Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/1GEjX374ORZ4hUBdRwJ_38lyFbE.roa
File:                     1GEjX374ORZ4hUBdRwJ_38lyFbE.roa (raw, json)
Hash identifier:          eOL+7/3TER1RX0SlsRNC7OCgJ6951Zi4OBNjS7i//FE=
Subject key identifier:   D4:61:23:5F:7E:F8:39:16:78:85:40:5D:47:02:7F:DF:C9:72:15:B1
Certificate issuer:       /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial:       018C58F0345D0AAF148853A7B1E023DC2615
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/1GEjX374ORZ4hUBdRwJ_38lyFbE.roa
Signing time:             Mon 11 Dec 2023 12:53:06 +0000
ROA not before:           Mon 11 Dec 2023 12:53:06 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21277
IP address blocks:        109.127.107.0/24 maxlen: 24
                          109.127.64.0/20 maxlen: 20
                          109.127.64.0/21 maxlen: 21
                          109.127.64.0/18 maxlen: 18
                          109.127.72.0/21 maxlen: 21
                          109.127.80.0/24 maxlen: 24
                          109.127.91.0/24 maxlen: 24
                          109.127.90.0/24 maxlen: 24
                          109.127.89.0/24 maxlen: 24
                          109.127.88.0/24 maxlen: 24
                          109.127.86.0/24 maxlen: 24
                          130.193.240.0/20 maxlen: 20
                          130.193.176.0/20 maxlen: 20
                          130.193.176.0/21 maxlen: 21
                          130.193.184.0/21 maxlen: 21
                          130.193.192.0/20 maxlen: 20
                          130.193.208.0/20 maxlen: 20
                          130.193.224.0/20 maxlen: 20
                          95.170.192.0/24 maxlen: 24
                          95.170.192.0/19 maxlen: 19
                          95.170.193.0/24 maxlen: 24
                          95.170.196.0/24 maxlen: 24
                          95.170.194.0/24 maxlen: 24
                          95.170.199.0/24 maxlen: 24
                          95.170.203.0/24 maxlen: 24
                          95.170.202.0/24 maxlen: 24
                          95.170.201.0/24 maxlen: 24
                          95.170.206.0/24 maxlen: 24
                          95.170.205.0/24 maxlen: 24
                          95.170.204.0/24 maxlen: 24
                          95.170.200.0/24 maxlen: 24
                          95.170.208.0/24 maxlen: 24
                          95.170.207.0/24 maxlen: 24
                          95.170.217.0/24 maxlen: 24
                          95.170.216.0/24 maxlen: 24
                          95.170.215.0/24 maxlen: 24
                          95.170.214.0/24 maxlen: 24
                          95.170.219.0/24 maxlen: 24
                          95.170.218.0/24 maxlen: 24
                          95.170.220.0/24 maxlen: 24
                          95.170.222.0/24 maxlen: 24
                          95.170.221.0/24 maxlen: 24
                          93.91.204.0/24 maxlen: 24
                          93.91.201.0/24 maxlen: 24
                          93.91.200.0/24 maxlen: 24
                          130.193.128.0/19 maxlen: 19
                          130.193.131.0/24 maxlen: 24
                          130.193.132.0/22 maxlen: 22
                          130.193.128.0/17 maxlen: 17
                          130.193.145.0/24 maxlen: 24
                          130.193.144.0/24 maxlen: 24
                          130.193.150.0/24 maxlen: 24
                          130.193.150.0/23 maxlen: 23
                          130.193.149.0/24 maxlen: 24
                          130.193.148.0/24 maxlen: 24
                          130.193.151.0/24 maxlen: 24
                          130.193.166.0/24 maxlen: 24
                          130.193.165.0/24 maxlen: 24
                          130.193.160.0/24 maxlen: 24
                          130.193.160.0/20 maxlen: 20
                          93.91.192.0/24 maxlen: 24
                          93.91.192.0/20 maxlen: 20
                          93.91.193.0/24 maxlen: 24
                          93.91.197.0/24 maxlen: 24
                          93.91.196.0/24 maxlen: 24
                          93.91.195.0/24 maxlen: 24
                          2a04:a040::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:29:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:58:f0:34:5d:0a:af:14:88:53:a7:b1:e0:23:dc:26:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
