Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/Ct1H9GDQz0G4hOaZzglO87z9grw.roa
File:                     Ct1H9GDQz0G4hOaZzglO87z9grw.roa (raw, json)
Hash identifier:          mMaoV/3d73I4OV5fH17RIZ7Jif4pnvwgd6lEsoP666g=
Subject key identifier:   0A:DD:47:F4:60:D0:CF:41:B8:84:E6:99:CE:09:4E:F3:BC:FD:82:BC
Certificate issuer:       /CN=a4b18f96aaa03567f22fc02c42a6935708655aa9
Certificate serial:       018C68BD01F9536F71E2DEF9D5E8F557FB7A
Authority key identifier: A4:B1:8F:96:AA:A0:35:67:F2:2F:C0:2C:42:A6:93:57:08:65:5A:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLGPlqqgNWfyL8AsQqaTVwhlWqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/Ct1H9GDQz0G4hOaZzglO87z9grw.roa
Signing time:             Thu 14 Dec 2023 14:31:06 +0000
ROA not before:           Thu 14 Dec 2023 14:31:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21245
IP address blocks:        146.19.176.0/24 maxlen: 24
                          185.235.10.0/24 maxlen: 24
                          185.230.17.0/24 maxlen: 24
                          185.230.16.0/24 maxlen: 24
                          185.230.19.0/24 maxlen: 24
                          185.21.183.0/24 maxlen: 24
                          185.21.182.0/24 maxlen: 24
                          185.21.181.0/24 maxlen: 24
                          185.21.180.0/24 maxlen: 24
                          31.3.3.0/24 maxlen: 24
                          31.3.2.0/24 maxlen: 24
                          31.3.1.0/24 maxlen: 24
                          31.3.0.0/24 maxlen: 24
                          31.3.4.0/24 maxlen: 24
                          31.3.6.0/24 maxlen: 24
                          31.3.5.0/24 maxlen: 24
                          31.3.7.0/24 maxlen: 24
                          185.241.63.0/24 maxlen: 24
                          185.87.172.0/24 maxlen: 24
                          185.87.175.0/24 maxlen: 24
                          185.87.174.0/24 maxlen: 24
                          185.87.173.0/24 maxlen: 24
                          185.22.160.0/24 maxlen: 24
                          185.22.163.0/24 maxlen: 24
                          185.22.162.0/24 maxlen: 24
                          185.22.161.0/24 maxlen: 24
                          2a03:3f00::/48 maxlen: 48
                          2a03:3f00:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 00:29:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:68:bd:01:f9:53:6f:71:e2:de:f9:d5:e8:f5:57:fb:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4b18f96aaa03567f22fc02c42a6935708655aa9
        Validity
            Not Before: Dec 14 14:31:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0add47f460d0cf41b884e699ce094ef3bcfd82bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e5:84:ba:cf:8d:33:55:85:86:4a:5a:3a:17:
                    10:26:ea:7a:ab:4e:1c:d5:23:72:fd:04:53:2b:e0:
                    4a:6f:04:b4:16:74:d5:34:4b:db:ab:fa:b5:4c:88:
                    af:25:0b:32:6c:9b:90:02:44:3d:5e:23:d6:b5:2f:
                    10:3b:b9:9a:94:55:c0:3e:db:6e:1d:10:d1:13:e4:
                    be:28:f0:3d:28:b8:70:ef:01:4e:2f:a5:1a:be:a2:
                    72:0b:72:67:fa:25:28:3b:fe:57:cf:ad:5c:28:be:
                    28:2f:e2:9c:5b:09:70:01:7e:43:b0:dc:c6:4a:60:
                    70:06:db:b4:fd:4c:1e:77:99:bb:c7:51:1a:d3:7f:
                    e7:54:c1:17:89:6b:34:7f:8e:aa:31:69:51:90:06:
                    44:71:10:84:e5:66:57:22:0c:27:3a:fa:c2:71:6e:
                    18:48:93:6e:a5:f2:0b:e0:2f:18:e8:6b:ea:ff:14:
                    83:a2:ff:19:4a:0b:08:2c:e2:f3:4f:9c:2e:f4:86:
                    f9:03:d0:e3:c9:38:0f:a5:04:ba:ee:41:74:5d:c8:
                    ad:d2:8b:5a:93:3e:9c:6e:ac:41:c1:c7:21:bd:01:
                    51:46:25:3e:f4:aa:ce:ea:27:da:9d:97:67:e4:fc:
