Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/9hrSdXad5zi3ezSD4ZY0P4qTv7k.roa
File:                     9hrSdXad5zi3ezSD4ZY0P4qTv7k.roa (raw, json)
Hash identifier:          97ahVxG7x/BvpeJY/5+3Ll1PxZJvmsmsKD/ZdudZ5go=
Subject key identifier:   F6:1A:D2:75:76:9D:E7:38:B7:7B:34:83:E1:96:34:3F:8A:93:BF:B9
Certificate issuer:       /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial:       018C149A8A8950F2B9E7AB47D24D114CB345
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/9hrSdXad5zi3ezSD4ZY0P4qTv7k.roa
Signing time:             Tue 28 Nov 2023 06:25:21 +0000
ROA not before:           Tue 28 Nov 2023 06:25:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21277
IP address blocks:        109.127.107.0/24 maxlen: 24
                          109.127.64.0/21 maxlen: 21
                          109.127.64.0/20 maxlen: 20
                          109.127.64.0/18 maxlen: 18
                          109.127.72.0/21 maxlen: 21
                          109.127.80.0/24 maxlen: 24
                          109.127.91.0/24 maxlen: 24
                          109.127.90.0/24 maxlen: 24
                          109.127.89.0/24 maxlen: 24
                          109.127.88.0/24 maxlen: 24
                          109.127.86.0/24 maxlen: 24
                          130.193.240.0/20 maxlen: 20
                          130.193.176.0/21 maxlen: 21
                          130.193.176.0/20 maxlen: 20
                          130.193.184.0/21 maxlen: 21
                          130.193.192.0/20 maxlen: 20
                          130.193.208.0/20 maxlen: 20
                          130.193.224.0/20 maxlen: 20
                          95.170.192.0/24 maxlen: 24
                          95.170.192.0/19 maxlen: 19
                          95.170.193.0/24 maxlen: 24
                          95.170.196.0/24 maxlen: 24
                          95.170.194.0/24 maxlen: 24
                          95.170.199.0/24 maxlen: 24
                          95.170.203.0/24 maxlen: 24
                          95.170.202.0/24 maxlen: 24
                          95.170.201.0/24 maxlen: 24
                          95.170.206.0/24 maxlen: 24
                          95.170.205.0/24 maxlen: 24
                          95.170.204.0/24 maxlen: 24
                          95.170.200.0/24 maxlen: 24
                          95.170.208.0/24 maxlen: 24
                          95.170.207.0/24 maxlen: 24
                          95.170.217.0/24 maxlen: 24
                          95.170.216.0/24 maxlen: 24
                          95.170.215.0/24 maxlen: 24
                          95.170.214.0/24 maxlen: 24
                          95.170.219.0/24 maxlen: 24
                          95.170.218.0/24 maxlen: 24
                          95.170.220.0/24 maxlen: 24
                          95.170.222.0/24 maxlen: 24
                          95.170.221.0/24 maxlen: 24
                          93.91.204.0/24 maxlen: 24
                          93.91.201.0/24 maxlen: 24
                          93.91.200.0/24 maxlen: 24
                          130.193.128.0/19 maxlen: 19
                          130.193.131.0/24 maxlen: 24
                          130.193.132.0/22 maxlen: 22
                          130.193.128.0/17 maxlen: 17
                          130.193.145.0/24 maxlen: 24
                          130.193.144.0/24 maxlen: 24
                          130.193.150.0/24 maxlen: 24
                          130.193.150.0/23 maxlen: 23
                          130.193.149.0/24 maxlen: 24
                          130.193.151.0/24 maxlen: 24
                          130.193.166.0/24 maxlen: 24
                          130.193.165.0/24 maxlen: 24
                          130.193.160.0/24 maxlen: 24
                          130.193.160.0/20 maxlen: 20
                          93.91.192.0/24 maxlen: 24
                          93.91.192.0/20 maxlen: 20
                          93.91.193.0/24 maxlen: 24
                          93.91.197.0/24 maxlen: 24
                          93.91.196.0/24 maxlen: 24
                          93.91.195.0/24 maxlen: 24
                          2a04:a040::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 11 Dec 2023 12:53:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:14:9a:8a:89:50:f2:b9:e7:ab:47:d2:4d:11:4c:b3:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
