Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/JR-dW3jT2ex4F6QpglHHT8cJqj4.roa
File:                     JR-dW3jT2ex4F6QpglHHT8cJqj4.roa (raw, json)
Hash identifier:          YS/R1ffs+T9Lq9g5ABUfvBt5Cki7pmyAs4oqBJ2SOuI=
Subject key identifier:   25:1F:9D:5B:78:D3:D9:EC:78:17:A4:29:82:51:C7:4F:C7:09:AA:3E
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       018BA9689B69E96FFED898F2C7BA23D17E21
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/JR-dW3jT2ex4F6QpglHHT8cJqj4.roa
Signing time:             Tue 07 Nov 2023 10:51:26 +0000
ROA not before:           Tue 07 Nov 2023 10:51:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60150
IP address blocks:        185.96.56.0/22 maxlen: 24
                          194.38.48.0/22 maxlen: 24
                          193.168.200.0/22 maxlen: 24
                          193.160.220.0/22 maxlen: 24
                          185.136.16.0/22 maxlen: 24
                          147.185.196.0/23 maxlen: 24
                          147.185.206.0/23 maxlen: 24
                          207.244.196.0/22 maxlen: 24
                          43.240.148.0/22 maxlen: 24
                          207.244.208.0/22 maxlen: 24
                          45.12.100.0/22 maxlen: 24
                          2a07:5b40::/29 maxlen: 48
                          2a05:ff00::/29 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:31:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:a9:68:9b:69:e9:6f:fe:d8:98:f2:c7:ba:23:d1:7e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Nov  7 10:51:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=251f9d5b78d3d9ec7817a4298251c74fc709aa3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a4:fc:83:40:98:df:fd:40:fc:d0:7d:41:b4:
                    c8:dd:fc:fa:03:41:a6:2e:65:64:be:d2:77:74:34:
                    24:cc:6d:b7:c7:25:47:a6:3e:27:cc:cf:07:3a:aa:
                    06:f4:f0:54:09:47:ca:43:b6:d4:72:45:2f:3b:fc:
                    3b:ac:71:80:5d:a1:ba:a4:40:76:ac:14:fe:28:0a:
                    34:bd:44:da:21:8d:29:9a:95:b4:8e:ef:9a:7a:eb:
                    32:70:4b:1b:f8:43:0f:45:10:36:f4:11:50:e9:33:
                    9b:49:33:26:7a:62:3c:7f:95:13:d5:44:12:f8:a5:
                    94:51:44:eb:fb:e9:f4:0a:44:4f:f6:30:49:93:5b:
                    99:cd:61:bf:0b:3c:8a:16:a0:c6:06:a6:3a:48:72:
                    3e:50:fd:76:c6:d7:f7:8f:7d:a2:25:56:3b:c1:58:
                    37:d3:a5:ea:d1:23:ee:ea:26:da:6e:f8:c9:8a:a2:
                    53:c6:79:15:3a:a1:d7:d4:12:dc:45:eb:ae:2b:9a:
                    e8:aa:30:8d:70:a0:0c:73:5e:8e:30:0d:ac:90:a2:
                    87:5f:4c:46:9f:8f:3c:d2:51:71:4a:c6:19:33:43:
                    3b:fc:c4:fc:c0:44:a9:95:6c:93:8d:8c:51:40:fa:
                    e7:d6:a8:6a:61:55:83:81:77:8d:7e:49:04:03:35:
                    53:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:1F:9D:5B:78:D3:D9:EC:78:17:A4:29:82:51:C7:4F:C7:09:AA:3E
