Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/sJQHKjEP4LhMpo8Oc31MCWilL5I.roa
File:                     sJQHKjEP4LhMpo8Oc31MCWilL5I.roa (raw, json)
Hash identifier:          4vOD/zN8hnlgjIwoaJw44iHWNXoLBwHxqlXD0UlSeQk=
Subject key identifier:   B0:94:07:2A:31:0F:E0:B8:4C:A6:8F:0E:73:7D:4C:09:68:A5:2F:92
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       018EBDAE7D52389EEA620C8FE59D6B4BC3E0
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/sJQHKjEP4LhMpo8Oc31MCWilL5I.roa
Signing time:             Mon 08 Apr 2024 12:28:32 +0000
ROA not before:           Mon 08 Apr 2024 12:28:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58061
IP address blocks:        31.222.230.0/24 maxlen: 24
                          37.72.128.0/24 maxlen: 24
                          62.204.52.0/24 maxlen: 24
                          77.83.193.0/24 maxlen: 24
                          78.142.238.0/24 maxlen: 24
                          130.255.172.0/24 maxlen: 24
                          130.255.175.0/24 maxlen: 24
                          146.19.129.0/24 maxlen: 24
                          193.201.10.0/24 maxlen: 24
                          194.69.164.0/24 maxlen: 24
                          195.64.127.0/24 maxlen: 24
                          195.96.159.0/24 maxlen: 24
                          212.107.26.0/24 maxlen: 24
                          213.109.153.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 10 Apr 2024 19:33:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:bd:ae:7d:52:38:9e:ea:62:0c:8f:e5:9d:6b:4b:c3:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Apr  8 12:28:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b094072a310fe0b84ca68f0e737d4c0968a52f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:94:f7:3c:74:0a:4b:bb:7f:59:fe:33:de:d2:
                    e8:69:84:99:9b:a1:5c:1f:29:18:b1:49:9e:1c:f5:
                    f7:e6:eb:cb:4b:50:fa:51:65:33:d0:82:71:00:b6:
                    ed:ef:fd:28:d2:a8:e1:ba:fe:3f:c7:83:f7:f7:cc:
                    a1:ed:85:c3:c8:1c:6b:13:b0:1e:25:37:49:d6:24:
                    4b:fd:15:f1:a3:06:0e:90:54:b2:fe:63:58:c3:99:
                    e1:03:ee:3c:5d:9d:be:f0:f6:6c:0b:b9:1d:5d:dd:
                    92:1e:e3:ab:64:5b:b6:6d:b0:73:4d:3f:84:4a:e4:
                    6e:21:d4:40:e5:01:22:5c:59:25:0a:56:23:9e:9e:
                    9b:ba:9f:3b:39:2d:b0:b5:ab:ce:80:03:9c:3e:4b:
                    4d:80:55:53:ac:0f:58:99:3e:f3:af:ca:6e:bc:b6:
                    9e:c5:be:be:0b:8f:d4:96:38:be:88:ea:78:b3:dd:
                    55:af:7a:11:ed:18:c6:90:1a:ca:2a:fa:d5:a1:a9:
                    f3:7a:22:f1:32:be:82:e4:69:d4:41:dd:00:05:00:
                    00:e9:1b:58:c1:70:3b:fc:7f:4a:bf:a5:5f:1e:69:
                    44:05:ac:75:03:31:e0:8c:75:ff:cf:71:38:e4:14:
                    5c:f3:8f:0d:7f:fd:2e:c9:a9:18:81:a7:f3:2b:f1:
                    7c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:94:07:2A:31:0F:E0:B8:4C:A6:8F:0E:73:7D:4C:09:68:A5:2F:92
