Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/Fi5nrdZe42DL0q3fvTqvUqYtQwM.roa
File:                     Fi5nrdZe42DL0q3fvTqvUqYtQwM.roa (raw, json)
Hash identifier:          q+7CE/X+prTDngbCzPKKgatZTI2rUVLmbXMNWVtLg8o=
Subject key identifier:   16:2E:67:AD:D6:5E:E3:60:CB:D2:AD:DF:BD:3A:AF:52:A6:2D:43:03
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       018CC3B6A291C176E6C19DBC9F096729284B
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/Fi5nrdZe42DL0q3fvTqvUqYtQwM.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12599
IP address blocks:        212.64.218.0/24 maxlen: 24
                          212.64.220.0/24 maxlen: 24
                          212.64.192.0/24 maxlen: 24
                          212.64.194.0/24 maxlen: 24
                          212.64.197.0/24 maxlen: 24
                          212.64.198.0/24 maxlen: 24
                          212.64.200.0/24 maxlen: 24
                          212.64.204.0/24 maxlen: 24
                          212.64.203.0/24 maxlen: 24
                          212.64.205.0/24 maxlen: 24
                          212.64.206.0/24 maxlen: 24
                          212.64.209.0/24 maxlen: 24
                          212.64.208.0/24 maxlen: 24
                          212.64.212.0/24 maxlen: 24
                          212.64.207.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 30 Jan 2024 13:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a2:91:c1:76:e6:c1:9d:bc:9f:09:67:29:28:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=162e67add65ee360cbd2addfbd3aaf52a62d4303
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:13:4a:48:0d:00:f0:cb:22:1b:a8:01:d4:39:
                    a9:da:e2:c3:db:55:77:52:91:83:9c:1b:b2:be:00:
                    bd:fb:01:f6:87:ae:df:dc:a8:b9:0f:99:d8:be:c7:
                    c0:2b:77:03:ef:34:b5:3f:14:f9:b1:ff:f6:9d:d3:
                    46:ae:25:69:93:7d:48:47:9d:13:b0:55:f3:f0:a7:
                    24:46:a0:12:ba:d6:1d:ef:42:64:b2:ea:91:b9:0c:
                    c0:b1:43:9e:2d:11:60:00:b1:d9:d6:09:91:59:84:
                    e7:56:ca:7c:57:7f:46:10:35:04:49:de:7a:2f:77:
                    62:83:b9:b5:14:7d:fd:f5:db:f2:77:89:cf:75:8d:
                    67:57:bc:52:55:35:32:2a:02:39:47:5a:77:cd:8a:
                    e6:fa:9b:33:9c:d6:c9:c3:b0:1c:63:d9:48:b1:b8:
                    e0:96:1f:6b:c4:c0:13:bf:27:15:50:4b:ea:51:67:
                    41:52:b2:4a:a0:4c:a4:41:04:f8:3d:4e:22:3b:fe:
                    bb:fc:f9:5a:76:d3:62:ec:62:77:08:0d:16:2c:be:
                    04:65:8a:ee:47:d6:58:cd:8e:7a:a9:06:2a:25:59:
                    3e:26:8d:6a:1a:2f:5f:dc:c9:32:9b:c9:5e:0b:9b:
                    42:3a:c3:95:30:6c:f1:e8:00:30:db:8c:2a:fc:95:
