Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/PKbD0rB8a1pz9TPM3SsDFUaIgTo.roa
File:                     PKbD0rB8a1pz9TPM3SsDFUaIgTo.roa (raw, json)
Hash identifier:          Cgmh4o3G6YSwElDszsXEVTdrCAqvwjQjSZRthOEVRBc=
Subject key identifier:   3C:A6:C3:D2:B0:7C:6B:5A:73:F5:33:CC:DD:2B:03:15:46:88:81:3A
Certificate issuer:       /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial:       01856F14A8CC74C4DCEE3EC29B553E241B5E
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/PKbD0rB8a1pz9TPM3SsDFUaIgTo.roa
Signing time:             Sun 01 Jan 2023 20:45:02 +0000
ROA not before:           Sun 01 Jan 2023 20:45:02 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21277
IP address blocks:        109.127.107.0/24 maxlen: 24
                          109.127.64.0/21 maxlen: 21
                          109.127.64.0/20 maxlen: 20
                          109.127.64.0/18 maxlen: 18
                          109.127.72.0/21 maxlen: 21
                          109.127.80.0/24 maxlen: 24
                          109.127.91.0/24 maxlen: 24
                          109.127.90.0/24 maxlen: 24
                          109.127.89.0/24 maxlen: 24
                          109.127.88.0/24 maxlen: 24
                          109.127.86.0/24 maxlen: 24
                          130.193.240.0/20 maxlen: 20
                          130.193.176.0/21 maxlen: 21
                          130.193.176.0/20 maxlen: 20
                          130.193.184.0/21 maxlen: 21
                          130.193.192.0/20 maxlen: 20
                          130.193.208.0/20 maxlen: 20
                          130.193.224.0/20 maxlen: 20
                          95.170.192.0/24 maxlen: 24
                          95.170.192.0/19 maxlen: 19
                          95.170.193.0/24 maxlen: 24
                          95.170.196.0/24 maxlen: 24
                          95.170.194.0/24 maxlen: 24
                          95.170.199.0/24 maxlen: 24
                          95.170.203.0/24 maxlen: 24
                          95.170.202.0/24 maxlen: 24
                          95.170.201.0/24 maxlen: 24
                          95.170.206.0/24 maxlen: 24
                          95.170.205.0/24 maxlen: 24
                          95.170.204.0/24 maxlen: 24
                          95.170.200.0/24 maxlen: 24
                          95.170.208.0/24 maxlen: 24
                          95.170.207.0/24 maxlen: 24
                          95.170.216.0/24 maxlen: 24
                          95.170.215.0/24 maxlen: 24
                          95.170.214.0/24 maxlen: 24
                          95.170.219.0/24 maxlen: 24
                          95.170.218.0/24 maxlen: 24
                          95.170.220.0/24 maxlen: 24
                          95.170.222.0/24 maxlen: 24
                          95.170.221.0/24 maxlen: 24
                          93.91.204.0/24 maxlen: 24
                          93.91.201.0/24 maxlen: 24
                          93.91.200.0/24 maxlen: 24
                          130.193.128.0/19 maxlen: 19
                          130.193.131.0/24 maxlen: 24
                          130.193.132.0/22 maxlen: 22
                          130.193.128.0/17 maxlen: 17
                          130.193.145.0/24 maxlen: 24
                          130.193.144.0/24 maxlen: 24
                          130.193.150.0/24 maxlen: 24
                          130.193.150.0/23 maxlen: 23
                          130.193.149.0/24 maxlen: 24
                          130.193.151.0/24 maxlen: 24
                          130.193.166.0/24 maxlen: 24
                          130.193.165.0/24 maxlen: 24
                          130.193.160.0/24 maxlen: 24
                          130.193.160.0/20 maxlen: 20
