Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/DrzwIrDnsJIJPY2LgUiyuli_74Y.roa
File:                     DrzwIrDnsJIJPY2LgUiyuli_74Y.roa (raw, json)
Hash identifier:          9HY0dQJRnnLifURKd6a6OFaMpnVLBKpjfRPKHsIrO7g=
Subject key identifier:   0E:BC:F0:22:B0:E7:B0:92:09:3D:8D:8B:81:48:B2:BA:58:BF:EF:86
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       0186110346071E44BE1B52BEE27B622796D0
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/DrzwIrDnsJIJPY2LgUiyuli_74Y.roa
Signing time:             Thu 02 Feb 2023 07:24:32 +0000
ROA not before:           Thu 02 Feb 2023 07:24:32 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     60721
IP address blocks:        84.32.59.0/24 maxlen: 24
                          84.32.60.0/24 maxlen: 24
                          84.32.66.0/24 maxlen: 24
                          84.32.68.0/24 maxlen: 24
                          84.32.90.0/24 maxlen: 24
                          88.216.209.0/24 maxlen: 24
                          84.32.225.0/24 maxlen: 24
                          84.32.227.0/24 maxlen: 24
                          88.216.129.0/24 maxlen: 24
                          84.32.28.0/24 maxlen: 24
                          84.32.44.0/24 maxlen: 24
                          84.32.255.0/24 maxlen: 24
                          84.32.47.0/24 maxlen: 24
                          84.32.178.0/24 maxlen: 24
                          88.216.95.0/24 maxlen: 24
                          88.216.103.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 06 Feb 2023 06:38:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:11:03:46:07:1e:44:be:1b:52:be:e2:7b:62:27:96:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb  2 07:24:32 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0ebcf022b0e7b092093d8d8b8148b2ba58bfef86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f1:f6:7b:e9:bb:d3:58:96:09:1d:22:a7:0a:
                    fd:d8:ba:5a:8b:71:39:88:0a:30:4e:d5:ba:81:9d:
                    16:b0:96:93:54:65:7e:9a:11:89:72:46:8c:e0:82:
                    29:a5:a0:75:9f:bd:3e:a7:a7:b2:e2:14:09:0f:a8:
                    a0:46:04:df:39:85:20:66:8f:9e:fc:d4:3c:7c:81:
                    49:97:47:b7:4f:7a:2f:8d:24:12:03:03:33:d6:66:
                    10:fd:1a:9c:31:2d:f4:16:51:8b:c4:94:ae:af:84:
                    93:1f:d7:58:00:a1:0a:37:a6:19:11:30:7c:23:d5:
                    a7:3d:b4:71:21:3f:e3:3d:08:4a:05:81:13:a4:c0:
                    b4:a3:a6:aa:1c:2d:50:04:88:30:cb:db:bb:1d:18:
                    9b:14:de:62:eb:18:76:f2:83:51:7c:93:0e:cc:0b:
                    83:43:52:4b:fe:48:8c:2f:83:77:96:5d:6d:76:d5:
                    c7:f6:60:82:b4:fe:35:6f:8f:ba:e4:3e:85:50:8b:
                    5f:a9:34:d2:da:16:1b:00:17:e6:09:a4:e8:ac:30:
                    83:61:c7:6d:96:5e:91:a0:58:b6:44:f7:14:65:b2:
                    9a:35:86:df:47:1d:95:cf:58:93:85:fd:8b:69:ac:
                    6f:57:bd:4d:b9:aa:30:9c:cc:b4:07:6a:c9:c2:b3:
                    82:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BC:F0:22:B0:E7:B0:92:09:3D:8D:8B:81:48:B2:BA:58:BF:EF:86
