Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/C7vAG1LvPmaq9_HM35DfL7W7f8U.roa
File:                     C7vAG1LvPmaq9_HM35DfL7W7f8U.roa (raw, json)
Hash identifier:          GlmSZcA2z1GSrU1gAMpyohH/e6JoQO7B1B4MzdqXHyw=
Subject key identifier:   0B:BB:C0:1B:52:EF:3E:66:AA:F7:F1:CC:DF:90:DF:2F:B5:BB:7F:C5
Certificate issuer:       /CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
Certificate serial:       018CF802792FFE6607BF67B68700916F0674
Authority key identifier: 8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/C7vAG1LvPmaq9_HM35DfL7W7f8U.roa
Signing time:             Thu 11 Jan 2024 10:12:40 +0000
ROA not before:           Thu 11 Jan 2024 10:12:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49813
IP address blocks:        109.105.128.0/20 maxlen: 20
                          109.105.137.0/24 maxlen: 24
                          109.105.139.0/24 maxlen: 24
                          109.105.138.0/24 maxlen: 24
                          109.105.133.0/24 maxlen: 24
                          109.105.135.0/24 maxlen: 24
                          109.105.144.0/23 maxlen: 24
                          109.105.144.0/24 maxlen: 24
                          109.105.144.0/21 maxlen: 24
                          109.105.146.0/24 maxlen: 24
                          109.105.147.0/24 maxlen: 24
                          109.105.148.0/24 maxlen: 24
                          5.63.132.0/24 maxlen: 24
                          5.63.128.0/21 maxlen: 21

Validation:               Failed, certificate revoked on Tue 16 Jan 2024 06:55:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:02:79:2f:fe:66:07:bf:67:b6:87:00:91:6f:06:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
        Validity
            Not Before: Jan 11 10:12:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bbbc01b52ef3e66aaf7f1ccdf90df2fb5bb7fc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c1:f7:4a:43:df:91:8b:f1:24:58:48:f5:bd:
                    e7:6c:61:2c:2e:a4:33:d5:65:eb:4b:34:6b:e2:f8:
                    35:63:bc:e6:80:2a:44:50:15:6b:48:46:bd:26:d2:
                    05:d8:eb:e2:5c:b9:07:d0:17:f8:e9:2a:7e:32:6d:
                    38:28:39:1a:a9:2a:fb:d2:5e:73:19:50:64:f7:55:
                    a4:ee:da:f3:ff:86:24:94:94:2e:de:f4:e6:8b:70:
                    09:a9:02:59:89:b9:50:80:c9:ad:2f:a9:62:17:e8:
                    7c:b5:e8:cd:c4:5b:3d:be:cb:26:0b:0f:a5:c0:03:
                    cb:91:2b:70:e0:3c:7a:91:4c:d9:1f:b0:7d:85:96:
                    0d:23:04:38:2e:e5:6c:3e:4c:d1:b6:c0:f9:73:8a:
                    65:71:2b:9d:67:db:46:16:ae:54:c2:4a:fc:be:78:
                    26:6d:6a:44:e6:de:86:bd:05:53:00:67:cc:3b:62:
                    16:a9:83:c6:6d:d1:c0:20:73:62:4b:01:62:ad:e7:
                    c1:2f:50:af:2b:3a:0f:8b:a0:67:0a:4e:fd:1f:b2:
                    1a:20:38:02:33:2e:72:69:65:a9:3b:88:81:72:36:
                    cf:54:18:94:a5:96:4c:3f:a5:69:d1:86:28:a5:21:
                    ff:ac:08:33:fd:5b:03:38:7b:ba:55:b6:5b:cb:51:
                    36:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BB:C0:1B:52:EF:3E:66:AA:F7:F1:CC:DF:90:DF:2F:B5:BB:7F:C5
            X509v3 Authority Key Identifier:
                keyid:8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/C7vAG1LvPmaq9_HM35DfL7W7f8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.63.128.0/21
                  109.105.128.0-109.105.151.255

    Signature Algorithm: sha256WithRSAEncryption
         1c:99:8b:ed:51:ca:6d:21:d4:59:a7:4b:ff:68:88:e5:e1:df:
         ee:f8:0f:7f:b3:8f:68:5f:3d:a6:3b:f0:f4:c7:3c:80:a5:41:
         fc:28:ea:c3:3e:e1:55:e0:95:ab:6e:aa:45:8a:1b:df:53:dc:
         34:a7:b2:46:4a:e4:fe:db:6d:55:51:2b:ac:fa:5b:c0:25:ff:
         4c:cc:65:9c:fa:2f:b3:99:9b:3c:7e:94:5c:95:33:c2:59:32:
         7b:05:a0:7e:a1:22:c3:3e:d2:ef:8c:ba:b8:39:6c:09:ea:67:
         c1:0b:64:71:b8:0c:23:64:53:dd:30:2c:4c:ad:48:d0:f9:6b:
         a9:27:af:31:ee:1b:3c:4b:1c:0e:d6:90:98:b8:fe:75:dc:31:
         be:ac:2b:88:2e:8d:cb:35:94:3d:e4:38:5f:58:90:97:de:be:
         08:f6:ec:d9:30:b0:ce:04:39:a9:bf:36:89:69:98:06:61:2a:
         d0:2e:7d:40:d4:82:4b:97:3f:5b:c0:be:f7:2d:94:c8:b8:c9:
         78:0d:69:56:e6:a1:b8:61:45:b0:99:2a:84:52:ae:6a:56:20:
         61:69:26:9a:fb:6a:07:82:b3:65:42:0b:e8:a9:96:9d:fb:a5:
         da:61:9f:27:c0:6a:82:af:50:04:c6:d3:42:e5:1d:55:17:e4:
         62:50:3f:87
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYz4Ankv/mYHv2e2hwCRbwZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWIyM2UyYzVkOWYyYzczNDQ4ODkwNDUwNTgzNWVmMjgw
OWZiM2IwHhcNMjQwMTExMTAxMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJiYzAxYjUyZWYzZTY2YWFmN2YxY2NkZjkwZGYyZmI1YmI3ZmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsH3SkPfkYvxJFhI9b3nbGEsLqQz
1WXrSzRr4vg1Y7zmgCpEUBVrSEa9JtIF2OviXLkH0Bf46Sp+Mm04KDkaqSr70l5z
GVBk91Wk7trz/4YklJQu3vTmi3AJqQJZiblQgMmtL6liF+h8tejNxFs9vssmCw+l
wAPLkStw4Dx6kUzZH7B9hZYNIwQ4LuVsPkzRtsD5c4plcSudZ9tGFq5Uwkr8vngm
bWpE5t6GvQVTAGfMO2IWqYPGbdHAIHNiSwFirefBL1CvKzoPi6BnCk79H7IaIDgC
My5yaWWpO4iBcjbPVBiUpZZMP6Vp0YYopSH/rAgz/VsDOHu6VbZby1E2awIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAu7wBtS7z5mqvfxzN+Q3y+1u3/FMB8GA1UdIwQY
MBaAFIzrI+LF2fLHNEiJBFBYNe8oCfs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODIt
ODMzNGUzNjIyMzZkLzEvQzd2QUcxTHZQbWFxOV9ITTM1RGZMN1c3ZjhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODItODMzNGUzNjIyMzZk
LzEvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDBT+AMAwD
BAdtaYADBANtaZAwDQYJKoZIhvcNAQELBQADggEBAByZi+1Rym0h1FmnS/9oiOXh
3+74D3+zj2hfPaY78PTHPIClQfwo6sM+4VXglatuqkWKG99T3DSnskZK5P7bbVVR
K6z6W8Al/0zMZZz6L7OZmzx+lFyVM8JZMnsFoH6hIsM+0u+Murg5bAnqZ8ELZHG4
DCNkU90wLEytSND5a6knrzHuGzxLHA7WkJi4/nXcMb6sK4gujcs1lD3kOF9YkJfe
vgj27NkwsM4EOam/NolpmAZhKtAufUDUgkuXP1vAvvctlMi4yXgNaVbmobhhRbCZ
KoRSrmpWIGFpJpr7ageCs2VCC+iplp37pdphnyfAaoKvUATG00LlHVUX5GJQP4c=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:20 2024 by rpki-client on console-ams.rpki-client.org