Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/pKWi6J0V5pbmXL9aQRaclxpcb70.roa
File:                     pKWi6J0V5pbmXL9aQRaclxpcb70.roa (raw, json)
Hash identifier:          KyYgpXj2oLE1UWdkm5IO9bOkz+vgAjXMSvuWmLycf1Q=
Subject key identifier:   A4:A5:A2:E8:9D:15:E6:96:E6:5C:BF:5A:41:16:9C:97:1A:5C:6F:BD
Certificate issuer:       /CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
Certificate serial:       0190E68A59F2A99BD61AB45DECAF73FEB452
Authority key identifier: 64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/pKWi6J0V5pbmXL9aQRaclxpcb70.roa
Signing time:             Wed 24 Jul 2024 20:59:04 +0000
ROA not before:           Wed 24 Jul 2024 20:59:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47962
IP address blocks:        37.122.152.0/22 maxlen: 22
                          37.122.152.0/23 maxlen: 23
                          37.122.153.0/24 maxlen: 24
                          37.122.154.0/23 maxlen: 23
                          37.122.154.0/24 maxlen: 24
                          37.122.155.0/24 maxlen: 24
                          37.122.156.0/23 maxlen: 23
                          37.122.156.0/24 maxlen: 24
                          37.122.157.0/24 maxlen: 24
                          176.106.224.0/22 maxlen: 22
                          176.106.224.0/23 maxlen: 23
                          176.106.224.0/24 maxlen: 24
                          176.106.230.0/23 maxlen: 23
                          176.106.230.0/24 maxlen: 24
                          176.106.231.0/24 maxlen: 24
                          2a0f:6a80:1::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 30 Aug 2024 09:24:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e6:8a:59:f2:a9:9b:d6:1a:b4:5d:ec:af:73:fe:b4:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=64d171f93cc1ca716fc806e36a55852cdf4f1c1c
        Validity
            Not Before: Jul 24 20:59:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4a5a2e89d15e696e65cbf5a41169c971a5c6fbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e2:78:d6:2e:27:31:2a:21:f5:2f:7e:a4:e0:
                    fa:0c:03:ff:b0:9a:9e:73:de:2f:91:5e:84:0e:b8:
                    f1:e5:8d:b8:6f:b0:8a:6e:03:8a:bc:12:3e:0e:df:
                    3b:14:c7:a6:e5:86:8d:a5:32:b5:c0:98:93:2a:b7:
                    44:eb:c4:97:d8:49:30:62:51:2f:7c:92:e3:0b:8c:
                    5c:ae:93:36:8a:32:2b:fe:b9:12:d7:d9:f5:03:af:
                    9d:99:2c:3c:c1:bf:a1:98:ce:41:34:92:e4:1e:22:
                    76:d1:0b:f8:1e:ee:f3:cf:db:7b:eb:f8:54:27:14:
                    7e:22:9a:4f:0b:d3:60:b1:58:f7:4a:0a:f6:6c:97:
                    65:a1:61:d3:1e:8b:37:88:36:25:83:72:64:fd:1b:
                    9b:9b:b5:f8:7c:28:7c:ca:6e:0f:bb:c5:a2:a0:64:
                    bf:15:aa:48:a0:18:35:c8:40:9f:6b:c8:6c:bf:96:
                    99:3b:d5:a8:1e:f3:99:0d:be:21:d4:cd:9c:ea:43:
                    f4:c1:98:41:d4:50:01:a0:c0:a6:bd:3d:77:79:2e:
                    8e:b7:92:b5:f6:89:6f:15:9d:9a:3f:6a:7e:1e:b0:
                    d9:e1:bf:cb:80:04:51:6d:ee:e9:4f:1d:71:83:c7:
                    bf:39:8f:2b:73:c5:f3:5d:df:2f:d7:ca:11:94:44:
                    5d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:A5:A2:E8:9D:15:E6:96:E6:5C:BF:5A:41:16:9C:97:1A:5C:6F:BD