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/DrzwIrDnsJIJPY2LgUiyuli_74Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.28.0/24
                  84.32.44.0/24
                  84.32.47.0/24
                  84.32.59.0-84.32.60.255
                  84.32.66.0/24
                  84.32.68.0/24
                  84.32.90.0/24
                  84.32.178.0/24
                  84.32.225.0/24
                  84.32.227.0/24
                  84.32.255.0/24
                  88.216.95.0/24
                  88.216.103.0/24
                  88.216.129.0/24
                  88.216.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:52:b7:1d:2a:60:9b:4b:6b:67:d1:cf:1a:fd:69:7a:65:cd:
         b6:97:55:a5:6d:da:a2:43:30:ef:3a:f5:b3:75:c4:06:12:b9:
         ef:aa:30:66:b6:a8:83:17:e7:92:66:c8:43:89:54:37:94:bc:
         51:33:4d:e5:11:98:c6:04:2c:aa:fe:1d:9c:8e:7b:15:95:2a:
         3f:59:8c:30:7f:55:5b:f7:f7:83:86:b3:d9:1c:3e:bf:86:3e:
         84:4c:0f:37:66:a9:02:68:96:80:12:73:f9:b7:dd:b6:ec:6e:
         0e:38:9e:23:09:12:02:ba:7c:37:4e:94:54:c1:4d:a6:e0:82:
         03:70:2f:65:b0:41:4a:15:dd:b6:58:19:a0:07:46:40:e9:67:
         9c:b4:d6:a7:cd:17:c0:7f:70:ab:77:a6:44:35:2e:8c:f8:ed:
         0f:84:85:13:15:d0:d5:ae:22:e5:bf:13:91:3f:05:28:e7:0f:
         51:b7:ea:31:5a:00:d5:ca:89:16:80:13:15:0d:e9:f3:a8:91:
         a4:df:b3:aa:7e:54:c6:78:75:00:6c:b4:3d:ac:66:fb:3b:20:
         f6:fc:86:ce:6f:65:30:3c:cc:bb:49:ba:13:49:4b:90:22:40:
         5e:de:53:fa:86:f4:17:55:53:07:16:96:f3:a0:d3:6f:bc:30:
         8a:b9:6e:e9
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYYRA0YHHkS+G1K+4ntiJ5bQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwMjAyMDcyNDMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJjZjAyMmIwZTdiMDkyMDkzZDhkOGI4MTQ4YjJiYTU4YmZlZjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPH2e+m701iWCR0ipwr92Lpai3E5
iAowTtW6gZ0WsJaTVGV+mhGJckaM4IIppaB1n70+p6ey4hQJD6igRgTfOYUgZo+e
/NQ8fIFJl0e3T3ovjSQSAwMz1mYQ/RqcMS30FlGLxJSur4STH9dYAKEKN6YZETB8
I9WnPbRxIT/jPQhKBYETpMC0o6aqHC1QBIgwy9u7HRibFN5i6xh28oNRfJMOzAuD
Q1JL/kiML4N3ll1tdtXH9mCCtP41b4+65D6FUItfqTTS2hYbABfmCaTorDCDYcdt
ll6RoFi2RPcUZbKaNYbfRx2Vz1iThf2LaaxvV71NuaownMy0B2rJwrOCeQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFA688CKw57CSCT2Ni4FIsrpYv++GMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvRHJ6d0lyRG5zSklKUFkyTGdVaXl1bGlfNzRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAVCAcAwQA
VCAsAwQAVCAvMAwDBABUIDsDBABUIDwDBABUIEIDBABUIEQDBABUIFoDBABUILID
BABUIOEDBABUIOMDBABUIP8DBABY2F8DBABY2GcDBABY2IEDBABY2NEwDQYJKoZI
hvcNAQELBQADggEBAHBStx0qYJtLa2fRzxr9aXplzbaXVaVt2qJDMO869bN1xAYS
ue+qMGa2qIMX55JmyEOJVDeUvFEzTeURmMYELKr+HZyOexWVKj9ZjDB/VVv394OG
s9kcPr+GPoRMDzdmqQJoloASc/m33bbsbg44niMJEgK6fDdOlFTBTabgggNwL2Ww
QUoV3bZYGaAHRkDpZ5y01qfNF8B/cKt3pkQ1Loz47Q+EhRMV0NWuIuW/E5E/BSjn
D1G36jFaANXKiRaAExUN6fOokaTfs6p+VMZ4dQBstD2sZvs7IPb8hs5vZTA8zLtJ
uhNJS5AiQF7eU/qG9BdVUwcWlvOg02+8MIq5buk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:25 2024 by rpki-client on console-ams.rpki-client.org