Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/OM05qugV7UJXOdbDd4zzSwgzm3E.roa
File:                     OM05qugV7UJXOdbDd4zzSwgzm3E.roa (raw, json)
Hash identifier:          JzhuqLzawm2CiyFBEJ6L29meuAWwkeNseQOiaQfEESY=
Subject key identifier:   38:CD:39:AA:E8:15:ED:42:57:39:D6:C3:77:8C:F3:4B:08:33:9B:71
Certificate issuer:       /CN=066369e2705cb433db0658ab666d08b67b1551dc
Certificate serial:       01856F1D9FD69714C29883C744858C30AF73
Authority key identifier: 06:63:69:E2:70:5C:B4:33:DB:06:58:AB:66:6D:08:B6:7B:15:51:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BmNp4nBctDPbBlirZm0ItnsVUdw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/OM05qugV7UJXOdbDd4zzSwgzm3E.roa
Signing time:             Sun 01 Jan 2023 20:54:50 +0000
ROA not before:           Sun 01 Jan 2023 20:54:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     197308
IP address blocks:        193.108.4.0/24 maxlen: 24
                          193.108.2.0/23 maxlen: 23
                          193.108.0.0/24 maxlen: 24
                          193.108.1.0/24 maxlen: 24
                          193.108.6.0/24 maxlen: 24
                          193.108.5.0/24 maxlen: 24
                          213.180.64.0/19 maxlen: 19
                          81.91.0.0/20 maxlen: 20
                          5.179.112.0/21 maxlen: 21
                          176.57.88.0/22 maxlen: 22
                          185.27.240.0/22 maxlen: 22
                          185.21.144.0/22 maxlen: 22
                          31.216.32.0/21 maxlen: 21
                          2a03:2f80::/32 maxlen: 32
                          2a00:5860::/32 maxlen: 32

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:1d:9f:d6:97:14:c2:98:83:c7:44:85:8c:30:af:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=066369e2705cb433db0658ab666d08b67b1551dc
        Validity
            Not Before: Jan  1 20:54:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=38cd39aae815ed425739d6c3778cf34b08339b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ef:a9:f9:dd:1b:b1:43:96:43:f3:3d:dd:dd:
                    3b:66:54:1a:86:b1:21:33:c7:01:e0:18:a0:33:5c:
                    49:bf:4d:47:81:b6:19:b8:9a:10:5f:70:6a:92:73:
                    01:8f:fe:85:6a:36:6d:98:39:c7:a6:75:7d:72:04:
                    2c:6a:af:49:0d:21:97:34:f5:8f:64:b5:b7:2c:5a:
                    43:51:c2:e9:82:ae:33:07:1f:ba:9a:14:15:a7:18:
                    ff:1d:b0:a3:a7:7a:f8:d7:61:fc:cb:d9:12:71:1a:
                    b1:28:c9:63:df:93:36:bc:9e:59:8a:f0:88:23:b3:
                    ee:3e:49:79:e0:05:0d:05:aa:25:b8:78:46:b6:b8:
                    bd:10:22:f4:24:62:e6:a1:42:f1:29:e8:68:20:fe:
                    7d:96:31:52:6b:bb:18:ad:00:c6:06:8f:2a:40:09:
                    3c:9d:7d:bb:2c:9b:f6:b7:a1:eb:77:23:0e:51:fa:
                    cd:2f:19:a3:74:9d:0e:9c:fa:6f:5d:fa:b1:29:27:
                    2f:6a:56:59:ee:cd:27:e9:b1:41:a4:b7:59:2c:19:
                    90:49:b5:d0:69:9f:b5:54:53:d9:8b:47:6c:bd:55:
                    50:96:2c:82:5b:94:cc:20:a1:21:e5:96:b1:c8:d2:
                    d6:f3:7f:fe:bd:e5:ab:01:67:18:fb:05:64:9d:97:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:CD:39:AA:E8:15:ED:42:57:39:D6:C3:77:8C:F3:4B:08:33:9B:71
            X509v3 Authority Key Identifier:
                keyid:06:63:69:E2:70:5C:B4:33:DB:06:58:AB:66:6D:08:B6:7B:15:51:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BmNp4nBctDPbBlirZm0ItnsVUdw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/OM05qugV7UJXOdbDd4zzSwgzm3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/64e49a-5fe1-45c2-8310-34a9e98a5f86/1/BmNp4nBctDPbBlirZm0ItnsVUdw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.179.112.0/21
                  31.216.32.0/21
                  81.91.0.0/20
                  176.57.88.0/22
                  185.21.144.0/22
                  185.27.240.0/22
                  193.108.0.0-193.108.6.255
                  213.180.64.0/19
                IPv6:
                  2a00:5860::/32
                  2a03:2f80::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:9e:90:22:93:d3:65:44:75:1b:6d:e3:f9:4a:e7:05:5f:c7:
         78:fd:ce:8b:25:05:18:8e:fc:0c:5f:33:8f:5d:fc:cd:04:85:
         8a:25:6a:f1:43:6d:aa:d0:0f:b5:b7:2a:fc:dc:1a:df:a1:da:
         d5:81:f6:4f:2e:62:25:43:c2:06:12:55:be:2d:52:41:3b:a5:
         40:88:31:62:19:85:6a:db:1b:50:5a:04:47:c5:8b:bf:cb:67:
         e6:aa:f9:fc:fb:df:b9:1b:60:5d:e7:47:9e:e1:89:b9:16:f1:
         29:7a:94:b4:7d:d7:11:b6:4e:db:fb:71:0e:bd:3f:34:75:48:
         c6:f5:45:82:8c:5f:91:16:2d:d6:74:4b:f6:3b:8c:71:d2:9a:
         e7:92:c5:13:b7:ac:c7:64:d6:99:04:8d:c3:ce:f3:fd:b6:85:
         e0:25:8c:33:a1:79:0c:24:90:07:e3:9d:a9:fe:29:57:2a:bb:
         87:81:a2:ad:11:6f:38:e4:58:3a:b0:19:39:35:3f:83:15:b5:
         b8:d3:f1:79:90:f6:1f:16:c2:67:b5:f9:57:48:4a:89:85:0a:
         e5:7f:6c:bd:79:e2:0a:08:b8:91:72:4b:86:af:00:9f:4d:31:
         e9:29:77:97:ac:3d:42:5e:b7:7d:8c:4c:f9:c8:c1:25:e5:78:
         91:12:01:cb
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAYVvHZ/WlxTCmIPHRIWMMK9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NjM2OWUyNzA1Y2I0MzNkYjA2NThhYjY2NmQwOGI2N2Ix
NTUxZGMwHhcNMjMwMTAxMjA1NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGNkMzlhYWU4MTVlZDQyNTczOWQ2YzM3NzhjZjM0YjA4MzM5YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne+p+d0bsUOWQ/M93d07ZlQahrEh
M8cB4BigM1xJv01HgbYZuJoQX3BqknMBj/6FajZtmDnHpnV9cgQsaq9JDSGXNPWP
ZLW3LFpDUcLpgq4zBx+6mhQVpxj/HbCjp3r412H8y9kScRqxKMlj35M2vJ5ZivCI
I7PuPkl54AUNBaoluHhGtri9ECL0JGLmoULxKehoIP59ljFSa7sYrQDGBo8qQAk8
nX27LJv2t6HrdyMOUfrNLxmjdJ0OnPpvXfqxKScvalZZ7s0n6bFBpLdZLBmQSbXQ
aZ+1VFPZi0dsvVVQliyCW5TMIKEh5ZaxyNLW83/+veWrAWcY+wVknZcAmQIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFDjNOaroFe1CVznWw3eM80sIM5txMB8GA1UdIwQY
MBaAFAZjaeJwXLQz2wZYq2ZtCLZ7FVHcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm1OcDRuQmN0RFBiQmxpclptMEl0bnNWVWR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC82NGU0OWEtNWZlMS00NWMyLTgzMTAt
MzRhOWU5OGE1Zjg2LzEvT00wNXF1Z1Y3VUpYT2RiRGQ0enpTd2d6bTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC82NGU0OWEtNWZlMS00NWMyLTgzMTAtMzRhOWU5OGE1Zjg2
LzEvQm1OcDRuQmN0RFBiQmxpclptMEl0bnNWVWR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTA9BAIAATA3AwQDBbNwAwQD
H9ggAwQEUVsAAwQCsDlYAwQCuRWQAwQCuRvwMAsDAwLBbAMEAMFsBgMEBdW0QDAU
BAIAAjAOAwUAKgBYYAMFACoDL4AwDQYJKoZIhvcNAQELBQADggEBACWekCKT02VE
dRtt4/lK5wVfx3j9zoslBRiO/AxfM49d/M0EhYolavFDbarQD7W3KvzcGt+h2tWB
9k8uYiVDwgYSVb4tUkE7pUCIMWIZhWrbG1BaBEfFi7/LZ+aq+fz737kbYF3nR57h
ibkW8Sl6lLR91xG2Ttv7cQ69PzR1SMb1RYKMX5EWLdZ0S/Y7jHHSmueSxRO3rMdk
1pkEjcPO8/22heAljDOheQwkkAfjnan+KVcqu4eBoq0RbzjkWDqwGTk1P4MVtbjT
8XmQ9h8Wwme1+VdISomFCuV/bL154goIuJFyS4avAJ9NMekpd5esPUJet32MTPnI
wSXleJESAcs=
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:39:58 2024 by rpki-client on console-ams.rpki-client.org