Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/bl5nW0UZnAUNtxGE4irEF-oeKIU.roa
File:                     bl5nW0UZnAUNtxGE4irEF-oeKIU.roa (raw, json)
Hash identifier:          vS7b2IPNzDl22DhsuPDMwjnVRoELzV6/kVB0KV5nRoA=
Subject key identifier:   6E:5E:67:5B:45:19:9C:05:0D:B7:11:84:E2:2A:C4:17:EA:1E:28:85
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0189BAD14282543497EB6F70747250C073D6
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/bl5nW0UZnAUNtxGE4irEF-oeKIU.roa
Signing time:             Thu 03 Aug 2023 09:53:43 +0000
ROA not before:           Thu 03 Aug 2023 09:53:43 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     397373
IP address blocks:        104.249.24.0/24 maxlen: 24
                          216.173.83.0/24 maxlen: 24
                          104.249.28.0/24 maxlen: 24
                          104.249.27.0/24 maxlen: 24
                          104.249.26.0/24 maxlen: 24
                          104.143.228.0/24 maxlen: 24
                          216.173.101.0/24 maxlen: 24
                          104.249.56.0/22 maxlen: 22
                          104.249.57.0/24 maxlen: 24
                          216.173.118.0/24 maxlen: 24
                          104.143.253.0/24 maxlen: 24
                          45.43.128.0/21 maxlen: 21
                          45.43.128.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Sun 08 Oct 2023 20:04:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:ba:d1:42:82:54:34:97:eb:6f:70:74:72:50:c0:73:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Aug  3 09:53:43 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6e5e675b45199c050db71184e22ac417ea1e2885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:89:7e:eb:58:13:8e:f6:fa:10:e8:c8:73:c0:
                    89:f1:6b:6a:26:f1:0a:d1:2d:04:d8:69:0e:54:30:
                    17:99:c7:b7:3e:b9:33:a2:6d:5b:58:82:78:42:c4:
                    26:0b:55:06:76:63:b8:6d:41:36:b4:11:e8:9e:cc:
                    21:60:08:f0:e6:e4:7a:57:b5:4e:de:91:e5:88:bd:
                    54:1a:4d:b8:33:b6:53:1c:0c:71:6b:90:9b:ac:d2:
                    14:69:90:62:8f:29:bd:dc:0b:54:c5:62:53:6e:95:
                    2e:57:d3:06:10:8e:8b:a6:e1:7f:a0:92:54:32:7a:
                    d0:95:a3:ed:af:1d:9f:79:14:eb:9c:52:fb:3d:01:
                    22:93:f7:72:c7:07:dd:ee:24:b9:b0:5d:46:b5:b2:
                    be:2e:9a:3d:55:34:e6:c0:91:5e:5a:5c:d5:11:4f:
                    ee:f2:41:d9:e6:33:7e:1d:2e:f9:6a:e3:b6:36:ff:
                    7b:b3:c2:90:0e:0a:45:00:a2:ca:54:1e:81:a7:72:
                    9f:a2:5a:d9:f5:2e:2a:37:67:ba:08:d3:cd:ac:13:
                    8e:19:8a:81:d8:a9:a0:16:14:25:57:51:47:53:2d:
                    28:b7:60:5a:22:6d:c8:82:e3:33:d4:4c:34:f1:fc:
                    89:b1:56:15:5e:50:87:ea:3b:d0:ff:14:2f:e9:50:
                    47:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5E:67:5B:45:19:9C:05:0D:B7:11:84:E2:2A:C4:17:EA:1E:28:85
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/bl5nW0UZnAUNtxGE4irEF-oeKIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.128.0/21
                  104.143.228.0/24
                  104.143.253.0/24
                  104.249.24.0/24
                  104.249.26.0-104.249.28.255
                  104.249.56.0/22
                  216.173.83.0/24
                  216.173.101.0/24
                  216.173.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:aa:a4:c2:f3:05:75:e2:39:d9:ea:68:1e:82:a9:6f:6a:0b:
         ee:ae:d1:d3:0e:c2:7c:d9:cc:80:12:3c:b1:b1:d8:98:c5:15:
         e8:19:dd:cf:e3:97:6d:64:d6:87:7b:63:fc:c4:59:34:82:d2:
         e4:26:9a:49:30:d1:7c:37:84:25:79:96:c6:96:75:da:f3:aa:
         12:80:0c:22:d1:89:e6:6f:b8:c3:1c:f6:da:fb:ac:76:4e:25:
         85:e6:cb:1a:ec:1f:0a:c9:0d:41:06:91:26:b7:ee:ca:fe:c6:
         8e:af:b0:da:d0:be:a1:4e:c1:1d:06:52:69:8d:e9:f6:70:65:
         0f:c4:00:ce:40:37:00:18:77:4d:de:72:ff:48:6d:61:eb:36:
         7f:d9:9c:f8:d8:a0:bd:03:10:cb:a9:f2:b6:47:c6:6a:48:7a:
         19:f5:2e:ad:ba:3e:91:1e:5c:49:01:92:8c:ed:36:42:b3:53:
         82:c1:e4:06:f8:7e:cc:38:b6:22:db:e5:a8:e8:18:e3:19:02:
         c4:3e:e3:b5:36:cb:61:a3:9f:71:db:13:f3:3e:b6:6e:bf:94:
         b1:30:03:b3:46:f4:f2:f3:99:45:07:e0:4a:b0:5b:86:89:8c:
         66:cd:2a:9b:e1:fd:8f:16:1a:f4:fb:5c:32:d4:e8:3f:99:0f:
         3b:cb:f4:3b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYm60UKCVDSX629wdHJQwHPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwODAzMDk1MzQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVlNjc1YjQ1MTk5YzA1MGRiNzExODRlMjJhYzQxN2VhMWUyODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgol+61gTjvb6EOjIc8CJ8WtqJvEK
0S0E2GkOVDAXmce3Prkzom1bWIJ4QsQmC1UGdmO4bUE2tBHonswhYAjw5uR6V7VO
3pHliL1UGk24M7ZTHAxxa5CbrNIUaZBijym93AtUxWJTbpUuV9MGEI6LpuF/oJJU
MnrQlaPtrx2feRTrnFL7PQEik/dyxwfd7iS5sF1GtbK+Lpo9VTTmwJFeWlzVEU/u
8kHZ5jN+HS75auO2Nv97s8KQDgpFAKLKVB6Bp3KfolrZ9S4qN2e6CNPNrBOOGYqB
2KmgFhQlV1FHUy0ot2BaIm3IguMz1Ew08fyJsVYVXlCH6jvQ/xQv6VBH3QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFG5eZ1tFGZwFDbcRhOIqxBfqHiiFMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvYmw1blcwVVpuQVVOdHhHRTRpckVGLW9lS0lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQDLSuAAwQA
aI/kAwQAaI/9AwQAaPkYMAwDBAFo+RoDBABo+RwDBAJo+TgDBADYrVMDBADYrWUD
BADYrXYwDQYJKoZIhvcNAQELBQADggEBAC6qpMLzBXXiOdnqaB6CqW9qC+6u0dMO
wnzZzIASPLGx2JjFFegZ3c/jl21k1od7Y/zEWTSC0uQmmkkw0Xw3hCV5lsaWddrz
qhKADCLRieZvuMMc9tr7rHZOJYXmyxrsHwrJDUEGkSa37sr+xo6vsNrQvqFOwR0G
UmmN6fZwZQ/EAM5ANwAYd03ecv9IbWHrNn/ZnPjYoL0DEMup8rZHxmpIehn1Lq26
PpEeXEkBkoztNkKzU4LB5Ab4fsw4tiLb5ajoGOMZAsQ+47U2y2Gjn3HbE/M+tm6/
lLEwA7NG9PLzmUUH4EqwW4aJjGbNKpvh/Y8WGvT7XDLU6D+ZDzvL9Ds=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org