Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/D86eVHlpHStPDHczkGTM1t9QMvw.roa
File:                     D86eVHlpHStPDHczkGTM1t9QMvw.roa (raw, json)
Hash identifier:          HGiAZ9xHvW3MvkXs34JN/TqnTz0lJed8+aP7mlKkJrQ=
Subject key identifier:   0F:CE:9E:54:79:69:1D:2B:4F:0C:77:33:90:64:CC:D6:DF:50:32:FC
Certificate issuer:       /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial:       018CC5DC4AD40698ABE33234DA0D0BE036D1
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/D86eVHlpHStPDHczkGTM1t9QMvw.roa
Signing time:             Mon 01 Jan 2024 16:29:57 +0000
ROA not before:           Mon 01 Jan 2024 16:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        85.252.0.0/16 maxlen: 16
                          194.29.200.0/22 maxlen: 22
                          37.191.128.0/17 maxlen: 17
                          213.160.224.0/20 maxlen: 20
                          213.160.240.0/21 maxlen: 21
                          31.185.24.0/21 maxlen: 21
                          81.175.0.0/20 maxlen: 20
                          178.74.0.0/18 maxlen: 18
                          81.175.24.0/21 maxlen: 21
                          81.175.20.0/22 maxlen: 22
                          213.151.128.0/19 maxlen: 19
                          81.175.32.0/19 maxlen: 19
                          217.77.32.0/20 maxlen: 20
                          195.204.0.0/16 maxlen: 16
                          85.221.0.0/17 maxlen: 17
                          217.8.128.0/19 maxlen: 19
                          77.234.48.0/21 maxlen: 21
                          86.62.128.0/18 maxlen: 18
                          62.63.0.0/18 maxlen: 18
                          89.191.0.0/19 maxlen: 19
                          81.191.0.0/16 maxlen: 16
                          193.90.0.0/16 maxlen: 16
                          80.241.80.0/20 maxlen: 20
                          194.19.0.0/17 maxlen: 17
                          212.62.224.0/19 maxlen: 19
                          64.28.0.0/19 maxlen: 19
                          85.196.64.0/18 maxlen: 18
                          193.75.0.0/17 maxlen: 17
                          195.139.0.0/16 maxlen: 16
                          213.172.192.0/19 maxlen: 19
                          78.24.144.0/21 maxlen: 21
                          109.199.192.0/19 maxlen: 19
                          195.1.0.0/16 maxlen: 16
                          213.52.0.0/17 maxlen: 17
                          185.129.156.0/22 maxlen: 22
                          185.35.80.0/22 maxlen: 22
                          193.69.0.0/16 maxlen: 16
                          195.18.128.0/17 maxlen: 17
                          185.8.16.0/22 maxlen: 22
                          85.112.128.0/19 maxlen: 19
                          82.196.192.0/19 maxlen: 19
                          217.118.32.0/19 maxlen: 19
                          79.135.0.0/19 maxlen: 19
                          193.71.0.0/16 maxlen: 16
                          91.135.32.0/20 maxlen: 20
                          217.144.224.0/19 maxlen: 19
                          77.40.128.0/17 maxlen: 17
                          185.67.116.0/22 maxlen: 22
                          213.239.64.0/18 maxlen: 18
                          87.118.0.0/18 maxlen: 18
                          84.20.96.0/19 maxlen: 19
                          77.88.64.0/18 maxlen: 18
                          195.159.0.0/16 maxlen: 16
                          62.101.192.0/18 maxlen: 18
                          80.64.192.0/20 maxlen: 20
                          88.84.160.0/19 maxlen: 19
                          194.54.96.0/19 maxlen: 19
                          81.0.128.0/18 maxlen: 18
                          212.71.64.0/19 maxlen: 19