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/JR-dW3jT2ex4F6QpglHHT8cJqj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.240.148.0/22
                  45.12.100.0/22
                  147.185.196.0/23
                  147.185.206.0/23
                  185.96.56.0/22
                  185.136.16.0/22
                  193.160.220.0/22
                  193.168.200.0/22
                  194.38.48.0/22
                  207.244.196.0/22
                  207.244.208.0/22
                IPv6:
                  2a05:ff00::/29
                  2a07:5b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:4a:d7:58:08:2b:5c:66:f9:3c:7b:2c:1b:9e:27:1f:e0:35:
         70:1b:bc:c2:23:31:72:cf:d0:d0:c4:27:2d:e7:a9:c1:a3:3e:
         3a:0f:19:a8:f0:a0:78:61:bf:83:f6:c1:61:fd:b5:7a:95:e8:
         13:1b:d4:93:82:7a:46:ce:e2:5f:c7:d1:fd:0b:d0:21:a7:06:
         12:b9:d1:45:4b:5e:b4:c5:cc:cf:7e:54:2e:bc:0a:f5:d8:96:
         9f:38:91:2b:73:cb:18:c2:e2:7b:d9:9e:e8:9a:94:6d:0d:84:
         d9:20:f9:1c:b7:89:38:6b:d2:47:bc:84:87:b7:b3:dd:00:2f:
         88:23:f4:fd:ac:21:c1:ad:5a:9a:56:2a:ed:15:c7:c9:d3:b8:
         6c:bb:8a:af:ea:10:a2:8c:d4:f7:65:c3:c0:42:61:88:06:49:
         a9:e5:eb:d3:b4:92:95:d2:c5:59:dc:3d:ed:b3:3c:c6:84:06:
         ca:a0:78:c3:d9:fb:eb:fa:ec:7b:9f:8c:e8:7b:43:5c:1c:ad:
         85:43:55:d7:0e:7a:19:f7:4c:22:c2:65:41:07:6c:e2:96:99:
         6f:72:a1:01:fb:63:62:b2:a6:49:a0:a4:ab:18:fc:58:ea:9d:
         5c:f7:c0:66:e1:2e:42:80:a3:cb:54:11:ec:6d:43:90:dc:98:
         15:51:35:8e
-----BEGIN CERTIFICATE-----
MIIFTzCCBDegAwIBAgISAYupaJtp6W/+2Jjyx7oj0X4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjMxMTA3MTA1MTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTFmOWQ1Yjc4ZDNkOWVjNzgxN2E0Mjk4MjUxYzc0ZmM3MDlhYTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaT8g0CY3/1A/NB9QbTI3fz6A0Gm
LmVkvtJ3dDQkzG23xyVHpj4nzM8HOqoG9PBUCUfKQ7bUckUvO/w7rHGAXaG6pEB2
rBT+KAo0vUTaIY0pmpW0ju+aeusycEsb+EMPRRA29BFQ6TObSTMmemI8f5UT1UQS
+KWUUUTr++n0CkRP9jBJk1uZzWG/CzyKFqDGBqY6SHI+UP12xtf3j32iJVY7wVg3
06Xq0SPu6ibabvjJiqJTxnkVOqHX1BLcReuuK5roqjCNcKAMc16OMA2skKKHX0xG
n4880lFxSsYZM0M7/MT8wESplWyTjYxRQPrn1qhqYVWDgXeNfkkEAzVTZwIDAQAB
o4ICWzCCAlcwHQYDVR0OBBYEFCUfnVt409nseBekKYJRx0/HCao+MB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvSlItZFczalQyZXg0RjZRcGdsSEhUOGNKcWo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHEGCCsGAQUFBwEHAQH/BGIwYDBIBAIAATBCAwQCK/CUAwQC
LQxkAwQBk7nEAwQBk7nOAwQCuWA4AwQCuYgQAwQCwaDcAwQCwajIAwQCwiYwAwQC
z/TEAwQCz/TQMBQEAgACMA4DBQMqBf8AAwUDKgdbQDANBgkqhkiG9w0BAQsFAAOC
AQEAiUrXWAgrXGb5PHssG54nH+A1cBu8wiMxcs/Q0MQnLeepwaM+Og8ZqPCgeGG/
g/bBYf21epXoExvUk4J6Rs7iX8fR/QvQIacGErnRRUtetMXMz35ULrwK9diWnziR
K3PLGMLie9me6JqUbQ2E2SD5HLeJOGvSR7yEh7ez3QAviCP0/awhwa1amlYq7RXH
ydO4bLuKr+oQoozU92XDwEJhiAZJqeXr07SSldLFWdw97bM8xoQGyqB4w9n76/rs
e5+M6HtDXBythUNV1w56GfdMIsJlQQds4paZb3KhAftjYrKmSaCkqxj8WOqdXPfA
ZuEuQoCjy1QR7G1DkNyYFVE1jg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:23 2024 by rpki-client on console-ams.rpki-client.org