Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/S_pAP66H1f439oE-22hyFtyvyBw.roa
File:                     S_pAP66H1f439oE-22hyFtyvyBw.roa (raw, json)
Hash identifier:          BPplwmPUIv/iVqsyqzNV1l9Cwc9jUY8/GYTaIXqTIx4=
Subject key identifier:   4B:FA:40:3F:AE:87:D5:FE:37:F6:81:3E:DB:68:72:16:DC:AF:C8:1C
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018E5CC5032BF0B8D704A2FCA709C4AB771D
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/S_pAP66H1f439oE-22hyFtyvyBw.roa
Signing time:             Wed 20 Mar 2024 16:49:59 +0000
ROA not before:           Wed 20 Mar 2024 16:49:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        104.167.0.0/24 maxlen: 24
                          104.222.169.0/24 maxlen: 24
                          104.222.170.0/24 maxlen: 24
                          104.222.171.0/24 maxlen: 24
                          104.222.172.0/24 maxlen: 24
                          104.222.173.0/24 maxlen: 24
                          104.222.174.0/24 maxlen: 24
                          104.222.175.0/24 maxlen: 24
                          104.233.20.0/24 maxlen: 24
                          104.239.13.0/24 maxlen: 24
                          104.239.16.0/22 maxlen: 22
                          104.239.20.0/22 maxlen: 22
                          104.239.32.0/22 maxlen: 22
                          104.239.36.0/22 maxlen: 22
                          104.239.82.0/24 maxlen: 24
                          104.239.90.0/23 maxlen: 23
                          104.239.92.0/23 maxlen: 23
                          104.239.98.0/24 maxlen: 24
                          216.173.80.0/23 maxlen: 23
                          216.173.88.0/23 maxlen: 23
                          216.173.108.0/24 maxlen: 24
                          216.173.122.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Thu 04 Apr 2024 15:06:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:5c:c5:03:2b:f0:b8:d7:04:a2:fc:a7:09:c4:ab:77:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar 20 16:49:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4bfa403fae87d5fe37f6813edb687216dcafc81c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ab:e8:75:5e:f8:da:27:f5:b0:90:31:2f:f0:
                    4d:37:15:0e:43:b8:a6:c6:1e:cc:57:ad:cd:9e:b8:
                    3a:35:d2:13:2d:c6:f1:ea:f5:44:e5:a3:7d:b5:b1:
                    b3:75:70:6a:a8:ad:7a:f2:04:56:8c:5f:c8:c5:4f:
                    7e:8e:3b:67:4f:82:98:26:c0:b4:27:85:49:32:c5:
                    71:47:81:fe:ba:6b:6b:67:b3:50:b7:4b:07:2e:80:
                    e0:d2:bf:2d:0e:48:54:b0:b1:cc:15:78:9b:18:06:
                    e4:06:5d:0f:2b:f3:15:33:b7:c6:8a:15:04:a7:b8:
                    c6:58:49:3c:ff:11:0b:ab:d4:2e:b5:59:5f:7c:1a:
                    62:ac:57:2b:ae:c3:41:55:10:13:87:19:2c:44:ce:
                    16:a8:a1:b8:f5:94:b4:26:68:eb:77:b0:a7:37:f7:
                    fa:8b:b2:ee:03:a4:b6:6c:c0:74:61:02:c3:0a:01:
                    a7:ae:97:ab:3d:ec:cc:af:16:2e:59:99:17:b6:0e:
                    3d:99:09:b1:b1:43:7f:4d:62:2a:4a:7a:29:35:cc:
                    11:ca:b6:93:74:20:b6:db:aa:67:02:2e:42:84:c2:
                    22:af:30:61:a0:53:1b:cb:4f:e2:b0:50:fd:26:e2:
