Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/PDg29d3TedcG1-mH8_G7XKNnERg.roa
File:                     PDg29d3TedcG1-mH8_G7XKNnERg.roa (raw, json)
Hash identifier:          smLkOscjI1gefwXWFu8tsQKXDCubX4fSMTr1grjkYvY=
Subject key identifier:   3C:38:36:F5:DD:D3:79:D7:06:D7:E9:87:F3:F1:BB:5C:A3:67:11:18
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       018D0E86A1B5BCA2FD8ABBD4549C4DF6D709
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/PDg29d3TedcG1-mH8_G7XKNnERg.roa
Signing time:             Mon 15 Jan 2024 19:08:40 +0000
ROA not before:           Mon 15 Jan 2024 19:08:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57324
IP address blocks:        109.230.112.0/24 maxlen: 24
                          202.164.192.0/24 maxlen: 24
                          202.164.195.0/24 maxlen: 24
                          202.164.194.0/24 maxlen: 24
                          109.230.113.0/24 maxlen: 24
                          109.230.115.0/24 maxlen: 24
                          79.132.195.0/24 maxlen: 24
                          79.132.196.0/24 maxlen: 24
                          109.230.114.0/24 maxlen: 24
                          202.164.193.0/24 maxlen: 24
                          79.132.198.0/24 maxlen: 24
                          79.132.199.0/24 maxlen: 24
                          79.132.197.0/24 maxlen: 24
                          202.164.198.0/24 maxlen: 24
                          202.164.196.0/24 maxlen: 24
                          202.164.197.0/24 maxlen: 24
                          202.164.199.0/24 maxlen: 24
                          122.102.117.0/24 maxlen: 24
                          122.102.118.0/24 maxlen: 24
                          122.102.116.0/24 maxlen: 24
                          109.230.117.0/24 maxlen: 24
                          109.230.116.0/24 maxlen: 24
                          109.230.118.0/24 maxlen: 24
                          202.164.205.0/24 maxlen: 24
                          109.230.124.0/24 maxlen: 24
                          109.230.125.0/24 maxlen: 24
                          202.164.203.0/24 maxlen: 24
                          109.230.122.0/24 maxlen: 24
                          109.230.121.0/24 maxlen: 24
                          122.102.119.0/24 maxlen: 24
                          109.230.123.0/24 maxlen: 24
                          202.164.204.0/24 maxlen: 24
                          202.164.201.0/24 maxlen: 24
                          202.164.200.0/24 maxlen: 24
                          202.164.202.0/24 maxlen: 24
                          109.230.120.0/24 maxlen: 24
                          109.230.119.0/24 maxlen: 24
                          109.230.127.0/24 maxlen: 24
                          109.230.126.0/24 maxlen: 24
                          86.111.144.0/24 maxlen: 24
                          86.111.145.0/24 maxlen: 24
                          86.111.146.0/24 maxlen: 24
                          86.111.147.0/24 maxlen: 24
                          185.113.105.0/24 maxlen: 24
                          185.113.107.0/24 maxlen: 24
                          2a03:c340::/32 maxlen: 32

Validation:               Failed, certificate revoked on Tue 23 Jan 2024 12:24:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0e:86:a1:b5:bc:a2:fd:8a:bb:d4:54:9c:4d:f6:d7:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Jan 15 19:08:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c3836f5ddd379d706d7e987f3f1bb5ca3671118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:96:e1:29:99:56:9f:57:8d:4f:a7:1e:bc:af:
                    92:42:71:92:ef:07:ce:a6:0a:86:52:80:91:2d:7c:
                    9e:20:e8:61:25:f3:59:ed:0d:a4:48:0c:39:8e:fd:
                    cf:1b:a6:b4:43:d8:ed:02:82:c6:37:6d:99:a3:d6:
                    c9:6d:40:c7:c3:a8:48:b8:43:20:7a:e5:95:8c:f2:
                    7a:ab:25:0f:7f:4a:56:53:ed:39:f0:ee:1c:25:a8:
                    c3:b8:ba:1f:c7:ed:fd:4a:75:89:5e:ab:5b:68:8d:
                    b9:eb:7e:63:c0:be:0e:ee:12:79:6f:14:c3:0e:38:
                    99:e2:4b:86:2b:e5:66:eb:7b:84:bb:8a:da:1c:86:
                    9f:27:81:99:f4:f0:2e:ef:ef:0f:d3:4f:70:ab:08:
                    49:11:70:df:b4:ec:a1:d8:82:e1:75:91:23:f0:a3:
                    c8:c1:30:c1:c6:7b:2b:ad:1a:6a:3d:23:5f:b9:da:
                    6a:86:21:48:cd:02:9f:6f:6b:5e:98:ea:de:39:ed:
                    a6:f1:32:4c:c9:ba:d6:54:0b:94:38:e5:57:13:c8:
                    54:0c:b5:c2:8e:d9:c1:02:9b:cd:c8:bb:49:1b:14:
                    b8:31:24:80:d8:53:23:46:06:8c:aa:47:9d:b7:fa:
                    20:d5:90:89:53:1f:d5:a8:3f:d7:53:e5:8c:a5:bc:
                    c6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:38:36:F5:DD:D3:79:D7:06:D7:E9:87:F3:F1:BB:5C:A3:67:11:18
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/PDg29d3TedcG1-mH8_G7XKNnERg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.195.0-79.132.199.255
                  86.111.144.0/22
                  109.230.112.0/20
                  122.102.116.0/22
                  185.113.105.0/24
                  185.113.107.0/24
                  202.164.192.0-202.164.205.255
                IPv6:
                  2a03:c340::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:bc:87:d5:e9:55:54:8b:b2:d3:de:20:c4:fe:70:d9:fe:5d:
         19:a6:0e:6b:72:92:e6:7e:2d:89:d1:d8:38:62:5a:e3:67:60:
         58:7d:39:57:5c:fc:62:a2:cc:07:1b:2b:2f:94:b4:02:0a:9a:
         97:bc:2a:b4:cf:c5:b8:25:fd:ca:ae:41:fe:77:58:54:ed:b9:
         da:31:78:41:c2:b9:88:19:79:c1:9c:55:b1:5d:f0:63:aa:7a:
         12:e2:2f:cb:20:d4:de:0e:60:1e:7d:c4:6e:f2:65:d2:99:64:
         ee:42:88:a0:c7:03:9f:a3:96:e6:34:c4:e5:fe:29:bd:14:23:
         3a:ac:c8:5b:d0:01:84:3f:de:9b:3b:3e:27:97:a6:33:b5:26:
         ec:fb:41:d3:f7:c6:9b:4f:cc:c0:4e:cd:67:cc:0a:b6:1f:7d:
         2b:60:b8:96:3a:12:93:f8:57:db:2f:3c:d3:b2:8b:9c:88:ca:
         12:bb:d8:c7:7d:01:80:30:00:86:f9:f6:b2:ea:9a:4a:da:fd:
         9b:06:68:a5:93:44:bd:69:db:30:1d:15:81:55:dc:9a:4d:2d:
         d4:5e:86:9d:36:db:ad:f5:d7:96:aa:43:0d:6a:8c:b9:e0:a0:
         5b:4a:36:34:50:65:7a:42:ea:0d:a8:9b:fa:7a:63:c3:fc:78:
         93:6a:b7:d4
-----BEGIN CERTIFICATE-----
MIIFQDCCBCigAwIBAgISAY0OhqG1vKL9irvUVJxN9tcJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjQwMTE1MTkwODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzM4MzZmNWRkZDM3OWQ3MDZkN2U5ODdmM2YxYmI1Y2EzNjcxMTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJbhKZlWn1eNT6cevK+SQnGS7wfO
pgqGUoCRLXyeIOhhJfNZ7Q2kSAw5jv3PG6a0Q9jtAoLGN22Zo9bJbUDHw6hIuEMg
euWVjPJ6qyUPf0pWU+058O4cJajDuLofx+39SnWJXqtbaI25635jwL4O7hJ5bxTD
DjiZ4kuGK+Vm63uEu4raHIafJ4GZ9PAu7+8P009wqwhJEXDftOyh2ILhdZEj8KPI
wTDBxnsrrRpqPSNfudpqhiFIzQKfb2temOreOe2m8TJMybrWVAuUOOVXE8hUDLXC
jtnBApvNyLtJGxS4MSSA2FMjRgaMqkedt/og1ZCJUx/VqD/XU+WMpbzGNwIDAQAB
o4ICTDCCAkgwHQYDVR0OBBYEFDw4NvXd03nXBtfph/Pxu1yjZxEYMB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvUERnMjlkM1RlZGNHMS1tSDhfRzdYS05uRVJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGIGCCsGAQUFBwEHAQH/BFMwUTBABAIAATA6MAwDBABPhMMD
BANPhMADBAJWb5ADBARt5nADBAJ6ZnQDBAC5cWkDBAC5cWswDAMEBsqkwAMEAcqk
zDANBAIAAjAHAwUAKgPDQDANBgkqhkiG9w0BAQsFAAOCAQEAkLyH1elVVIuy094g
xP5w2f5dGaYOa3KS5n4tidHYOGJa42dgWH05V1z8YqLMBxsrL5S0Agqal7wqtM/F
uCX9yq5B/ndYVO252jF4QcK5iBl5wZxVsV3wY6p6EuIvyyDU3g5gHn3EbvJl0plk
7kKIoMcDn6OW5jTE5f4pvRQjOqzIW9ABhD/emzs+J5emM7Um7PtB0/fGm0/MwE7N
Z8wKth99K2C4ljoSk/hX2y8807KLnIjKErvYx30BgDAAhvn2suqaStr9mwZopZNE
vWnbMB0VgVXcmk0t1F6GnTbbrfXXlqpDDWqMueCgW0o2NFBlekLqDaib+npjw/x4
k2q31A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:50 2024 by rpki-client on console-ams.rpki-client.org