Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/sPh7l2nxQT_cCSoMH0xRZlTv2tg.roa
File:                     sPh7l2nxQT_cCSoMH0xRZlTv2tg.roa (raw, json)
Hash identifier:          /Vcx2wbBBzleye2p/0j/tGyKT3kt8Luj6Y9VD92eQus=
Subject key identifier:   B0:F8:7B:97:69:F1:41:3F:DC:09:2A:0C:1F:4C:51:66:54:EF:DA:D8
Certificate issuer:       /CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
Certificate serial:       018CC86F7146730C5258E5A3CFC8B3B8900A
Authority key identifier: 43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/sPh7l2nxQT_cCSoMH0xRZlTv2tg.roa
Signing time:             Tue 02 Jan 2024 04:29:55 +0000
ROA not before:           Tue 02 Jan 2024 04:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198912
IP address blocks:        57.191.0.0/21 maxlen: 24
                          57.191.224.0/19 maxlen: 24
                          57.191.127.0/24 maxlen: 24
                          57.191.192.0/19 maxlen: 24
                          2a0a:90c2::/36 maxlen: 36
                          2a0a:90c2:1000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Wed 10 Jan 2024 16:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:71:46:73:0c:52:58:e5:a3:cf:c8:b3:b8:90:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43d5ba0815c9f5193f80989ee893acacc4ba8849
        Validity
            Not Before: Jan  2 04:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b0f87b9769f1413fdc092a0c1f4c516654efdad8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:55:8d:e0:05:35:0a:cd:44:2e:b7:0f:27:44:
                    77:55:3b:74:27:06:81:46:cc:cf:a7:63:86:cd:12:
                    ef:73:4b:3d:68:a9:09:9b:84:de:b8:a4:bb:14:b6:
                    88:0a:ba:76:2e:fd:23:d5:e9:08:1a:eb:df:85:10:
                    ab:48:fb:a6:f7:ea:de:f7:27:5c:08:4b:c1:19:8f:
                    1b:c7:53:51:e9:d7:b0:d8:ba:c9:63:b0:6f:6f:e6:
                    1a:a1:ef:40:89:9e:cd:3e:25:ea:2e:79:16:40:f9:
                    ef:c5:7a:4a:3a:1f:93:aa:61:4f:d4:96:b6:9f:2f:
                    d7:95:c6:68:74:f2:b6:8d:44:ad:1a:cb:b0:8a:91:
                    9f:e7:e2:26:cd:2c:3e:b4:b3:38:59:a5:40:71:46:
                    24:e0:61:0e:d4:b4:27:bc:c4:53:c8:6f:07:4e:0a:
                    42:a3:67:9d:c4:90:b8:51:6a:34:5d:2d:ed:0a:ae:
                    e6:c1:8c:08:9a:12:45:3c:0d:61:59:b1:9b:15:6b:
                    95:0e:42:45:8a:74:1f:4b:64:84:20:19:e7:02:c7:
                    a5:74:78:3e:66:b7:8a:15:35:4e:6a:e7:9b:d7:88:
                    cb:92:e1:cd:4d:30:1d:6a:8b:a7:7b:d8:be:0e:dc:
                    a4:98:23:42:c8:41:7c:d8:a1:55:c4:a1:e6:e0:5a:
                    da:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F8:7B:97:69:F1:41:3F:DC:09:2A:0C:1F:4C:51:66:54:EF:DA:D8
            X509v3 Authority Key Identifier:
                keyid:43:D5:BA:08:15:C9:F5:19:3F:80:98:9E:E8:93:AC:AC:C4:BA:88:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/sPh7l2nxQT_cCSoMH0xRZlTv2tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/7282b4-7f11-4ee0-abea-e13e5579c5dc/1/Q9W6CBXJ9Rk_gJie6JOsrMS6iEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  57.191.0.0/21
                  57.191.127.0/24
                  57.191.192.0/18
                IPv6:
                  2a0a:90c2::/35

    Signature Algorithm: sha256WithRSAEncryption
         69:3c:da:53:d6:2d:03:ca:a8:29:25:30:e6:4d:da:35:02:d2:
         33:6d:ba:3e:c7:e1:d4:6c:e1:c8:48:41:90:22:ab:6b:92:3b:
         22:17:50:eb:ee:c7:9e:7a:03:d3:29:0b:78:c8:c5:01:55:ae:
         86:dd:09:4f:53:69:bd:f5:d0:63:52:dc:eb:06:e6:1b:c0:77:
         c5:71:a1:3b:6f:2f:0c:25:71:3d:d8:57:47:1e:14:05:72:a2:
         d8:91:9f:ba:80:47:27:6d:43:7c:a2:a8:6c:02:f4:a1:86:4f:
         d0:19:bd:4e:fe:11:cb:d4:7a:29:6f:fb:3a:b6:61:43:75:53:
         62:67:43:e3:b9:13:77:73:ba:5a:1b:ab:d7:95:6a:e0:c1:af:
         02:c7:e6:ef:0a:dd:6d:4b:dd:84:5e:da:5a:fe:43:9e:f8:d6:
         fa:8c:f0:c2:9d:5b:cb:41:7e:98:6b:e2:95:e1:d1:60:c8:e7:
         7c:89:8a:71:e0:62:c5:ee:aa:eb:bd:d1:99:cc:d7:5d:c8:c5:
         71:9a:b1:fd:e7:b9:0b:02:cd:d8:e1:c8:43:08:77:79:f6:97:
         d8:d8:f3:33:1b:ef:54:fb:5e:67:74:7a:41:47:6e:31:35:74:
         9b:03:54:48:c6:c9:cf:8c:be:f9:b2:12:f9:ae:96:d8:37:59:
         be:8d:3b:e2
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzIb3FGcwxSWOWjz8izuJAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzZDViYTA4MTVjOWY1MTkzZjgwOTg5ZWU4OTNhY2FjYzRi
YTg4NDkwHhcNMjQwMTAyMDQyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY4N2I5NzY5ZjE0MTNmZGMwOTJhMGMxZjRjNTE2NjU0ZWZkYWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgFWN4AU1Cs1ELrcPJ0R3VTt0JwaB
RszPp2OGzRLvc0s9aKkJm4TeuKS7FLaICrp2Lv0j1ekIGuvfhRCrSPum9+re9ydc
CEvBGY8bx1NR6dew2LrJY7Bvb+Yaoe9AiZ7NPiXqLnkWQPnvxXpKOh+TqmFP1Ja2
ny/XlcZodPK2jUStGsuwipGf5+ImzSw+tLM4WaVAcUYk4GEO1LQnvMRTyG8HTgpC
o2edxJC4UWo0XS3tCq7mwYwImhJFPA1hWbGbFWuVDkJFinQfS2SEIBnnAseldHg+
ZreKFTVOaueb14jLkuHNTTAdaoune9i+DtykmCNCyEF82KFVxKHm4FrafQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFLD4e5dp8UE/3AkqDB9MUWZU79rYMB8GA1UdIwQY
MBaAFEPVuggVyfUZP4CYnuiTrKzEuohJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEt
ZTEzZTU1NzljNWRjLzEvc1BoN2wybnhRVF9jQ1NvTUgweFJabFR2MnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83MjgyYjQtN2YxMS00ZWUwLWFiZWEtZTEzZTU1NzljNWRj
LzEvUTlXNkNCWEo5UmtfZ0ppZTZKT3NyTVM2aUVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAYBAIAATASAwQDOb8AAwQA
Ob9/AwQGOb/AMA4EAgACMAgDBgUqCpDCADANBgkqhkiG9w0BAQsFAAOCAQEAaTza
U9YtA8qoKSUw5k3aNQLSM226Psfh1GzhyEhBkCKra5I7IhdQ6+7HnnoD0ykLeMjF
AVWuht0JT1NpvfXQY1Lc6wbmG8B3xXGhO28vDCVxPdhXRx4UBXKi2JGfuoBHJ21D
fKKobAL0oYZP0Bm9Tv4Ry9R6KW/7OrZhQ3VTYmdD47kTd3O6Whur15Vq4MGvAsfm
7wrdbUvdhF7aWv5DnvjW+ozwwp1by0F+mGvileHRYMjnfImKceBixe6q673RmczX
XcjFcZqx/ee5CwLN2OHIQwh3efaX2NjzMxvvVPteZ3R6QUduMTV0mwNUSMbJz4y+
+bIS+a6W2DdZvo074g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:17 2024 by rpki-client on console-fra.rpki-client.org