Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/QmCFPuYPt_QIjlwXSFAI4DuLBIY.roa
File:                     QmCFPuYPt_QIjlwXSFAI4DuLBIY.roa (raw, json)
Hash identifier:          YfiV5t6icKJTqT5Ops4bajad+OuihcBt0iQzQ8gwBVM=
Subject key identifier:   42:60:85:3E:E6:0F:B7:F4:08:8E:5C:17:48:50:08:E0:3B:8B:04:86
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EC97FE998BA14E7BABD894305F94252FB
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/QmCFPuYPt_QIjlwXSFAI4DuLBIY.roa
Signing time:             Wed 10 Apr 2024 19:33:07 +0000
ROA not before:           Wed 10 Apr 2024 19:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        31.222.230.0/24 maxlen: 24
                          37.72.128.0/24 maxlen: 24
                          62.204.52.0/24 maxlen: 24
                          77.83.193.0/24 maxlen: 24
                          78.142.238.0/24 maxlen: 24
                          130.255.172.0/24 maxlen: 24
                          130.255.175.0/24 maxlen: 24
                          146.19.129.0/24 maxlen: 24
                          193.17.88.0/24 maxlen: 24
                          193.201.10.0/24 maxlen: 24
                          194.69.164.0/24 maxlen: 24
                          195.64.127.0/24 maxlen: 24
                          195.96.159.0/24 maxlen: 24
                          212.107.26.0/24 maxlen: 24
                          213.109.153.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 11 Apr 2024 08:33:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c9:7f:e9:98:ba:14:e7:ba:bd:89:43:05:f9:42:52:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr 10 19:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4260853ee60fb7f4088e5c17485008e03b8b0486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:de:7d:e3:5b:1f:c3:f4:ca:82:58:51:86:cf:
                    07:f2:35:d7:0e:f9:1e:89:db:60:f8:e3:04:a2:3e:
                    ac:b9:79:63:dd:0f:fa:37:ba:9f:54:3d:0c:c6:d4:
                    26:78:ce:b5:f6:85:ac:c0:90:3b:9c:15:a5:68:3e:
                    a7:7e:cb:f8:9e:d4:4a:b1:4b:c8:bb:2a:21:b9:35:
                    9d:f9:52:82:d0:e1:6b:25:da:1d:41:9f:0e:cf:ab:
                    50:5c:2f:4a:ea:9c:56:72:72:d6:c6:9a:09:1d:95:
                    c3:27:f8:f5:40:df:84:05:fc:6f:fa:61:0c:e5:a5:
                    51:19:1e:6a:37:72:d6:b3:91:7f:b4:29:07:ed:b4:
                    ef:7e:da:57:e6:bf:d2:db:ba:22:53:e1:0b:73:d4:
                    68:dc:26:02:3a:2e:f0:60:9d:6e:b1:0d:5b:1b:61:
                    8f:05:4a:03:ce:e6:5e:1f:4e:8f:c5:4d:cd:4e:b5:
                    46:bb:f4:6b:ee:45:63:3e:5a:f5:0f:ad:0f:33:5b:
                    db:07:68:b6:52:02:ff:cd:79:f1:df:a9:6b:c4:5d:
                    13:2a:f2:36:8a:f7:bb:79:80:6d:dd:83:73:86:1f:
                    6f:1a:4f:7a:23:c8:e1:67:53:95:a3:9f:8e:1b:f1:
                    ce:e9:d0:bf:a8:9a:0e:35:e0:09:ad:6f:a2:48:9e:
                    2d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:60:85:3E:E6:0F:B7:F4:08:8E:5C:17:48:50:08:E0:3B:8B:04:86