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/sJQHKjEP4LhMpo8Oc31MCWilL5I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.222.230.0/24
                  37.72.128.0/24
                  62.204.52.0/24
                  77.83.193.0/24
                  78.142.238.0/24
                  130.255.172.0/24
                  130.255.175.0/24
                  146.19.129.0/24
                  193.201.10.0/24
                  194.69.164.0/24
                  195.64.127.0/24
                  195.96.159.0/24
                  212.107.26.0/24
                  213.109.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:b3:e9:35:ba:2a:07:b5:d3:be:44:1e:c3:98:b8:1f:8f:f4:
         6e:2c:db:7d:9c:54:e5:61:4b:fb:67:8d:60:77:9d:70:82:7b:
         43:7b:30:93:a8:fb:9c:56:a9:00:60:7a:0c:51:69:0c:c5:48:
         9a:5a:a1:aa:e4:4f:b1:a9:45:08:59:6a:84:bc:cb:bd:60:47:
         96:70:cd:4c:bd:6e:35:95:81:9f:78:09:42:2e:15:1d:5c:c0:
         7e:83:fc:fe:55:01:91:2a:d3:19:66:36:43:a4:fc:0b:05:2a:
         af:2b:a6:4b:fc:24:3d:c0:a8:20:24:5b:3b:6c:6c:04:04:91:
         1b:76:a6:fa:26:eb:c3:33:24:53:f3:00:0a:13:96:f9:69:1d:
         70:80:59:d4:e9:3e:ce:60:b5:a3:11:f1:99:ff:20:07:7d:f9:
         f2:f2:fc:3c:09:1f:4f:4f:f9:e9:54:3c:18:af:e7:32:e0:14:
         b6:02:4e:c6:55:ea:cc:95:4a:27:ce:e6:68:5f:35:a1:bd:eb:
         64:ad:63:92:fc:10:ba:2b:bf:3e:ee:25:4a:41:33:be:77:46:
         68:f2:28:a7:ab:f6:a6:e8:97:91:20:13:65:72:6f:a2:e7:bb:
         54:0c:98:57:09:ef:44:0e:3c:9b:76:cd:d4:c3:4b:d2:34:36:
         ad:20:ce:27
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAY69rn1SOJ7qYgyP5Z1rS8PgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjQwNDA4MTIyODMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDk0MDcyYTMxMGZlMGI4NGNhNjhmMGU3MzdkNGMwOTY4YTUyZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlpT3PHQKS7t/Wf4z3tLoaYSZm6Fc
HykYsUmeHPX35uvLS1D6UWUz0IJxALbt7/0o0qjhuv4/x4P398yh7YXDyBxrE7Ae
JTdJ1iRL/RXxowYOkFSy/mNYw5nhA+48XZ2+8PZsC7kdXd2SHuOrZFu2bbBzTT+E
SuRuIdRA5QEiXFklClYjnp6bup87OS2wtavOgAOcPktNgFVTrA9YmT7zr8puvLae
xb6+C4/Ulji+iOp4s91Vr3oR7RjGkBrKKvrVoanzeiLxMr6C5GnUQd0ABQAA6RtY
wXA7/H9Kv6VfHmlEBax1AzHgjHX/z3E45BRc848Nf/0uyakYgafzK/F8kwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFLCUByoxD+C4TKaPDnN9TAlopS+SMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvc0pRSEtqRVA0TGhNcG84T2MzMU1DV2lsTDVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQAH97mAwQA
JUiAAwQAPsw0AwQATVPBAwQATo7uAwQAgv+sAwQAgv+vAwQAkhOBAwQAwckKAwQA
wkWkAwQAw0B/AwQAw2CfAwQA1GsaAwQA1W2ZMA0GCSqGSIb3DQEBCwUAA4IBAQAu
s+k1uioHtdO+RB7DmLgfj/RuLNt9nFTlYUv7Z41gd51wgntDezCTqPucVqkAYHoM
UWkMxUiaWqGq5E+xqUUIWWqEvMu9YEeWcM1MvW41lYGfeAlCLhUdXMB+g/z+VQGR
KtMZZjZDpPwLBSqvK6ZL/CQ9wKggJFs7bGwEBJEbdqb6JuvDMyRT8wAKE5b5aR1w
gFnU6T7OYLWjEfGZ/yAHffny8vw8CR9PT/npVDwYr+cy4BS2Ak7GVerMlUonzuZo
XzWhvetkrWOS/BC6K78+7iVKQTO+d0Zo8iinq/am6JeRIBNlcm+i57tUDJhXCe9E
Djybds3Uw0vSNDatIM4n
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:08 2024 by rpki-client on console-fra.rpki-client.org