Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/A-uN4eN1A4KYxNjMNECIRLvGxOQ.roa
File:                     A-uN4eN1A4KYxNjMNECIRLvGxOQ.roa (raw, json)
Hash identifier:          9ePCxKlTlixW2DV9RXuN2pUYZGhnQwoAWSAGUFp+TDQ=
Subject key identifier:   03:EB:8D:E1:E3:75:03:82:98:C4:D8:CC:34:40:88:44:BB:C6:C4:E4
Certificate issuer:       /CN=602be661e57c14659a608e9f6be605d6250047fc
Certificate serial:       018CC6B800AC6B9AAF711559C2AA6BBB9717
Authority key identifier: 60:2B:E6:61:E5:7C:14:65:9A:60:8E:9F:6B:E6:05:D6:25:00:47:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YCvmYeV8FGWaYI6fa-YF1iUAR_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/A-uN4eN1A4KYxNjMNECIRLvGxOQ.roa
Signing time:             Mon 01 Jan 2024 20:29:56 +0000
ROA not before:           Mon 01 Jan 2024 20:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6876
IP address blocks:        31.31.96.0/19 maxlen: 19
                          185.184.168.0/22 maxlen: 22
                          185.177.240.0/22 maxlen: 22
                          212.178.0.0/19 maxlen: 19
                          45.156.36.0/22 maxlen: 22
                          185.247.20.0/22 maxlen: 22
                          212.90.124.0/22 maxlen: 22
                          212.24.112.0/24 maxlen: 24
                          62.16.0.0/19 maxlen: 19
                          37.203.0.0/19 maxlen: 19
                          85.238.96.0/19 maxlen: 19
                          188.115.128.0/18 maxlen: 18
                          185.228.104.0/22 maxlen: 22
                          185.23.104.0/22 maxlen: 22
                          193.178.48.0/22 maxlen: 22
                          176.119.64.0/18 maxlen: 18
                          79.140.0.0/20 maxlen: 20
                          95.214.40.0/22 maxlen: 22
                          45.130.0.0/22 maxlen: 22
                          193.163.196.0/24 maxlen: 24
                          130.0.32.0/19 maxlen: 19
                          185.166.220.0/22 maxlen: 22
                          195.138.64.0/19 maxlen: 19
                          88.214.8.0/22 maxlen: 22
                          185.206.36.0/22 maxlen: 22
                          45.140.120.0/22 maxlen: 22
                          185.226.112.0/22 maxlen: 22
                          185.145.104.0/22 maxlen: 22
                          2a04:2c00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 14:57:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:00:ac:6b:9a:af:71:15:59:c2:aa:6b:bb:97:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=602be661e57c14659a608e9f6be605d6250047fc
        Validity
            Not Before: Jan  1 20:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03eb8de1e375038298c4d8cc34408844bbc6c4e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:23:eb:5d:2a:6a:78:66:83:1d:71:85:be:6f:
                    94:10:22:27:0d:d4:82:0e:0c:06:cd:4b:53:6f:1f:
                    8d:71:31:3a:46:1d:e5:af:46:f9:90:f8:63:d4:92:
                    2a:34:34:68:fc:e7:df:dc:b6:f3:dc:38:33:cc:02:
                    b3:31:97:b3:69:30:8b:da:4a:b6:b0:de:95:cb:50:
                    09:aa:0d:65:eb:a8:79:5f:04:3b:00:10:13:c3:46:
                    67:95:07:b8:ac:15:2e:33:cb:62:3d:20:d1:bf:0b:
                    fb:92:50:7c:c5:10:b7:a9:af:ab:e2:90:15:61:7c:
                    6a:1c:94:70:58:6f:7f:04:3e:a0:54:1f:6b:1d:2a:
                    91:07:c1:13:49:7b:1e:61:61:19:31:e2:f4:c1:8a:
                    ce:b0:c4:2c:b9:a8:55:fd:52:59:ec:d4:60:71:12:
                    9e:e6:6c:bd:d7:c3:72:6a:ce:18:f8:08:f8:58:6c:
                    6b:7f:ec:5f:a1:78:6a:b3:60:1d:34:d3:dd:63:58:
                    c8:83:9c:13:78:9e:78:9f:a8:90:b0:f3:1c:12:d3:
                    28:33:28:67:21:ad:78:5f:4e:77:10:48:5e:5b:7b:
                    bd:62:2f:ac:2e:81:dc:7d:5f:af:ac:bf:ef:54:40:
                    17:05:59:2c:a6:72:f4:e8:c2:be:02:5f:26:4d:57:
                    47:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:EB:8D:E1:E3:75:03:82:98:C4:D8:CC:34:40:88:44:BB:C6:C4:E4
            X509v3 Authority Key Identifier:
                keyid:60:2B:E6:61:E5:7C:14:65:9A:60:8E:9F:6B:E6:05:D6:25:00:47:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YCvmYeV8FGWaYI6fa-YF1iUAR_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/A-uN4eN1A4KYxNjMNECIRLvGxOQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974213-49fd-4c5c-8014-bd3a630ee5cc/1/YCvmYeV8FGWaYI6fa-YF1iUAR_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.31.96.0/19
                  37.203.0.0/19
                  45.130.0.0/22
                  45.140.120.0/22
                  45.156.36.0/22
                  62.16.0.0/19
                  79.140.0.0/20
                  85.238.96.0/19
                  88.214.8.0/22
                  95.214.40.0/22
                  130.0.32.0/19
                  176.119.64.0/18
                  185.23.104.0/22
                  185.145.104.0/22
                  185.166.220.0/22
                  185.177.240.0/22
                  185.184.168.0/22
                  185.206.36.0/22
                  185.226.112.0/22
                  185.228.104.0/22
                  185.247.20.0/22
                  188.115.128.0/18
                  193.163.196.0/24
                  193.178.48.0/22
                  195.138.64.0/19
                  212.24.112.0/24
                  212.90.124.0/22
                  212.178.0.0/19
                IPv6:
                  2a04:2c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:e2:2e:5e:01:da:90:14:57:a6:cd:52:c1:a5:7f:85:b7:3d:
         e4:f6:c8:0e:4f:fb:33:e3:12:8b:49:0f:6b:31:e0:60:4d:6a:
         d3:7b:0b:5b:9d:1e:5f:ca:c9:73:35:d7:93:0c:1c:37:e3:df:
         6d:22:9e:89:73:58:54:a3:12:03:2e:c9:39:40:83:be:e4:eb:
         88:61:74:e8:d3:81:0b:a6:e9:b0:de:2a:3d:d0:9d:be:a7:7d:
         39:1d:c3:68:0c:15:f2:a1:8f:2a:f8:d7:c5:71:c0:90:6c:44:
         fa:99:56:b0:d1:e2:48:f0:02:ef:2f:03:40:38:aa:64:c9:56:
         f1:df:33:83:6b:5f:62:49:6d:a0:b1:bb:32:b8:23:56:f9:7e:
         7f:64:a1:c0:8b:57:dc:55:24:7d:ae:e4:0a:9d:a3:d7:51:a6:
         1f:40:73:96:2f:db:a0:f8:51:3d:24:bc:9b:e8:af:58:45:e7:
         d5:a3:95:f9:82:ee:3c:73:ab:c3:16:08:a4:09:5a:9f:ef:d3:
         4b:d6:ca:11:e9:71:63:e1:46:3e:98:13:49:b0:95:6f:82:d0:
         f5:cf:1b:3b:80:34:ad:f2:77:ef:ef:09:91:c6:c3:ab:24:11:
         21:4b:be:ea:4b:f4:87:ee:b6:92:58:76:0d:bb:30:97:e2:c9:
         a2:1a:a3:20
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgISAYzGuACsa5qvcRVZwqpru5cXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMmJlNjYxZTU3YzE0NjU5YTYwOGU5ZjZiZTYwNWQ2MjUw
MDQ3ZmMwHhcNMjQwMTAxMjAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2ViOGRlMWUzNzUwMzgyOThjNGQ4Y2MzNDQwODg0NGJiYzZjNGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAliPrXSpqeGaDHXGFvm+UECInDdSC
DgwGzUtTbx+NcTE6Rh3lr0b5kPhj1JIqNDRo/Off3Lbz3DgzzAKzMZezaTCL2kq2
sN6Vy1AJqg1l66h5XwQ7ABATw0ZnlQe4rBUuM8tiPSDRvwv7klB8xRC3qa+r4pAV
YXxqHJRwWG9/BD6gVB9rHSqRB8ETSXseYWEZMeL0wYrOsMQsuahV/VJZ7NRgcRKe
5my918Nyas4Y+Aj4WGxrf+xfoXhqs2AdNNPdY1jIg5wTeJ54n6iQsPMcEtMoMyhn
Ia14X053EEheW3u9Yi+sLoHcfV+vrL/vVEAXBVkspnL06MK+Al8mTVdHDwIDAQAB
o4ICvzCCArswHQYDVR0OBBYEFAPrjeHjdQOCmMTYzDRAiES7xsTkMB8GA1UdIwQY
MBaAFGAr5mHlfBRlmmCOn2vmBdYlAEf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUN2bVllVjhGR1dhWUk2ZmEtWUYxaVVBUl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85NzQyMTMtNDlmZC00YzVjLTgwMTQt
YmQzYTYzMGVlNWNjLzEvQS11TjRlTjFBNEtZeE5qTU5FQ0lSTHZHeE9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85NzQyMTMtNDlmZC00YzVjLTgwMTQtYmQzYTYzMGVlNWNj
LzEvWUN2bVllVjhGR1dhWUk2ZmEtWUYxaVVBUl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHUBggrBgEFBQcBBwEB/wSBxDCBwTCBrwQCAAEwgagDBAUf
H2ADBAUlywADBAItggADBAItjHgDBAItnCQDBAU+EAADBARPjAADBAVV7mADBAJY
1ggDBAJf1igDBAWCACADBAawd0ADBAK5F2gDBAK5kWgDBAK5ptwDBAK5sfADBAK5
uKgDBAK5ziQDBAK54nADBAK55GgDBAK59xQDBAa8c4ADBADBo8QDBALBsjADBAXD
ikADBADUGHADBALUWnwDBAXUsgAwDQQCAAIwBwMFAyoELAAwDQYJKoZIhvcNAQEL
BQADggEBAD7iLl4B2pAUV6bNUsGlf4W3PeT2yA5P+zPjEotJD2sx4GBNatN7C1ud
Hl/KyXM115MMHDfj320inolzWFSjEgMuyTlAg77k64hhdOjTgQum6bDeKj3Qnb6n
fTkdw2gMFfKhjyr418VxwJBsRPqZVrDR4kjwAu8vA0A4qmTJVvHfM4NrX2JJbaCx
uzK4I1b5fn9kocCLV9xVJH2u5Aqdo9dRph9Ac5Yv26D4UT0kvJvor1hF59WjlfmC
7jxzq8MWCKQJWp/v00vWyhHpcWPhRj6YE0mwlW+C0PXPGzuANK3yd+/vCZHGw6sk
ESFLvupL9IfutpJYdg27MJfiyaIaoyA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:09 2024 by rpki-client on console-fra.rpki-client.org