Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/4DRt4PN23oc770ICmfrZAeY77BE.roa
File:                     4DRt4PN23oc770ICmfrZAeY77BE.roa (raw, json)
Hash identifier:          zjFDuh1mDGiFZvuaA/DAToSbGsxCnbl6PtY/kyGYRk0=
Subject key identifier:   E0:34:6D:E0:F3:76:DE:87:3B:EF:42:02:99:FA:D9:01:E6:3B:EC:11
Certificate issuer:       /CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Certificate serial:       018DE66E0D2BC98ED54C1006D8DE341B95A7
Authority key identifier: 76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/4DRt4PN23oc770ICmfrZAeY77BE.roa
Signing time:             Mon 26 Feb 2024 17:19:48 +0000
ROA not before:           Mon 26 Feb 2024 17:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9123
IP address blocks:        109.71.240.0/24 maxlen: 24
                          109.71.241.0/24 maxlen: 24
                          109.71.242.0/24 maxlen: 24
                          109.71.243.0/24 maxlen: 24
                          109.71.244.0/24 maxlen: 24
                          109.71.245.0/24 maxlen: 24
                          109.71.246.0/24 maxlen: 24
                          109.71.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 05 Mar 2024 12:11:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e6:6e:0d:2b:c9:8e:d5:4c:10:06:d8:de:34:1b:95:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
        Validity
            Not Before: Feb 26 17:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0346de0f376de873bef420299fad901e63bec11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:06:31:12:45:9c:91:4f:2b:d2:b0:11:e5:a7:
                    ed:3b:ce:da:c7:0c:1c:a8:c3:46:8f:b7:8b:e5:62:
                    10:50:50:a3:aa:c6:9e:df:e4:49:32:a9:ce:fc:b1:
                    03:12:bd:bc:aa:0f:9b:7b:16:d0:fe:7f:d5:4e:8b:
                    37:68:c1:2a:67:20:6d:bb:bd:31:a1:8b:8a:52:ce:
                    05:2a:9f:d4:c1:fa:66:ec:0c:27:57:76:10:71:11:
                    e8:85:3a:94:aa:ac:b7:f8:45:cf:61:55:cb:e9:e2:
                    ac:f9:92:4b:86:3f:70:05:09:6d:aa:70:f4:6e:c7:
                    23:c6:78:93:a7:14:c3:90:00:4f:08:51:19:cf:74:
                    2a:96:7c:39:62:99:5f:84:c0:ce:11:45:de:00:14:
                    98:d2:8b:0e:2d:13:36:fa:a0:36:d8:31:bb:dd:69:
                    99:7e:54:d9:5c:bd:75:dc:cb:65:7f:e0:4a:1e:e7:
                    2a:19:85:58:3c:04:c3:52:9c:51:6a:3f:69:b1:58:
                    86:98:c8:8f:20:64:b7:f1:b0:59:09:27:65:82:92:
                    d3:95:f7:89:0a:fa:f0:e5:6b:f4:eb:a1:f5:c5:ec:
                    4d:d1:1f:43:34:fd:fb:f0:bb:8a:ae:df:55:5b:a2:
                    3b:6d:6e:f9:dc:71:2b:f8:2f:27:ba:6f:2e:61:37:
                    73:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:34:6D:E0:F3:76:DE:87:3B:EF:42:02:99:FA:D9:01:E6:3B:EC:11
            X509v3 Authority Key Identifier:
                keyid:76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/4DRt4PN23oc770ICmfrZAeY77BE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:95:91:9d:8c:33:5e:01:96:8a:73:86:95:de:ab:02:5a:47:
         69:cf:e4:62:e0:11:91:aa:33:c9:8e:7d:c4:5b:fa:93:0d:62:
         b2:d7:5f:e5:20:20:37:5e:87:0e:8a:77:e9:1d:df:af:bb:ea:
         d6:67:be:25:45:5c:7f:4a:23:64:36:a3:b3:85:13:df:35:1d:
         16:81:25:d8:07:ae:ad:82:79:15:6e:9b:ba:02:0e:7a:0c:1d:
         a5:2b:6d:c7:bb:b3:22:e3:14:2d:fc:4b:23:9c:f9:43:02:2a:
         3b:03:53:77:88:f4:f3:60:3e:54:8c:dc:78:38:f2:1f:e8:68:
         cb:6f:33:88:8c:8a:a6:49:75:16:60:b3:12:ce:03:28:b6:15:
         22:d9:f3:be:b5:a0:33:ac:1a:ff:e5:ab:32:21:a3:f7:bc:27:
         31:f3:6c:19:4e:60:28:e7:d6:62:25:1f:1d:42:92:60:82:78:
         ad:45:ec:a9:ea:62:ae:c0:cc:03:f6:6d:ce:18:d7:45:73:25:
         03:86:1e:df:78:83:85:9b:8c:f1:c1:62:9d:07:2e:78:7a:f9:
         fd:61:c5:df:5a:09:0e:76:24:9c:9f:e6:67:0e:38:b5:e3:e9:
         ae:48:2a:d1:f7:c1:eb:8a:75:70:fc:0d:5f:70:17:48:28:52:
         6a:0f:c1:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3mbg0ryY7VTBAG2N40G5WnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZWYwYTBlZThmYTE1NGQ3YWRhNDM4YWYxMjEyMjY5Y2Uw
YWNjNDEwHhcNMjQwMjI2MTcxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDM0NmRlMGYzNzZkZTg3M2JlZjQyMDI5OWZhZDkwMWU2M2JlYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgYxEkWckU8r0rAR5aftO87axwwc
qMNGj7eL5WIQUFCjqsae3+RJMqnO/LEDEr28qg+bexbQ/n/VTos3aMEqZyBtu70x
oYuKUs4FKp/Uwfpm7AwnV3YQcRHohTqUqqy3+EXPYVXL6eKs+ZJLhj9wBQltqnD0
bscjxniTpxTDkABPCFEZz3Qqlnw5YplfhMDOEUXeABSY0osOLRM2+qA22DG73WmZ
flTZXL113Mtlf+BKHucqGYVYPATDUpxRaj9psViGmMiPIGS38bBZCSdlgpLTlfeJ
Cvrw5Wv066H1xexN0R9DNP378LuKrt9VW6I7bW753HEr+C8num8uYTdzKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOA0beDzdt6HO+9CApn62QHmO+wRMB8GA1UdIwQY
MBaAFHbvCg7o+hVNetpDivEhImnOCsxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmIt
M2JlOTk1ZDJiYmRhLzEvNERSdDRQTjIzb2M3NzBJQ21mclpBZVk3N0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmItM2JlOTk1ZDJiYmRh
LzEvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbUfwMA0G
CSqGSIb3DQEBCwUAA4IBAQAklZGdjDNeAZaKc4aV3qsCWkdpz+Ri4BGRqjPJjn3E
W/qTDWKy11/lICA3XocOinfpHd+vu+rWZ74lRVx/SiNkNqOzhRPfNR0WgSXYB66t
gnkVbpu6Ag56DB2lK23Hu7Mi4xQt/EsjnPlDAio7A1N3iPTzYD5UjNx4OPIf6GjL
bzOIjIqmSXUWYLMSzgMothUi2fO+taAzrBr/5asyIaP3vCcx82wZTmAo59ZiJR8d
QpJggnitReyp6mKuwMwD9m3OGNdFcyUDhh7feIOFm4zxwWKdBy54evn9YcXfWgkO
diScn+ZnDji14+muSCrR98HrinVw/A1fcBdIKFJqD8FP
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:00 2024 by rpki-client on console-ams.rpki-client.org