Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lllDrU5jdAhiuU5GIPfGFOwgjDg.roa
File:                     lllDrU5jdAhiuU5GIPfGFOwgjDg.roa (raw, json)
Hash identifier:          NCdJoO7K+iMdLyLy5z43wxUhEghYHmQ48Phly5NSNq4=
Subject key identifier:   96:59:43:AD:4E:63:74:08:62:B9:4E:46:20:F7:C6:14:EC:20:8C:38
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018F00C914998463AB728EE341E61458338B
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lllDrU5jdAhiuU5GIPfGFOwgjDg.roa
Signing time:             Sun 21 Apr 2024 13:12:09 +0000
ROA not before:           Sun 21 Apr 2024 13:12:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8342
IP address blocks:        147.45.38.0/24 maxlen: 24
                          147.45.39.0/24 maxlen: 24
                          147.45.61.0/24 maxlen: 24
                          147.45.62.0/24 maxlen: 24
                          147.45.63.0/24 maxlen: 24
                          147.45.88.0/21 maxlen: 21
                          147.45.117.0/24 maxlen: 24
                          147.45.118.0/24 maxlen: 24
                          147.45.119.0/24 maxlen: 24
                          147.45.120.0/22 maxlen: 22
                          147.45.127.0/24 maxlen: 24
                          147.45.205.0/24 maxlen: 24
                          193.233.60.0/24 maxlen: 24
                          193.233.62.0/24 maxlen: 24
                          193.233.124.0/22 maxlen: 22
                          193.233.170.0/24 maxlen: 24
                          193.233.236.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 16 Jun 2024 16:40:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:00:c9:14:99:84:63:ab:72:8e:e3:41:e6:14:58:33:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr 21 13:12:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=965943ad4e63740862b94e4620f7c614ec208c38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:11:ab:66:85:0e:22:d1:3d:cb:94:82:ea:76:
                    b3:c6:32:0d:f1:0f:71:48:9f:fe:84:c9:79:4a:27:
                    7d:ce:9e:4a:19:12:2f:69:dd:d0:c3:1c:2e:73:b5:
                    d4:c6:2d:43:6a:1b:a4:29:29:43:f0:e5:df:d7:ae:
                    a6:55:f4:5d:36:a5:9f:d1:9f:91:03:42:b5:19:6f:
                    c2:29:9e:03:66:77:07:2b:c6:52:dd:3a:21:72:d0:
                    57:9b:b4:ec:93:8f:84:11:0e:04:f8:ab:cc:85:d1:
                    85:2e:5c:af:ea:cd:e0:cb:84:06:eb:15:b2:aa:66:
                    78:10:93:7b:c2:46:23:54:e4:35:4b:5d:0c:db:b1:
                    b2:17:93:ca:03:91:38:d2:03:55:b1:b2:70:8c:39:
                    c8:d9:6a:be:f9:04:d6:4b:9c:79:38:21:56:01:0f:
                    cf:6f:4c:dd:31:c5:a0:1a:76:3c:42:10:29:3b:3f:
                    56:ad:c5:32:61:27:7a:72:df:8e:16:c1:68:db:15:
                    53:4e:d2:6b:3a:0a:80:37:cb:bf:a3:75:1d:4d:f1:
                    a4:7e:c1:20:49:ee:08:06:be:59:b9:29:4f:08:d8:
                    6c:68:ad:79:3d:9f:c8:5e:69:78:83:44:88:98:1f:
                    74:1e:93:cb:b7:80:85:97:d8:4e:16:60:9b:7e:b2:
                    b5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:59:43:AD:4E:63:74:08:62:B9:4E:46:20:F7:C6:14:EC:20:8C:38
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/lllDrU5jdAhiuU5GIPfGFOwgjDg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.38.0/23
                  147.45.61.0-147.45.63.255
                  147.45.88.0/21
                  147.45.117.0-147.45.123.255
                  147.45.127.0/24
                  147.45.205.0/24
                  193.233.60.0/24
                  193.233.62.0/24
                  193.233.124.0/22
                  193.233.170.0/24
                  193.233.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:a9:6c:d0:94:a4:74:72:a3:1e:2b:91:0e:06:12:c4:d0:63:
         cb:8e:b5:c0:bb:77:d9:07:24:1f:2b:26:2a:f5:06:1a:37:db:
         a7:05:68:c4:03:e2:74:1f:a1:a6:3d:3f:dc:3a:d5:5f:e1:5f:
         a4:84:47:ba:b8:1d:19:0f:cb:8b:ca:14:b0:3b:0f:11:b7:15:
         d4:88:78:2e:08:47:84:d8:78:28:b4:6b:5d:5e:ea:66:b5:b2:
         e8:4e:50:4c:6e:1a:3d:05:73:f5:a7:f4:bb:2d:9a:5c:1e:29:
         8d:d7:27:6f:6d:6d:22:5a:27:fc:22:2b:75:a5:65:42:8f:8c:
         16:e3:40:d2:6c:45:e3:a3:e9:32:a2:02:a8:c8:68:c7:19:9e:
         23:02:93:32:62:46:73:31:9a:52:a7:10:b6:67:f2:7f:70:f0:
         76:d2:f2:46:4d:56:20:6a:bb:e0:64:d5:86:d1:0a:b3:e4:6a:
         8d:e7:9c:6b:8f:48:d2:8f:4d:28:78:20:c1:3d:fe:24:70:98:
         c9:75:47:f3:8a:8f:6c:2a:00:3c:ff:2f:45:6a:5b:0b:bd:e5:
         a9:be:ea:1c:1a:20:18:24:e5:23:40:03:22:3d:b1:6a:7e:18:
         7c:2e:f6:ed:6a:90:3c:35:56:d4:db:a3:c7:40:38:68:de:d4:
         47:f8:59:f4
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY8AyRSZhGOrco7jQeYUWDOLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDIxMTMxMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU5NDNhZDRlNjM3NDA4NjJiOTRlNDYyMGY3YzYxNGVjMjA4YzM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxGrZoUOItE9y5SC6nazxjIN8Q9x
SJ/+hMl5Sid9zp5KGRIvad3Qwxwuc7XUxi1DahukKSlD8OXf166mVfRdNqWf0Z+R
A0K1GW/CKZ4DZncHK8ZS3TohctBXm7Tsk4+EEQ4E+KvMhdGFLlyv6s3gy4QG6xWy
qmZ4EJN7wkYjVOQ1S10M27GyF5PKA5E40gNVsbJwjDnI2Wq++QTWS5x5OCFWAQ/P
b0zdMcWgGnY8QhApOz9WrcUyYSd6ct+OFsFo2xVTTtJrOgqAN8u/o3UdTfGkfsEg
Se4IBr5ZuSlPCNhsaK15PZ/IXml4g0SImB90HpPLt4CFl9hOFmCbfrK1EQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFJZZQ61OY3QIYrlORiD3xhTsIIw4MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvbGxsRHJVNWpkQWhpdVU1R0lQZkdGT3dnakRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSAwQBky0mMAwD
BACTLT0DBAaTLQADBAOTLVgwDAMEAJMtdQMEApMteAMEAJMtfwMEAJMtzQMEAMHp
PAMEAMHpPgMEAsHpfAMEAMHpqgMEAMHp7DANBgkqhkiG9w0BAQsFAAOCAQEAGKls
0JSkdHKjHiuRDgYSxNBjy461wLt32QckHysmKvUGGjfbpwVoxAPidB+hpj0/3DrV
X+FfpIRHurgdGQ/Li8oUsDsPEbcV1Ih4LghHhNh4KLRrXV7qZrWy6E5QTG4aPQVz
9af0uy2aXB4pjdcnb21tIlon/CIrdaVlQo+MFuNA0mxF46PpMqICqMhoxxmeIwKT
MmJGczGaUqcQtmfyf3DwdtLyRk1WIGq74GTVhtEKs+Rqjeeca49I0o9NKHggwT3+
JHCYyXVH84qPbCoAPP8vRWpbC73lqb7qHBogGCTlI0ADIj2xan4YfC727WqQPDVW
1Nujx0A4aN7UR/hZ9A==
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:35:34 2024 by rpki-client on console-fra.rpki-client.org