Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/yYcudXBWnmuac9jbblzMo3N_agM.roa
File:                     yYcudXBWnmuac9jbblzMo3N_agM.roa (raw, json)
Hash identifier:          jTfEsbSEs4sp2n/n6ejnU6mAGmE2yg3Q0celbHIrQB8=
Subject key identifier:   C9:87:2E:75:70:56:9E:6B:9A:73:D8:DB:6E:5C:CC:A3:73:7F:6A:03
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       01893609A8DFB1188AE7BC351A3B3DE652B6
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/yYcudXBWnmuac9jbblzMo3N_agM.roa
Signing time:             Sat 08 Jul 2023 15:05:49 +0000
ROA not before:           Sat 08 Jul 2023 15:05:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     30938
IP address blocks:        45.12.216.0/24 maxlen: 24
                          45.12.217.0/24 maxlen: 24
                          45.12.219.0/24 maxlen: 24
                          45.12.218.0/24 maxlen: 24
                          5.39.248.0/24 maxlen: 24
                          5.39.251.0/24 maxlen: 24
                          5.39.252.0/24 maxlen: 24
                          5.39.250.0/24 maxlen: 24
                          5.39.253.0/24 maxlen: 24
                          185.5.36.0/22 maxlen: 22
                          31.192.240.0/21 maxlen: 21
                          5.178.97.0/24 maxlen: 24
                          5.178.96.0/24 maxlen: 24
                          5.178.99.0/24 maxlen: 24
                          5.144.183.0/24 maxlen: 24
                          5.178.105.0/24 maxlen: 24
                          5.178.104.0/24 maxlen: 24
                          5.178.106.0/24 maxlen: 24
                          5.39.254.0/24 maxlen: 24
                          5.39.255.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 10 Jul 2023 08:06:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:36:09:a8:df:b1:18:8a:e7:bc:35:1a:3b:3d:e6:52:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jul  8 15:05:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c9872e7570569e6b9a73d8db6e5ccca3737f6a03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:01:b4:4c:3f:69:f4:0e:c0:96:7f:e2:84:2a:
                    35:a7:b1:e4:db:10:8a:be:11:4a:16:80:97:2d:de:
                    03:a3:11:fd:78:80:65:f8:61:2f:4c:dc:c2:12:cc:
                    0c:72:8f:44:c4:9b:8f:48:d8:b9:da:be:6a:1b:2d:
                    03:8f:7a:1f:c6:e4:37:9c:99:90:7a:5d:06:7d:b3:
                    49:60:42:a1:51:de:65:fe:a5:1d:36:24:df:2a:52:
                    fd:42:12:e6:ce:2e:96:da:13:79:0b:6a:1f:32:d5:
                    db:75:6e:fb:e5:0f:78:9d:60:b7:a1:86:ce:88:51:
                    46:7f:e8:d0:9d:75:92:ca:d5:ab:8c:a8:7a:51:31:
                    e7:9e:ba:4b:a4:16:d1:4d:f0:9e:ea:a6:43:25:e5:
                    41:bf:38:de:8d:7e:c8:9c:6e:0e:d0:af:9e:f5:99:
                    7b:c1:70:80:8a:48:62:2a:9a:c9:2b:1e:a5:21:61:
                    80:0c:6b:bf:23:88:a0:43:e9:f1:1d:c8:a7:61:91:
                    3f:cc:2f:84:cd:85:8e:66:c8:ed:e0:37:7e:b8:26:
                    1d:27:7b:63:82:f4:c7:b9:00:0e:bb:36:23:f8:6e:
                    01:d0:d2:8b:34:56:62:99:30:9c:dd:b7:84:2b:58:
                    df:a7:0e:3d:6d:93:bd:f4:85:26:1f:8e:54:75:ec:
                    49:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:87:2E:75:70:56:9E:6B:9A:73:D8:DB:6E:5C:CC:A3:73:7F:6A:03
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/yYcudXBWnmuac9jbblzMo3N_agM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.39.248.0/24
                  5.39.250.0-5.39.255.255
                  5.144.183.0/24
                  5.178.96.0/23
                  5.178.99.0/24
                  5.178.104.0-5.178.106.255
                  31.192.240.0/21
                  45.12.216.0/22
                  185.5.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:7b:77:95:e7:64:34:2f:73:d7:fa:88:bc:df:bc:b8:a1:d3:
         8f:31:3a:4f:2f:52:c0:f2:e0:78:4c:5a:f6:75:e6:24:98:79:
         46:92:0b:8a:49:7c:32:ea:67:8b:92:c1:52:83:30:b3:02:54:
         fc:74:b6:63:4f:db:40:10:93:bf:8a:9c:07:b4:f0:a3:f0:50:
         84:20:5e:4e:92:cc:ae:56:8d:27:42:c7:83:96:ed:c3:55:aa:
         8b:d3:e5:7a:61:ca:09:e3:d3:bd:31:fb:61:0c:c7:d5:78:b4:
         04:ba:d7:a5:f4:5c:4c:76:2d:32:c4:2f:b6:96:0a:cd:a6:55:
         d3:2b:52:78:b4:65:f1:39:47:0a:b3:2c:eb:35:57:71:61:7e:
         07:50:d2:35:a8:fd:c9:5e:97:75:4c:e4:2e:56:37:57:6a:24:
         9b:51:1a:bc:b3:99:80:b9:72:08:bd:40:2e:50:ec:85:64:36:
         b4:9d:8f:85:66:8f:21:91:59:42:b7:0e:c7:30:f1:05:85:a8:
         d7:ae:8b:59:c3:8b:a1:c5:3f:93:f9:79:a4:fa:33:a3:ef:0a:
         a1:fb:28:df:fa:71:a2:77:d2:ea:00:22:e0:7a:00:ff:c8:e4:
         01:77:2f:bc:44:85:81:37:65:ba:b7:08:2c:67:02:99:d0:fa:
         16:72:44:0b
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYk2CajfsRiK57w1Gjs95lK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjMwNzA4MTUwNTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTg3MmU3NTcwNTY5ZTZiOWE3M2Q4ZGI2ZTVjY2NhMzczN2Y2YTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAG0TD9p9A7Aln/ihCo1p7Hk2xCK
vhFKFoCXLd4DoxH9eIBl+GEvTNzCEswMco9ExJuPSNi52r5qGy0Dj3ofxuQ3nJmQ
el0GfbNJYEKhUd5l/qUdNiTfKlL9QhLmzi6W2hN5C2ofMtXbdW775Q94nWC3oYbO
iFFGf+jQnXWSytWrjKh6UTHnnrpLpBbRTfCe6qZDJeVBvzjejX7InG4O0K+e9Zl7
wXCAikhiKprJKx6lIWGADGu/I4igQ+nxHcinYZE/zC+EzYWOZsjt4Dd+uCYdJ3tj
gvTHuQAOuzYj+G4B0NKLNFZimTCc3beEK1jfpw49bZO99IUmH45UdexJmQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFMmHLnVwVp5rmnPY225czKNzf2oDMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEveVljdWRYQldubXVhYzlqYmJsek1vM05fYWdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTBLBAIAATBFAwQABSf4MAsD
BAEFJ/oDAwMFIAMEAAWQtwMEAQWyYAMEAAWyYzAMAwQDBbJoAwQABbJqAwQDH8Dw
AwQCLQzYAwQCuQUkMA0GCSqGSIb3DQEBCwUAA4IBAQCSe3eV52Q0L3PX+oi837y4
odOPMTpPL1LA8uB4TFr2deYkmHlGkguKSXwy6meLksFSgzCzAlT8dLZjT9tAEJO/
ipwHtPCj8FCEIF5OksyuVo0nQseDlu3DVaqL0+V6YcoJ49O9MfthDMfVeLQEutel
9FxMdi0yxC+2lgrNplXTK1J4tGXxOUcKsyzrNVdxYX4HUNI1qP3JXpd1TOQuVjdX
aiSbURq8s5mAuXIIvUAuUOyFZDa0nY+FZo8hkVlCtw7HMPEFhajXrotZw4uhxT+T
+Xmk+jOj7wqh+yjf+nGid9LqACLgegD/yOQBdy+8RIWBN2W6twgsZwKZ0PoWckQL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:33 2024 by rpki-client on console-fra.rpki-client.org