA4IBAQB7qnqDHO1aLeHAnV7XC8P/ZUdDZhVybqff
+Vh4Pgb/AG0cfQpt9wS6PQSNIkp832AuPx5Kztgh0ncbsid7c667PVfeIMlM3g3D
U199wVUDL1N0KaRqvybWDHdKoaUBnRybdsr7ljYiiOvdbnBOyj2k2U19HcCdTrr5
lmqFG7JqRsAsC85n9Jbz/vNpZqSlj9qmWLxyo+sTrV0PbLzIDPq9cNGqumQN4Hz5
eZuqWFTM0cx456DrXLgel5ZXR7IwH309n0Poomf+DOtNWpCzefeXoUKqVOjLQj41
eHGabnsM5E3kmTJ4BDnLOb+AUWVTFNUP0IbjxQk7fG/tXtuiLtrC
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:51 2024 by rpki-client on console-ams.rpki-client.org