Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/oTNkQD1AwVLFbdwTOBWw_ckJSFY.roa
File:                     oTNkQD1AwVLFbdwTOBWw_ckJSFY.roa (raw, json)
Hash identifier:          trRmqWcvIs9I8vbIgEU+Dcm2S5FU+M6GbnyEqCd4HQM=
Subject key identifier:   A1:33:64:40:3D:40:C1:52:C5:6D:DC:13:38:15:B0:FD:C9:09:48:56
Certificate issuer:       /CN=31242850cad41cdf75a3c9d60b21fca543f74384
Certificate serial:       018C16AACCE24A563BE2F6706A6B1274361A
Authority key identifier: 31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/oTNkQD1AwVLFbdwTOBWw_ckJSFY.roa
Signing time:             Tue 28 Nov 2023 16:02:21 +0000
ROA not before:           Tue 28 Nov 2023 16:02:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9136
IP address blocks:        92.118.192.0/22 maxlen: 22
                          62.176.224.0/19 maxlen: 19
                          91.186.32.0/19 maxlen: 19
                          5.159.24.0/21 maxlen: 21
                          213.162.128.0/19 maxlen: 19
                          185.72.232.0/22 maxlen: 22
                          2a01:581:9::/48 maxlen: 48
                          2a01:581:a::/48 maxlen: 48
                          2a01:581:6::/48 maxlen: 48
                          2a01:581:b::/48 maxlen: 48
                          2a01:581:c::/48 maxlen: 48
                          2a01:581:7::/48 maxlen: 48
                          2a01:581:8::/48 maxlen: 48
                          2a01:580::/29 maxlen: 29
                          2a01:581:d::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 04:29:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:16:aa:cc:e2:4a:56:3b:e2:f6:70:6a:6b:12:74:36:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31242850cad41cdf75a3c9d60b21fca543f74384
        Validity
            Not Before: Nov 28 16:02:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=a13364403d40c152c56ddc133815b0fdc9094856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:18:d8:4d:61:d3:f3:90:2f:a0:da:17:96:6a:
                    3a:46:70:cf:d9:d6:1e:8a:b7:8e:53:80:32:b4:bf:
                    62:26:04:77:ff:1a:54:9b:db:cf:dd:0e:2b:ce:79:
                    4a:c6:2d:56:cf:7f:e0:53:80:a7:e0:b8:74:d6:36:
                    d2:ad:5a:c0:83:97:1e:c4:12:eb:d3:58:a3:42:6e:
                    68:a1:8a:f2:32:38:d2:56:63:1d:5d:b7:6d:a9:de:
                    cb:26:cb:d5:09:4d:0b:cc:a5:a1:10:7e:64:17:9c:
                    fe:8b:4f:11:3c:73:d6:a3:c9:cb:e5:99:8a:a8:fe:
                    da:46:52:bc:dc:11:cc:65:84:de:54:e7:d3:21:cf:
                    2c:7b:97:31:ca:ae:ab:02:05:8a:27:d2:a2:66:94:
                    9a:4b:af:83:8b:b9:ee:0d:a5:0a:0e:6c:5b:a4:e5:
                    10:93:46:c6:2d:dc:fc:c7:2d:54:31:ee:04:74:11:
                    28:bb:55:dd:29:79:d9:97:bb:f1:07:47:02:b3:ab:
                    8b:98:83:6f:a4:ec:00:e1:ec:ad:17:a0:02:99:bd:
                    d4:ce:cd:09:ae:e3:59:b6:5b:93:04:8b:f0:40:a0:
                    a1:ce:69:ef:4d:66:02:10:6c:14:c6:41:50:b4:1d:
                    80:b2:b0:3d:96:32:dc:b2:50:6e:91:18:d5:d3:09:
                    5f:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:33:64:40:3D:40:C1:52:C5:6D:DC:13:38:15:B0:FD:C9:09:48:56
            X509v3 Authority Key Identifier:
                keyid:31:24:28:50:CA:D4:1C:DF:75:A3:C9:D6:0B:21:FC:A5:43:F7:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/oTNkQD1AwVLFbdwTOBWw_ckJSFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1a27ec-eb0a-4406-a1d1-07ed46b149c3/1/MSQoUMrUHN91o8nWCyH8pUP3Q4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.24.0/21
                  62.176.224.0/19
                  91.186.32.0/19
                  92.118.192.0/22
                  185.72.232.0/22
                  213.162.128.0/19
                IPv6:
                  2a01:580::/29

    Signature Algorithm: sha256WithRSAEncryption
         15:82:df:97:81:f0:3f:0d:0a:db:51:83:e1:e4:c3:82:27:6f:
         3c:9d:fc:f5:f0:f3:12:95:e6:a9:29:8f:74:4f:34:f9:eb:84:
         e8:1e:5d:30:76:5c:ed:6a:43:05:20:f5:51:e5:d9:61:66:d1:
         ea:7f:3f:d4:af:75:74:09:8b:61:13:05:92:1d:1d:c9:4b:6e:
         7f:21:5c:ba:60:f0:a7:a4:17:38:12:b8:23:57:5c:af:bd:54:
         a5:3c:16:31:8a:ef:a5:a6:7b:a7:1b:90:a9:3e:27:82:b0:f1:
         29:7b:8e:8f:78:af:56:d3:1f:1c:59:b0:cb:67:e3:ca:ed:12:
         80:ae:c3:9c:d9:47:68:1f:79:34:c6:43:fa:6d:d2:43:7d:d4:
         a1:75:26:fe:25:7c:48:49:84:28:c3:a8:f0:19:de:ac:19:35:
         b6:58:b1:d6:83:f5:b3:8a:60:d2:94:7b:d7:c1:4e:a0:e4:3e:
         3e:6b:b1:c4:93:d6:12:62:f8:70:32:00:cb:bd:ae:ba:4a:12:
         e2:60:65:87:e7:b7:d7:a4:85:62:f3:19:9d:2c:06:cb:cd:55:
         04:6c:ca:a6:18:e4:72:7b:44:90:6f:bf:fe:ac:03:12:fc:56:
         ad:4c:f5:55:f9:77:c1:fd:77:2e:82:3e:4c:37:8f:52:fd:43:
         f2:de:ba:8c
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYwWqsziSlY74vZwamsSdDYaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMjQyODUwY2FkNDFjZGY3NWEzYzlkNjBiMjFmY2E1NDNm
NzQzODQwHhcNMjMxMTI4MTYwMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMzNjQ0MDNkNDBjMTUyYzU2ZGRjMTMzODE1YjBmZGM5MDk0ODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRjYTWHT85AvoNoXlmo6RnDP2dYe
ireOU4AytL9iJgR3/xpUm9vP3Q4rznlKxi1Wz3/gU4Cn4Lh01jbSrVrAg5cexBLr
01ijQm5ooYryMjjSVmMdXbdtqd7LJsvVCU0LzKWhEH5kF5z+i08RPHPWo8nL5ZmK
qP7aRlK83BHMZYTeVOfTIc8se5cxyq6rAgWKJ9KiZpSaS6+Di7nuDaUKDmxbpOUQ
k0bGLdz8xy1UMe4EdBEou1XdKXnZl7vxB0cCs6uLmINvpOwA4eytF6ACmb3Uzs0J
ruNZtluTBIvwQKChzmnvTWYCEGwUxkFQtB2AsrA9ljLcslBukRjV0wlfIQIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFKEzZEA9QMFSxW3cEzgVsP3JCUhWMB8GA1UdIwQY
MBaAFDEkKFDK1BzfdaPJ1gsh/KVD90OEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEt
MDdlZDQ2YjE0OWMzLzEvb1ROa1FEMUF3VkxGYmR3VE9CV3dfY2tKU0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYTI3ZWMtZWIwYS00NDA2LWExZDEtMDdlZDQ2YjE0OWMz
LzEvTVNRb1VNclVITjkxbzhuV0N5SDhwVVAzUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQDBZ8YAwQF
PrDgAwQFW7ogAwQCXHbAAwQCuUjoAwQF1aKAMA0EAgACMAcDBQMqAQWAMA0GCSqG
SIb3DQEBCwUAA4IBAQAVgt+XgfA/DQrbUYPh5MOCJ288nfz18PMSleapKY90TzT5
64ToHl0wdlztakMFIPVR5dlhZtHqfz/Ur3V0CYthEwWSHR3JS25/IVy6YPCnpBc4
ErgjV1yvvVSlPBYxiu+lpnunG5CpPieCsPEpe46PeK9W0x8cWbDLZ+PK7RKArsOc
2UdoH3k0xkP6bdJDfdShdSb+JXxISYQow6jwGd6sGTW2WLHWg/WzimDSlHvXwU6g
5D4+a7HEk9YSYvhwMgDLva66ShLiYGWH57fXpIVi8xmdLAbLzVUEbMqmGORye0SQ
b7/+rAMS/FatTPVV+XfB/Xcugj5MN49S/UPy3rqM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:17 2024 by rpki-client on console-fra.rpki-client.org