Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/95Gf5GfSdaTQtkHZBGYDNc_z4Tk.roa
File:                     95Gf5GfSdaTQtkHZBGYDNc_z4Tk.roa (raw, json)
Hash identifier:          knHjMso4bVbQoZ87oJ9U2DzV7zobaxFdNIfJj5HL39c=
Subject key identifier:   F7:91:9F:E4:67:D2:75:A4:D0:B6:41:D9:04:66:03:35:CF:F3:E1:39
Certificate issuer:       /CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
Certificate serial:       018AB29A63D0410AD55B545DD1AC7A08B9C8
Authority key identifier: 8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/95Gf5GfSdaTQtkHZBGYDNc_z4Tk.roa
Signing time:             Wed 20 Sep 2023 12:39:37 +0000
ROA not before:           Wed 20 Sep 2023 12:39:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     49813
IP address blocks:        109.105.128.0/20 maxlen: 20
                          109.105.137.0/24 maxlen: 24
                          109.105.139.0/24 maxlen: 24
                          109.105.138.0/24 maxlen: 24
                          109.105.133.0/24 maxlen: 24
                          109.105.135.0/24 maxlen: 24
                          109.105.144.0/24 maxlen: 24
                          109.105.144.0/23 maxlen: 24
                          109.105.144.0/21 maxlen: 24
                          109.105.146.0/24 maxlen: 24
                          109.105.147.0/24 maxlen: 24
                          5.63.132.0/24 maxlen: 24
                          5.63.128.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 08:32:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b2:9a:63:d0:41:0a:d5:5b:54:5d:d1:ac:7a:08:b9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
        Validity
            Not Before: Sep 20 12:39:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f7919fe467d275a4d0b641d904660335cff3e139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:5d:41:61:a3:88:83:64:c5:5e:ee:7a:62:
                    05:e4:7e:fb:98:4c:6b:bb:f7:9d:3c:e9:27:76:0c:
                    9e:d5:e4:22:6d:b2:36:48:00:ef:6a:15:f8:c1:9b:
                    e1:0d:c9:9a:5e:5b:21:f4:1a:ba:85:9d:57:cf:8d:
                    64:4f:d1:39:58:e0:fd:d3:31:dd:83:b7:57:22:b9:
                    9a:b1:50:85:60:80:b9:42:79:08:64:98:9c:d1:a5:
                    7c:f9:d0:5f:1f:32:5b:d1:33:15:e8:bb:ac:c6:2f:
                    bf:f1:75:7c:d6:1d:12:c8:e3:58:ac:81:c7:70:25:
                    83:01:5e:23:9f:ca:f7:e7:ed:9e:e2:5d:90:1d:bc:
                    bc:72:41:b1:f8:5e:d3:1a:fa:25:10:46:cb:b5:b1:
                    b4:26:26:ae:cb:18:12:68:cb:fd:2f:b4:16:0e:bc:
                    aa:e7:d0:bf:df:33:65:c0:d6:e0:ff:c5:2f:ce:b7:
                    99:a4:c6:c3:99:e3:24:90:d1:22:ba:9b:0d:80:2e:
                    ef:a3:06:a8:ba:b9:9a:02:72:c8:8c:b8:49:3f:7d:
                    8e:91:80:cf:cf:e5:53:6e:8d:43:90:d2:8f:bb:87:
                    bb:48:61:ce:d2:13:b5:16:af:2d:ff:c2:07:78:13:
                    46:0b:3c:39:85:01:1f:53:a6:c8:ab:2a:e6:66:bc:
                    7f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:91:9F:E4:67:D2:75:A4:D0:B6:41:D9:04:66:03:35:CF:F3:E1:39
            X509v3 Authority Key Identifier:
                keyid:8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/95Gf5GfSdaTQtkHZBGYDNc_z4Tk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.128.0/21
                  109.105.128.0-109.105.151.255

    Signature Algorithm: sha256WithRSAEncryption
         17:41:a7:8a:04:b0:b8:11:ee:6a:4f:17:7f:ac:65:6b:fa:81:
         95:f3:d9:a7:16:e3:e7:86:fe:98:e4:b6:01:f2:70:44:28:c4:
         6f:b1:2b:fc:94:83:78:ab:2f:6d:e2:d0:8d:99:41:64:02:57:
         22:97:fa:e1:c7:34:c1:53:0b:45:6f:7a:5e:68:3e:df:df:f2:
         de:31:3f:7b:e5:15:41:f2:00:ae:59:7e:a0:5e:ed:84:94:bd:
         2e:dd:7f:cd:ee:0d:45:5f:d7:c8:d4:04:3d:26:99:8f:3b:88:
         19:dd:32:d1:f7:1c:73:fc:9c:71:ca:c0:8b:fd:92:66:a2:ea:
         bb:4e:02:b1:88:70:26:cc:d1:32:72:2b:49:cd:79:94:22:41:
         87:80:e6:ce:18:26:2b:5a:86:71:4d:b9:23:fe:2c:3e:01:42:
         45:88:d9:72:50:07:07:46:95:eb:0b:b3:47:de:91:19:e3:a3:
         e0:42:42:89:24:0c:e4:1c:4f:4a:bd:d6:b0:67:55:cb:f7:86:
         be:53:52:99:60:70:b9:78:cf:9f:9b:01:f8:8f:d9:26:82:d0:
         af:2d:c8:8a:bb:08:15:d1:14:1d:bc:93:56:e3:49:de:41:a6:
         a3:f7:8c:ec:ba:4b:3b:84:f1:ed:2f:de:5b:d6:59:69:ce:23:
         32:0b:46:9a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYqymmPQQQrVW1Rd0ax6CLnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWIyM2UyYzVkOWYyYzczNDQ4ODkwNDUwNTgzNWVmMjgw
OWZiM2IwHhcNMjMwOTIwMTIzOTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzkxOWZlNDY3ZDI3NWE0ZDBiNjQxZDkwNDY2MDMzNWNmZjNlMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsT1dQWGjiINkxV7uemIF5H77mExr
u/edPOkndgye1eQibbI2SADvahX4wZvhDcmaXlsh9Bq6hZ1Xz41kT9E5WOD90zHd
g7dXIrmasVCFYIC5QnkIZJic0aV8+dBfHzJb0TMV6Lusxi+/8XV81h0SyONYrIHH
cCWDAV4jn8r35+2e4l2QHby8ckGx+F7TGvolEEbLtbG0JiauyxgSaMv9L7QWDryq
59C/3zNlwNbg/8UvzreZpMbDmeMkkNEiupsNgC7vowaourmaAnLIjLhJP32OkYDP
z+VTbo1DkNKPu4e7SGHO0hO1Fq8t/8IHeBNGCzw5hQEfU6bIqyrmZrx/9QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPeRn+Rn0nWk0LZB2QRmAzXP8+E5MB8GA1UdIwQY
MBaAFIzrI+LF2fLHNEiJBFBYNe8oCfs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODIt
ODMzNGUzNjIyMzZkLzEvOTVHZjVHZlNkYVRRdGtIWkJHWUROY196NFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODItODMzNGUzNjIyMzZk
LzEvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDBT+AMAwD
BAdtaYADBANtaZAwDQYJKoZIhvcNAQELBQADggEBABdBp4oEsLgR7mpPF3+sZWv6
gZXz2acW4+eG/pjktgHycEQoxG+xK/yUg3irL23i0I2ZQWQCVyKX+uHHNMFTC0Vv
el5oPt/f8t4xP3vlFUHyAK5ZfqBe7YSUvS7df83uDUVf18jUBD0mmY87iBndMtH3
HHP8nHHKwIv9kmai6rtOArGIcCbM0TJyK0nNeZQiQYeA5s4YJitahnFNuSP+LD4B
QkWI2XJQBwdGlesLs0fekRnjo+BCQokkDOQcT0q91rBnVcv3hr5TUplgcLl4z5+b
AfiP2SaC0K8tyIq7CBXRFB28k1bjSd5BpqP3jOy6SzuE8e0v3lvWWWnOIzILRpo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:20 2024 by rpki-client on console-ams.rpki-client.org