Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/Nw6Ynoxi4SUJEijhLAS6dnz-9F0.roa
File:                     Nw6Ynoxi4SUJEijhLAS6dnz-9F0.roa (raw, json)
Hash identifier:          LBtL3gfUYYY1KNSn6cGCQg+uAz+SksfSu6YHNklmnjA=
Subject key identifier:   37:0E:98:9E:8C:62:E1:25:09:12:28:E1:2C:04:BA:76:7C:FE:F4:5D
Certificate issuer:       /CN=826605b4d27f13968e8794e6ef091223748817d8
Certificate serial:       018CC7946E39F2BC50417029E4619F531B71
Authority key identifier: 82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/Nw6Ynoxi4SUJEijhLAS6dnz-9F0.roa
Signing time:             Tue 02 Jan 2024 00:30:42 +0000
ROA not before:           Tue 02 Jan 2024 00:30:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        168.199.204.0/24 maxlen: 24
                          168.199.205.0/24 maxlen: 24
                          168.199.206.0/24 maxlen: 24
                          168.199.211.0/24 maxlen: 24
                          168.199.208.0/24 maxlen: 24
                          168.199.209.0/24 maxlen: 24
                          168.199.210.0/24 maxlen: 24
                          168.199.207.0/24 maxlen: 24
                          168.199.216.0/24 maxlen: 24
                          168.199.217.0/24 maxlen: 24
                          168.199.218.0/24 maxlen: 24
                          168.199.219.0/24 maxlen: 24
                          168.199.225.0/24 maxlen: 24
                          168.199.226.0/24 maxlen: 24
                          168.199.222.0/24 maxlen: 24
                          168.199.223.0/24 maxlen: 24
                          168.199.224.0/24 maxlen: 24
                          168.199.220.0/24 maxlen: 24
                          168.199.221.0/24 maxlen: 24
                          168.199.229.0/24 maxlen: 24
                          168.199.230.0/24 maxlen: 24
                          168.199.231.0/24 maxlen: 24
                          168.199.227.0/24 maxlen: 24
                          168.199.228.0/24 maxlen: 24
                          168.199.232.0/24 maxlen: 24
                          168.199.233.0/24 maxlen: 24
                          168.199.239.0/24 maxlen: 24
                          168.199.236.0/24 maxlen: 24
                          168.199.237.0/24 maxlen: 24
                          168.199.238.0/24 maxlen: 24
                          168.199.234.0/24 maxlen: 24
                          168.199.235.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 28 May 2024 14:59:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:6e:39:f2:bc:50:41:70:29:e4:61:9f:53:1b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826605b4d27f13968e8794e6ef091223748817d8
        Validity
            Not Before: Jan  2 00:30:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=370e989e8c62e125091228e12c04ba767cfef45d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:92:db:ff:f5:04:62:c2:eb:f2:90:0e:a7:b2:
                    02:92:bc:f3:da:e2:4d:3e:a2:ab:8a:5c:cc:e9:49:
                    74:db:35:01:3d:26:87:05:e8:cd:07:47:25:f9:83:
                    ef:7c:c3:22:47:7c:13:e0:2a:04:7e:a2:45:1a:ca:
                    41:cb:64:b7:61:eb:97:7e:10:fb:7a:47:7b:bc:0c:
                    c1:0f:3f:73:e0:7d:18:21:ae:e2:f0:d5:37:58:e3:
                    2a:8c:ee:13:95:8f:d2:f7:c9:7c:29:6c:54:ab:94:
                    0e:b1:3c:7a:58:46:c3:54:30:86:f9:a3:27:97:9b:
                    13:29:60:cc:99:a0:a4:35:ee:87:ff:39:39:12:a9:
                    96:85:fa:c1:55:ca:3a:67:53:ac:a3:f3:0a:a7:fb:
                    36:9f:f1:c5:97:53:92:44:b7:33:e2:ae:60:09:d7:
                    2d:f4:f1:49:3b:d9:e0:f6:53:6c:72:fe:d1:07:ba:
                    a5:72:8a:04:95:32:88:6d:0b:ce:87:de:e7:51:f3:
                    1b:ed:68:2f:08:96:5c:4c:22:25:ec:af:ce:d8:a8:
                    e6:4d:f0:5a:0b:a8:55:64:db:97:7e:d1:41:b2:88:
                    e5:c0:3d:82:d8:3e:3b:e9:c2:46:f5:a9:79:41:c8:
                    18:3a:80:25:ff:bb:78:74:08:43:10:01:9e:c4:d4:
                    75:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:0E:98:9E:8C:62:E1:25:09:12:28:E1:2C:04:BA:76:7C:FE:F4:5D
            X509v3 Authority Key Identifier:
                keyid:82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/Nw6Ynoxi4SUJEijhLAS6dnz-9F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.199.204.0-168.199.211.255
                  168.199.216.0-168.199.239.255

    Signature Algorithm: sha256WithRSAEncryption
         a8:71:c0:a7:a7:30:23:ad:c3:16:eb:36:ed:b1:6c:40:fa:3a:
         77:3e:de:e6:d7:04:45:a2:99:fa:65:a6:21:7f:c4:08:b2:01:
         c8:9c:d4:7e:af:f8:99:32:00:5f:43:58:9a:97:9f:23:4e:49:
         e7:9b:96:17:d4:da:9c:a6:91:4e:f2:aa:05:25:b5:f7:bc:ad:
         ce:e0:d9:4f:48:e0:e3:63:3c:08:1c:5f:f8:51:70:db:cd:a4:
         05:ae:2d:1f:e3:75:d2:bd:47:ad:23:f4:12:e6:69:ec:e1:fa:
         e3:3b:8a:ab:2a:f9:6c:df:0c:61:26:75:7c:28:b3:2a:f2:e2:
         86:00:bc:4d:a8:94:87:ca:af:39:56:74:5f:a9:f9:9a:74:56:
         c9:a8:1a:33:22:fb:e6:53:66:a8:e8:57:bc:e0:dc:8b:7c:05:
         f6:27:97:c2:e7:7c:db:42:7d:2a:c0:9e:2d:99:06:b7:45:71:
         53:09:39:5e:10:ba:04:a3:d4:d8:26:de:33:c0:28:a9:ac:0b:
         c6:6d:34:97:f9:4b:7f:ae:35:d5:fe:60:aa:19:3c:62:e8:5a:
         94:69:ff:03:d0:58:87:07:12:bf:9c:1d:88:1f:cc:6d:ed:e6:
         6c:3f:1a:36:17:6c:70:d0:36:fd:b4:a2:40:8f:e9:82:ce:b0:
         52:eb:58:40
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYzHlG458rxQQXAp5GGfUxtxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjYwNWI0ZDI3ZjEzOTY4ZTg3OTRlNmVmMDkxMjIzNzQ4
ODE3ZDgwHhcNMjQwMTAyMDAzMDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzBlOTg5ZThjNjJlMTI1MDkxMjI4ZTEyYzA0YmE3NjdjZmVmNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJLb//UEYsLr8pAOp7ICkrzz2uJN
PqKrilzM6Ul02zUBPSaHBejNB0cl+YPvfMMiR3wT4CoEfqJFGspBy2S3YeuXfhD7
ekd7vAzBDz9z4H0YIa7i8NU3WOMqjO4TlY/S98l8KWxUq5QOsTx6WEbDVDCG+aMn
l5sTKWDMmaCkNe6H/zk5EqmWhfrBVco6Z1Oso/MKp/s2n/HFl1OSRLcz4q5gCdct
9PFJO9ng9lNscv7RB7qlcooElTKIbQvOh97nUfMb7WgvCJZcTCIl7K/O2KjmTfBa
C6hVZNuXftFBsojlwD2C2D476cJG9al5QcgYOoAl/7t4dAhDEAGexNR1iwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFDcOmJ6MYuElCRIo4SwEunZ8/vRdMB8GA1UdIwQY
MBaAFIJmBbTSfxOWjoeU5u8JEiN0iBfYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEt
MmQxOTE4YmExYzBlLzEvTnc2WW5veGk0U1VKRWlqaExBUzZkbnotOUYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mYmNjMzItMzNjOC00MWZmLTg5ZmEtMmQxOTE4YmExYzBl
LzEvZ21ZRnROSl9FNWFPaDVUbTd3a1NJM1NJRjlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBAKox8wD
BAKox9AwDAMEA6jH2AMEBKjH4DANBgkqhkiG9w0BAQsFAAOCAQEAqHHAp6cwI63D
Fus27bFsQPo6dz7e5tcERaKZ+mWmIX/ECLIByJzUfq/4mTIAX0NYmpefI05J55uW
F9TanKaRTvKqBSW197ytzuDZT0jg42M8CBxf+FFw282kBa4tH+N10r1HrSP0EuZp
7OH64zuKqyr5bN8MYSZ1fCizKvLihgC8TaiUh8qvOVZ0X6n5mnRWyagaMyL75lNm
qOhXvODci3wF9ieXwud820J9KsCeLZkGt0VxUwk5XhC6BKPU2CbeM8AoqawLxm00
l/lLf6411f5gqhk8YuhalGn/A9BYhwcSv5wdiB/Mbe3mbD8aNhdscNA2/bSiQI/p
gs6wUutYQA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:37:50 2024 by rpki-client on console-fra.rpki-client.org