Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/d8fngmqfIJHXmquXaYiz1GMqySo.roa
File:                     d8fngmqfIJHXmquXaYiz1GMqySo.roa (raw, json)
Hash identifier:          pWqlRdgPd87spR/mkoXC4NSCgsXHVF3FuD4WcefHjRU=
Subject key identifier:   77:C7:E7:82:6A:9F:20:91:D7:9A:AB:97:69:88:B3:D4:63:2A:C9:2A
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       01856EF42597093FAA695DC905A4DEC500D8
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/d8fngmqfIJHXmquXaYiz1GMqySo.roa
Signing time:             Sun 01 Jan 2023 20:09:31 +0000
ROA not before:           Sun 01 Jan 2023 20:09:31 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     61137
IP address blocks:        91.229.65.0/24 maxlen: 24
                          185.76.128.0/22 maxlen: 22
                          185.76.130.0/24 maxlen: 24
                          185.76.131.0/24 maxlen: 24
                          5.53.96.0/21 maxlen: 21
                          5.53.96.0/22 maxlen: 22
                          5.53.100.0/24 maxlen: 24
                          109.205.28.0/23 maxlen: 23
                          91.229.64.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:30:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:f4:25:97:09:3f:aa:69:5d:c9:05:a4:de:c5:00:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  1 20:09:31 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=77c7e7826a9f2091d79aab976988b3d4632ac92a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b9:12:86:11:43:5c:e7:a3:66:01:2f:ef:ae:
                    57:b1:23:1f:13:82:22:c0:d3:c4:89:3e:ad:08:07:
                    d6:2f:74:74:a3:af:87:75:8d:2e:1f:22:9f:15:05:
                    c7:e9:ca:32:0b:5e:0c:87:ed:2c:fa:e7:51:3c:71:
                    bd:fb:7d:15:3f:11:bd:83:63:fb:35:b5:5e:3d:ed:
                    dc:d5:20:ec:27:af:4d:4e:b2:b6:69:69:2d:db:a8:
                    9a:d5:04:99:f8:98:26:92:2e:50:88:73:59:50:9a:
                    1e:ee:f8:1a:b4:47:0b:ab:20:b4:29:8b:16:de:ed:
                    0a:f4:03:35:d9:14:f2:fc:2b:2a:81:65:76:3e:d1:
                    d1:9d:c0:b2:cc:7f:ee:f9:b5:c8:43:2b:b6:32:7b:
                    98:a8:8a:9b:c2:6b:f4:17:bd:5a:25:bd:fe:99:b4:
                    2d:69:95:e8:fd:2f:0e:a2:23:dd:59:ac:15:ef:4a:
                    2f:e4:3b:b1:c1:39:7a:93:76:ed:77:37:98:3c:72:
                    4d:e9:dc:f6:6f:79:41:77:d5:61:f7:c8:c4:62:ae:
                    2e:61:7d:ef:2c:9d:9a:d4:59:8b:93:bf:7e:bc:7b:
                    2f:25:34:ca:bc:81:25:02:04:14:c5:c8:56:5f:7e:
                    31:17:ba:43:e7:5f:87:d8:77:5d:86:42:75:5d:df:
                    be:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:C7:E7:82:6A:9F:20:91:D7:9A:AB:97:69:88:B3:D4:63:2A:C9:2A
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/d8fngmqfIJHXmquXaYiz1GMqySo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.53.96.0/21
                  91.229.64.0/23
                  109.205.28.0/23
                  185.76.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:62:fe:e7:61:22:8d:cb:70:f2:22:4b:26:b2:29:0f:99:41:
         05:93:6b:d0:58:75:c9:10:8f:a4:b0:9f:77:ad:64:f5:c1:11:
         d2:ff:46:78:12:86:10:69:17:57:05:6e:52:80:9a:ad:42:71:
         41:50:ed:13:74:8c:59:83:ee:11:91:14:61:6b:43:b9:b7:99:
         98:67:5a:ff:41:c2:dd:25:cd:c1:fe:ea:13:5a:2a:60:3e:fe:
         54:5d:0b:a9:90:38:44:3d:6e:a7:7d:2e:d4:2c:ab:e9:60:d9:
         31:b2:17:5e:0f:7c:47:68:7b:21:9c:08:1b:0a:2b:25:d2:0d:
         ab:fc:a3:ad:7e:71:fd:85:4e:18:eb:60:8a:64:ce:51:d4:51:
         79:1a:8e:d5:2d:17:ee:33:27:11:04:60:e7:e4:87:1c:48:82:
         8a:d5:9f:45:83:48:97:41:b2:7b:a1:39:00:c5:22:68:90:99:
         d3:52:ee:78:b9:1d:2a:f6:4f:ff:fb:d0:46:07:98:a7:b8:9f:
         b6:0b:fd:c2:e1:6a:4a:17:53:c4:9a:72:50:2f:65:53:f8:f5:
         1e:56:08:6f:6f:00:b2:62:fc:fb:f9:72:82:eb:0b:f0:e2:e6:
         ac:bc:aa:f1:45:e9:bb:ce:f8:1d:98:1f:d0:c6:6f:11:55:e6:
         de:a3:71:77
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVu9CWXCT+qaV3JBaTexQDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjMwMTAxMjAwOTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2M3ZTc4MjZhOWYyMDkxZDc5YWFiOTc2OTg4YjNkNDYzMmFjOTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLkShhFDXOejZgEv765XsSMfE4Ii
wNPEiT6tCAfWL3R0o6+HdY0uHyKfFQXH6coyC14Mh+0s+udRPHG9+30VPxG9g2P7
NbVePe3c1SDsJ69NTrK2aWkt26ia1QSZ+Jgmki5QiHNZUJoe7vgatEcLqyC0KYsW
3u0K9AM12RTy/CsqgWV2PtHRncCyzH/u+bXIQyu2MnuYqIqbwmv0F71aJb3+mbQt
aZXo/S8OoiPdWawV70ov5DuxwTl6k3btdzeYPHJN6dz2b3lBd9Vh98jEYq4uYX3v
LJ2a1FmLk79+vHsvJTTKvIElAgQUxchWX34xF7pD51+H2HddhkJ1Xd++PQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHfH54JqnyCR15qrl2mIs9RjKskqMB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvZDhmbmdtcWZJSkhYbXF1WGFZaXoxR01xeVNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDBTVgAwQB
W+VAAwQBbc0cAwQCuUyAMA0GCSqGSIb3DQEBCwUAA4IBAQDLYv7nYSKNy3DyIksm
sikPmUEFk2vQWHXJEI+ksJ93rWT1wRHS/0Z4EoYQaRdXBW5SgJqtQnFBUO0TdIxZ
g+4RkRRha0O5t5mYZ1r/QcLdJc3B/uoTWipgPv5UXQupkDhEPW6nfS7ULKvpYNkx
shdeD3xHaHshnAgbCisl0g2r/KOtfnH9hU4Y62CKZM5R1FF5Go7VLRfuMycRBGDn
5IccSIKK1Z9Fg0iXQbJ7oTkAxSJokJnTUu54uR0q9k//+9BGB5inuJ+2C/3C4WpK
F1PEmnJQL2VT+PUeVghvbwCyYvz7+XKC6wvw4uasvKrxRem7zvgdmB/Qxm8RVebe
o3F3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:47:55 2024 by rpki-client on console-fra.rpki-client.org