            X509v3 Authority Key Identifier:
                keyid:64:D1:71:F9:3C:C1:CA:71:6F:C8:06:E3:6A:55:85:2C:DF:4F:1C:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZNFx-TzBynFvyAbjalWFLN9PHBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/pKWi6J0V5pbmXL9aQRaclxpcb70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f2d9df-16eb-449e-83f0-a4635df47d70/1/ZNFx-TzBynFvyAbjalWFLN9PHBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.122.152.0-37.122.157.255
                  176.106.224.0/22
                  176.106.230.0/23
                IPv6:
                  2a0f:6a80:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:d1:52:20:48:14:06:45:eb:39:4c:b4:a5:76:e7:31:05:07:
         87:4f:bc:14:67:35:ae:6f:ce:61:67:85:d6:0b:4b:b4:d1:7d:
         4e:6a:b6:49:43:e0:45:e9:17:4c:e4:cc:33:a9:8f:4e:e0:48:
         d8:5d:8a:fd:9b:e4:a4:77:b8:08:bc:6a:11:68:5a:74:c6:26:
         95:23:7f:00:59:f7:54:93:c8:42:11:5e:13:c5:d9:73:a3:06:
         de:e2:71:de:71:5a:da:5a:74:69:c0:7b:d2:84:b5:c6:78:3e:
         8a:14:24:ed:a8:67:7b:29:bf:38:73:b3:f8:2c:35:c3:51:55:
         ea:9f:e6:ff:c8:60:4f:77:24:15:d5:91:96:15:8a:76:12:8c:
         f3:ce:ac:a7:cc:89:8d:e6:fa:69:bd:dc:e1:f7:4c:a5:9f:8a:
         35:ae:19:b0:6b:f7:7f:76:29:94:11:aa:3c:9c:a3:0f:d5:46:
         6a:c2:dc:d6:03:bd:32:e3:25:21:1e:65:ec:dd:d7:32:e1:aa:
         64:8f:01:08:52:d8:0a:fb:fc:75:bc:69:b5:43:c4:28:9b:0b:
         1e:d8:ef:f8:01:e0:09:b9:cd:ce:a7:75:53:a2:67:15:8c:0a:
         98:70:61:7f:de:b6:47:18:ec:c6:6a:03:a8:91:6b:a2:f5:f4:
         e7:ac:ba:4b
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZDmilnyqZvWGrRd7K9z/rRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0ZDE3MWY5M2NjMWNhNzE2ZmM4MDZlMzZhNTU4NTJjZGY0
ZjFjMWMwHhcNMjQwNzI0MjA1OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGE1YTJlODlkMTVlNjk2ZTY1Y2JmNWE0MTE2OWM5NzFhNWM2ZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuJ41i4nMSoh9S9+pOD6DAP/sJqe
c94vkV6EDrjx5Y24b7CKbgOKvBI+Dt87FMem5YaNpTK1wJiTKrdE68SX2EkwYlEv
fJLjC4xcrpM2ijIr/rkS19n1A6+dmSw8wb+hmM5BNJLkHiJ20Qv4Hu7zz9t76/hU
JxR+IppPC9NgsVj3Sgr2bJdloWHTHos3iDYlg3Jk/Rubm7X4fCh8ym4Pu8WioGS/
FapIoBg1yECfa8hsv5aZO9WoHvOZDb4h1M2c6kP0wZhB1FABoMCmvT13eS6Ot5K1
9olvFZ2aP2p+HrDZ4b/LgARRbe7pTx1xg8e/OY8rc8XzXd8v18oRlERdpwIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFKSlouidFeaW5ly/WkEWnJcaXG+9MB8GA1UdIwQY
MBaAFGTRcfk8wcpxb8gG42pVhSzfTxwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAt
YTQ2MzVkZjQ3ZDcwLzEvcEtXaTZKMFY1cGJtWEw5YVFSYWNseHBjYjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMmQ5ZGYtMTZlYi00NDllLTgzZjAtYTQ2MzVkZjQ3ZDcw
LzEvWk5GeC1UekJ5bkZ2eUFiamFsV0ZMTjlQSEJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAgBAIAATAaMAwDBAMlepgD
BAElepwDBAKwauADBAGwauYwDwQCAAIwCQMHACoPaoAAATANBgkqhkiG9w0BAQsF
AAOCAQEAgtFSIEgUBkXrOUy0pXbnMQUHh0+8FGc1rm/OYWeF1gtLtNF9Tmq2SUPg
RekXTOTMM6mPTuBI2F2K/ZvkpHe4CLxqEWhadMYmlSN/AFn3VJPIQhFeE8XZc6MG
3uJx3nFa2lp0acB70oS1xng+ihQk7ahneym/OHOz+Cw1w1FV6p/m/8hgT3ckFdWR
lhWKdhKM886sp8yJjeb6ab3c4fdMpZ+KNa4ZsGv3f3YplBGqPJyjD9VGasLc1gO9
MuMlIR5l7N3XMuGqZI8BCFLYCvv8dbxptUPEKJsLHtjv+AHgCbnNzqd1U6JnFYwK
mHBhf962RxjsxmoDqJFrovX056y6Sw==
-----END CERTIFICATE-----
Generated at Fri Aug 30 11:05:22 2024 by rpki-client on console-ams.rpki-client.org