                          195.0.128.0/17 maxlen: 17
                          217.14.0.0/20 maxlen: 20
                          193.91.128.0/17 maxlen: 17
                          213.158.224.0/19 maxlen: 19
                          2a00:c440::/29 maxlen: 29
                          2001:840::/29 maxlen: 29
                          2a03:c000::/29 maxlen: 29
                          2a01:520::/29 maxlen: 29
                          2a02:270::/29 maxlen: 29
                          2001:4dd8::/29 maxlen: 29
                          2001:8c0::/29 maxlen: 29
                          2a04:6340::/29 maxlen: 29

Validation:               Failed, certificate revoked on Sat 06 Jan 2024 18:15:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:4a:d4:06:98:ab:e3:32:34:da:0d:0b:e0:36:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fce9e5479691d2b4f0c77339064ccd6df5032fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d8:f2:1e:32:59:48:0c:29:b5:75:77:75:22:
                    31:57:e4:39:b7:25:83:62:54:b6:cc:d7:a9:5b:65:
                    6b:1e:85:b6:1e:b5:c1:3f:45:eb:d7:6a:90:39:eb:
                    49:db:2e:c9:62:48:30:8e:10:90:98:3f:5b:02:fd:
                    7b:30:e7:55:27:4b:81:72:b7:27:bf:14:80:8d:d7:
                    9a:e7:4f:9d:51:61:e3:22:6d:33:a4:6b:b3:aa:2b:
                    72:65:36:b2:6d:5d:84:c6:04:60:01:92:1e:e7:19:
                    6f:9d:9c:a3:91:05:67:fb:6c:2f:06:8a:08:d5:e9:
                    d4:97:24:ea:d1:39:1b:80:29:fd:9a:87:21:e6:a7:
                    e7:5c:23:76:94:1c:03:39:fb:54:e8:28:e7:f5:ec:
                    de:b1:17:59:10:df:8d:56:22:0c:42:a6:bc:fe:a7:
                    d0:20:9a:88:e1:c5:aa:b6:3f:d0:a5:2d:ae:07:ee:
                    f8:35:a6:61:8d:90:e3:58:a2:69:21:ff:f3:26:60:
                    42:6f:25:a7:be:f3:73:1d:ae:2a:a4:27:fc:05:ba:
                    51:9b:00:53:e5:cc:bb:3a:f2:50:06:ea:77:bf:28:
                    d1:c4:b8:13:48:d6:dd:4c:1a:56:c1:ee:b0:46:c3:
                    d9:95:4a:5b:4b:af:10:cc:73:2d:2e:b6:b5:19:27:
                    9c:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:CE:9E:54:79:69:1D:2B:4F:0C:77:33:90:64:CC:D6:DF:50:32:FC
            X509v3 Authority Key Identifier:
                keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/D86eVHlpHStPDHczkGTM1t9QMvw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.185.24.0/21
                  37.191.128.0/17
                  62.63.0.0/18
                  62.101.192.0/18
                  64.28.0.0/19
                  77.40.128.0/17
                  77.88.64.0/18
                  77.234.48.0/21
                  78.24.144.0/21
                  79.135.0.0/19
                  80.64.192.0/20
                  80.241.80.0/20
                  81.0.128.0/18
                  81.175.0.0/20
                  81.175.20.0-81.175.63.255
                  81.191.0.0/16
                  82.196.192.0/19
                  84.20.96.0/19
                  85.112.128.0/19
                  85.196.64.0/18
                  85.221.0.0/17
                  85.252.0.0/16
                  86.62.128.0/18
                  87.118.0.0/18
                  88.84.160.0/19
                  89.191.0.0/19
                  91.135.32.0/20
                  109.199.192.0/19
                  178.74.0.0/18
                  185.8.16.0/22
                  185.35.80.0/22
                  185.67.116.0/22
                  185.129.156.0/22
                  193.69.0.0/16
                  193.71.0.0/16
                  193.75.0.0/17
                  193.90.0.0/16
                  193.91.128.0/17
                  194.19.0.0/17
                  194.29.200.0/22
                  194.54.96.0/19
                  195.0.128.0-195.1.255.255