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/QmCFPuYPt_QIjlwXSFAI4DuLBIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.230.0/24
                  37.72.128.0/24
                  62.204.52.0/24
                  77.83.193.0/24
                  78.142.238.0/24
                  130.255.172.0/24
                  130.255.175.0/24
                  146.19.129.0/24
                  193.17.88.0/24
                  193.201.10.0/24
                  194.69.164.0/24
                  195.64.127.0/24
                  195.96.159.0/24
                  212.107.26.0/24
                  213.109.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:14:31:34:51:bc:88:ab:e9:aa:c6:03:5a:5f:86:de:81:ab:
         74:d0:42:5a:b6:cb:0d:77:48:b1:a5:38:88:bc:ff:6f:35:4b:
         0a:2a:f2:cd:d5:31:be:6f:ea:5c:96:8d:ce:1c:1d:50:23:81:
         36:ba:0d:7d:83:f2:dd:a6:4d:19:a2:49:84:c3:d0:fb:52:80:
         8f:f1:e0:e3:3f:8b:d1:11:01:22:9a:40:87:16:d1:9d:d9:b6:
         a6:6d:2e:4b:1a:66:67:5b:28:81:c9:66:3c:ba:32:87:e4:13:
         04:e7:57:fa:ee:f3:da:62:92:28:75:38:9a:5e:fa:ba:67:9a:
         11:e2:a1:f2:b6:a9:34:0e:92:9c:91:85:95:34:52:db:99:92:
         b6:c4:62:f9:fc:a3:48:c5:c5:8b:2d:81:b3:20:0d:a6:7d:ab:
         ba:4a:5e:40:1c:69:60:e0:78:04:ea:06:10:ed:75:30:54:35:
         c0:0f:63:c4:7d:6f:5f:a4:93:7c:b0:2e:06:1d:2a:8a:5e:42:
         43:8a:47:1e:a4:2b:8e:0c:c5:b9:1b:b4:92:cb:5a:37:ad:7d:
         74:d9:47:c8:59:56:d1:67:4c:6a:3e:91:da:65:d9:0e:fd:c1:
         6d:df:49:09:df:f8:e2:8b:d4:70:4b:13:d1:b7:82:16:f2:89:
         7d:0a:71:80
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAY7Jf+mYuhTnur2JQwX5QlL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDEwMTkzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjYwODUzZWU2MGZiN2Y0MDg4ZTVjMTc0ODUwMDhlMDNiOGIwNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo95941sfw/TKglhRhs8H8jXXDvke
idtg+OMEoj6suXlj3Q/6N7qfVD0MxtQmeM619oWswJA7nBWlaD6nfsv4ntRKsUvI
uyohuTWd+VKC0OFrJdodQZ8Oz6tQXC9K6pxWcnLWxpoJHZXDJ/j1QN+EBfxv+mEM
5aVRGR5qN3LWs5F/tCkH7bTvftpX5r/S27oiU+ELc9Ro3CYCOi7wYJ1usQ1bG2GP
BUoDzuZeH06PxU3NTrVGu/Rr7kVjPlr1D60PM1vbB2i2UgL/zXnx36lrxF0TKvI2
ive7eYBt3YNzhh9vGk96I8jhZ1OVo5+OG/HO6dC/qJoONeAJrW+iSJ4ttwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFEJghT7mD7f0CI5cF0hQCOA7iwSGMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvUW1DRlB1WVB0X1FJamx3WFNGQUk0RHVMQklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQAH97mAwQA
JUiAAwQAPsw0AwQATVPBAwQATo7uAwQAgv+sAwQAgv+vAwQAkhOBAwQAwRFYAwQA
wckKAwQAwkWkAwQAw0B/AwQAw2CfAwQA1GsaAwQA1W2ZMA0GCSqGSIb3DQEBCwUA
A4IBAQAOFDE0UbyIq+mqxgNaX4begat00EJatssNd0ixpTiIvP9vNUsKKvLN1TG+
b+pclo3OHB1QI4E2ug19g/Ldpk0ZokmEw9D7UoCP8eDjP4vREQEimkCHFtGd2bam
bS5LGmZnWyiByWY8ujKH5BME51f67vPaYpIodTiaXvq6Z5oR4qHytqk0DpKckYWV
NFLbmZK2xGL5/KNIxcWLLYGzIA2mfau6Sl5AHGlg4HgE6gYQ7XUwVDXAD2PEfW9f
pJN8sC4GHSqKXkJDikcepCuODMW5G7SSy1o3rX102UfIWVbRZ0xqPpHaZdkO/cFt
30kJ3/jii9RwSxPRt4IW8ol9CnGA
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:08 2024 by rpki-client on console-fra.rpki-client.org