Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/aaD6FVsKKi4awRvqC-sMDpEHH3k.roa
File:                     aaD6FVsKKi4awRvqC-sMDpEHH3k.roa (raw, json)
Hash identifier:          XFxqYGBy2qZ/Qtp89S+Jo9MhWPq92PERFu9J3I25k44=
Subject key identifier:   69:A0:FA:15:5B:0A:2A:2E:1A:C1:1B:EA:0B:EB:0C:0E:91:07:1F:79
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018C7C285103774A3C238CE5FE5048A2EB13
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/aaD6FVsKKi4awRvqC-sMDpEHH3k.roa
Signing time:             Mon 18 Dec 2023 09:01:06 +0000
ROA not before:           Mon 18 Dec 2023 09:01:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57152
IP address blocks:        185.73.128.0/22 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.170.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          104.247.189.0/24 maxlen: 24
                          104.247.188.0/24 maxlen: 24
                          104.247.190.0/24 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:7c:28:51:03:77:4a:3c:23:8c:e5:fe:50:48:a2:eb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Dec 18 09:01:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=69a0fa155b0a2a2e1ac11bea0beb0c0e91071f79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f6:c9:19:86:51:0b:90:da:6a:92:11:7f:1d:
                    b1:24:c8:af:55:91:a5:d4:5c:ca:5e:ef:a2:53:5d:
                    54:4c:55:ff:13:2d:71:0a:5c:7c:12:31:1c:ae:49:
                    4a:14:8a:02:29:e2:06:5e:b7:a4:ce:9e:18:f8:ce:
                    79:9e:ee:30:17:db:dd:c1:47:2a:d5:fb:e7:cf:07:
                    08:f4:21:d0:5c:c6:b2:3b:2e:e2:f5:b9:b9:ec:d7:
                    eb:a6:ee:eb:f1:1c:0c:1c:9d:24:ad:6b:48:c5:a4:
                    95:9d:87:f3:6f:bc:76:c6:40:dd:0c:00:2a:d1:91:
                    5e:5a:9d:20:db:31:5c:93:9a:5b:c7:23:7e:43:27:
                    14:ba:a3:c4:ff:41:ce:95:dd:bb:69:9a:e6:e9:5a:
                    a6:a5:04:f9:0c:c2:9b:44:43:1c:67:fa:30:9f:af:
                    b2:ef:fe:81:9c:32:b0:5e:91:cd:90:76:96:4c:7f:
                    e5:02:44:38:be:6e:2e:33:07:05:f4:2c:49:f0:54:
                    00:b0:fd:ca:fd:df:14:97:cd:87:b9:f9:28:4e:da:
                    c0:d8:94:74:1f:60:01:6d:45:f8:ae:3a:45:f7:cf:
                    58:6b:db:1e:2f:97:30:3b:97:41:a6:76:15:8e:65:
                    39:5d:0c:80:76:c8:83:0a:07:6c:46:bf:bc:07:fc:
                    3c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A0:FA:15:5B:0A:2A:2E:1A:C1:1B:EA:0B:EB:0C:0E:91:07:1F:79
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/aaD6FVsKKi4awRvqC-sMDpEHH3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.180.255
                  104.247.182.0/24
                  104.247.184.0-104.247.186.255
                  104.247.188.0-104.247.190.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         33:db:13:0a:4e:ee:f4:a5:10:c4:03:ef:b7:91:a1:d0:6b:00:
         35:29:df:cc:ce:5e:27:41:18:85:47:3a:10:7e:ef:8b:e4:52:
         eb:0a:2f:65:ff:a2:f7:25:a1:b1:ef:e2:78:6e:03:17:1c:17:
         95:d8:94:cc:aa:c6:f6:66:08:20:bf:64:01:8d:cb:39:2d:38:
         41:92:68:80:98:2c:c2:5b:12:9f:07:68:41:ce:34:22:ea:3f:
         b1:90:43:99:e5:c3:04:44:ca:04:77:d5:f3:ae:b4:71:5c:a6:
         1e:64:52:a9:4d:7c:47:a0:17:86:98:6b:1d:d5:4b:3a:bc:ee:
         bb:3f:a3:dc:4d:92:63:2b:5f:f7:3c:01:88:40:1b:54:b6:44:
         5e:39:ea:05:07:5d:7a:39:c6:51:bf:9c:c2:94:f1:79:74:5b:
         68:96:5a:93:b8:71:e2:21:c9:ca:58:30:2b:62:71:f4:fa:ca:
         03:e9:a0:95:1f:3f:bc:11:68:54:f9:5a:fb:9d:1b:9d:bf:89:
         6c:1e:60:96:c4:1b:4f:32:41:0d:de:e4:09:96:d3:88:3b:c1:
         e0:4d:83:82:c8:4e:c1:21:9c:b4:04:09:29:fe:40:60:fa:10:
         3f:9e:21:9b:af:43:21:a0:7d:38:a6:65:49:27:4a:1c:59:4a:
         27:f8:21:dc
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYx8KFEDd0o8I4zl/lBIousTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjMxMjE4MDkwMTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEwZmExNTViMGEyYTJlMWFjMTFiZWEwYmViMGMwZTkxMDcxZjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfbJGYZRC5DaapIRfx2xJMivVZGl
1FzKXu+iU11UTFX/Ey1xClx8EjEcrklKFIoCKeIGXrekzp4Y+M55nu4wF9vdwUcq
1fvnzwcI9CHQXMayOy7i9bm57Nfrpu7r8RwMHJ0krWtIxaSVnYfzb7x2xkDdDAAq
0ZFeWp0g2zFck5pbxyN+QycUuqPE/0HOld27aZrm6VqmpQT5DMKbREMcZ/own6+y
7/6BnDKwXpHNkHaWTH/lAkQ4vm4uMwcF9CxJ8FQAsP3K/d8Ul82HufkoTtrA2JR0
H2ABbUX4rjpF989Ya9seL5cwO5dBpnYVjmU5XQyAdsiDCgdsRr+8B/w8uQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFGmg+hVbCiouGsEb6gvrDA6RBx95MB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvYWFENkZWc0tLaTRhd1J2cUMtc01EcEVISDNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8MAwDBAFo96oD
BABo97QDBABo97YwDAMEA2j3uAMEAGj3ujAMAwQCaPe8AwQAaPe+AwQCuUmAAwQA
uYnXMA0EAgACMAcDBQAqA6WgMA0GCSqGSIb3DQEBCwUAA4IBAQAz2xMKTu70pRDE
A++3kaHQawA1Kd/Mzl4nQRiFRzoQfu+L5FLrCi9l/6L3JaGx7+J4bgMXHBeV2JTM
qsb2Zgggv2QBjcs5LThBkmiAmCzCWxKfB2hBzjQi6j+xkEOZ5cMERMoEd9XzrrRx
XKYeZFKpTXxHoBeGmGsd1Us6vO67P6PcTZJjK1/3PAGIQBtUtkReOeoFB116OcZR
v5zClPF5dFtollqTuHHiIcnKWDArYnH0+soD6aCVHz+8EWhU+Vr7nRudv4lsHmCW
xBtPMkEN3uQJltOIO8HgTYOCyE7BIZy0BAkp/kBg+hA/niGbr0MhoH04pmVJJ0oc
WUon+CHc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:09 2024 by rpki-client on console-fra.rpki-client.org