                    0b:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:2E:67:AD:D6:5E:E3:60:CB:D2:AD:DF:BD:3A:AF:52:A6:2D:43:03
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/Fi5nrdZe42DL0q3fvTqvUqYtQwM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.192.0/24
                  212.64.194.0/24
                  212.64.197.0-212.64.198.255
                  212.64.200.0/24
                  212.64.203.0-212.64.209.255
                  212.64.212.0/24
                  212.64.218.0/24
                  212.64.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:a1:c3:3b:a4:03:5d:92:93:c1:1e:28:b0:df:26:00:a7:19:
         6e:a6:d3:6d:0f:af:7e:06:82:53:4d:c3:cf:72:63:7a:ee:f6:
         29:8d:09:e9:eb:b6:d5:c4:2e:15:d6:c3:ff:84:6c:98:12:01:
         5f:3d:7c:cf:ad:ab:1b:60:9a:e5:32:d6:80:33:72:c8:2d:71:
         39:10:4e:d7:2e:3d:6c:f6:12:b9:3f:0b:f2:b5:56:41:57:40:
         ca:39:2d:b4:d8:2f:8f:4c:82:3b:31:48:d2:85:82:28:f9:0c:
         35:62:18:29:3a:6c:22:08:93:2d:73:3d:4d:39:1d:72:ef:4c:
         77:f2:c3:b0:79:c0:28:54:2e:82:31:a3:c4:6a:d1:c0:09:3c:
         92:2b:d3:7b:45:ec:a6:2d:db:0b:31:8b:f7:48:09:ca:0a:ab:
         ed:9d:e8:37:d3:c8:bf:07:9c:32:66:05:13:41:4d:6c:ab:38:
         91:3a:fe:ef:42:64:d3:41:2d:c2:67:69:16:0b:d2:3b:90:c7:
         2c:55:e2:72:c9:ad:af:b8:20:5a:2d:71:bd:43:9e:2e:9e:9d:
         89:64:65:be:7a:a1:96:34:aa:40:16:b8:f6:c1:94:55:0a:4d:
         28:71:20:7f:46:60:00:fe:dc:f7:41:52:7a:7a:88:96:e3:7e:
         fd:97:28:af
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYzDtqKRwXbmwZ28nwlnKShLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjJlNjdhZGQ2NWVlMzYwY2JkMmFkZGZiZDNhYWY1MmE2MmQ0MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RNKSA0A8MsiG6gB1Dmp2uLD21V3
UpGDnBuyvgC9+wH2h67f3Ki5D5nYvsfAK3cD7zS1PxT5sf/2ndNGriVpk31IR50T
sFXz8KckRqASutYd70JksuqRuQzAsUOeLRFgALHZ1gmRWYTnVsp8V39GEDUESd56
L3dig7m1FH399dvyd4nPdY1nV7xSVTUyKgI5R1p3zYrm+psznNbJw7AcY9lIsbjg
lh9rxMATvycVUEvqUWdBUrJKoEykQQT4PU4iO/67/PladtNi7GJ3CA0WLL4EZYru
R9ZYzY56qQYqJVk+Jo1qGi9f3Mkym8leC5tCOsOVMGzx6AAw24wq/JULswIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFBYuZ63WXuNgy9Kt3706r1KmLUMDMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvRmk1bnJkWmU0MkRMMHEzZnZUcXZVcVl0UXdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDBGBAIAATBAAwQA1EDAAwQA
1EDCMAwDBADUQMUDBADUQMYDBADUQMgwDAMEANRAywMEAdRA0AMEANRA1AMEANRA
2gMEANRA3DANBgkqhkiG9w0BAQsFAAOCAQEADaHDO6QDXZKTwR4osN8mAKcZbqbT
bQ+vfgaCU03Dz3Jjeu72KY0J6eu21cQuFdbD/4RsmBIBXz18z62rG2Ca5TLWgDNy
yC1xORBO1y49bPYSuT8L8rVWQVdAyjkttNgvj0yCOzFI0oWCKPkMNWIYKTpsIgiT
LXM9TTkdcu9Md/LDsHnAKFQugjGjxGrRwAk8kivTe0Xspi3bCzGL90gJygqr7Z3o
N9PIvwecMmYFE0FNbKs4kTr+70Jk00EtwmdpFgvSO5DHLFXicsmtr7ggWi1xvUOe
Lp6diWRlvnqhljSqQBa49sGUVQpNKHEgf0ZgAP7c90FSenqIluN+/Zcorw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:14 2024 by rpki-client on console-ams.rpki-client.org