                    01:e1:61:6a:bc:5a:c0:d0:25:cf:74:24:a5:9c:a9:
                    79:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DD:47:F4:60:D0:CF:41:B8:84:E6:99:CE:09:4E:F3:BC:FD:82:BC
            X509v3 Authority Key Identifier:
                keyid:A4:B1:8F:96:AA:A0:35:67:F2:2F:C0:2C:42:A6:93:57:08:65:5A:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLGPlqqgNWfyL8AsQqaTVwhlWqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/Ct1H9GDQz0G4hOaZzglO87z9grw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/6820f9-4459-4858-98ce-c694f0eacba6/1/pLGPlqqgNWfyL8AsQqaTVwhlWqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.3.0.0/21
                  146.19.176.0/24
                  185.21.180.0/22
                  185.22.160.0/22
                  185.87.172.0/22
                  185.230.16.0/23
                  185.230.19.0/24
                  185.235.10.0/24
                  185.241.63.0/24
                IPv6:
                  2a03:3f00::/47

    Signature Algorithm: sha256WithRSAEncryption
         8e:31:69:c0:f5:8a:a4:52:73:f9:58:75:b1:b4:74:ce:fd:ed:
         7f:11:d3:eb:06:71:bd:02:dc:0c:9e:8f:48:55:9f:99:ec:ee:
         55:1a:6b:46:f2:fc:81:8d:e3:71:68:9a:8e:8c:92:fb:1b:84:
         44:7e:9d:f7:bd:90:8f:97:ae:68:aa:1c:68:bc:8a:ce:b8:31:
         08:12:4c:72:72:9b:05:78:da:cf:b3:2b:5f:de:a3:39:44:c6:
         20:33:e0:63:60:97:6c:50:cd:bd:5f:b9:24:cd:7c:53:35:2c:
         f4:e7:ef:e8:e1:c4:eb:5c:db:c5:53:fb:ed:25:d3:73:2a:5e:
         8e:2e:89:67:36:b1:38:f7:c7:4e:18:20:86:7e:c1:a9:b9:37:
         e3:f2:2b:9a:24:01:a3:b3:68:d3:7b:91:d9:b5:53:ec:0e:d4:
         79:f7:29:f5:b3:9c:9f:57:1b:2a:19:70:41:76:b8:8a:86:11:
         a6:11:98:fc:9a:41:4c:4b:23:d3:2e:64:ab:c2:00:bf:9c:68:
         45:31:73:c8:20:cf:98:7c:42:24:0c:d1:d5:86:bc:b4:b2:af:
         4e:6b:ea:c4:0e:4b:ad:9c:1a:c8:de:48:10:5b:2a:e6:e8:d3:
         09:71:75:f3:f5:f9:c6:58:fc:f7:13:d7:94:f1:cb:07:67:2c:
         24:8a:de:eb
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYxovQH5U29x4t751ej1V/t6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YjE4Zjk2YWFhMDM1NjdmMjJmYzAyYzQyYTY5MzU3MDg2
NTVhYTkwHhcNMjMxMjE0MTQzMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWRkNDdmNDYwZDBjZjQxYjg4NGU2OTljZTA5NGVmM2JjZmQ4MmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeWEus+NM1WFhkpaOhcQJup6q04c
1SNy/QRTK+BKbwS0FnTVNEvbq/q1TIivJQsybJuQAkQ9XiPWtS8QO7malFXAPttu
HRDRE+S+KPA9KLhw7wFOL6UavqJyC3Jn+iUoO/5Xz61cKL4oL+KcWwlwAX5DsNzG
SmBwBtu0/Uwed5m7x1Ea03/nVMEXiWs0f46qMWlRkAZEcRCE5WZXIgwnOvrCcW4Y
SJNupfIL4C8Y6Gvq/xSDov8ZSgsILOLzT5wu9Ib5A9DjyTgPpQS67kF0Xcit0ota
kz6cbqxBwcchvQFRRiU+9KrO6ifanZdn5PwB4WFqvFrA0CXPdCSlnKl5PwIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFArdR/Rg0M9BuITmmc4JTvO8/YK8MB8GA1UdIwQY
MBaAFKSxj5aqoDVn8i/ALEKmk1cIZVqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcExHUGxxcWdOV2Z5TDhBc1FxYVRWd2hsV3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC82ODIwZjktNDQ1OS00ODU4LTk4Y2Ut
YzY5NGYwZWFjYmE2LzEvQ3QxSDlHRFF6MEc0aE9hWnpnbE84N3o5Z3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC82ODIwZjktNDQ1OS00ODU4LTk4Y2UtYzY5NGYwZWFjYmE2
LzEvcExHUGxxcWdOV2Z5TDhBc1FxYVRWd2hsV3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQDHwMAAwQA
khOwAwQCuRW0AwQCuRagAwQCuVesAwQBueYQAwQAueYTAwQAuesKAwQAufE/MA8E
AgACMAkDBwEqAz8AAAAwDQYJKoZIhvcNAQELBQADggEBAI4xacD1iqRSc/lYdbG0
dM797X8R0+sGcb0C3Ayej0hVn5ns7lUaa0by/IGN43Fomo6MkvsbhER+nfe9kI+X
rmiqHGi8is64MQgSTHJymwV42s+zK1/eozlExiAz4GNgl2xQzb1fuSTNfFM1LPTn
7+jhxOtc28VT++0l03MqXo4uiWc2sTj3x04YIIZ+wam5N+PyK5okAaOzaNN7kdm1
U+wO1Hn3KfWznJ9XGyoZcEF2uIqGEaYRmPyaQUxLI9MuZKvCAL+caEUxc8ggz5h8
QiQM0dWGvLSyr05r6sQOS62cGsjeSBBbKubo0wlxdfP1+cZY/PcT15TxywdnLCSK
3us=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:40 2024 by rpki-client on console-fra.rpki-client.org