Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/AmGLJJ8Tbuojnd_O0C6TvzsRNVc.roa
File:                     AmGLJJ8Tbuojnd_O0C6TvzsRNVc.roa (raw, json)
Hash identifier:          SJ5XHrk9rUMz8CU3m6eex0xboxmPRiAUmimOSPoqg3A=
Subject key identifier:   02:61:8B:24:9F:13:6E:EA:23:9D:DF:CE:D0:2E:93:BF:3B:11:35:57
Certificate issuer:       /CN=947320d030930178e6f7ceef91d2ab8784d3dc16
Certificate serial:       018774A8BF8EA5B9EAEB57BE322E5BD28567
Authority key identifier: 94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/AmGLJJ8Tbuojnd_O0C6TvzsRNVc.roa
Signing time:             Wed 12 Apr 2023 08:50:28 +0000
ROA not before:           Wed 12 Apr 2023 08:50:28 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     62005
IP address blocks:        185.123.53.0/24 maxlen: 24
                          185.39.18.0/24 maxlen: 24
                          193.109.120.0/24 maxlen: 24
                          194.61.121.0/24 maxlen: 24
                          194.61.120.0/24 maxlen: 24
                          91.235.234.0/24 maxlen: 24
                          195.54.160.0/24 maxlen: 24
                          2a10:1fc0:f::/48 maxlen: 48
                          2a10:1fc0:8::/48 maxlen: 48
                          2a10:1fc0:3::/48 maxlen: 48
                          2a10:1fc0:e::/48 maxlen: 48
                          2a10:1fc0:1::/48 maxlen: 48
                          2a10:1fc0:c::/48 maxlen: 48
                          2a10:1fc0:2::/48 maxlen: 48
                          2a10:1fc0:5::/48 maxlen: 48
                          2a10:1fc0:10::/48 maxlen: 48
                          2a10:1fc0:b::/48 maxlen: 48
                          2a10:1fc0:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 17 Apr 2023 17:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:74:a8:bf:8e:a5:b9:ea:eb:57:be:32:2e:5b:d2:85:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=947320d030930178e6f7ceef91d2ab8784d3dc16
        Validity
            Not Before: Apr 12 08:50:28 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=02618b249f136eea239ddfced02e93bf3b113557
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:cc:de:d2:52:ba:36:7c:44:9f:89:40:7c:b9:
                    d7:ae:f7:1a:35:72:0e:75:75:69:b4:47:0d:ae:bd:
                    25:81:9c:cc:3a:b9:f1:1d:d4:b4:04:1a:9a:23:ce:
                    36:e0:68:75:ce:09:13:6a:23:15:e9:ff:01:ee:ef:
                    ba:2a:1d:89:44:b0:09:ef:0d:ce:d4:3c:33:8d:92:
                    f5:74:8f:b4:e5:4f:df:f6:a5:55:c6:c8:fa:39:7f:
                    a6:cc:fc:43:53:f5:b0:2f:43:c2:b4:75:1c:75:9b:
                    85:a5:e9:91:1f:fe:aa:81:08:a7:6a:54:42:10:52:
                    82:e8:e9:c7:2e:ba:09:c8:c2:67:07:16:aa:b4:6c:
                    21:e9:7e:0a:c4:d2:30:04:05:de:0f:0e:42:e3:c9:
                    1c:04:d8:9f:37:8d:12:e0:78:79:f6:63:70:e2:3e:
                    2e:f5:da:97:bf:60:56:5e:d9:d0:05:a8:dc:27:23:
                    10:2a:fc:0a:21:fe:67:0b:c8:19:fa:fb:5b:a8:74:
                    60:c9:80:4a:be:11:75:a8:b6:8a:79:c9:ef:39:eb:
                    ef:fc:3d:36:56:84:9f:be:8a:fa:85:3f:dc:09:d5:
                    1c:c1:7c:03:22:76:5b:0b:0b:f9:5f:50:a6:32:ae:
                    24:76:d6:e4:d6:69:dd:09:4c:a8:dc:1c:44:c6:36:
                    a5:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:61:8B:24:9F:13:6E:EA:23:9D:DF:CE:D0:2E:93:BF:3B:11:35:57
            X509v3 Authority Key Identifier:
                keyid:94:73:20:D0:30:93:01:78:E6:F7:CE:EF:91:D2:AB:87:84:D3:DC:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lHMg0DCTAXjm987vkdKrh4TT3BY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/AmGLJJ8Tbuojnd_O0C6TvzsRNVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/82e876-c997-4605-87aa-8ac4a21938b4/1/lHMg0DCTAXjm987vkdKrh4TT3BY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.234.0/24
                  185.39.18.0/24
                  185.123.53.0/24
                  193.109.120.0/24
                  194.61.120.0/23
                  195.54.160.0/24
                IPv6:
                  2a10:1fc0:1::-2a10:1fc0:3:ffff:ffff:ffff:ffff:ffff
                  2a10:1fc0:5::-2a10:1fc0:6:ffff:ffff:ffff:ffff:ffff
                  2a10:1fc0:8::/48
                  2a10:1fc0:b::-2a10:1fc0:c:ffff:ffff:ffff:ffff:ffff
                  2a10:1fc0:e::-2a10:1fc0:10:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         72:c7:dc:ae:f3:71:33:a4:07:70:09:0a:50:1a:1e:7b:96:7e:
         2e:41:ae:41:f5:b0:41:27:19:25:8b:7c:f6:93:e0:8d:a6:5f:
         1e:89:e3:c1:9b:f4:d2:4f:d5:9d:8e:eb:42:eb:b9:54:f6:44:
         68:31:4d:bd:a8:a0:d9:15:85:b4:4f:2a:2e:e2:06:7d:24:76:
         11:84:cf:ca:32:a4:56:b7:6e:0e:9a:b1:6f:9d:30:4a:8d:76:
         97:ab:22:a0:c5:46:ca:b4:5b:a4:f8:bc:8d:9b:fe:0f:74:b6:
         53:26:ca:ca:d2:4a:4e:38:84:a2:2b:20:16:38:5a:78:4d:89:
         7f:7c:dd:42:21:ed:fa:89:8e:cc:c6:ad:97:55:a8:a8:cd:30:
         35:07:a2:f5:18:ed:b6:dc:e6:09:4c:3e:3d:83:44:40:f0:28:
         79:ee:35:d8:08:54:34:32:69:66:93:94:d6:a7:0e:41:0f:8d:
         6c:2d:dd:cb:a2:e1:40:3e:dd:22:31:8d:24:63:f1:c7:92:2c:
         5d:e8:13:44:76:1d:1d:f1:5e:f4:dc:84:21:7f:07:19:c0:cf:
         6b:4e:3f:74:b5:5c:81:c2:e3:cc:6f:6c:5e:c5:ca:3e:b5:e8:
         c8:e6:cb:9c:dd:a7:6b:e6:06:b7:4e:56:ae:ce:f2:66:e8:50:
         d7:14:25:de
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAYd0qL+Opbnq61e+Mi5b0oVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NzMyMGQwMzA5MzAxNzhlNmY3Y2VlZjkxZDJhYjg3ODRk
M2RjMTYwHhcNMjMwNDEyMDg1MDI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjYxOGIyNDlmMTM2ZWVhMjM5ZGRmY2VkMDJlOTNiZjNiMTEzNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksze0lK6NnxEn4lAfLnXrvcaNXIO
dXVptEcNrr0lgZzMOrnxHdS0BBqaI8424Gh1zgkTaiMV6f8B7u+6Kh2JRLAJ7w3O
1DwzjZL1dI+05U/f9qVVxsj6OX+mzPxDU/WwL0PCtHUcdZuFpemRH/6qgQinalRC
EFKC6OnHLroJyMJnBxaqtGwh6X4KxNIwBAXeDw5C48kcBNifN40S4Hh59mNw4j4u
9dqXv2BWXtnQBajcJyMQKvwKIf5nC8gZ+vtbqHRgyYBKvhF1qLaKecnvOevv/D02
VoSfvor6hT/cCdUcwXwDInZbCwv5X1CmMq4kdtbk1mndCUyo3BxExjal9QIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFAJhiySfE27qI53fztAuk787ETVXMB8GA1UdIwQY
MBaAFJRzINAwkwF45vfO75HSq4eE09wWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEt
OGFjNGEyMTkzOGI0LzEvQW1HTEpKOFRidW9qbmRfTzBDNlR2enNSTlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC84MmU4NzYtYzk5Ny00NjA1LTg3YWEtOGFjNGEyMTkzOGI0
LzEvbEhNZzBEQ1RBWGptOTg3dmtkS3JoNFRUM0JZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTAqBAIAATAkAwQAW+vq
AwQAuScSAwQAuXs1AwQAwW14AwQBwj14AwQAwzagMF8EAgACMFkwEgMHACoQH8AA
AQMHAioQH8AAADASAwcAKhAfwAAFAwcAKhAfwAAGAwcAKhAfwAAIMBIDBwAqEB/A
AAsDBwAqEB/AAAwwEgMHASoQH8AADgMHACoQH8AAEDANBgkqhkiG9w0BAQsFAAOC
AQEAcsfcrvNxM6QHcAkKUBoee5Z+LkGuQfWwQScZJYt89pPgjaZfHonjwZv00k/V
nY7rQuu5VPZEaDFNvaig2RWFtE8qLuIGfSR2EYTPyjKkVrduDpqxb50wSo12l6si
oMVGyrRbpPi8jZv+D3S2UybKytJKTjiEoisgFjhaeE2Jf3zdQiHt+omOzMatl1Wo
qM0wNQei9RjtttzmCUw+PYNEQPAoee412AhUNDJpZpOU1qcOQQ+NbC3dy6LhQD7d
IjGNJGPxx5IsXegTRHYdHfFe9NyEIX8HGcDPa04/dLVcgcLjzG9sXsXKPrXoyObL
nN2na+YGt05Wrs7yZuhQ1xQl3g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:23 2024 by rpki-client on console-fra.rpki-client.org