Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/CkTPUEcGgm_uTbCqV8MSLu3O9lQ.roa
File:                     CkTPUEcGgm_uTbCqV8MSLu3O9lQ.roa (raw, json)
Hash identifier:          qcmchrDX+2hocs7jNgUdKZ1THNSZCVg19jCnILAziaM=
Subject key identifier:   0A:44:CF:50:47:06:82:6F:EE:4D:B0:AA:57:C3:12:2E:ED:CE:F6:54
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018BA4EC5E1AC3F596CD8B2E3A7FC6AD8D04
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/CkTPUEcGgm_uTbCqV8MSLu3O9lQ.roa
Signing time:             Mon 06 Nov 2023 13:57:15 +0000
ROA not before:           Mon 06 Nov 2023 13:57:15 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          104.247.189.0/24 maxlen: 24
                          104.247.188.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 18 Dec 2023 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a4:ec:5e:1a:c3:f5:96:cd:8b:2e:3a:7f:c6:ad:8d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Nov  6 13:57:15 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0a44cf504706826fee4db0aa57c3122eedcef654
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3d:80:0f:52:42:54:96:d1:07:c0:b4:3f:b5:
                    d2:f0:2f:9b:70:d9:26:0a:7b:4a:cc:14:19:d1:b4:
                    6b:8e:b4:5e:88:e3:ee:1c:c4:e5:cc:a6:ef:3d:3a:
                    70:97:b0:0a:63:b7:3f:8b:d2:63:0d:f0:9a:ed:20:
                    00:16:a4:39:74:fb:43:e0:a1:32:7d:fe:5f:5f:5e:
                    85:2c:85:d3:22:07:53:7d:ba:71:2f:b7:a7:da:67:
                    df:ff:97:26:bd:36:7c:b7:2e:3a:96:a7:da:c6:d6:
                    35:60:89:c6:0b:07:58:7c:f5:6a:2a:35:90:7c:ae:
                    5f:c8:e4:fe:a7:50:b2:62:80:6b:db:28:e5:40:14:
                    fc:2e:1b:b7:ba:9f:ea:a0:2a:e9:3e:6b:d3:fd:1a:
                    20:e5:52:62:5b:0e:20:f9:0a:67:2f:2d:af:1e:11:
                    72:23:7e:f4:a3:1c:1f:da:14:c9:7a:ff:84:8b:36:
                    8b:5a:bd:c9:97:4e:17:06:f9:4e:47:dd:1d:ce:18:
                    b2:ca:66:1e:80:fe:15:b6:59:01:97:99:28:05:ff:
                    2c:b8:29:c9:3b:b7:22:dc:cf:96:82:9a:5b:c5:0b:
                    ad:21:c8:3c:dd:e2:49:75:51:52:f8:2b:63:fd:99:
                    87:5d:3e:ce:6e:d3:99:f3:76:e3:e1:9e:81:67:fb:
                    a1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:44:CF:50:47:06:82:6F:EE:4D:B0:AA:57:C3:12:2E:ED:CE:F6:54
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/CkTPUEcGgm_uTbCqV8MSLu3O9lQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  104.247.184.0-104.247.186.255
                  104.247.188.0/23
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:1b:51:68:15:38:cf:cc:f4:a8:09:fa:09:d4:4a:e5:43:2a:
         75:ec:25:71:42:6b:22:71:11:d9:2c:30:4d:c7:b0:5c:d1:44:
         80:76:d7:1b:4c:35:19:d2:05:51:07:e4:b0:aa:a6:db:9e:1e:
         74:00:7c:7a:62:00:6e:20:a9:15:0d:11:e9:41:d0:8c:0d:ef:
         88:60:32:ad:d9:98:61:c4:a9:02:be:ef:7a:b6:65:e2:05:1d:
         97:c6:b0:af:88:0d:f1:d6:04:27:7a:49:a6:88:ef:95:f1:36:
         38:f8:a2:b9:35:09:22:a5:87:13:d7:2e:ef:3f:25:61:3c:95:
         6a:4a:e7:ed:35:de:84:0e:e6:3c:eb:8a:bf:38:68:a2:91:5a:
         49:01:b1:16:6c:eb:6e:70:c9:70:73:59:c6:7e:93:5b:00:cb:
         40:ab:d8:ed:3d:bf:13:9a:45:e8:b9:a4:06:96:01:d0:fb:42:
         dd:30:b3:1a:bf:db:c7:68:cd:cf:a4:50:cc:74:4f:60:77:78:
         c6:5d:19:64:18:fc:cf:15:c5:95:c6:b7:aa:16:0e:4c:a8:f4:
         21:05:59:c9:72:ca:02:cb:b2:92:b1:d3:5c:fe:24:ad:cb:0f:
         27:3e:07:3c:42:dd:a6:7c:2e:b7:00:8c:11:91:ba:4a:83:c7:
         93:29:fe:dc
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYuk7F4aw/WWzYsuOn/GrY0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjMxMTA2MTM1NzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ0Y2Y1MDQ3MDY4MjZmZWU0ZGIwYWE1N2MzMTIyZWVkY2VmNjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz2AD1JCVJbRB8C0P7XS8C+bcNkm
CntKzBQZ0bRrjrReiOPuHMTlzKbvPTpwl7AKY7c/i9JjDfCa7SAAFqQ5dPtD4KEy
ff5fX16FLIXTIgdTfbpxL7en2mff/5cmvTZ8ty46lqfaxtY1YInGCwdYfPVqKjWQ
fK5fyOT+p1CyYoBr2yjlQBT8Lhu3up/qoCrpPmvT/Rog5VJiWw4g+QpnLy2vHhFy
I370oxwf2hTJev+EizaLWr3Jl04XBvlOR90dzhiyymYegP4VtlkBl5koBf8suCnJ
O7ci3M+WgppbxQutIcg83eJJdVFS+Ctj/ZmHXT7ObtOZ83bj4Z6BZ/uh9wIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFApEz1BHBoJv7k2wqlfDEi7tzvZUMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvQ2tUUFVFY0dnbV91VGJDcVY4TVNMdTNPOWxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzA6BAIAATA0MAwDBAFo96oD
BABo97QDBABo97YwDAMEA2j3uAMEAGj3ugMEAWj3vAMEArlJgAMEALmJ1zANBAIA
AjAHAwUAKgOloDANBgkqhkiG9w0BAQsFAAOCAQEANBtRaBU4z8z0qAn6CdRK5UMq
dewlcUJrInER2SwwTcewXNFEgHbXG0w1GdIFUQfksKqm254edAB8emIAbiCpFQ0R
6UHQjA3viGAyrdmYYcSpAr7verZl4gUdl8awr4gN8dYEJ3pJpojvlfE2OPiiuTUJ
IqWHE9cu7z8lYTyVakrn7TXehA7mPOuKvzhoopFaSQGxFmzrbnDJcHNZxn6TWwDL
QKvY7T2/E5pF6LmkBpYB0PtC3TCzGr/bx2jNz6RQzHRPYHd4xl0ZZBj8zxXFlca3
qhYOTKj0IQVZyXLKAsuykrHTXP4krcsPJz4HPELdpnwutwCMEZG6SoPHkyn+3A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org