                    1f:c0:23:a5:8a:fd:e2:23:25:01:34:80:ee:ae:f3:
                    3b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:FA:40:3F:AE:87:D5:FE:37:F6:81:3E:DB:68:72:16:DC:AF:C8:1C
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/S_pAP66H1f439oE-22hyFtyvyBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.0.0/24
                  104.222.169.0-104.222.175.255
                  104.233.20.0/24
                  104.239.13.0/24
                  104.239.16.0/21
                  104.239.32.0/21
                  104.239.82.0/24
                  104.239.90.0-104.239.93.255
                  104.239.98.0/24
                  216.173.80.0/23
                  216.173.88.0/23
                  216.173.108.0/24
                  216.173.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:b3:93:d3:b4:7c:64:33:22:19:b5:95:43:05:50:26:6e:07:
         9c:3b:5f:4c:a0:71:9b:71:00:f6:77:f0:cf:78:c0:c2:2c:10:
         2b:5b:56:e3:ec:7e:5c:29:74:45:65:fe:bf:18:14:95:73:33:
         05:08:b5:9b:65:d8:c7:a7:78:09:77:73:2f:92:f8:69:e5:e2:
         36:55:e6:17:d0:8e:07:2e:78:73:a8:f2:3a:e1:99:8a:46:ba:
         49:dc:5b:4d:89:56:46:de:7e:66:9b:58:ff:81:42:b5:ad:62:
         d3:4b:4e:db:56:55:3e:a0:7e:35:c3:55:13:95:cc:ec:d4:df:
         d7:4c:cc:cd:5e:84:d7:2b:e9:10:5c:59:1c:43:2b:3d:18:28:
         7a:dc:cb:7a:e4:b4:2c:49:d4:12:e1:7a:42:49:dd:5e:28:58:
         6e:84:ba:4c:4b:c4:1f:87:2b:8b:db:ca:52:5b:8a:ae:5e:fa:
         be:17:19:a5:bb:44:44:a9:10:d9:50:ea:87:c7:27:71:25:31:
         60:e1:c3:58:37:78:97:98:dd:1e:e5:fb:88:8d:0e:51:26:7f:
         28:cf:b2:ca:2e:6d:fd:42:34:ad:b9:29:62:a1:b0:3a:81:5d:
         e5:54:bc:10:25:01:e9:21:9c:28:ec:b6:0f:2f:2a:ad:0b:f3:
         47:8f:c2:8b
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAY5cxQMr8LjXBKL8pwnEq3cdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMzIwMTY0OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmZhNDAzZmFlODdkNWZlMzdmNjgxM2VkYjY4NzIxNmRjYWZjODFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26vodV742if1sJAxL/BNNxUOQ7im
xh7MV63Nnrg6NdITLcbx6vVE5aN9tbGzdXBqqK168gRWjF/IxU9+jjtnT4KYJsC0
J4VJMsVxR4H+umtrZ7NQt0sHLoDg0r8tDkhUsLHMFXibGAbkBl0PK/MVM7fGihUE
p7jGWEk8/xELq9QutVlffBpirFcrrsNBVRAThxksRM4WqKG49ZS0Jmjrd7CnN/f6
i7LuA6S2bMB0YQLDCgGnrperPezMrxYuWZkXtg49mQmxsUN/TWIqSnopNcwRyraT
dCC226pnAi5ChMIirzBhoFMby0/isFD9JuIfwCOliv3iIyUBNIDurvM72QIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFEv6QD+uh9X+N/aBPttochbcr8gcMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvU19wQVA2NkgxZjQzOW9FLTIyaHlGdHl2eUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQAaKcAMAwD
BABo3qkDBARo3qADBABo6RQDBABo7w0DBANo7xADBANo7yADBABo71IwDAMEAWjv
WgMEAWjvXAMEAGjvYgMEAditUAMEAditWAMEANitbAMEAditejANBgkqhkiG9w0B
AQsFAAOCAQEAJrOT07R8ZDMiGbWVQwVQJm4HnDtfTKBxm3EA9nfwz3jAwiwQK1tW
4+x+XCl0RWX+vxgUlXMzBQi1m2XYx6d4CXdzL5L4aeXiNlXmF9COBy54c6jyOuGZ
ika6SdxbTYlWRt5+ZptY/4FCta1i00tO21ZVPqB+NcNVE5XM7NTf10zMzV6E1yvp
EFxZHEMrPRgoetzLeuS0LEnUEuF6QkndXihYboS6TEvEH4cri9vKUluKrl76vhcZ
pbtERKkQ2VDqh8cncSUxYOHDWDd4l5jdHuX7iI0OUSZ/KM+yyi5t/UI0rbkpYqGw
OoFd5VS8ECUB6SGcKOy2Dy8qrQvzR4/Ciw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org