Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/NgvuK0H9swCuZonYa9Genby8kjg.roa
File:                     NgvuK0H9swCuZonYa9Genby8kjg.roa (raw, json)
Hash identifier:          kKLijvn5xyXtGdAfUOKhuh2MWYxBjPUy1CY332MAUZU=
Subject key identifier:   36:0B:EE:2B:41:FD:B3:00:AE:66:89:D8:6B:D1:9E:9D:BC:BC:92:38
Certificate issuer:       /CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
Certificate serial:       018C1784BE6A2B46581A23DC2C73B0FFFC7F
Authority key identifier: 17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/NgvuK0H9swCuZonYa9Genby8kjg.roa
Signing time:             Tue 28 Nov 2023 20:00:24 +0000
ROA not before:           Tue 28 Nov 2023 20:00:24 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        157.167.225.0/24 maxlen: 24
                          157.167.226.0/24 maxlen: 24
                          157.167.224.0/24 maxlen: 24
                          157.167.227.0/24 maxlen: 24
                          157.167.230.0/24 maxlen: 24
                          157.167.231.0/24 maxlen: 24
                          157.167.228.0/24 maxlen: 24
                          157.167.229.0/24 maxlen: 24
                          157.167.233.0/24 maxlen: 24
                          157.167.232.0/24 maxlen: 24
                          157.167.240.0/24 maxlen: 24
                          157.167.239.0/24 maxlen: 24
                          157.167.234.0/24 maxlen: 24
                          157.167.237.0/24 maxlen: 24
                          157.167.238.0/24 maxlen: 24
                          157.167.235.0/24 maxlen: 24
                          157.167.236.0/24 maxlen: 24
                          157.167.152.0/24 maxlen: 24
                          157.167.155.0/24 maxlen: 24
                          157.167.156.0/24 maxlen: 24
                          157.167.153.0/24 maxlen: 24
                          157.167.184.0/21 maxlen: 21
                          157.167.136.0/21 maxlen: 21
                          157.167.134.0/24 maxlen: 24
                          157.167.135.0/24 maxlen: 24
                          157.167.144.0/21 maxlen: 21
                          85.115.38.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:17:84:be:6a:2b:46:58:1a:23:dc:2c:73:b0:ff:fc:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17dd9c23af69ec2cdb6fe2b9936eb494cfd1621f
        Validity
            Not Before: Nov 28 20:00:24 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=360bee2b41fdb300ae6689d86bd19e9dbcbc9238
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5c:bb:d1:85:99:f1:cd:35:db:64:89:c6:30:
                    f2:84:9d:26:81:ff:44:99:7f:bc:42:26:d5:63:20:
                    2d:cc:11:77:65:8a:bd:89:5e:51:7e:ae:f5:5b:53:
                    71:1f:10:51:f3:50:71:ea:bb:31:85:3f:d1:c6:a9:
                    d8:83:20:82:3a:86:79:d4:07:82:82:8b:c0:1c:42:
                    c7:94:d1:65:e8:3f:fe:b8:88:23:e2:ad:df:fa:ba:
                    f3:56:8c:68:f8:b9:f1:f2:68:4d:b3:ca:d4:8c:86:
                    ed:97:55:8c:56:71:9a:d6:8a:5d:56:7d:cd:de:0c:
                    e4:93:16:3c:44:d9:3e:62:a0:7c:1f:1b:de:b8:e1:
                    ca:75:a5:3a:fe:6a:6f:7e:11:8c:31:9d:52:53:bb:
                    c0:bb:f5:1e:91:05:21:c3:d1:2f:ec:0c:96:1c:4b:
                    de:4f:b1:2b:07:89:e1:c8:11:25:73:1c:3a:4c:ae:
                    b2:04:e0:30:98:a6:9b:16:7f:2b:72:f8:6c:0a:72:
                    f6:80:1d:45:42:b5:21:54:aa:7b:24:8f:c5:d7:7e:
                    bc:32:b4:39:e4:79:b5:33:e9:da:17:ae:08:d3:1d:
                    b5:1f:1f:11:26:45:a5:d7:05:35:22:d2:87:90:b0:
                    d4:cd:ce:5f:ab:33:0b:be:a3:ea:59:35:de:b7:9a:
                    fb:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:0B:EE:2B:41:FD:B3:00:AE:66:89:D8:6B:D1:9E:9D:BC:BC:92:38
            X509v3 Authority Key Identifier:
                keyid:17:DD:9C:23:AF:69:EC:2C:DB:6F:E2:B9:93:6E:B4:94:CF:D1:62:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F92cI69p7Czbb-K5k260lM_RYh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/NgvuK0H9swCuZonYa9Genby8kjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/8357e2-a106-44ae-b866-8fa7b4c53073/1/F92cI69p7Czbb-K5k260lM_RYh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.115.38.0/24
                  157.167.134.0-157.167.153.255
                  157.167.155.0-157.167.156.255
                  157.167.184.0/21
                  157.167.224.0-157.167.240.255

    Signature Algorithm: sha256WithRSAEncryption
         13:34:eb:6c:30:06:8c:37:b2:0c:f1:d2:2c:1f:5c:fa:4b:31:
         bb:18:4f:45:50:f1:85:df:fb:80:2d:f5:fa:47:2d:84:94:64:
         e5:68:1d:97:de:a2:30:24:7f:e2:83:e2:36:50:c1:1e:f2:d5:
         57:98:e5:db:1e:b5:98:74:47:34:bb:1f:15:03:25:09:31:cc:
         f6:3f:25:38:db:4a:8e:39:ee:af:3c:7d:1a:e3:00:e7:44:d7:
         37:8b:da:3a:6d:8c:48:29:73:df:74:ea:6f:b5:7d:89:89:61:
         ac:c8:3e:e4:33:85:bf:39:49:0e:cd:d5:64:5f:64:fd:0c:d3:
         fa:f8:b7:21:d4:f7:03:47:a2:87:e1:c4:be:bc:dc:4f:4a:ed:
         57:31:a7:78:c6:4b:dc:53:55:3e:80:51:76:d8:83:33:9d:82:
         41:3f:7b:5d:f7:3b:35:85:cf:f9:e5:ec:8d:99:07:c2:0b:ed:
         90:b8:55:80:d3:0d:48:fb:26:ed:21:aa:8e:38:e0:e5:e5:33:
         85:0d:22:1b:39:71:95:37:80:5d:61:90:ad:d0:47:46:6f:f2:
         88:98:a1:78:3e:97:0b:a6:08:32:47:79:0a:eb:a9:4e:9d:cb:
         df:5a:e4:be:2b:a7:81:42:e0:76:e3:bf:a2:cb:4f:3c:16:7f:
         be:22:60:59
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYwXhL5qK0ZYGiPcLHOw//x/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZGQ5YzIzYWY2OWVjMmNkYjZmZTJiOTkzNmViNDk0Y2Zk
MTYyMWYwHhcNMjMxMTI4MjAwMDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjBiZWUyYjQxZmRiMzAwYWU2Njg5ZDg2YmQxOWU5ZGJjYmM5MjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFy70YWZ8c0122SJxjDyhJ0mgf9E
mX+8QibVYyAtzBF3ZYq9iV5Rfq71W1NxHxBR81Bx6rsxhT/RxqnYgyCCOoZ51AeC
govAHELHlNFl6D/+uIgj4q3f+rrzVoxo+Lnx8mhNs8rUjIbtl1WMVnGa1opdVn3N
3gzkkxY8RNk+YqB8HxveuOHKdaU6/mpvfhGMMZ1SU7vAu/UekQUhw9Ev7AyWHEve
T7ErB4nhyBElcxw6TK6yBOAwmKabFn8rcvhsCnL2gB1FQrUhVKp7JI/F1368MrQ5
5Hm1M+naF64I0x21Hx8RJkWl1wU1ItKHkLDUzc5fqzMLvqPqWTXet5r7DwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDYL7itB/bMArmaJ2GvRnp28vJI4MB8GA1UdIwQY
MBaAFBfdnCOvaews22/iuZNutJTP0WIfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYt
OGZhN2I0YzUzMDczLzEvTmd2dUswSDlzd0N1Wm9uWWE5R2VuYnk4a2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni84MzU3ZTItYTEwNi00NGFlLWI4NjYtOGZhN2I0YzUzMDcz
LzEvRjkyY0k2OXA3Q3piYi1LNWsyNjBsTV9SWWg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVXMmMAwD
BAGdp4YDBAGdp5gwDAMEAJ2nmwMEAJ2nnAMEA52nuDAMAwQFnafgAwQAnafwMA0G
CSqGSIb3DQEBCwUAA4IBAQATNOtsMAaMN7IM8dIsH1z6SzG7GE9FUPGF3/uALfX6
Ry2ElGTlaB2X3qIwJH/ig+I2UMEe8tVXmOXbHrWYdEc0ux8VAyUJMcz2PyU420qO
Oe6vPH0a4wDnRNc3i9o6bYxIKXPfdOpvtX2JiWGsyD7kM4W/OUkOzdVkX2T9DNP6
+Lch1PcDR6KH4cS+vNxPSu1XMad4xkvcU1U+gFF22IMznYJBP3td9zs1hc/55eyN
mQfCC+2QuFWA0w1I+ybtIaqOOODl5TOFDSIbOXGVN4BdYZCt0EdGb/KImKF4PpcL
pggyR3kK66lOncvfWuS+K6eBQuB247+iy088Fn++ImBZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:27 2024 by rpki-client on console-ams.rpki-client.org