Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/9avzk636wWXiyqWWSJWCJFVlNmQ.roa
File:                     9avzk636wWXiyqWWSJWCJFVlNmQ.roa (raw, json)
Hash identifier:          r1wS1QozfGnyze8XfDC0ZndvBzOqQuNRAzTDnPFUhi4=
Subject key identifier:   F5:AB:F3:93:AD:FA:C1:65:E2:CA:A5:96:48:95:82:24:55:65:36:64
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       018828B40158FC2783967D0E1D90A91637D5
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/9avzk636wWXiyqWWSJWCJFVlNmQ.roa
Signing time:             Wed 17 May 2023 07:54:25 +0000
ROA not before:           Wed 17 May 2023 07:54:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     207279
IP address blocks:        5.105.124.0/24 maxlen: 24
                          5.105.127.0/24 maxlen: 24
                          5.105.29.0/24 maxlen: 24
                          5.105.139.0/24 maxlen: 24
                          5.105.34.0/24 maxlen: 24
                          5.105.142.0/24 maxlen: 24
                          5.105.249.0/24 maxlen: 24
                          5.105.39.0/24 maxlen: 24
                          5.105.157.0/24 maxlen: 24
                          5.105.200.0/24 maxlen: 24
                          5.105.207.0/24 maxlen: 24
                          5.105.216.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 May 2023 10:37:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:28:b4:01:58:fc:27:83:96:7d:0e:1d:90:a9:16:37:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: May 17 07:54:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f5abf393adfac165e2caa5964895822455653664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3f:91:66:89:df:b3:f0:d5:59:10:f5:fe:d4:
                    73:d3:3a:45:37:b4:4e:80:fb:60:26:5c:0e:b8:88:
                    21:2e:86:ab:f1:5c:11:c0:9a:17:8f:65:67:d7:19:
                    83:f7:20:48:45:01:a4:2b:25:3a:0d:09:aa:cf:37:
                    9b:a1:db:1a:8b:65:ca:50:15:d8:f9:8b:f2:94:0a:
                    ff:47:80:54:62:b9:bb:7d:0f:d1:3e:6b:7e:db:e9:
                    50:92:cd:e9:c3:8f:87:0e:e6:9c:2a:89:c5:91:6e:
                    6f:27:f9:42:5d:fc:09:19:a6:0e:42:aa:9f:ac:c7:
                    bd:55:ab:62:04:e5:47:a6:96:4e:9b:59:e8:76:c2:
                    56:87:e6:cb:bd:08:69:31:45:0a:07:6c:1a:29:86:
                    57:b0:a4:b7:f6:50:1f:e4:9c:ab:1b:9d:c9:10:bc:
                    fe:1c:d3:e9:31:e6:f9:8a:47:6b:e0:e2:45:0d:5b:
                    22:81:f0:f9:07:22:c3:f7:fb:4c:19:8a:29:3f:68:
                    38:be:b5:77:f9:3c:a8:76:86:b2:dd:6f:e1:94:f4:
                    c3:0c:7d:d8:a3:6a:d1:24:e0:03:1c:f8:5e:71:fe:
                    fe:71:41:eb:a5:c6:c6:4d:7b:db:a1:46:02:07:73:
                    b1:06:46:c6:88:5f:49:79:df:b7:7c:21:d3:2e:28:
                    35:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:AB:F3:93:AD:FA:C1:65:E2:CA:A5:96:48:95:82:24:55:65:36:64
