Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/CciVLFpcKyaExgas0ZjUl_9LF90.roa
File:                     CciVLFpcKyaExgas0ZjUl_9LF90.roa (raw, json)
Hash identifier:          VnKQ2ce7XXwIndtcXjZtDkzQAvJZcRL4sJTgdSX+fag=
Subject key identifier:   09:C8:95:2C:5A:5C:2B:26:84:C6:06:AC:D1:98:D4:97:FF:4B:17:DD
Certificate issuer:       /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial:       018BB79CA279D6BBAB58ACF17C4C9638BD47
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/CciVLFpcKyaExgas0ZjUl_9LF90.roa
Signing time:             Fri 10 Nov 2023 05:02:57 +0000
ROA not before:           Fri 10 Nov 2023 05:02:57 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        85.153.56.0/24 maxlen: 24
                          85.153.75.0/24 maxlen: 24
                          85.153.74.0/24 maxlen: 24
                          85.153.7.0/24 maxlen: 24
                          85.153.6.0/24 maxlen: 24
                          85.153.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 00:30:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8b:b7:9c:a2:79:d6:bb:ab:58:ac:f1:7c:4c:96:38:bd:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
        Validity
            Not Before: Nov 10 05:02:57 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=09c8952c5a5c2b2684c606acd198d497ff4b17dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:8e:7b:0d:c7:0c:29:82:b8:b5:a5:d1:17:03:
                    1f:83:f1:74:95:1f:9f:c6:3c:8d:39:9a:44:6a:27:
                    db:17:9c:1f:da:ad:50:f6:9b:16:9c:36:cc:6d:21:
                    3a:90:a0:a5:7d:54:69:64:91:7a:ed:9d:2d:04:55:
                    ed:91:f8:cd:4b:f5:4d:89:ba:80:ce:b3:d1:00:92:
                    ee:1c:0e:ed:75:76:c4:0f:91:55:60:72:21:59:c9:
                    ee:6a:25:07:b5:04:85:e3:29:f6:49:db:88:07:91:
                    d9:9f:a2:41:25:6e:a9:25:b2:24:00:f3:c2:61:82:
                    59:eb:9e:ab:9a:53:e0:bc:eb:84:87:50:92:68:c0:
                    2a:d1:29:af:1a:e5:de:7c:73:d3:25:0e:fe:7f:f2:
                    c4:63:a2:01:fb:c9:b2:d3:0f:7c:41:6d:70:6c:c7:
                    23:ae:6b:83:a6:69:8f:aa:d6:88:69:d8:ba:de:1f:
                    e6:b6:9b:be:9a:6a:c7:eb:36:77:db:a0:7b:55:22:
                    fd:97:16:97:03:a8:0e:7b:22:6f:3b:16:59:8f:ab:
                    e6:63:9e:67:e4:b8:b0:68:3a:09:b9:1b:f5:07:5b:
                    da:f0:a6:4f:7d:aa:0e:c3:4e:91:c0:09:7f:bf:6c:
                    e0:e7:47:4f:87:cf:3e:49:3c:dc:e7:e6:3f:c9:bf:
                    e3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:C8:95:2C:5A:5C:2B:26:84:C6:06:AC:D1:98:D4:97:FF:4B:17:DD
            X509v3 Authority Key Identifier:
                keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/CciVLFpcKyaExgas0ZjUl_9LF90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.6.0-85.153.8.255
                  85.153.56.0/24
                  85.153.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         34:e5:f9:6a:c3:a1:70:a1:97:e0:e4:8a:7b:e2:ea:6d:ce:54:
         14:be:88:63:50:0c:5e:1b:ad:a8:2f:9f:15:94:0f:b5:f4:92:
         67:d0:e4:9a:50:0b:c4:d0:e7:d7:f3:da:68:04:97:c0:12:1c:
         c9:2d:30:9d:1e:2a:fc:94:99:d8:5a:b0:b9:01:fb:47:0b:1d:
         3e:92:e5:28:56:06:e4:87:08:0a:4e:58:9b:3d:5b:e2:cb:61:
         ae:02:80:2e:b3:30:26:93:a5:76:1a:6c:70:60:34:04:a2:15:
         5f:00:1c:24:83:69:99:04:6e:4c:2f:27:02:3c:76:dc:f8:37:
         24:c7:93:d4:00:39:9f:1a:85:bd:1e:aa:31:7e:ef:cb:10:2a:
         e1:46:c1:11:95:4b:22:bf:0c:b8:e5:1d:c7:75:03:70:17:73:
         62:c8:0e:68:f4:75:59:9f:e7:86:e2:3b:c0:0f:a0:b3:99:40:
         e6:3d:df:38:bb:f8:38:f4:31:62:96:d7:b2:55:0c:b8:48:c7:
         f2:6d:87:6d:a3:0d:04:c4:d1:4b:4e:4e:de:cd:66:5b:92:4f:
         ca:56:a8:b5:6d:0c:c2:74:94:4a:bb:af:e2:87:b6:50:12:9d:
         eb:db:51:be:19:6f:73:1f:f9:76:ce:c7:7e:cf:0c:85:81:33:
         f7:28:a4:80
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYu3nKJ51rurWKzxfEyWOL1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjMxMTEwMDUwMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWM4OTUyYzVhNWMyYjI2ODRjNjA2YWNkMTk4ZDQ5N2ZmNGIxN2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjo57DccMKYK4taXRFwMfg/F0lR+f
xjyNOZpEaifbF5wf2q1Q9psWnDbMbSE6kKClfVRpZJF67Z0tBFXtkfjNS/VNibqA
zrPRAJLuHA7tdXbED5FVYHIhWcnuaiUHtQSF4yn2SduIB5HZn6JBJW6pJbIkAPPC
YYJZ656rmlPgvOuEh1CSaMAq0SmvGuXefHPTJQ7+f/LEY6IB+8my0w98QW1wbMcj
rmuDpmmPqtaIadi63h/mtpu+mmrH6zZ326B7VSL9lxaXA6gOeyJvOxZZj6vmY55n
5LiwaDoJuRv1B1va8KZPfaoOw06RwAl/v2zg50dPh88+STzc5+Y/yb/jhwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAnIlSxaXCsmhMYGrNGY1Jf/SxfdMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvQ2NpVkxGcGNLeWFFeGdhczBaalVsXzlMRjkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAFVmQYD
BABVmQgDBABVmTgDBAFVmUowDQYJKoZIhvcNAQELBQADggEBADTl+WrDoXChl+Dk
invi6m3OVBS+iGNQDF4bragvnxWUD7X0kmfQ5JpQC8TQ59fz2mgEl8ASHMktMJ0e
KvyUmdhasLkB+0cLHT6S5ShWBuSHCApOWJs9W+LLYa4CgC6zMCaTpXYabHBgNASi
FV8AHCSDaZkEbkwvJwI8dtz4NyTHk9QAOZ8ahb0eqjF+78sQKuFGwRGVSyK/DLjl
Hcd1A3AXc2LIDmj0dVmf54biO8APoLOZQOY93zi7+Dj0MWKW17JVDLhIx/Jth22j
DQTE0UtOTt7NZluST8pWqLVtDMJ0lEq7r+KHtlASnevbUb4Zb3Mf+XbOx37PDIWB
M/copIA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:21:40 2024 by rpki-client on console-ams.rpki-client.org