Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/C7_ELTaYMmBq0snaa0FrZXOc6Eg.roa
File:                     C7_ELTaYMmBq0snaa0FrZXOc6Eg.roa (raw, json)
Hash identifier:          TKPgcgyXDpATUfcjVXXWImJna/x/ucAnoYuUz+eo7l8=
Subject key identifier:   0B:BF:C4:2D:36:98:32:60:6A:D2:C9:DA:6B:41:6B:65:73:9C:E8:48
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       018EAEFC3C12945181C31FA091BAE0863EB6
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/C7_ELTaYMmBq0snaa0FrZXOc6Eg.roa
Signing time:             Fri 05 Apr 2024 15:59:09 +0000
ROA not before:           Fri 05 Apr 2024 15:59:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57433
IP address blocks:        37.114.32.0/19 maxlen: 24
                          37.114.32.0/24 maxlen: 24
                          37.114.37.0/24 maxlen: 24
                          37.114.44.0/24 maxlen: 24
                          37.114.54.0/24 maxlen: 24
                          43.251.160.0/24 maxlen: 24
                          43.251.161.0/24 maxlen: 24
                          43.251.162.0/24 maxlen: 24
                          43.251.163.0/24 maxlen: 24
                          94.154.48.0/21 maxlen: 24
                          94.154.48.0/24 maxlen: 24
                          94.154.49.0/24 maxlen: 24
                          94.154.50.0/24 maxlen: 24
                          94.154.51.0/24 maxlen: 24
                          94.154.52.0/24 maxlen: 24
                          94.154.53.0/24 maxlen: 24
                          94.154.54.0/24 maxlen: 24
                          94.154.55.0/24 maxlen: 24
                          176.100.32.0/21 maxlen: 21
                          176.100.32.0/24 maxlen: 24
                          176.100.39.0/24 maxlen: 24
                          185.14.92.0/24 maxlen: 24
                          185.14.93.0/24 maxlen: 24
                          2a00:ccc0::/32 maxlen: 32
                          2a00:ccc1::/32 maxlen: 48
                          2a00:ccc1::/48 maxlen: 48
                          2a00:ccc1:4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 17 May 2024 20:14:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ae:fc:3c:12:94:51:81:c3:1f:a0:91:ba:e0:86:3e:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Apr  5 15:59:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bbfc42d369832606ad2c9da6b416b65739ce848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f1:e3:c0:95:35:6a:cd:83:9d:93:78:3e:5d:
                    be:70:d8:32:ee:a9:76:dd:ae:05:e0:8f:77:45:0f:
                    e0:ae:54:55:55:d0:17:4b:0e:94:a8:ea:fa:7e:77:
                    d3:8b:9d:51:e7:b9:6f:ac:07:d4:47:fb:02:c0:c5:
                    57:fd:2a:6f:bc:7a:2a:07:28:23:4e:48:de:ed:e9:
                    46:80:bc:7c:03:e3:64:74:3b:70:10:90:82:2f:2e:
                    91:27:e7:4b:55:dd:05:02:9f:78:06:46:af:6b:99:
                    9f:58:68:ee:f1:9c:8c:c6:ea:21:82:cc:b4:88:9d:
                    d5:1b:12:4d:36:78:08:25:32:9e:6a:88:8d:bd:50:
                    2f:06:18:3a:51:1b:71:56:25:3e:88:59:11:9c:59:
                    2a:1f:15:8c:b8:70:73:0a:ee:5a:df:2b:1a:b4:06:
                    ff:0a:b8:c1:30:42:55:70:0a:73:91:52:9c:f1:bd:
                    09:df:24:9b:d2:b9:74:b6:53:b8:80:78:77:b3:df:
                    7c:07:0c:3a:b6:e3:d2:9d:31:64:05:23:f4:b9:22:
                    1c:bd:6f:d0:e6:a4:9f:3d:90:66:31:d9:2d:0c:e8:
                    f1:3d:b0:2e:ed:a7:02:eb:2d:c5:3a:9e:08:e6:09:
                    d5:cc:5f:62:30:aa:15:1a:18:ff:0e:d1:07:05:6f:
                    f6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BF:C4:2D:36:98:32:60:6A:D2:C9:DA:6B:41:6B:65:73:9C:E8:48
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/C7_ELTaYMmBq0snaa0FrZXOc6Eg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.32.0/19
                  43.251.160.0/22
                  94.154.48.0/21
                  176.100.32.0/21
                  185.14.92.0/23
                IPv6:
                  2a00:ccc0::/31

    Signature Algorithm: sha256WithRSAEncryption
         68:d6:1a:82:0c:c6:e2:a1:07:1c:d0:09:5d:87:92:ff:30:ab:
         70:c4:1d:86:8c:b4:1b:19:6e:a0:4d:23:6f:93:14:b8:44:54:
         67:5f:7e:ad:07:17:07:db:c1:60:02:66:e8:1e:1e:fb:77:51:
         b2:63:50:1e:c7:d5:2c:6b:fa:a3:19:c8:58:0d:4f:07:fa:30:
         9a:93:14:4c:9c:fd:06:fc:4e:3e:48:85:3b:7a:cc:70:5b:58:
         43:91:4b:29:47:c7:d6:ed:34:55:1f:8d:54:c4:cf:24:73:ff:
         07:e9:2f:45:fb:cf:99:85:f4:0c:ef:be:80:5c:ad:2a:ce:19:
         b0:f9:26:4b:1c:d2:0b:98:14:e2:aa:cf:ad:47:03:bb:78:b8:
         af:d9:b7:f5:2b:7e:e5:80:e6:62:0b:d5:27:a7:38:21:11:d6:
         37:1b:d3:b0:b1:2d:ed:67:c3:a3:77:82:53:53:01:09:91:e7:
         a7:7b:6a:e5:a3:dc:ef:be:e8:1a:76:03:76:39:ff:78:bb:11:
         4c:bb:d8:71:63:0b:76:7f:4d:e9:3e:df:63:c5:b9:1a:1a:72:
         2a:bd:b3:aa:66:07:a7:4b:6a:e6:98:cc:fe:cc:f4:3f:48:56:
         30:a7:dc:fe:5b:5e:94:ff:9b:cd:5e:1f:23:9c:65:01:a5:ee:
         03:1c:d3:e5
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAY6u/DwSlFGBwx+gkbrghj62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjQwNDA1MTU1OTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJmYzQyZDM2OTgzMjYwNmFkMmM5ZGE2YjQxNmI2NTczOWNlODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfHjwJU1as2DnZN4Pl2+cNgy7ql2
3a4F4I93RQ/grlRVVdAXSw6UqOr6fnfTi51R57lvrAfUR/sCwMVX/SpvvHoqBygj
Tkje7elGgLx8A+NkdDtwEJCCLy6RJ+dLVd0FAp94Bkava5mfWGju8ZyMxuohgsy0
iJ3VGxJNNngIJTKeaoiNvVAvBhg6URtxViU+iFkRnFkqHxWMuHBzCu5a3ysatAb/
CrjBMEJVcApzkVKc8b0J3ySb0rl0tlO4gHh3s998Bww6tuPSnTFkBSP0uSIcvW/Q
5qSfPZBmMdktDOjxPbAu7acC6y3FOp4I5gnVzF9iMKoVGhj/DtEHBW/2/wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFAu/xC02mDJgatLJ2mtBa2VznOhIMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvQzdfRUxUYVlNbUJxMHNuYWEwRnJaWE9jNkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQFJXIgAwQC
K/ugAwQDXpowAwQDsGQgAwQBuQ5cMA0EAgACMAcDBQEqAMzAMA0GCSqGSIb3DQEB
CwUAA4IBAQBo1hqCDMbioQcc0Aldh5L/MKtwxB2GjLQbGW6gTSNvkxS4RFRnX36t
BxcH28FgAmboHh77d1GyY1Aex9Usa/qjGchYDU8H+jCakxRMnP0G/E4+SIU7esxw
W1hDkUspR8fW7TRVH41UxM8kc/8H6S9F+8+ZhfQM776AXK0qzhmw+SZLHNILmBTi
qs+tRwO7eLiv2bf1K37lgOZiC9UnpzghEdY3G9OwsS3tZ8Ojd4JTUwEJkeene2rl
o9zvvugadgN2Of94uxFMu9hxYwt2f03pPt9jxbkaGnIqvbOqZgenS2rmmMz+zPQ/
SFYwp9z+W16U/5vNXh8jnGUBpe4DHNPl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:17 2024 by rpki-client on console-ams.rpki-client.org