Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Jk_9CURtsmqtAkYWFarw2ROUC5c.roa
File:                     Jk_9CURtsmqtAkYWFarw2ROUC5c.roa (raw, json)
Hash identifier:          Nm28dIYDuOWmfAQyGoUkHZOdb55DABRR/YpE1jeAxis=
Subject key identifier:   26:4F:FD:09:44:6D:B2:6A:AD:02:46:16:15:AA:F0:D9:13:94:0B:97
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018E7FBEA807AC2BAB13C25F8DB38965B081
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Jk_9CURtsmqtAkYWFarw2ROUC5c.roa
Signing time:             Wed 27 Mar 2024 11:49:44 +0000
ROA not before:           Wed 27 Mar 2024 11:49:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        104.247.170.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.181.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.187.0/24 maxlen: 24
                          104.247.188.0/24 maxlen: 24
                          104.247.189.0/24 maxlen: 24
                          104.247.190.0/24 maxlen: 24
                          185.73.128.0/22 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Tue 30 Apr 2024 09:53:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7f:be:a8:07:ac:2b:ab:13:c2:5f:8d:b3:89:65:b0:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Mar 27 11:49:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=264ffd09446db26aad02461615aaf0d913940b97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:4a:9d:85:4b:77:82:7c:f2:51:3b:bd:c5:88:
                    73:e2:41:d6:13:a1:78:5c:59:d5:72:cb:78:33:3d:
                    fb:c5:e7:17:04:04:00:df:28:af:20:91:54:e8:2b:
                    0e:ef:27:78:7c:d7:b2:a1:e6:ad:8f:d3:f9:69:c3:
                    29:c4:5f:eb:e0:78:60:81:43:34:c8:62:67:bd:ab:
                    f6:64:aa:e3:a6:f1:26:51:f5:54:8d:c6:24:75:5e:
                    f9:e3:1b:ad:1b:c5:4a:a4:88:58:4c:eb:db:76:da:
                    60:23:38:5b:37:05:de:f4:a5:44:3a:2d:38:2d:ed:
                    99:60:dc:68:c5:e7:ed:69:df:2f:d0:81:5a:38:fb:
                    be:10:76:16:73:a3:db:0b:30:e4:c7:8c:c7:92:95:
                    66:d2:3e:fc:c4:56:f3:4b:91:45:13:12:5a:6a:f1:
                    49:60:9a:7b:cd:4c:f1:93:e1:f6:16:84:87:41:7d:
                    e8:cc:d0:a5:51:c6:b1:d5:47:6f:43:d9:fc:fe:86:
                    28:41:a8:81:c5:f1:35:71:74:25:49:1a:91:6a:26:
                    ec:32:00:97:09:32:4b:90:0c:7f:10:ea:23:6a:c9:
                    a3:c1:82:8e:2c:95:f7:1f:fc:e6:48:a0:98:77:15:
                    7d:74:e6:d6:87:46:10:b3:17:e0:3d:91:b3:78:7b:
                    18:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:4F:FD:09:44:6D:B2:6A:AD:02:46:16:15:AA:F0:D9:13:94:0B:97
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Jk_9CURtsmqtAkYWFarw2ROUC5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.182.255
                  104.247.184.0-104.247.190.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:ca:91:bf:39:d6:be:d0:19:09:d0:5a:a6:11:de:6d:46:d9:
         62:4e:7b:3e:7d:6a:cf:d4:bf:e2:5c:7c:21:c5:81:b7:25:75:
         2f:2b:e7:5a:2e:e1:90:15:b3:17:0c:cd:3a:74:ad:08:59:5b:
         1e:ca:49:ba:d0:63:e8:5f:f9:81:9c:3b:66:97:c8:f6:98:d2:
         49:e1:ae:02:ab:a6:5f:4b:e9:47:b8:54:da:6f:89:9e:43:61:
         19:70:9c:91:3d:e1:df:b7:f8:fb:fc:c0:de:2e:15:7b:55:fc:
         cc:8e:5f:b2:54:98:23:66:21:b6:6a:21:63:c0:af:0c:66:4c:
         90:ec:70:41:65:a4:99:ea:b3:3c:76:5b:c4:b6:eb:d4:db:52:
         ac:a5:08:e8:70:84:5b:d0:86:7f:b4:14:1e:7a:05:7f:d9:3c:
         9a:a9:66:81:08:c7:9b:b3:b4:64:3b:66:7b:ca:95:81:21:35:
         90:4e:90:be:93:96:97:fa:2d:65:b8:98:ea:f6:fa:63:92:c5:
         7f:dc:a9:b1:8b:b2:8b:31:19:56:56:e3:35:e9:d4:8d:44:c9:
         75:08:ce:ec:1a:58:0d:c9:ef:45:75:c0:01:6d:74:16:c9:54:
         7c:b8:11:3a:14:1e:e4:81:aa:0a:ad:ea:14:dd:1b:5d:cf:6f:
         81:e2:61:25
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAY5/vqgHrCurE8JfjbOJZbCBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQwMzI3MTE0OTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjRmZmQwOTQ0NmRiMjZhYWQwMjQ2MTYxNWFhZjBkOTEzOTQwYjk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7EqdhUt3gnzyUTu9xYhz4kHWE6F4
XFnVcst4Mz37xecXBAQA3yivIJFU6CsO7yd4fNeyoeatj9P5acMpxF/r4HhggUM0
yGJnvav2ZKrjpvEmUfVUjcYkdV754xutG8VKpIhYTOvbdtpgIzhbNwXe9KVEOi04
Le2ZYNxoxeftad8v0IFaOPu+EHYWc6PbCzDkx4zHkpVm0j78xFbzS5FFExJaavFJ
YJp7zUzxk+H2FoSHQX3ozNClUcax1UdvQ9n8/oYoQaiBxfE1cXQlSRqRaibsMgCX
CTJLkAx/EOojasmjwYKOLJX3H/zmSKCYdxV9dObWh0YQsxfgPZGzeHsY+wIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFCZP/QlEbbJqrQJGFhWq8NkTlAuXMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvSmtfOUNVUnRzbXF0QWtZV0ZhcncyUk9VQzVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoMAwDBAFo96oD
BABo97YwDAMEA2j3uAMEAGj3vgMEArlJgAMEALmJ1zANBAIAAjAHAwUAKgOloDAN
BgkqhkiG9w0BAQsFAAOCAQEACsqRvznWvtAZCdBaphHebUbZYk57Pn1qz9S/4lx8
IcWBtyV1LyvnWi7hkBWzFwzNOnStCFlbHspJutBj6F/5gZw7ZpfI9pjSSeGuAqum
X0vpR7hU2m+JnkNhGXCckT3h37f4+/zA3i4Ve1X8zI5fslSYI2YhtmohY8CvDGZM
kOxwQWWkmeqzPHZbxLbr1NtSrKUI6HCEW9CGf7QUHnoFf9k8mqlmgQjHm7O0ZDtm
e8qVgSE1kE6QvpOWl/otZbiY6vb6Y5LFf9ypsYuyizEZVlbjNenUjUTJdQjO7BpY
DcnvRXXAAW10FslUfLgROhQe5IGqCq3qFN0bXc9vgeJhJQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org