Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/agP6jDaOR0zxUCfxI1S0pUczZ74.roa
File:                     agP6jDaOR0zxUCfxI1S0pUczZ74.roa (raw, json)
Hash identifier:          +Gc83GkzuwbvDA12J1kAm0sZ4R/kUGNjFbKyBmRDPn0=
Subject key identifier:   6A:03:FA:8C:36:8E:47:4C:F1:50:27:F1:23:54:B4:A5:47:33:67:BE
Certificate issuer:       /CN=c1098a1905bbd3381533828f6b7fd227170431ef
Certificate serial:       018C820C57FFF2F062C1108BB76F6F155557
Authority key identifier: C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/agP6jDaOR0zxUCfxI1S0pUczZ74.roa
Signing time:             Tue 19 Dec 2023 12:28:16 +0000
ROA not before:           Tue 19 Dec 2023 12:28:16 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     57324
IP address blocks:        202.164.192.0/24 maxlen: 24
                          109.230.112.0/24 maxlen: 24
                          202.164.194.0/24 maxlen: 24
                          202.164.195.0/24 maxlen: 24
                          202.164.196.0/24 maxlen: 24
                          202.164.197.0/24 maxlen: 24
                          202.164.198.0/24 maxlen: 24
                          202.164.199.0/24 maxlen: 24
                          202.164.193.0/24 maxlen: 24
                          79.132.198.0/24 maxlen: 24
                          122.102.117.0/24 maxlen: 24
                          109.230.117.0/24 maxlen: 24
                          109.230.116.0/24 maxlen: 24
                          109.230.118.0/24 maxlen: 24
                          79.132.199.0/24 maxlen: 24
                          79.132.197.0/24 maxlen: 24
                          122.102.118.0/24 maxlen: 24
                          122.102.116.0/24 maxlen: 24
                          109.230.115.0/24 maxlen: 24
                          109.230.114.0/24 maxlen: 24
                          109.230.113.0/24 maxlen: 24
                          79.132.196.0/24 maxlen: 24
                          79.132.195.0/24 maxlen: 24
                          109.230.122.0/24 maxlen: 24
                          109.230.124.0/24 maxlen: 24
                          109.230.125.0/24 maxlen: 24
                          109.230.123.0/24 maxlen: 24
                          109.230.120.0/24 maxlen: 24
                          109.230.121.0/24 maxlen: 24
                          122.102.119.0/24 maxlen: 24
                          109.230.119.0/24 maxlen: 24
                          202.164.206.0/24 maxlen: 24
                          202.164.205.0/24 maxlen: 24
                          202.164.203.0/24 maxlen: 24
                          202.164.201.0/24 maxlen: 24
                          202.164.200.0/24 maxlen: 24
                          202.164.202.0/24 maxlen: 24
                          202.164.204.0/24 maxlen: 24
                          109.230.127.0/24 maxlen: 24
                          109.230.126.0/24 maxlen: 24
                          202.164.207.0/24 maxlen: 24
                          86.111.144.0/24 maxlen: 24
                          86.111.145.0/24 maxlen: 24
                          86.111.146.0/24 maxlen: 24
                          86.111.147.0/24 maxlen: 24
                          185.113.105.0/24 maxlen: 24
                          185.113.107.0/24 maxlen: 24
                          2a03:c340::/32 maxlen: 32

Validation:               Failed, certificate revoked on Thu 21 Dec 2023 08:20:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:82:0c:57:ff:f2:f0:62:c1:10:8b:b7:6f:6f:15:55:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1098a1905bbd3381533828f6b7fd227170431ef
        Validity
            Not Before: Dec 19 12:28:16 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6a03fa8c368e474cf15027f12354b4a5473367be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:49:a7:2c:a0:6d:02:58:7a:07:28:08:94:c6:
                    4e:2d:2c:17:e7:1f:cd:18:7a:e2:e6:f8:1e:be:64:
                    c7:e8:26:76:cc:b0:7c:82:2d:71:6a:35:12:fe:1a:
                    c9:76:7e:47:8e:c3:ff:97:84:a0:18:66:2d:08:79:
                    c1:e4:ca:10:24:f8:a9:dc:92:8c:ed:d3:22:d9:83:
                    b9:e0:f9:60:81:a0:4b:f5:4c:57:67:ef:a8:a1:7c:
                    3c:e3:4b:f0:fe:e0:55:15:58:12:bd:a8:1e:18:16:
                    53:5c:73:b5:6f:95:b7:87:1a:23:f2:7e:01:b8:03:
                    1c:52:b8:7f:88:eb:66:dd:9f:f4:9a:ec:e1:ff:a2:
                    d0:4c:9e:cf:bf:0a:34:66:c7:39:9e:a3:b0:fa:3a:
                    fa:a5:f7:c0:6c:96:40:1c:b9:0e:72:bc:7c:f0:19:
                    03:6e:bf:fb:08:99:96:f0:e8:76:96:b7:8e:89:be:
                    a2:ec:de:24:b9:36:4c:c4:0c:24:c1:68:56:d9:e3:
                    95:3a:2c:b2:39:3f:c8:81:68:1b:9c:51:76:8a:9e:
                    7b:7a:04:c5:9d:be:cf:24:52:6d:70:ee:75:be:55:
                    fb:8e:92:fa:ba:cc:2e:84:e8:a7:b2:be:01:32:ee:
                    77:0a:6f:ac:07:8a:18:c2:1d:14:d7:d8:27:17:28:
                    3a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:03:FA:8C:36:8E:47:4C:F1:50:27:F1:23:54:B4:A5:47:33:67:BE
            X509v3 Authority Key Identifier:
                keyid:C1:09:8A:19:05:BB:D3:38:15:33:82:8F:6B:7F:D2:27:17:04:31:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQmKGQW70zgVM4KPa3_SJxcEMe8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/agP6jDaOR0zxUCfxI1S0pUczZ74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/2eed71-4665-4948-a3c5-b2a713d2eab2/1/wQmKGQW70zgVM4KPa3_SJxcEMe8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.132.195.0-79.132.199.255
                  86.111.144.0/22
                  109.230.112.0/20
                  122.102.116.0/22
                  185.113.105.0/24
                  185.113.107.0/24
                  202.164.192.0/20
                IPv6:
                  2a03:c340::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:ee:ee:f9:c7:7f:de:10:42:0a:54:f4:6c:b9:4a:72:ee:0c:
         a9:31:8e:5f:21:2c:c7:79:43:16:da:83:ba:93:47:d8:35:a1:
         6c:1b:3d:49:d0:1b:5f:86:93:3b:39:f4:0b:f5:e3:4a:a4:72:
         47:f6:f0:17:8e:ba:c6:17:6a:5e:23:d2:0d:da:77:27:d9:7b:
         fd:45:be:09:0a:47:56:2f:27:58:72:6e:41:50:73:ab:76:e1:
         45:31:9b:6f:ab:80:a2:fb:45:bc:c3:c7:cd:f0:d7:1d:2b:60:
         85:cc:27:14:cf:43:56:1a:77:81:8e:9c:70:b1:6c:30:d3:8e:
         64:d8:b0:9d:1b:91:f3:f0:a7:2f:f9:88:a3:2a:d4:dd:9c:76:
         54:ae:25:79:40:94:5c:30:79:03:6a:39:95:f6:78:45:21:b4:
         48:0c:a4:51:c2:8a:d5:7a:60:d3:4a:ba:1c:a7:35:1b:98:8f:
         52:60:1d:21:1a:d4:a6:54:90:e6:e1:71:0f:50:3b:18:87:4d:
         7f:19:54:e7:7a:bb:fc:1e:3a:1a:f2:f9:c4:c1:98:4a:1f:46:
         81:4e:66:3d:d9:4b:2c:79:09:04:0e:5f:f9:fe:ba:87:1f:c1:
         a8:0c:9b:22:c4:a2:1e:fb:2c:c2:cc:32:bc:ca:c5:3e:53:10:
         36:79:64:82
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYyCDFf/8vBiwRCLt29vFVVXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDk4YTE5MDViYmQzMzgxNTMzODI4ZjZiN2ZkMjI3MTcw
NDMxZWYwHhcNMjMxMjE5MTIyODE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTAzZmE4YzM2OGU0NzRjZjE1MDI3ZjEyMzU0YjRhNTQ3MzM2N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikmnLKBtAlh6BygIlMZOLSwX5x/N
GHri5vgevmTH6CZ2zLB8gi1xajUS/hrJdn5HjsP/l4SgGGYtCHnB5MoQJPip3JKM
7dMi2YO54PlggaBL9UxXZ++ooXw840vw/uBVFVgSvageGBZTXHO1b5W3hxoj8n4B
uAMcUrh/iOtm3Z/0muzh/6LQTJ7Pvwo0Zsc5nqOw+jr6pffAbJZAHLkOcrx88BkD
br/7CJmW8Oh2lreOib6i7N4kuTZMxAwkwWhW2eOVOiyyOT/IgWgbnFF2ip57egTF
nb7PJFJtcO51vlX7jpL6uswuhOinsr4BMu53Cm+sB4oYwh0U19gnFyg6ZwIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFGoD+ow2jkdM8VAn8SNUtKVHM2e+MB8GA1UdIwQY
MBaAFMEJihkFu9M4FTOCj2t/0icXBDHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUt
YjJhNzEzZDJlYWIyLzEvYWdQNmpEYU9SMHp4VUNmeEkxUzBwVWN6Wjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yZWVkNzEtNDY2NS00OTQ4LWEzYzUtYjJhNzEzZDJlYWIy
LzEvd1FtS0dRVzcwemdWTTRLUGEzX1NKeGNFTWU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAwDBABPhMMD
BANPhMADBAJWb5ADBARt5nADBAJ6ZnQDBAC5cWkDBAC5cWsDBATKpMAwDQQCAAIw
BwMFACoDw0AwDQYJKoZIhvcNAQELBQADggEBAD/u7vnHf94QQgpU9Gy5SnLuDKkx
jl8hLMd5Qxbag7qTR9g1oWwbPUnQG1+Gkzs59Av140qkckf28BeOusYXal4j0g3a
dyfZe/1FvgkKR1YvJ1hybkFQc6t24UUxm2+rgKL7RbzDx83w1x0rYIXMJxTPQ1Ya
d4GOnHCxbDDTjmTYsJ0bkfPwpy/5iKMq1N2cdlSuJXlAlFwweQNqOZX2eEUhtEgM
pFHCitV6YNNKuhynNRuYj1JgHSEa1KZUkObhcQ9QOxiHTX8ZVOd6u/weOhry+cTB
mEofRoFOZj3ZSyx5CQQOX/n+uocfwagMmyLEoh77LMLMMrzKxT5TEDZ5ZII=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:08 2024 by rpki-client on console-fra.rpki-client.org