        Validity
            Not Before: Dec 11 12:53:06 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=d461235f7ef839167885405d47027fdfc97215b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:05:85:a9:0c:bf:4f:4e:92:46:e4:89:b2:2e:
                    8d:b2:d5:13:a0:bb:20:cc:b1:29:5f:2f:ee:92:e4:
                    2b:2a:e9:6a:fd:67:c3:a9:0e:e9:24:68:28:98:b3:
                    bb:88:f5:d2:fd:b8:1f:83:fe:82:fe:69:48:46:d3:
                    a0:7d:4d:6b:89:9f:85:d2:b0:f9:1e:49:da:0c:8c:
                    fe:6b:a1:5d:48:ee:56:c0:b1:16:33:4b:1f:1e:35:
                    d8:68:da:a1:65:95:1b:d5:9a:44:e0:08:72:1d:ca:
                    4f:d3:c3:38:15:d4:a0:1b:a4:81:16:20:e7:65:0d:
                    c0:5c:a3:57:48:41:26:60:53:d2:56:eb:a9:f7:67:
                    8a:31:bd:fa:36:e6:33:ca:56:49:3b:ff:f9:14:40:
                    cb:eb:2e:0f:dd:aa:a9:a8:2e:4a:38:c7:31:01:28:
                    1d:d3:4c:ae:bd:db:5a:70:ac:00:74:d2:54:22:33:
                    fa:06:4b:a9:5a:11:ab:a6:bc:f0:82:f0:2e:63:e2:
                    87:1c:4d:d3:73:bb:29:be:24:a2:e3:85:e9:6f:f2:
                    85:dd:ca:66:42:1c:a2:12:1b:7f:6d:96:a3:5b:a1:
                    fa:97:d9:30:32:bf:4a:5c:f9:17:6d:cd:f5:93:c3:
                    62:b4:a9:17:1f:11:03:19:7e:c0:e4:15:7f:88:e8:
                    6c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:61:23:5F:7E:F8:39:16:78:85:40:5D:47:02:7F:DF:C9:72:15:B1
            X509v3 Authority Key Identifier:
                keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/1GEjX374ORZ4hUBdRwJ_38lyFbE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.192.0/20
                  95.170.192.0/19
                  109.127.64.0/18
                  130.193.128.0/17
                IPv6:
                  2a04:a040::/29

    Signature Algorithm: sha256WithRSAEncryption
         58:04:db:aa:7d:f7:8e:65:2a:36:71:ff:7f:6a:b0:6a:71:cd:
         e0:ee:00:b1:56:b8:27:db:1d:ce:d8:6e:f4:2d:e5:85:66:cf:
         6e:2e:3e:e9:48:17:2f:cf:ad:9d:b1:a4:65:0e:64:30:51:a1:
         c2:f6:30:c0:9c:07:1c:9c:91:0f:2a:6c:fb:0b:09:af:52:35:
         1e:58:da:19:d1:4a:e1:3e:2e:cf:c7:7f:f6:5d:8e:60:4b:7f:
         9e:12:dc:db:e8:04:1b:57:f3:8c:66:fe:68:72:6a:48:e9:8d:
         d7:05:68:93:49:d7:28:6b:b2:7f:d7:c2:46:ee:33:ec:65:c9:
         4c:ab:05:62:83:4d:d6:e9:8d:6d:95:14:69:b3:58:49:24:34:
         62:d5:6f:75:f6:86:a1:4d:5f:e8:df:de:71:0c:ac:16:ab:ac:
         40:e9:68:45:d1:4d:40:23:87:f3:ef:d3:23:b6:74:c9:d4:20:
         94:ad:38:ce:e3:b3:a8:b6:d5:f9:bd:0e:b9:6f:c1:69:73:2b:
         37:55:9b:ec:3f:65:ce:18:c6:69:4d:a0:94:cc:e0:2b:e5:39:
         bb:82:78:33:4b:7c:f4:d8:57:6a:52:27:4b:4b:35:74:8c:7a:
         4b:6c:b4:9e:23:93:3f:8f:a6:f8:7c:76:73:36:38:f4:c8:93:
         f3:d3:74:25
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYxY8DRdCq8UiFOnseAj3CYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMGY3YTA0ZGQ3MjQ5YTVkMTRiN2RlMDU0MmE0MTk3Mzgw
MDA2Y2MwHhcNMjMxMjExMTI1MzA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDYxMjM1ZjdlZjgzOTE2Nzg4NTQwNWQ0NzAyN2ZkZmM5NzIxNWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgWFqQy/T06SRuSJsi6NstUToLsg
zLEpXy/ukuQrKulq/WfDqQ7pJGgomLO7iPXS/bgfg/6C/mlIRtOgfU1riZ+F0rD5
HknaDIz+a6FdSO5WwLEWM0sfHjXYaNqhZZUb1ZpE4AhyHcpP08M4FdSgG6SBFiDn
ZQ3AXKNXSEEmYFPSVuup92eKMb36NuYzylZJO//5FEDL6y4P3aqpqC5KOMcxASgd
00yuvdtacKwAdNJUIjP6BkupWhGrprzwgvAuY+KHHE3Tc7spviSi44Xpb/KF3cpm
QhyiEht/bZajW6H6l9kwMr9KXPkXbc31k8NitKkXHxEDGX7A5BV/iOhszQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNRhI19++DkWeIVAXUcCf9/JchWxMB8GA1UdIwQY
MBaAFAwPegTdckml0Ut94FQqQZc4AAbMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTIt
YTNjYmVmZmY3Nzc3LzEvMUdFalgzNzRPUlo0aFVCZFJ3Sl8zOGx5RmJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTItYTNjYmVmZmY3Nzc3
LzEvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXVvAAwQF
X6rAAwQGbX9AAwQHgsGAMA0EAgACMAcDBQMqBKBAMA0GCSqGSIb3DQEBCwUAA4IB
AQBYBNuqffeOZSo2cf9/arBqcc3g7gCxVrgn2x3O2G70LeWFZs9uLj7pSBcvz62d
saRlDmQwUaHC9jDAnAccnJEPKmz7CwmvUjUeWNoZ0UrhPi7Px3/2XY5gS3+eEtzb
6AQbV/OMZv5ocmpI6Y3XBWiTSdcoa7J/18JG7jPsZclMqwVig03W6Y1tlRRps1hJ
JDRi1W919oahTV/o395xDKwWq6xA6WhF0U1AI4fz79MjtnTJ1CCUrTjO47OottX5
vQ65b8Fpcys3VZvsP2XOGMZpTaCUzOAr5Tm7gngzS3z02FdqUidLSzV0jHpLbLSe
I5M/j6b4fHZzNjj0yJPz03Ql
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:01 2024 by rpki-client on console-fra.rpki-client.org