Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/XZwGVUthecbPW0puPaMevY7QE3k.roa
File:                     XZwGVUthecbPW0puPaMevY7QE3k.roa (raw, json)
Hash identifier:          3oMH+uDpCwkO7aT2yYTIjCwHaZ5zMmmU9LB4OozesRU=
Subject key identifier:   5D:9C:06:55:4B:61:79:C6:CF:5B:4A:6E:3D:A3:1E:BD:8E:D0:13:79
Certificate issuer:       /CN=ae72e47d56692499a726bf800ea8380362deb6be
Certificate serial:       018B5BAD7430AB78442A0AF10358DE81099F
Authority key identifier: AE:72:E4:7D:56:69:24:99:A7:26:BF:80:0E:A8:38:03:62:DE:B6:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rnLkfVZpJJmnJr-ADqg4A2Letr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/XZwGVUthecbPW0puPaMevY7QE3k.roa
Signing time:             Mon 23 Oct 2023 08:36:15 +0000
ROA not before:           Mon 23 Oct 2023 08:36:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     29177
IP address blocks:        188.125.120.0/22 maxlen: 22
                          188.125.124.0/22 maxlen: 22
                          185.182.199.0/24 maxlen: 24
                          185.182.196.0/22 maxlen: 22
                          80.86.144.0/22 maxlen: 22
                          80.86.144.0/20 maxlen: 20
                          80.86.148.0/22 maxlen: 22
                          80.86.152.0/22 maxlen: 22
                          80.86.156.0/22 maxlen: 22
                          188.125.96.0/22 maxlen: 22
                          188.125.96.0/19 maxlen: 19
                          188.125.104.0/22 maxlen: 22
                          188.125.100.0/22 maxlen: 22
                          188.125.108.0/22 maxlen: 22
                          188.125.112.0/22 maxlen: 22
                          188.125.116.0/22 maxlen: 22
                          31.216.240.0/22 maxlen: 22
                          31.216.240.0/20 maxlen: 20
                          31.216.244.0/22 maxlen: 22
                          31.216.248.0/22 maxlen: 22
                          31.216.252.0/22 maxlen: 22
                          31.216.250.0/24 maxlen: 24
                          2a03:5c00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 04:29:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:5b:ad:74:30:ab:78:44:2a:0a:f1:03:58:de:81:09:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae72e47d56692499a726bf800ea8380362deb6be
        Validity
            Not Before: Oct 23 08:36:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5d9c06554b6179c6cf5b4a6e3da31ebd8ed01379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:9b:df:12:cd:3f:16:6d:61:04:7b:09:29:9b:
                    48:4d:e6:61:51:41:26:a9:67:0f:df:30:d4:1b:72:
                    88:5e:68:b9:e8:67:20:1a:35:b0:29:35:15:28:d9:
                    70:42:7f:c8:69:ed:92:6e:a2:83:67:ed:4d:c8:67:
                    54:71:d9:96:39:d8:1e:22:54:be:7f:d5:75:63:ea:
                    93:d8:51:ce:8a:3b:3f:e0:c2:af:d2:5b:25:65:72:
                    23:b7:37:20:94:bd:ab:68:eb:b4:c5:eb:30:fa:ba:
                    d4:cc:e7:95:bb:75:ce:09:2c:a0:f0:36:e3:ad:2a:
                    47:da:fd:3e:2e:87:ec:9c:4b:64:aa:c8:39:49:3b:
                    ea:f7:21:9a:0c:bb:3d:95:ec:53:ab:96:91:3e:b1:
                    bc:af:6a:ae:49:41:ef:8f:85:15:67:32:c9:1e:44:
                    22:40:dc:4e:99:a2:02:ce:7d:c9:9f:08:af:92:37:
                    6f:d7:ee:85:63:b8:e8:73:67:00:5b:e5:bb:62:d6:
                    9d:38:18:6c:b6:0a:1c:6a:d1:5a:8d:1b:be:80:ce:
                    d3:d4:01:cd:f9:ce:f9:90:53:4c:5e:78:51:dd:a1:
                    1e:b3:62:12:5e:62:3d:83:e5:09:49:71:34:d0:61:
                    90:b6:f4:3d:54:a9:a0:7a:df:38:98:fc:92:74:07:
                    e0:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:9C:06:55:4B:61:79:C6:CF:5B:4A:6E:3D:A3:1E:BD:8E:D0:13:79
            X509v3 Authority Key Identifier:
                keyid:AE:72:E4:7D:56:69:24:99:A7:26:BF:80:0E:A8:38:03:62:DE:B6:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnLkfVZpJJmnJr-ADqg4A2Letr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/XZwGVUthecbPW0puPaMevY7QE3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/6bb471-4a3e-488d-b88c-fe12c75bf4ab/1/rnLkfVZpJJmnJr-ADqg4A2Letr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.216.240.0/20
                  80.86.144.0/20
                  185.182.196.0/22
                  188.125.96.0/19
                IPv6:
                  2a03:5c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:a0:25:a0:28:7c:9b:a8:6c:58:e5:48:e8:a6:76:cb:57:80:
         e4:36:9d:21:4d:2a:63:16:aa:cb:df:ab:fe:8c:c8:da:44:85:
         b8:6c:83:9b:9f:2c:d4:fd:b2:6e:74:66:8b:1a:19:20:0e:a3:
         99:f6:92:63:b7:b3:96:59:11:5f:7c:da:29:d6:87:57:1d:bf:
         74:db:ed:95:e6:44:8d:2a:58:f0:a5:fd:a5:f2:35:97:2d:22:
         0c:86:cb:f5:e9:b0:3a:44:53:f7:ac:82:4f:53:a1:fd:7b:04:
         2e:f3:83:9b:9b:52:e4:a5:f1:a3:e7:12:f6:eb:30:69:d4:4d:
         9f:f0:09:79:a5:c1:98:6b:a0:ab:6b:8d:77:46:fd:72:92:21:
         22:f2:38:a8:84:be:30:86:93:3e:c9:f6:95:82:0e:ea:e3:a5:
         0e:00:23:c0:b7:50:80:10:c7:b3:34:7b:81:c0:db:58:1d:43:
         81:25:80:88:04:ae:6c:b3:56:1d:79:54:f8:b4:6f:dc:25:95:
         cd:45:11:e0:df:c0:45:70:6f:91:ae:be:6c:34:c2:53:e7:59:
         31:45:0b:d8:9c:05:03:1d:30:f4:5a:72:e3:66:80:ad:ed:7f:
         73:03:6a:e3:d3:ec:13:47:1e:51:ad:b0:7e:15:13:27:08:08:
         d0:34:03:2a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYtbrXQwq3hEKgrxA1jegQmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNzJlNDdkNTY2OTI0OTlhNzI2YmY4MDBlYTgzODAzNjJk
ZWI2YmUwHhcNMjMxMDIzMDgzNjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDljMDY1NTRiNjE3OWM2Y2Y1YjRhNmUzZGEzMWViZDhlZDAxMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5vfEs0/Fm1hBHsJKZtITeZhUUEm
qWcP3zDUG3KIXmi56GcgGjWwKTUVKNlwQn/Iae2SbqKDZ+1NyGdUcdmWOdgeIlS+
f9V1Y+qT2FHOijs/4MKv0lslZXIjtzcglL2raOu0xesw+rrUzOeVu3XOCSyg8Dbj
rSpH2v0+LofsnEtkqsg5STvq9yGaDLs9lexTq5aRPrG8r2quSUHvj4UVZzLJHkQi
QNxOmaICzn3Jnwivkjdv1+6FY7joc2cAW+W7YtadOBhstgocatFajRu+gM7T1AHN
+c75kFNMXnhR3aEes2ISXmI9g+UJSXE00GGQtvQ9VKmget84mPySdAfgAQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFF2cBlVLYXnGz1tKbj2jHr2O0BN5MB8GA1UdIwQY
MBaAFK5y5H1WaSSZpya/gA6oOANi3ra+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5Ma2ZWWnBKSm1uSnItQURxZzRBMkxldHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS82YmI0NzEtNGEzZS00ODhkLWI4OGMt
ZmUxMmM3NWJmNGFiLzEvWFp3R1ZVdGhlY2JQVzBwdVBhTWV2WTdRRTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS82YmI0NzEtNGEzZS00ODhkLWI4OGMtZmUxMmM3NWJmNGFi
LzEvcm5Ma2ZWWnBKSm1uSnItQURxZzRBMkxldHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEH9jwAwQE
UFaQAwQCubbEAwQFvH1gMA0EAgACMAcDBQAqA1wAMA0GCSqGSIb3DQEBCwUAA4IB
AQBGoCWgKHybqGxY5UjopnbLV4DkNp0hTSpjFqrL36v+jMjaRIW4bIObnyzU/bJu
dGaLGhkgDqOZ9pJjt7OWWRFffNop1odXHb902+2V5kSNKljwpf2l8jWXLSIMhsv1
6bA6RFP3rIJPU6H9ewQu84Obm1LkpfGj5xL26zBp1E2f8Al5pcGYa6Cra413Rv1y
kiEi8jiohL4whpM+yfaVgg7q46UOACPAt1CAEMezNHuBwNtYHUOBJYCIBK5ss1Yd
eVT4tG/cJZXNRRHg38BFcG+Rrr5sNMJT51kxRQvYnAUDHTD0WnLjZoCt7X9zA2rj
0+wTRx5RrbB+FRMnCAjQNAMq
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:31 2024 by rpki-client on console-fra.rpki-client.org