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/9avzk636wWXiyqWWSJWCJFVlNmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.105.29.0/24
                  5.105.34.0/24
                  5.105.39.0/24
                  5.105.124.0/24
                  5.105.127.0/24
                  5.105.139.0/24
                  5.105.142.0/24
                  5.105.157.0/24
                  5.105.200.0/24
                  5.105.207.0/24
                  5.105.216.0/24
                  5.105.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7b:59:a5:29:0e:a6:e3:98:05:0a:f3:e5:25:09:03:77:05:
         e7:0b:34:55:46:da:3c:b5:a5:8d:1c:6b:d3:1b:30:57:61:95:
         8d:51:e3:7f:08:bf:7f:f2:2f:1f:47:08:64:00:75:fd:6e:2d:
         9e:1b:78:5e:1f:57:d0:17:07:7c:aa:29:82:01:22:bb:f5:40:
         9f:d3:3e:2b:13:f3:ff:96:2a:d8:2e:94:b8:ea:da:ff:6a:64:
         2f:7e:0c:50:65:87:bd:60:90:7d:99:82:a4:95:7a:12:1d:89:
         4a:2f:76:40:bb:19:fa:42:a3:6a:89:62:07:a2:50:02:79:b5:
         ca:ab:d6:6f:b9:b3:60:09:0a:10:4d:fe:c0:00:35:1a:f3:9f:
         22:6d:0d:66:e5:f1:88:16:fd:43:a8:6d:b0:37:fc:e2:d6:29:
         3d:da:20:c2:44:00:4a:bc:67:77:bd:1b:21:a2:44:90:25:4c:
         22:88:37:85:af:75:90:6b:4a:77:27:a3:f9:0a:ad:e0:c5:88:
         67:45:7a:eb:9b:f9:61:33:1e:b0:ce:25:ea:51:72:11:cf:f0:
         0d:b6:0f:79:51:6d:64:95:d9:dc:10:81:76:74:e0:f5:fc:f2:
         af:9b:4d:cc:26:6e:44:00:88:91:8f:79:5d:07:8c:57:25:1a:
         3b:b6:22:be
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYgotAFY/CeDln0OHZCpFjfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjMwNTE3MDc1NDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWFiZjM5M2FkZmFjMTY1ZTJjYWE1OTY0ODk1ODIyNDU1NjUzNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j+RZonfs/DVWRD1/tRz0zpFN7RO
gPtgJlwOuIghLoar8VwRwJoXj2Vn1xmD9yBIRQGkKyU6DQmqzzebodsai2XKUBXY
+YvylAr/R4BUYrm7fQ/RPmt+2+lQks3pw4+HDuacKonFkW5vJ/lCXfwJGaYOQqqf
rMe9VatiBOVHppZOm1nodsJWh+bLvQhpMUUKB2waKYZXsKS39lAf5JyrG53JELz+
HNPpMeb5ikdr4OJFDVsigfD5ByLD9/tMGYopP2g4vrV3+Tyodoay3W/hlPTDDH3Y
o2rRJOADHPhecf7+cUHrpcbGTXvboUYCB3OxBkbGiF9Jed+3fCHTLig1OQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFPWr85Ot+sFl4sqllkiVgiRVZTZkMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvOWF2ems2MzZ3V1hpeXFXV1NKV0NKRlZsTm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQABWkdAwQA
BWkiAwQABWknAwQABWl8AwQABWl/AwQABWmLAwQABWmOAwQABWmdAwQABWnIAwQA
BWnPAwQABWnYAwQABWn5MA0GCSqGSIb3DQEBCwUAA4IBAQAue1mlKQ6m45gFCvPl
JQkDdwXnCzRVRto8taWNHGvTGzBXYZWNUeN/CL9/8i8fRwhkAHX9bi2eG3heH1fQ
Fwd8qimCASK79UCf0z4rE/P/lirYLpS46tr/amQvfgxQZYe9YJB9mYKklXoSHYlK
L3ZAuxn6QqNqiWIHolACebXKq9ZvubNgCQoQTf7AADUa858ibQ1m5fGIFv1DqG2w
N/zi1ik92iDCRABKvGd3vRshokSQJUwiiDeFr3WQa0p3J6P5Cq3gxYhnRXrrm/lh
Mx6wziXqUXIRz/ANtg95UW1kldncEIF2dOD1/PKvm03MJm5EAIiRj3ldB4xXJRo7
tiK+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:55 2024 by rpki-client on console-ams.rpki-client.org