Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/1-ED3z4tHf7SZLfUsDnp41serm8w.roa
File:                     1-ED3z4tHf7SZLfUsDnp41serm8w.roa (raw, json)
Hash identifier:          pNykPNppiGJLu3Z1J/LEFiqLZnSOuy88Rg9/39XlEms=
Subject key identifier:   F8:40:F7:CF:8B:47:7F:B4:99:2D:F5:2C:0E:7A:78:D6:C7:AB:9B:CC
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       01872D29D6E2A7438687E718726D7D37E8EE
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/1-ED3z4tHf7SZLfUsDnp41serm8w.roa
Signing time:             Wed 29 Mar 2023 11:38:49 +0000
ROA not before:           Wed 29 Mar 2023 11:38:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     12716
IP address blocks:        151.251.254.0/24 maxlen: 24
                          151.251.255.0/24 maxlen: 24
                          37.63.96.0/22 maxlen: 24
                          83.97.30.0/24 maxlen: 24
                          84.252.40.0/23 maxlen: 23
                          151.251.240.0/24 maxlen: 24
                          151.251.238.0/24 maxlen: 24
                          151.251.239.0/24 maxlen: 24
                          151.251.245.0/24 maxlen: 24
                          151.251.240.0/20 maxlen: 20
                          151.251.243.0/24 maxlen: 24
                          151.251.246.0/24 maxlen: 24
                          151.251.241.0/24 maxlen: 24
                          151.251.244.0/24 maxlen: 24
                          151.251.242.0/24 maxlen: 24
                          151.251.253.0/24 maxlen: 24
                          151.251.248.0/24 maxlen: 24
                          151.251.251.0/24 maxlen: 24
                          151.251.249.0/24 maxlen: 24
                          151.251.252.0/24 maxlen: 24
                          151.251.247.0/24 maxlen: 24
                          151.251.250.0/24 maxlen: 24
                          89.215.62.0/23 maxlen: 23
                          151.251.44.0/22 maxlen: 22
                          151.251.68.0/22 maxlen: 22
                          185.224.160.0/23 maxlen: 23
                          37.63.0.0/20 maxlen: 20
                          37.63.16.0/22 maxlen: 22
                          37.63.20.0/22 maxlen: 24
                          37.63.24.0/22 maxlen: 22
                          62.204.154.0/23 maxlen: 23
                          151.251.121.0/24 maxlen: 24
                          85.118.64.0/22 maxlen: 22
                          85.118.71.0/24 maxlen: 24
                          85.118.68.0/23 maxlen: 24
                          213.226.17.0/24 maxlen: 24
                          85.118.70.0/24 maxlen: 24
                          85.118.76.0/22 maxlen: 22
                          85.118.74.0/24 maxlen: 24
                          85.118.72.0/23 maxlen: 23
                          213.226.19.0/24 maxlen: 24
                          185.151.156.0/22 maxlen: 22
                          85.118.84.0/24 maxlen: 24
                          85.118.80.0/22 maxlen: 22
                          213.226.36.0/24 maxlen: 24
                          85.118.92.0/24 maxlen: 24
                          85.118.93.0/24 maxlen: 24
                          213.226.40.0/24 maxlen: 24
                          213.226.51.0/24 maxlen: 24
                          213.226.57.0/24 maxlen: 24
                          213.226.56.0/24 maxlen: 24
                          213.226.63.0/24 maxlen: 24
                          213.226.59.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 30 Mar 2023 10:43:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:2d:29:d6:e2:a7:43:86:87:e7:18:72:6d:7d:37:e8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Mar 29 11:38:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f840f7cf8b477fb4992df52c0e7a78d6c7ab9bcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:02:8a:dd:7e:6a:e6:b4:46:15:4c:a6:d5:16:
                    79:8f:c3:25:a9:a5:84:81:43:16:3c:c1:31:f6:e8:
                    85:22:b2:00:3d:ee:e5:2f:56:3d:a5:7a:26:fe:39:
                    89:21:24:03:af:c1:e8:70:6a:09:ca:c8:8c:87:15:
                    2c:f0:60:0f:31:50:55:e5:c9:00:97:ee:a8:01:ab:
                    32:b2:a9:2d:87:12:c2:41:6b:6c:be:85:1e:b9:17:
                    07:e7:a4:bc:ba:b6:64:c7:af:25:b9:84:f7:1b:f5:
                    4a:74:eb:16:36:c0:f3:2e:9e:8c:31:e2:49:af:58:
                    45:52:4b:94:db:22:fd:24:79:a8:e6:db:9e:b3:43:
                    de:00:e9:e3:f7:3f:01:9e:1b:fc:e7:be:eb:cd:e3:
                    eb:25:7d:61:68:a7:e1:22:26:68:bf:76:11:ed:64:
                    cb:9b:5e:ea:5d:9f:a3:aa:a3:00:d0:41:96:f8:97:
                    1e:36:25:e9:6d:c0:53:1c:a0:38:8e:8c:6c:46:65:
                    76:ed:96:3a:d9:4a:c0:85:2b:04:2b:da:8b:86:f7:
                    27:ad:e5:dc:fb:13:19:ff:97:9d:94:53:4a:7b:09:
                    7d:00:28:4c:5d:a5:72:8d:03:8c:9d:bc:fe:dd:81:
                    44:82:94:2a:f3:ac:8e:11:c6:3b:0f:91:b1:b5:9e:
                    70:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:40:F7:CF:8B:47:7F:B4:99:2D:F5:2C:0E:7A:78:D6:C7:AB:9B:CC
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/1-ED3z4tHf7SZLfUsDnp41serm8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.63.0.0-37.63.27.255
                  37.63.96.0/22
                  62.204.154.0/23
                  83.97.30.0/24
                  84.252.40.0/23
                  85.118.64.0-85.118.74.255
                  85.118.76.0-85.118.84.255
                  85.118.92.0/23
                  89.215.62.0/23
                  151.251.44.0/22
                  151.251.68.0/22
                  151.251.121.0/24
                  151.251.238.0-151.251.255.255
                  185.151.156.0/22
                  185.224.160.0/23
                  213.226.17.0/24
                  213.226.19.0/24
                  213.226.36.0/24
                  213.226.40.0/24
                  213.226.51.0/24
                  213.226.56.0/23
                  213.226.59.0/24
                  213.226.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:46:c1:1b:91:ad:e5:88:de:3b:88:eb:ef:63:70:12:7f:9a:
         20:66:20:46:3e:1c:c0:cf:d4:05:10:21:a3:6e:67:6f:c0:9a:
         72:ec:63:4a:8e:12:f8:af:8b:d6:52:4c:7f:36:54:3a:3f:1e:
         dc:50:8d:40:4a:8e:00:e6:c4:17:98:62:5e:7f:26:c0:fc:63:
         8b:db:28:37:26:78:90:3c:a9:94:7e:61:b4:3d:45:21:dc:8f:
         b6:3f:f4:2e:f0:af:6f:e3:9c:fa:97:23:d6:30:3b:40:5a:53:
         aa:0d:bc:21:6b:c2:2d:9c:8f:9e:7e:43:06:3c:1a:d2:9e:a8:
         5a:a8:8b:2a:cd:02:23:c3:7d:69:89:26:30:1f:fc:fc:b8:17:
         b1:33:6c:9d:d4:5d:4d:58:70:6a:cf:b9:ba:1a:ae:70:0d:3c:
         e0:f0:a4:8d:f5:b9:40:72:bc:d8:c6:8f:5b:c8:67:59:7b:80:
         23:a5:23:39:fe:24:8f:48:e9:31:aa:00:51:da:70:78:f6:e1:
         cc:6a:7a:e9:e3:8d:bb:8e:f2:e9:b2:4a:b5:6c:4e:5b:41:52:
         31:7a:33:91:80:48:a1:96:e5:f9:0f:31:02:fc:9f:75:29:d5:
         d6:be:42:36:4f:a6:5c:0c:2c:3f:ba:b4:08:f5:fa:a0:ec:b9:
         3c:5f:86:f0
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgISAYctKdbip0OGh+cYcm19N+juMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjMwMzI5MTEzODQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODQwZjdjZjhiNDc3ZmI0OTkyZGY1MmMwZTdhNzhkNmM3YWI5YmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggKK3X5q5rRGFUym1RZ5j8MlqaWE
gUMWPMEx9uiFIrIAPe7lL1Y9pXom/jmJISQDr8HocGoJysiMhxUs8GAPMVBV5ckA
l+6oAasysqkthxLCQWtsvoUeuRcH56S8urZkx68luYT3G/VKdOsWNsDzLp6MMeJJ
r1hFUkuU2yL9JHmo5tues0PeAOnj9z8Bnhv8577rzePrJX1haKfhIiZov3YR7WTL
m17qXZ+jqqMA0EGW+JceNiXpbcBTHKA4joxsRmV27ZY62UrAhSsEK9qLhvcnreXc
+xMZ/5edlFNKewl9AChMXaVyjQOMnbz+3YFEgpQq86yOEcY7D5GxtZ5w7wIDAQAB
o4ICsTCCAq0wHQYDVR0OBBYEFPhA98+LR3+0mS31LA56eNbHq5vMMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvMS1FRDN6NHRIZjdTWkxmVXNEbnA0MXNlcm04dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDkvNTQxYzA1LThkN2QtNDJiOC1hYjAwLTdmYmJhZTZmOTQz
Ny8xL0JVak8zeGNDbnRtS0VJRVR4c0VKN0t6Tmd1dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCBxQYIKwYBBQUHAQcBAf8EgbUwgbIwga8EAgABMIGoMAsD
AwAlPwMEAiU/GAMEAiU/YAMEAT7MmgMEAFNhHgMEAVT8KDAMAwQGVXZAAwQAVXZK
MAwDBAJVdkwDBABVdlQDBAFVdlwDBAFZ1z4DBAKX+ywDBAKX+0QDBACX+3kwCwME
AZf77gMDApf4AwQCuZecAwQBueCgAwQA1eIRAwQA1eITAwQA1eIkAwQA1eIoAwQA
1eIzAwQB1eI4AwQA1eI7AwQA1eI/MA0GCSqGSIb3DQEBCwUAA4IBAQAPRsEbka3l
iN47iOvvY3ASf5ogZiBGPhzAz9QFECGjbmdvwJpy7GNKjhL4r4vWUkx/NlQ6Px7c
UI1ASo4A5sQXmGJefybA/GOL2yg3JniQPKmUfmG0PUUh3I+2P/Qu8K9v45z6lyPW
MDtAWlOqDbwha8ItnI+efkMGPBrSnqhaqIsqzQIjw31piSYwH/z8uBexM2yd1F1N
WHBqz7m6Gq5wDTzg8KSN9blAcrzYxo9byGdZe4AjpSM5/iSPSOkxqgBR2nB49uHM
anrp4427jvLpskq1bE5bQVIxejORgEihluX5DzEC/J91KdXWvkI2T6ZcDCw/urQI
9fqg7Lk8X4bw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:51 2024 by rpki-client on console-ams.rpki-client.org