Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/oMbRKj_7izouN0NPIUoYt43COQ4.roa
File:                     oMbRKj_7izouN0NPIUoYt43COQ4.roa (raw, json)
Hash identifier:          qqIC306GLwVxvd8agJfORY3hGqe6dKPssRz6+AilYQ4=
Subject key identifier:   A0:C6:D1:2A:3F:FB:8B:3A:2E:37:43:4F:21:4A:18:B7:8D:C2:39:0E
Certificate issuer:       /CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
Certificate serial:       018E6CE055A01030270ED9FA5B7E2216A7E1
Authority key identifier: EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/oMbRKj_7izouN0NPIUoYt43COQ4.roa
Signing time:             Sat 23 Mar 2024 19:53:45 +0000
ROA not before:           Sat 23 Mar 2024 19:53:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57152
IP address blocks:        104.247.170.0/24 maxlen: 24
                          104.247.171.0/24 maxlen: 24
                          104.247.172.0/24 maxlen: 24
                          104.247.173.0/24 maxlen: 24
                          104.247.174.0/24 maxlen: 24
                          104.247.175.0/24 maxlen: 24
                          104.247.176.0/24 maxlen: 24
                          104.247.177.0/24 maxlen: 24
                          104.247.178.0/24 maxlen: 24
                          104.247.179.0/24 maxlen: 24
                          104.247.180.0/24 maxlen: 24
                          104.247.181.0/24 maxlen: 24
                          104.247.182.0/24 maxlen: 24
                          104.247.184.0/24 maxlen: 24
                          104.247.185.0/24 maxlen: 24
                          104.247.186.0/24 maxlen: 24
                          104.247.187.0/24 maxlen: 24
                          104.247.188.0/24 maxlen: 24
                          104.247.189.0/24 maxlen: 24
                          104.247.190.0/24 maxlen: 24
                          185.73.128.0/22 maxlen: 24
                          185.137.215.0/24 maxlen: 24
                          2a03:a5a0::/32 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Mar 2024 11:46:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6c:e0:55:a0:10:30:27:0e:d9:fa:5b:7e:22:16:a7:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eea02b197dbaf7deb74e0a27d9d4ecd3fae1e8ed
        Validity
            Not Before: Mar 23 19:53:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0c6d12a3ffb8b3a2e37434f214a18b78dc2390e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c7:45:65:58:3f:e5:ac:0f:62:12:56:d3:9b:
                    66:c6:4c:01:c4:1e:0b:ea:22:7b:6e:e8:98:e4:df:
                    4f:12:6b:0f:f4:7f:a5:4d:a5:d2:ff:41:d3:d6:4d:
                    58:3e:22:f4:5b:68:2a:55:af:6b:f0:37:3b:55:47:
                    19:41:f0:8b:0f:21:e7:c9:af:a7:aa:eb:50:4e:e8:
                    13:65:ba:6c:76:82:5b:4e:2c:84:ab:a9:5e:48:e1:
                    25:38:0b:87:f3:e1:98:5c:4b:e4:52:86:c6:66:88:
                    66:18:4a:c0:86:f3:ab:94:22:99:d9:c7:2e:f6:ec:
                    12:a4:43:cd:e4:47:5c:89:4e:53:bb:92:25:27:4e:
                    a7:96:5e:79:83:be:7c:ca:7f:b6:4b:f0:61:d1:1b:
                    25:2e:5f:24:d0:8a:a7:a0:25:25:bb:1a:fa:1b:4c:
                    f7:2e:13:17:57:e4:d0:83:0a:16:b7:07:d6:82:b7:
                    c6:4d:fa:ae:13:ae:58:cd:c6:bb:f4:93:0b:7d:04:
                    94:cc:57:63:2b:b1:60:b3:56:39:bb:39:bd:f3:c5:
                    73:0f:e3:7f:fa:b0:2f:7f:36:3e:1e:85:e3:60:98:
                    28:5a:be:c9:ae:35:ab:f7:da:25:76:63:f7:ae:2a:
                    0d:3b:e3:23:62:e4:a8:f6:05:f0:79:66:dc:0a:5b:
                    8c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:C6:D1:2A:3F:FB:8B:3A:2E:37:43:4F:21:4A:18:B7:8D:C2:39:0E
            X509v3 Authority Key Identifier:
                keyid:EE:A0:2B:19:7D:BA:F7:DE:B7:4E:0A:27:D9:D4:EC:D3:FA:E1:E8:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7qArGX269963Tgon2dTs0_rh6O0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/oMbRKj_7izouN0NPIUoYt43COQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/971b11-280e-4ced-b99c-bbccab913b5d/1/7qArGX269963Tgon2dTs0_rh6O0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.247.170.0-104.247.182.255
                  104.247.184.0-104.247.190.255
                  185.73.128.0/22
                  185.137.215.0/24
                IPv6:
                  2a03:a5a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:74:f7:83:48:9b:95:f8:2a:4c:91:cf:36:b1:7e:3c:a0:61:
         88:56:a5:db:ae:ff:21:59:7d:b9:dd:78:6e:4b:ec:74:3d:6f:
         d3:f1:53:73:51:3c:ec:53:5c:9f:eb:97:92:26:f5:0f:6e:af:
         28:91:1e:1a:a8:bf:e1:26:fb:9c:02:41:a3:d8:d5:da:7c:dd:
         70:f5:28:6b:85:6e:6b:9d:03:90:3f:a7:19:0e:42:c7:1c:c6:
         66:2a:eb:e2:40:de:8d:e7:db:5a:7d:93:f5:f0:8b:56:29:28:
         99:7b:c3:b0:b5:cd:19:91:68:72:aa:71:32:8b:83:72:23:a0:
         a4:34:87:61:50:66:38:21:8f:6a:ce:c5:7b:53:3d:1b:5e:3e:
         13:a0:fd:28:c0:8a:63:d3:64:cb:04:7f:02:74:9f:13:fb:fd:
         83:d8:39:f2:07:56:4f:38:04:2b:3a:bd:06:78:e1:e9:2d:1e:
         18:10:e3:f2:cf:3d:bf:04:8c:ad:ce:ba:de:49:ad:42:d4:11:
         3a:9f:aa:c2:99:31:c6:6e:c6:ba:fa:81:5c:33:26:ec:51:f4:
         d8:7c:e1:67:ba:97:90:93:f6:df:ec:4a:52:48:8e:96:e3:5b:
         6b:a9:4f:32:ea:a8:cc:af:7c:93:a4:dc:84:e5:0a:57:f4:a6:
         98:28:f5:82
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAY5s4FWgEDAnDtn6W34iFqfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYTAyYjE5N2RiYWY3ZGViNzRlMGEyN2Q5ZDRlY2QzZmFl
MWU4ZWQwHhcNMjQwMzIzMTk1MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGM2ZDEyYTNmZmI4YjNhMmUzNzQzNGYyMTRhMThiNzhkYzIzOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp8dFZVg/5awPYhJW05tmxkwBxB4L
6iJ7buiY5N9PEmsP9H+lTaXS/0HT1k1YPiL0W2gqVa9r8Dc7VUcZQfCLDyHnya+n
qutQTugTZbpsdoJbTiyEq6leSOElOAuH8+GYXEvkUobGZohmGErAhvOrlCKZ2ccu
9uwSpEPN5EdciU5Tu5IlJ06nll55g758yn+2S/Bh0RslLl8k0IqnoCUluxr6G0z3
LhMXV+TQgwoWtwfWgrfGTfquE65Yzca79JMLfQSUzFdjK7Fgs1Y5uzm988VzD+N/
+rAvfzY+HoXjYJgoWr7JrjWr99oldmP3rioNO+MjYuSo9gXweWbcCluMHQIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFKDG0So/+4s6LjdDTyFKGLeNwjkOMB8GA1UdIwQY
MBaAFO6gKxl9uvfet04KJ9nU7NP64ejtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMt
YmJjY2FiOTEzYjVkLzEvb01iUktqXzdpem91TjBOUElVb1l0NDNDT1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85NzFiMTEtMjgwZS00Y2VkLWI5OWMtYmJjY2FiOTEzYjVk
LzEvN3FBckdYMjY5OTYzVGdvbjJkVHMwX3JoNk8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoMAwDBAFo96oD
BABo97YwDAMEA2j3uAMEAGj3vgMEArlJgAMEALmJ1zANBAIAAjAHAwUAKgOloDAN
BgkqhkiG9w0BAQsFAAOCAQEAqXT3g0iblfgqTJHPNrF+PKBhiFal267/IVl9ud14
bkvsdD1v0/FTc1E87FNcn+uXkib1D26vKJEeGqi/4Sb7nAJBo9jV2nzdcPUoa4Vu
a50DkD+nGQ5CxxzGZirr4kDejefbWn2T9fCLVikomXvDsLXNGZFocqpxMouDciOg
pDSHYVBmOCGPas7Fe1M9G14+E6D9KMCKY9NkywR/AnSfE/v9g9g58gdWTzgEKzq9
Bnjh6S0eGBDj8s89vwSMrc663kmtQtQROp+qwpkxxm7GuvqBXDMm7FH02HzhZ7qX
kJP23+xKUkiOluNba6lPMuqozK98k6TchOUKV/SmmCj1gg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:55 2024 by rpki-client on console-ams.rpki-client.org