                  195.18.128.0/17
                  195.139.0.0/16
                  195.159.0.0/16
                  195.204.0.0/16
                  212.62.224.0/19
                  212.71.64.0/19
                  213.52.0.0/17
                  213.151.128.0/19
                  213.158.224.0/19
                  213.160.224.0-213.160.247.255
                  213.172.192.0/19
                  213.239.64.0/18
                  217.8.128.0/19
                  217.14.0.0/20
                  217.77.32.0/20
                  217.118.32.0/19
                  217.144.224.0/19
                IPv6:
                  2001:840::/29
                  2001:8c0::/29
                  2001:4dd8::/29
                  2a00:c440::/29
                  2a01:520::/29
                  2a02:270::/29
                  2a03:c000::/29
                  2a04:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:49:a3:c1:00:f9:c0:59:f7:11:06:8c:71:63:22:e2:f5:fa:
         0b:6a:37:73:bd:9f:cf:79:c7:50:02:21:dd:93:2d:b7:4e:52:
         83:3d:ac:e8:63:6d:db:92:40:9c:8a:98:8e:e2:f2:00:7a:93:
         a8:47:7c:96:b5:23:5c:12:28:77:1e:61:c5:c1:3f:c1:0d:94:
         9b:31:49:d5:ef:a9:bf:c2:6f:3f:f5:d9:92:f4:c9:58:f1:03:
         40:a9:7a:2a:42:e3:35:6d:8d:36:10:97:59:05:df:e6:c9:f7:
         50:db:84:f7:74:e4:ef:d6:7c:63:14:19:1f:d8:23:f9:6d:38:
         8f:16:0a:b2:ec:55:97:23:b9:59:eb:a7:06:a1:36:8f:08:1d:
         ad:2d:21:3e:23:cf:2c:2a:87:4a:01:b0:04:e0:c1:af:73:9d:
         60:b3:b2:e5:7b:d5:2a:34:8f:6f:4d:f8:e6:b3:e3:83:ca:a9:
         f1:7f:d9:35:ca:3c:90:9b:e1:11:36:c7:2f:06:c6:41:b5:e6:
         a3:92:28:93:d6:75:f9:78:66:29:4e:4a:eb:41:b5:7c:61:dd:
         ed:87:03:33:0d:f2:91:2a:46:22:9a:3b:0c:72:89:be:41:0b:
         37:ec:1b:ef:16:1a:f0:54:43:f9:15:03:6a:76:2d:d9:ee:bd:
         56:fb:38:3b
-----BEGIN CERTIFICATE-----
MIIGsjCCBZqgAwIBAgISAYzF3ErUBpir4zI02g0L4DbRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmNlOWU1NDc5NjkxZDJiNGYwYzc3MzM5MDY0Y2NkNmRmNTAzMmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutjyHjJZSAwptXV3dSIxV+Q5tyWD
YlS2zNepW2VrHoW2HrXBP0Xr12qQOetJ2y7JYkgwjhCQmD9bAv17MOdVJ0uBcrcn
vxSAjdea50+dUWHjIm0zpGuzqityZTaybV2ExgRgAZIe5xlvnZyjkQVn+2wvBooI
1enUlyTq0TkbgCn9moch5qfnXCN2lBwDOftU6Cjn9ezesRdZEN+NViIMQqa8/qfQ
IJqI4cWqtj/QpS2uB+74NaZhjZDjWKJpIf/zJmBCbyWnvvNzHa4qpCf8BbpRmwBT
5cy7OvJQBup3vyjRxLgTSNbdTBpWwe6wRsPZlUpbS68QzHMtLra1GSecDwIDAQAB
o4IDvjCCA7owHQYDVR0OBBYEFA/OnlR5aR0rTwx3M5BkzNbfUDL8MB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvRDg2ZVZIbHBIU3RQREhjemtHVE0xdDlRTXZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB0gYIKwYBBQUHAQcBAf8EggHBMIIBvTCCAXkEAgABMIIB
cQMEAx+5GAMEByW/gAMEBj4/AAMEBj5lwAMEBUAcAAMEB00ogAMEBk1YQAMEA03q
MAMEA04YkAMEBU+HAAMEBFBAwAMEBFDxUAMEBlEAgAMEBFGvADAMAwQCUa8UAwQG
Ua8AAwMAUb8DBAVSxMADBAVUFGADBAVVcIADBAZVxEADBAdV3QADAwBV/AMEBlY+
gAMEBld2AAMEBVhUoAMEBVm/AAMEBFuHIAMEBW3HwAMEBrJKAAMEArkIEAMEArkj
UAMEArlDdAMEArmBnAMDAMFFAwMAwUcDBAfBSwADAwDBWgMEB8FbgAMEB8ITAAME
AsIdyAMEBcI2YDALAwQHwwCAAwMBwwADBAfDEoADAwDDiwMDAMOfAwMAw8wDBAXU
PuADBAXUR0ADBAfVNAADBAXVl4ADBAXVnuAwDAMEBdWg4AMEA9Wg8AMEBdWswAME
BtXvQAMEBdkIgAMEBNkOAAMEBNlNIAMEBdl2IAMEBdmQ4DA+BAIAAjA4AwUDIAEI
QAMFAyABCMADBQMgAU3YAwUDKgDEQAMFAyoBBSADBQMqAgJwAwUDKgPAAAMFAyoE
Y0AwDQYJKoZIhvcNAQELBQADggEBAE9Jo8EA+cBZ9xEGjHFjIuL1+gtqN3O9n895
x1ACId2TLbdOUoM9rOhjbduSQJyKmI7i8gB6k6hHfJa1I1wSKHceYcXBP8ENlJsx
SdXvqb/Cbz/12ZL0yVjxA0CpeipC4zVtjTYQl1kF3+bJ91DbhPd05O/WfGMUGR/Y
I/ltOI8WCrLsVZcjuVnrpwahNo8IHa0tIT4jzywqh0oBsATgwa9znWCzsuV71So0
j29N+Oaz44PKqfF/2TXKPJCb4RE2xy8GxkG15qOSKJPWdfl4ZilOSutBtXxh3e2H
AzMN8pEqRiKaOwxyib5BCzfsG+8WGvBUQ/kVA2p2LdnuvVb7ODs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:25 2024 by rpki-client on console-ams.rpki-client.org