Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/a2mmsBwNLTJYMCKJxyel1xdAwsQ.roa
File:                     a2mmsBwNLTJYMCKJxyel1xdAwsQ.roa (raw, json)
Hash identifier:          ztB8MR1OAlbFR/7SiMOP2k4jXo6I6WTzGQsNJRB5Fpk=
Subject key identifier:   6B:69:A6:B0:1C:0D:2D:32:58:30:22:89:C7:27:A5:D7:17:40:C2:C4
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01864AE7CF19125B2BF2AF21FB81BE2F0A0E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/a2mmsBwNLTJYMCKJxyel1xdAwsQ.roa
Signing time:             Mon 13 Feb 2023 13:12:30 +0000
ROA not before:           Mon 13 Feb 2023 13:12:30 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        104.239.92.0/23 maxlen: 23
                          104.239.98.0/24 maxlen: 24
                          104.167.0.0/24 maxlen: 24
                          216.173.122.0/23 maxlen: 23
                          104.239.82.0/24 maxlen: 24
                          104.239.90.0/23 maxlen: 23
                          104.239.86.0/24 maxlen: 24
                          104.233.20.0/24 maxlen: 24
                          216.173.84.0/24 maxlen: 24
                          216.173.80.0/23 maxlen: 23
                          216.173.88.0/23 maxlen: 23
                          104.239.13.0/24 maxlen: 24
                          104.239.16.0/21 maxlen: 21
                          216.173.103.0/24 maxlen: 24
                          216.173.108.0/24 maxlen: 24
                          216.173.109.0/24 maxlen: 24
                          104.239.36.0/22 maxlen: 22
                          104.239.32.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Wed 15 Feb 2023 13:48:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:4a:e7:cf:19:12:5b:2b:f2:af:21:fb:81:be:2f:0a:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Feb 13 13:12:30 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6b69a6b01c0d2d3258302289c727a5d71740c2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:3f:3e:8a:50:d5:cd:9b:1c:23:84:cb:9b:21:
                    3f:54:18:1e:50:30:77:b8:52:a5:17:20:5c:00:f5:
                    2b:2a:bd:8d:87:5c:f8:3c:9a:e9:52:e0:9b:16:c3:
                    fd:30:40:4d:cb:91:74:fe:f1:5c:1f:47:be:8c:0b:
                    51:ec:1b:53:2a:3c:7e:93:4b:c2:da:69:06:47:57:
                    f9:dc:50:5e:9e:44:5d:e7:32:32:27:74:6f:1a:33:
                    a8:52:57:e9:22:ca:17:95:90:20:68:c1:e5:4d:da:
                    35:14:4f:8d:2f:d4:20:6b:1a:08:2f:c6:0b:b9:7f:
                    a3:ae:3a:e2:e2:79:3f:73:05:50:91:16:56:f0:37:
                    eb:19:86:2f:a8:70:35:56:0d:69:8a:c2:c2:40:d1:
                    3e:38:a3:08:f9:7c:c0:5a:05:f4:7b:e6:a3:13:e6:
                    ac:96:72:47:b1:fc:2f:c2:38:7c:ab:3a:10:be:48:
                    a6:a8:4c:4f:9b:3a:70:c1:86:06:42:4a:ca:e9:45:
                    e9:5d:2e:21:39:43:17:41:b3:e9:68:50:cd:09:08:
                    e0:59:0f:5f:37:35:a6:d0:8c:ea:29:b6:70:6d:af:
                    a7:cd:07:ce:fb:1c:fa:e5:85:1c:d2:97:e0:90:1e:
                    ac:44:13:b6:ea:9a:d5:13:2e:ff:a3:26:62:9e:f7:
                    ce:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:69:A6:B0:1C:0D:2D:32:58:30:22:89:C7:27:A5:D7:17:40:C2:C4
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/a2mmsBwNLTJYMCKJxyel1xdAwsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.167.0.0/24
                  104.233.20.0/24
                  104.239.13.0/24
                  104.239.16.0/21
                  104.239.32.0/21
                  104.239.82.0/24
                  104.239.86.0/24
                  104.239.90.0-104.239.93.255
                  104.239.98.0/24
                  216.173.80.0/23
                  216.173.84.0/24
                  216.173.88.0/23
                  216.173.103.0/24
                  216.173.108.0/23
                  216.173.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:73:2e:c9:14:0f:06:89:83:f4:98:d6:9f:ce:bf:bd:4e:37:
         c0:ff:d8:51:3a:42:c7:a1:77:cb:8a:c9:a3:6d:0c:a7:a0:da:
         19:86:c1:ca:2e:42:88:f4:3b:33:33:9d:62:fa:21:d5:48:2a:
         89:b9:2e:db:86:1d:8d:c4:e4:c0:c6:8f:1e:ef:7b:a2:a8:ab:
         7a:5d:2c:3e:e9:53:f1:36:cf:0c:f4:82:f0:33:70:28:33:fa:
         9a:ae:84:d0:10:c2:f9:db:25:6c:3a:68:71:c2:6e:31:d1:b1:
         ab:12:1e:79:73:9e:74:da:40:2a:e9:f3:59:0a:26:72:03:ea:
         05:92:02:8b:f1:74:30:6e:3a:4f:db:ab:56:73:b9:68:82:a6:
         70:9c:4c:a4:31:ea:07:64:8b:52:ff:c7:ee:9d:93:c4:58:f2:
         a7:af:2c:af:18:3c:7a:93:64:d3:c4:7c:16:06:ce:f3:e0:aa:
         37:f7:af:81:86:1b:6e:a8:c2:97:00:8d:73:15:77:db:e0:bd:
         7c:00:2d:81:24:f2:51:27:46:d4:ec:de:13:75:16:87:a3:07:
         a1:10:2e:8e:8e:4a:32:e7:68:e8:1d:15:b9:36:71:bd:de:ea:
         34:bf:f2:67:ff:47:2d:b2:c0:e4:1b:1a:23:97:c7:35:e0:d7:
         21:96:95:78
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYZK588ZElsr8q8h+4G+LwoOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMjEzMTMxMjMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjY5YTZiMDFjMGQyZDMyNTgzMDIyODljNzI3YTVkNzE3NDBjMmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkD8+ilDVzZscI4TLmyE/VBgeUDB3
uFKlFyBcAPUrKr2Nh1z4PJrpUuCbFsP9MEBNy5F0/vFcH0e+jAtR7BtTKjx+k0vC
2mkGR1f53FBenkRd5zIyJ3RvGjOoUlfpIsoXlZAgaMHlTdo1FE+NL9QgaxoIL8YL
uX+jrjri4nk/cwVQkRZW8DfrGYYvqHA1Vg1pisLCQNE+OKMI+XzAWgX0e+ajE+as
lnJHsfwvwjh8qzoQvkimqExPmzpwwYYGQkrK6UXpXS4hOUMXQbPpaFDNCQjgWQ9f
NzWm0IzqKbZwba+nzQfO+xz65YUc0pfgkB6sRBO26prVEy7/oyZinvfO4QIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFGtpprAcDS0yWDAiiccnpdcXQMLEMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvYTJtbXNCd05MVEpZTUNLSnh5ZWwxeGRBd3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQAaKcAAwQA
aOkUAwQAaO8NAwQDaO8QAwQDaO8gAwQAaO9SAwQAaO9WMAwDBAFo71oDBAFo71wD
BABo72IDBAHYrVADBADYrVQDBAHYrVgDBADYrWcDBAHYrWwDBAHYrXowDQYJKoZI
hvcNAQELBQADggEBAFFzLskUDwaJg/SY1p/Ov71ON8D/2FE6Qsehd8uKyaNtDKeg
2hmGwcouQoj0OzMznWL6IdVIKom5LtuGHY3E5MDGjx7ve6Koq3pdLD7pU/E2zwz0
gvAzcCgz+pquhNAQwvnbJWw6aHHCbjHRsasSHnlznnTaQCrp81kKJnID6gWSAovx
dDBuOk/bq1ZzuWiCpnCcTKQx6gdki1L/x+6dk8RY8qevLK8YPHqTZNPEfBYGzvPg
qjf3r4GGG26owpcAjXMVd9vgvXwALYEk8lEnRtTs3hN1FoejB6EQLo6OSjLnaOgd
Fbk2cb3e6jS/8mf/Ry2ywOQbGiOXxzXg1yGWlXg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org