Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/2ywDYswGGlY1iaf1J9zviHNZJb8.roa
File:                     2ywDYswGGlY1iaf1J9zviHNZJb8.roa (raw, json)
Hash identifier:          upW8+DjVatTnpx6dOoidVdhmO7FBaAVEry+6euPIFkc=
Subject key identifier:   DB:2C:03:62:CC:06:1A:56:35:89:A7:F5:27:DC:EF:88:73:59:25:BF
Certificate issuer:       /CN=ad2cf03e44da28b7319ea7b7b5b110b9b8cb7a70
Certificate serial:       0185718319020219DCD2DAF395156EF4096D
Authority key identifier: AD:2C:F0:3E:44:DA:28:B7:31:9E:A7:B7:B5:B1:10:B9:B8:CB:7A:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rSzwPkTaKLcxnqe3tbEQubjLenA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/2ywDYswGGlY1iaf1J9zviHNZJb8.roa
Signing time:             Mon 02 Jan 2023 08:04:55 +0000
ROA not before:           Mon 02 Jan 2023 08:04:55 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     2586
IP address blocks:        194.204.0.0/18 maxlen: 20
                          81.90.112.0/20 maxlen: 23
                          194.150.64.0/22 maxlen: 24
                          85.253.0.0/16 maxlen: 16
                          87.119.160.0/19 maxlen: 21
                          95.129.192.0/21 maxlen: 23
                          62.65.192.0/18 maxlen: 18
                          91.213.43.0/24 maxlen: 24
                          94.246.216.0/21 maxlen: 22
                          94.246.224.0/19 maxlen: 19
                          145.14.32.0/20 maxlen: 20
                          178.23.112.0/21 maxlen: 23
                          185.13.16.0/22 maxlen: 24
                          82.131.0.0/17 maxlen: 17
                          146.255.176.0/21 maxlen: 23
                          145.14.16.0/20 maxlen: 20
                          2001:1bf0::/29 maxlen: 29
                          2001:1530::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 13 Apr 2023 10:39:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:71:83:19:02:02:19:dc:d2:da:f3:95:15:6e:f4:09:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad2cf03e44da28b7319ea7b7b5b110b9b8cb7a70
        Validity
            Not Before: Jan  2 08:04:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=db2c0362cc061a563589a7f527dcef88735925bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6c:46:66:26:a0:b8:15:f7:18:e0:ae:3c:e7:
                    9c:4b:96:9f:99:95:b3:81:9d:92:56:32:f8:bb:87:
                    9d:ac:1d:73:b4:e2:d7:69:11:36:91:e0:1c:8b:18:
                    07:0f:ba:72:fd:ed:f6:ae:88:7d:0d:26:02:be:26:
                    c8:b2:b9:f7:33:2e:83:29:e6:8e:8d:de:f4:63:0e:
                    39:21:e1:97:ab:73:69:a6:7b:12:8d:3f:38:01:58:
                    f5:be:9a:6f:a9:5b:fd:48:cc:85:62:48:46:28:c7:
                    c8:70:20:fb:c4:df:d6:fb:0a:03:2f:4d:49:6a:d4:
                    bd:51:4c:45:b6:44:5d:dc:ba:a9:47:8a:ff:ea:1d:
                    ab:49:7d:33:3e:b7:21:a3:64:80:2e:40:ab:b8:55:
                    ce:72:39:7e:fb:0f:85:ff:61:a8:08:67:b3:61:4e:
                    f6:20:86:e4:76:43:2d:5e:b0:fe:4f:5e:78:cb:b0:
                    b9:fe:26:d7:62:d7:02:7b:1e:d6:21:ce:59:35:02:
                    59:b6:52:26:fe:a0:f4:6f:d3:55:6f:1d:65:2b:35:
                    d0:24:f8:62:6a:5b:d3:31:83:00:f4:3e:6e:ed:c0:
                    fd:85:de:7c:99:6b:b7:79:48:5c:f4:54:24:58:c4:
                    8f:75:31:32:21:c2:77:e6:55:74:18:32:39:30:db:
                    6c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:2C:03:62:CC:06:1A:56:35:89:A7:F5:27:DC:EF:88:73:59:25:BF
            X509v3 Authority Key Identifier:
                keyid:AD:2C:F0:3E:44:DA:28:B7:31:9E:A7:B7:B5:B1:10:B9:B8:CB:7A:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSzwPkTaKLcxnqe3tbEQubjLenA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/2ywDYswGGlY1iaf1J9zviHNZJb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/rSzwPkTaKLcxnqe3tbEQubjLenA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.65.192.0/18
                  81.90.112.0/20
                  82.131.0.0/17
                  85.253.0.0/16
                  87.119.160.0/19
                  91.213.43.0/24
                  94.246.216.0-94.246.255.255
                  95.129.192.0/21
                  145.14.16.0-145.14.47.255
                  146.255.176.0/21
                  178.23.112.0/21
                  185.13.16.0/22
                  194.150.64.0/22
                  194.204.0.0/18
                IPv6:
                  2001:1530::/32
                  2001:1bf0::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:ee:24:47:29:70:65:c4:26:c6:78:46:4e:28:4f:23:94:5b:
         8c:b6:6b:fc:47:8b:61:2d:5b:1c:cd:6d:cf:2f:0b:40:ef:33:
         75:8a:fe:46:32:cc:11:fb:31:56:da:65:e2:91:06:f7:32:9e:
         8b:e1:27:33:1e:1e:f7:19:ef:9d:4c:46:f7:bd:1e:41:fb:a5:
         36:3d:ae:81:81:41:f7:a4:ab:46:e4:81:90:e0:0a:28:14:db:
         11:7c:23:31:7f:96:a1:6c:c5:57:0a:4a:12:b4:68:2e:15:df:
         cc:88:f0:fb:03:26:9d:58:2f:67:7e:7e:c7:99:59:5b:e7:a1:
         ff:c4:8a:a8:c3:c6:79:32:54:27:eb:62:a5:9a:b9:72:49:ce:
         d0:8b:70:84:0a:a8:7d:a8:b7:68:f7:a5:ac:d8:dc:e7:cf:53:
         6e:f2:e9:31:e6:29:83:50:ba:9d:df:ae:0b:86:5e:c2:0e:47:
         13:ba:fc:42:ae:f5:4c:75:cf:9e:bf:fa:4f:eb:e1:42:28:b3:
         be:f8:63:55:07:9c:2d:92:68:76:7c:68:07:f7:ca:fc:03:c6:
         e4:f7:5d:b1:ca:90:7e:e0:65:93:c3:8a:92:e8:5a:09:33:dc:
         cd:00:3b:a6:65:cf:13:dc:6d:3b:8d:39:be:6b:ae:40:8e:b7:
         88:20:72:77
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYVxgxkCAhnc0trzlRVu9AltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMmNmMDNlNDRkYTI4YjczMTllYTdiN2I1YjExMGI5Yjhj
YjdhNzAwHhcNMjMwMTAyMDgwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjJjMDM2MmNjMDYxYTU2MzU4OWE3ZjUyN2RjZWY4ODczNTkyNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmxGZiaguBX3GOCuPOecS5afmZWz
gZ2SVjL4u4edrB1ztOLXaRE2keAcixgHD7py/e32roh9DSYCvibIsrn3My6DKeaO
jd70Yw45IeGXq3NppnsSjT84AVj1vppvqVv9SMyFYkhGKMfIcCD7xN/W+woDL01J
atS9UUxFtkRd3LqpR4r/6h2rSX0zPrcho2SALkCruFXOcjl++w+F/2GoCGezYU72
IIbkdkMtXrD+T154y7C5/ibXYtcCex7WIc5ZNQJZtlIm/qD0b9NVbx1lKzXQJPhi
alvTMYMA9D5u7cD9hd58mWu3eUhc9FQkWMSPdTEyIcJ35lV0GDI5MNtsawIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFNssA2LMBhpWNYmn9Sfc74hzWSW/MB8GA1UdIwQY
MBaAFK0s8D5E2ii3MZ6nt7WxELm4y3pwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclN6d1BrVGFLTGN4bnFlM3RiRVF1YmpMZW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9jYWUzMTktNTU3MS00NmY5LWI1N2Qt
YmUwNjVlMWFjMDY3LzEvMnl3RFlzd0dHbFkxaWFmMUo5enZpSE5aSmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9jYWUzMTktNTU3MS00NmY5LWI1N2QtYmUwNjVlMWFjMDY3
LzEvclN6d1BrVGFLTGN4bnFlM3RiRVF1YmpMZW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDBoBAIAATBiAwQGPkHA
AwQEUVpwAwQHUoMAAwMAVf0DBAVXd6ADBABb1SswCwMEA1722AMDAF72AwQDX4HA
MAwDBASRDhADBASRDiADBAOS/7ADBAOyF3ADBAK5DRADBALClkADBAbCzAAwFAQC
AAIwDgMFACABFTADBQMgARvwMA0GCSqGSIb3DQEBCwUAA4IBAQAj7iRHKXBlxCbG
eEZOKE8jlFuMtmv8R4thLVsczW3PLwtA7zN1iv5GMswR+zFW2mXikQb3Mp6L4Scz
Hh73Ge+dTEb3vR5B+6U2Pa6BgUH3pKtG5IGQ4AooFNsRfCMxf5ahbMVXCkoStGgu
Fd/MiPD7AyadWC9nfn7HmVlb56H/xIqow8Z5MlQn62KlmrlySc7Qi3CECqh9qLdo
96Ws2Nznz1Nu8ukx5imDULqd364Lhl7CDkcTuvxCrvVMdc+ev/pP6+FCKLO++GNV
B5wtkmh2fGgH98r8A8bk912xypB+4GWTw4qS6FoJM9zNADumZc8T3G07jTm+a65A
jreIIHJ3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:53:39 2024 by rpki-client on console-ams.rpki-client.org