Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Mm2lxu7YWT7Pa-wjRpsDGESRBKk.roa
File:                     Mm2lxu7YWT7Pa-wjRpsDGESRBKk.roa (raw, json)
Hash identifier:          JkBV+hT0l4+StY3VAd2SfZdt54Xfi65excqAfmZvKGA=
Subject key identifier:   32:6D:A5:C6:EE:D8:59:3E:CF:6B:EC:23:46:9B:03:18:44:91:04:A9
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018CC500F0DB8A8EA3F89EF215E43AFA28C0
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Mm2lxu7YWT7Pa-wjRpsDGESRBKk.roa
Signing time:             Mon 01 Jan 2024 12:30:22 +0000
ROA not before:           Mon 01 Jan 2024 12:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          104.247.189.0/24 maxlen: 24
                          104.247.188.0/24 maxlen: 24
                          104.247.190.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Sat 23 Mar 2024 19:06:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f0:db:8a:8e:a3:f8:9e:f2:15:e4:3a:fa:28:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Jan  1 12:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=326da5c6eed8593ecf6bec23469b0318449104a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:47:f4:cc:e0:d2:45:79:a2:bb:13:34:02:14:
                    7d:b4:dd:99:03:36:d3:8e:0e:4f:1d:8c:9c:0d:f7:
                    ef:1b:71:1a:d0:d8:3b:f3:20:08:ec:b6:e5:88:1b:
                    e4:be:9a:86:c2:e7:21:e9:60:72:6e:8e:e7:c2:37:
                    01:f8:bb:e8:40:48:0c:1c:0a:27:47:b9:8d:7b:0c:
                    3c:e6:28:a8:c9:2c:6e:ea:26:ba:90:18:de:04:c0:
                    d4:f3:b3:bc:29:33:d9:85:47:a2:7e:b4:40:1b:47:
                    e5:05:75:0c:33:4d:08:1f:75:9c:0a:a8:08:85:73:
                    20:54:17:14:76:0a:45:cb:1c:1e:bb:01:2d:f4:6e:
                    24:a3:00:74:95:5d:8a:06:c1:ac:8d:cb:af:62:9e:
                    90:a7:ee:eb:c2:3d:34:18:34:ab:97:de:23:56:fa:
                    07:32:18:a8:00:36:b3:36:f1:2d:f0:c3:98:0e:0c:
                    7c:03:cc:e8:17:5f:38:26:ff:26:bb:4c:b1:36:43:
                    7d:54:49:74:2c:fd:4a:34:e2:a6:d0:53:12:43:d3:
                    28:c4:79:bd:dd:a7:1a:4e:f0:fd:62:4c:da:d8:5a:
                    dd:97:da:6f:af:24:b7:e5:4a:95:6f:b0:a4:95:1e:
                    64:38:c5:70:3d:9c:8a:ee:95:73:a1:50:ed:90:c0:
                    8d:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:6D:A5:C6:EE:D8:59:3E:CF:6B:EC:23:46:9B:03:18:44:91:04:A9
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/Mm2lxu7YWT7Pa-wjRpsDGESRBKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  104.247.184.0-104.247.186.255
                  104.247.188.0-104.247.190.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:ba:21:66:2d:8b:cd:c3:6c:71:84:a2:ed:0f:e1:50:e6:c2:
         2a:ac:d3:27:53:31:25:b0:b8:3a:81:ee:ba:0c:b9:cf:92:37:
         67:11:bb:34:3f:37:9d:71:ab:94:68:0e:d9:a3:b1:2f:3d:b3:
         1b:37:98:81:3d:ec:4d:6a:a7:4e:53:28:f7:2b:e3:cf:2b:85:
         5c:ee:b8:c3:c5:bf:a2:42:02:61:9f:a8:a8:a6:9c:c1:3e:fa:
         2d:9a:70:2d:c5:2d:a2:02:48:a8:76:dd:5f:fe:ee:39:7b:5e:
         a2:db:a4:f4:ba:8f:85:3b:d6:b0:ba:b3:17:33:0d:e6:e0:98:
         67:37:69:db:ff:79:3f:4d:f5:71:a3:60:98:df:68:41:8f:29:
         f2:a0:61:28:e7:87:9f:f9:c0:9d:c9:bd:5f:08:c6:1f:33:12:
         fa:b9:00:77:5a:92:b3:02:13:fa:1e:a5:c8:5c:0b:b2:9d:b5:
         8a:34:d5:fa:f9:8f:f3:20:ab:f3:9e:c9:5a:83:a1:e5:f3:ab:
         5d:07:fd:d8:30:f9:40:39:d7:71:44:d6:55:3a:47:dc:f2:34:
         76:d3:2d:6d:ba:87:60:a2:e8:55:34:8a:c2:10:87:7c:d4:ed:
         c6:db:79:fe:c3:d2:7a:bb:e0:a0:df:a8:3e:8c:a6:66:68:43:
         28:d5:0a:5a
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzFAPDbio6j+J7yFeQ6+ijAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQwMTAxMTIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjZkYTVjNmVlZDg1OTNlY2Y2YmVjMjM0NjliMDMxODQ0OTEwNGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUf0zODSRXmiuxM0AhR9tN2ZAzbT
jg5PHYycDffvG3Ea0Ng78yAI7LbliBvkvpqGwuch6WBybo7nwjcB+LvoQEgMHAon
R7mNeww85iioySxu6ia6kBjeBMDU87O8KTPZhUeifrRAG0flBXUMM00IH3WcCqgI
hXMgVBcUdgpFyxweuwEt9G4kowB0lV2KBsGsjcuvYp6Qp+7rwj00GDSrl94jVvoH
MhioADazNvEt8MOYDgx8A8zoF184Jv8mu0yxNkN9VEl0LP1KNOKm0FMSQ9MoxHm9
3acaTvD9Ykza2Frdl9pvryS35UqVb7CklR5kOMVwPZyK7pVzoVDtkMCNWwIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFDJtpcbu2Fk+z2vsI0abAxhEkQSpMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvTW0ybHh1N1lXVDdQYS13alJwc0RHRVNSQktrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8MAwDBAFo96oD
BABo97QDBABo97YwDAMEA2j3uAMEAGj3ujAMAwQCaPe8AwQAaPe+AwQCuUmAAwQA
uYnXMA0EAgACMAcDBQAqA6WgMA0GCSqGSIb3DQEBCwUAA4IBAQBUuiFmLYvNw2xx
hKLtD+FQ5sIqrNMnUzElsLg6ge66DLnPkjdnEbs0PzedcauUaA7Zo7EvPbMbN5iB
PexNaqdOUyj3K+PPK4Vc7rjDxb+iQgJhn6ioppzBPvotmnAtxS2iAkiodt1f/u45
e16i26T0uo+FO9awurMXMw3m4JhnN2nb/3k/TfVxo2CY32hBjynyoGEo54ef+cCd
yb1fCMYfMxL6uQB3WpKzAhP6HqXIXAuynbWKNNX6+Y/zIKvznslag6Hl86tdB/3Y
MPlAOddxRNZVOkfc8jR20y1tuodgouhVNIrCEId81O3G23n+w9J6u+Cg36g+jKZm
aEMo1Qpa
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org