        Validity
            Not Before: Nov 28 06:25:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=f61ad275769de738b77b3483e196343f8a93bfb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:af:ce:42:32:27:bb:0e:54:9d:71:43:80:1b:
                    d1:e1:61:b3:fa:7d:da:33:17:c7:1e:55:7d:0d:d6:
                    55:f8:81:2c:44:ed:2f:bb:98:ef:74:41:f3:4b:58:
                    8e:81:4e:48:87:7c:5a:a0:e6:69:98:a0:58:6a:86:
                    bb:c5:88:84:90:41:c6:d1:0e:05:ce:9d:b2:ae:a8:
                    09:91:1a:c1:c4:69:8a:fb:df:81:2e:c0:3f:f9:fa:
                    2e:16:ce:d2:f8:ea:c3:f8:fd:95:9a:4a:40:ba:20:
                    60:83:37:ee:cd:85:ac:2b:70:27:e9:76:48:b4:3c:
                    f0:c2:71:a9:d5:1d:83:0c:7a:e4:67:44:7f:b8:91:
                    26:52:97:2b:eb:1b:1a:99:cd:29:93:f8:e2:9d:44:
                    39:79:60:92:19:98:0c:ba:3b:ce:cc:4c:8f:6e:30:
                    65:c0:dd:44:47:f6:90:0f:73:39:97:26:c2:77:ff:
                    68:9a:f5:81:ab:fd:67:89:53:07:72:68:e9:1e:f2:
                    6f:61:db:e8:e2:62:eb:81:97:2d:dc:61:2d:48:59:
                    22:65:44:a3:43:85:3c:5a:6a:60:54:37:3d:e3:fb:
                    dd:4f:1a:f7:39:47:73:bd:4f:bd:2f:ce:a4:07:aa:
                    cf:18:5b:e9:c4:72:f2:ea:39:97:03:51:99:37:c2:
                    b1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1A:D2:75:76:9D:E7:38:B7:7B:34:83:E1:96:34:3F:8A:93:BF:B9
            X509v3 Authority Key Identifier:
                keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/9hrSdXad5zi3ezSD4ZY0P4qTv7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.192.0/20
                  95.170.192.0/19
                  109.127.64.0/18
                  130.193.128.0/17
                IPv6:
                  2a04:a040::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:fa:73:2a:35:61:1c:82:e8:0d:14:8e:b8:de:48:c9:ca:69:
         66:d5:e8:e9:1f:97:17:1d:bf:35:ce:cb:48:45:79:dd:0c:31:
         c7:62:7a:ef:14:6d:bf:6f:2a:99:b3:72:27:c9:2f:42:3b:c4:
         26:c3:c8:f6:98:7d:4a:26:32:82:00:f8:74:53:ac:c3:2b:4a:
         51:14:26:47:ec:55:43:3b:5e:4a:4c:e8:d6:dd:84:e3:1b:53:
         f5:fa:cc:b8:4e:c1:ca:b5:25:9e:18:fb:24:d9:1d:0a:cf:67:
         4e:36:87:33:60:77:45:a5:97:87:8a:69:fb:29:93:d8:e4:bc:
         45:0b:96:4b:14:ac:fe:d9:52:cb:9d:86:e8:ca:08:bd:08:94:
         bd:46:f4:d1:6c:57:57:d6:49:be:e7:62:b7:61:05:14:57:47:
         32:46:9b:41:0e:29:70:62:0c:9b:33:63:19:89:46:f4:8c:3e:
         f7:46:3b:d0:7d:17:0a:8e:49:18:6b:d5:18:9e:09:7c:70:e7:
         b3:19:78:ef:4a:3c:c3:fd:5d:67:71:f4:00:d4:e0:ec:e3:f2:
         86:57:06:c7:5e:d7:69:9e:2b:2d:39:7c:5f:d4:3f:8c:95:24:
         96:57:c9:9a:3a:0c:cc:21:e4:38:be:95:fb:d9:4f:a3:a2:80:
         f5:cf:76:f9
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYwUmoqJUPK556tH0k0RTLNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMGY3YTA0ZGQ3MjQ5YTVkMTRiN2RlMDU0MmE0MTk3Mzgw
MDA2Y2MwHhcNMjMxMTI4MDYyNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFhZDI3NTc2OWRlNzM4Yjc3YjM0ODNlMTk2MzQzZjhhOTNiZmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA36/OQjInuw5UnXFDgBvR4WGz+n3a
MxfHHlV9DdZV+IEsRO0vu5jvdEHzS1iOgU5Ih3xaoOZpmKBYaoa7xYiEkEHG0Q4F
zp2yrqgJkRrBxGmK+9+BLsA/+fouFs7S+OrD+P2VmkpAuiBggzfuzYWsK3An6XZI
tDzwwnGp1R2DDHrkZ0R/uJEmUpcr6xsamc0pk/jinUQ5eWCSGZgMujvOzEyPbjBl
wN1ER/aQD3M5lybCd/9omvWBq/1niVMHcmjpHvJvYdvo4mLrgZct3GEtSFkiZUSj
Q4U8WmpgVDc94/vdTxr3OUdzvU+9L86kB6rPGFvpxHLy6jmXA1GZN8Kx/wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFPYa0nV2nec4t3s0g+GWND+Kk7+5MB8GA1UdIwQY
MBaAFAwPegTdckml0Ut94FQqQZc4AAbMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTIt
YTNjYmVmZmY3Nzc3LzEvOWhyU2RYYWQ1emkzZXpTRDRaWTBQNHFUdjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTItYTNjYmVmZmY3Nzc3
LzEvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXVvAAwQF
X6rAAwQGbX9AAwQHgsGAMA0EAgACMAcDBQMqBKBAMA0GCSqGSIb3DQEBCwUAA4IB
AQAg+nMqNWEcgugNFI643kjJymlm1ejpH5cXHb81zstIRXndDDHHYnrvFG2/byqZ
s3InyS9CO8Qmw8j2mH1KJjKCAPh0U6zDK0pRFCZH7FVDO15KTOjW3YTjG1P1+sy4
TsHKtSWeGPsk2R0Kz2dONoczYHdFpZeHimn7KZPY5LxFC5ZLFKz+2VLLnYboygi9
CJS9RvTRbFdX1km+52K3YQUUV0cyRptBDilwYgybM2MZiUb0jD73RjvQfRcKjkkY
a9UYngl8cOezGXjvSjzD/V1ncfQA1ODs4/KGVwbHXtdpnistOXxf1D+MlSSWV8ma
OgzMIeQ4vpX72U+jooD1z3b5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:49 2024 by rpki-client on console-ams.rpki-client.org