Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/1RdSM9kM0J2KwyyW_7f_p25nz2o.roa
File:                     1RdSM9kM0J2KwyyW_7f_p25nz2o.roa (raw, json)
Hash identifier:          iIazIeVmb6bBM5Bz9qEdOQblpHE7psm2+E7gqpx7JbE=
Subject key identifier:   D5:17:52:33:D9:0C:D0:9D:8A:C3:2C:96:FF:B7:FF:A7:6E:67:CF:6A
Certificate issuer:       /CN=cfeace714c29568ef197007b141d12758cc415d5
Certificate serial:       018A3B38E6C594FD006172238206A93AB62E
Authority key identifier: CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/1RdSM9kM0J2KwyyW_7f_p25nz2o.roa
Signing time:             Mon 28 Aug 2023 08:18:19 +0000
ROA not before:           Mon 28 Aug 2023 08:18:19 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1299
IP address blocks:        185.224.56.0/22 maxlen: 24
                          185.57.168.0/22 maxlen: 24
                          185.56.212.0/22 maxlen: 24
                          84.19.128.0/20 maxlen: 24
                          91.192.252.0/22 maxlen: 24
                          91.224.36.0/23 maxlen: 24
                          193.41.118.0/23 maxlen: 24
                          84.19.144.0/21 maxlen: 24
                          185.114.104.0/22 maxlen: 24
                          188.65.152.0/21 maxlen: 24
                          193.254.192.0/23 maxlen: 24
                          45.137.208.0/22 maxlen: 24
                          81.201.208.0/20 maxlen: 24
                          2a0b:fd80::/32 maxlen: 48
                          2a02:5120::/32 maxlen: 48
                          2a00:e900::/29 maxlen: 48
                          2a01:4400::/32 maxlen: 48
                          2a0b:fd82::/32 maxlen: 48
                          2a0b:fd81::/32 maxlen: 48
                          2a0b:fd87::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:3b:38:e6:c5:94:fd:00:61:72:23:82:06:a9:3a:b6:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfeace714c29568ef197007b141d12758cc415d5
        Validity
            Not Before: Aug 28 08:18:19 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d5175233d90cd09d8ac32c96ffb7ffa76e67cf6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:7f:56:79:7e:ae:6e:71:e6:0a:e7:cc:35:b4:
                    0a:89:13:ca:c4:f5:ba:f1:87:1f:a5:2b:ca:c3:0c:
                    63:0e:11:a1:e0:8f:e6:4b:a6:bb:74:f3:56:73:b5:
                    fb:38:84:15:73:86:20:8c:95:25:81:33:ca:8d:46:
                    aa:00:39:06:56:67:f8:57:0c:71:46:62:05:7b:e1:
                    37:c6:e5:f1:6d:e1:6f:ec:42:b5:39:ac:ad:64:0b:
                    d9:37:c6:c4:fe:30:dc:f8:1a:a3:94:7c:89:86:aa:
                    3d:f2:67:4a:9f:6f:0a:8a:d5:91:8a:b1:4f:ae:a7:
                    ee:41:6b:cd:2b:70:9a:79:72:88:85:e3:c5:18:2b:
                    cb:52:a7:56:4e:90:f4:ed:33:82:6b:71:7d:0b:0a:
                    2f:5a:f8:4e:5a:6b:7a:72:c5:ff:4a:9f:e8:98:85:
                    b7:7d:12:7a:3d:7d:95:af:89:2a:30:b0:e5:4b:9a:
                    d0:97:e0:dd:9d:0c:09:66:84:90:39:82:99:9b:21:
                    16:61:3e:07:4f:ac:29:7f:ad:00:ac:f4:e7:22:d5:
                    be:e3:e1:43:ea:c6:c4:9b:77:a1:b7:b4:aa:68:2f:
                    20:b6:32:e2:84:c1:c9:ce:86:ae:fd:b0:84:91:b5:
                    0a:1e:a0:45:6f:8d:71:83:6f:57:82:d5:39:99:e5:
                    dd:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:17:52:33:D9:0C:D0:9D:8A:C3:2C:96:FF:B7:FF:A7:6E:67:CF:6A
            X509v3 Authority Key Identifier:
                keyid:CF:EA:CE:71:4C:29:56:8E:F1:97:00:7B:14:1D:12:75:8C:C4:15:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z-rOcUwpVo7xlwB7FB0SdYzEFdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/1RdSM9kM0J2KwyyW_7f_p25nz2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/fc1bef-e72b-4a45-9463-8fd394b5357c/1/z-rOcUwpVo7xlwB7FB0SdYzEFdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.208.0/22
                  81.201.208.0/20
                  84.19.128.0-84.19.151.255
                  91.192.252.0/22
                  91.224.36.0/23
                  185.56.212.0/22
                  185.57.168.0/22
                  185.114.104.0/22
                  185.224.56.0/22
                  188.65.152.0/21
                  193.41.118.0/23
                  193.254.192.0/23
                IPv6:
                  2a00:e900::/29
                  2a01:4400::/32
                  2a02:5120::/32
                  2a0b:fd80::-2a0b:fd82:ffff:ffff:ffff:ffff:ffff:ffff
                  2a0b:fd87::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:ac:ae:a4:8e:e7:e7:92:6d:2e:26:4a:fb:f4:f6:7c:9c:4e:
         75:da:a7:a8:ab:af:c6:2f:25:0e:3f:46:92:18:b0:57:39:23:
         f6:97:05:93:45:67:96:4f:bc:51:d0:b4:b7:e5:47:7b:99:8b:
         dd:8d:21:e3:71:58:87:11:6e:99:88:69:c5:48:93:f2:c9:4d:
         0e:2f:d5:b2:20:fd:ff:88:5c:25:2f:32:ef:14:ce:5e:8c:a3:
         1e:eb:39:61:2e:07:77:70:dc:4b:cf:fe:b2:9c:96:0e:41:66:
         bb:25:12:50:ed:c5:21:fe:50:ff:e1:62:0f:ce:5e:82:0b:7f:
         c0:25:92:5c:f2:7a:3a:fc:20:81:e2:70:ee:d8:fa:5e:12:17:
         7b:3a:ef:1f:43:71:8c:41:cb:87:20:f7:29:37:4c:f3:47:39:
         e0:2d:63:34:b7:8a:55:29:47:63:c5:8a:32:47:b4:9e:39:00:
         0a:76:08:8d:70:fa:05:07:7b:d4:c9:cb:42:05:0d:55:19:ee:
         5d:43:d2:2b:ff:b9:67:97:b0:4a:7a:8e:53:7f:99:66:dd:32:
         72:11:7b:97:19:2a:64:91:20:b6:d8:dc:0b:6a:52:b6:32:fa:
         86:08:5e:1b:03:91:eb:45:0e:bf:3f:72:e4:49:c2:ff:e9:45:
         9c:ab:ca:c1
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYo7OObFlP0AYXIjggapOrYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZWFjZTcxNGMyOTU2OGVmMTk3MDA3YjE0MWQxMjc1OGNj
NDE1ZDUwHhcNMjMwODI4MDgxODE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTE3NTIzM2Q5MGNkMDlkOGFjMzJjOTZmZmI3ZmZhNzZlNjdjZjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkH9WeX6ubnHmCufMNbQKiRPKxPW6
8YcfpSvKwwxjDhGh4I/mS6a7dPNWc7X7OIQVc4YgjJUlgTPKjUaqADkGVmf4Vwxx
RmIFe+E3xuXxbeFv7EK1OaytZAvZN8bE/jDc+BqjlHyJhqo98mdKn28KitWRirFP
rqfuQWvNK3CaeXKIhePFGCvLUqdWTpD07TOCa3F9CwovWvhOWmt6csX/Sp/omIW3
fRJ6PX2Vr4kqMLDlS5rQl+DdnQwJZoSQOYKZmyEWYT4HT6wpf60ArPTnItW+4+FD
6sbEm3eht7SqaC8gtjLihMHJzoau/bCEkbUKHqBFb41xg29XgtU5meXdPwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFNUXUjPZDNCdisMslv+3/6duZ89qMB8GA1UdIwQY
MBaAFM/qznFMKVaO8ZcAexQdEnWMxBXVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMt
OGZkMzk0YjUzNTdjLzEvMVJkU005a00wSjJLd3l5V183Zl9wMjVuejJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9mYzFiZWYtZTcyYi00YTQ1LTk0NjMtOGZkMzk0YjUzNTdj
LzEvei1yT2NVd3BWbzd4bHdCN0ZCMFNkWXpFRmRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDBWBAIAATBQAwQCLYnQ
AwQEUcnQMAwDBAdUE4ADBANUE5ADBAJbwPwDBAFb4CQDBAK5ONQDBAK5OagDBAK5
cmgDBAK54DgDBAO8QZgDBAHBKXYDBAHB/sAwMgQCAAIwLAMFAyoA6QADBQAqAUQA
AwUAKgJRIDAOAwUHKgv9gAMFACoL/YIDBQAqC/2HMA0GCSqGSIb3DQEBCwUAA4IB
AQBnrK6kjufnkm0uJkr79PZ8nE512qeoq6/GLyUOP0aSGLBXOSP2lwWTRWeWT7xR
0LS35Ud7mYvdjSHjcViHEW6ZiGnFSJPyyU0OL9WyIP3/iFwlLzLvFM5ejKMe6zlh
Lgd3cNxLz/6ynJYOQWa7JRJQ7cUh/lD/4WIPzl6CC3/AJZJc8no6/CCB4nDu2Ppe
Ehd7Ou8fQ3GMQcuHIPcpN0zzRzngLWM0t4pVKUdjxYoyR7SeOQAKdgiNcPoFB3vU
yctCBQ1VGe5dQ9Ir/7lnl7BKeo5Tf5lm3TJyEXuXGSpkkSC22NwLalK2MvqGCF4b
A5HrRQ6/P3LkScL/6UWcq8rB
-----END CERTIFICATE-----
Generated at Tue Jan 2 16:36:33 2024 by rpki-client on console.sobornost.net