                          93.91.192.0/24 maxlen: 24
                          93.91.192.0/20 maxlen: 20
                          93.91.193.0/24 maxlen: 24
                          93.91.197.0/24 maxlen: 24
                          93.91.196.0/24 maxlen: 24
                          2a04:a040::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 13 Jul 2023 10:49:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:14:a8:cc:74:c4:dc:ee:3e:c2:9b:55:3e:24:1b:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
        Validity
            Not Before: Jan  1 20:45:02 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=3ca6c3d2b07c6b5a73f533ccdd2b03154688813a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:9b:f1:a2:24:11:6a:c4:3b:4a:1c:96:b7:9b:
                    e0:17:b9:fb:29:12:f1:07:27:1a:72:d8:28:0b:01:
                    e2:a3:45:c8:03:9f:59:a3:4c:b9:97:ac:59:83:f1:
                    2a:09:3a:1b:61:12:61:d0:35:44:46:a9:95:97:b0:
                    d5:ef:cf:67:5a:60:b7:50:2b:8c:ee:9a:d5:b8:fc:
                    16:c9:9d:f7:4d:17:0c:40:c6:14:d5:c7:52:44:c0:
                    cb:d2:71:62:be:9a:23:2c:c7:c2:ed:44:69:e3:59:
                    1d:2c:10:51:94:a7:bf:7b:e0:c6:53:e8:52:c4:a2:
                    0d:11:38:b3:84:8f:99:18:51:02:6b:fa:49:f3:0b:
                    29:10:a9:6e:1f:a9:4f:ca:3c:f7:41:ee:62:79:ea:
                    df:2a:51:87:84:2d:d0:18:f1:be:01:f5:9e:95:b2:
                    05:ca:fe:58:e2:7d:6d:db:3e:ba:26:6a:b6:64:23:
                    5f:2f:ef:50:e4:23:fa:00:2f:fc:55:b6:6a:ba:df:
                    d9:9f:e9:ea:3c:5a:de:85:21:22:5c:65:58:e1:a1:
                    5d:87:c2:54:9e:ed:07:7b:eb:d2:9c:9e:8a:6e:54:
                    33:ab:cb:a4:ae:30:88:26:3d:b0:87:3f:12:7a:81:
                    03:73:e4:b1:8b:02:8a:ed:73:1c:dd:67:f2:04:7c:
                    61:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:A6:C3:D2:B0:7C:6B:5A:73:F5:33:CC:DD:2B:03:15:46:88:81:3A
            X509v3 Authority Key Identifier:
                keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/PKbD0rB8a1pz9TPM3SsDFUaIgTo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.192.0/20
                  95.170.192.0/19
                  109.127.64.0/18
                  130.193.128.0/17
                IPv6:
                  2a04:a040::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:f0:ac:5d:35:f0:16:8c:8a:63:33:94:f7:c3:d3:9b:50:c0:
         86:4a:21:7a:5a:59:02:03:39:7f:67:a2:08:ba:cf:98:cb:f1:
         07:34:6f:db:8b:f2:26:54:99:a3:3e:28:bb:8e:7d:90:a1:8f:
         23:00:bf:5f:60:2b:6a:31:a5:61:cd:dc:ef:34:31:9c:e8:bd:
         da:61:82:3d:8f:ee:f2:5e:03:2f:7c:58:47:25:0a:1b:ab:13:
         d3:dd:3a:e7:e8:18:cc:d5:07:77:34:b1:93:cc:26:ed:d3:2a:
         6d:7d:fe:ed:44:38:55:74:b3:be:55:e0:06:36:7e:2a:11:cc:
         72:1a:bf:99:6d:76:68:87:75:61:f6:8e:7a:82:14:aa:a6:1a:
         90:ed:b5:bf:1e:58:29:af:90:f3:83:0e:9c:01:e3:5e:64:dd:
         b0:20:a5:e4:ac:4a:5a:55:70:3d:fc:3f:e7:29:5a:6e:3a:2d:
         a6:47:3f:22:65:90:14:1a:27:dc:09:04:40:e8:75:93:2b:46:
         37:a0:47:fb:cf:63:ea:46:37:2d:e9:ef:eb:c7:91:a8:77:d0:
         28:cd:dd:5f:32:31:d7:40:a8:dd:74:09:a0:ec:e5:7a:dc:b5:
         ea:58:4e:20:22:d6:bf:ff:d1:74:99:3a:96:ac:b3:bc:e2:2d:
         a7:a6:18:fa
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVvFKjMdMTc7j7Cm1U+JBteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMGY3YTA0ZGQ3MjQ5YTVkMTRiN2RlMDU0MmE0MTk3Mzgw
MDA2Y2MwHhcNMjMwMTAxMjA0NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2E2YzNkMmIwN2M2YjVhNzNmNTMzY2NkZDJiMDMxNTQ2ODg4MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZvxoiQRasQ7ShyWt5vgF7n7KRLx
BycactgoCwHio0XIA59Zo0y5l6xZg/EqCTobYRJh0DVERqmVl7DV789nWmC3UCuM
7prVuPwWyZ33TRcMQMYU1cdSRMDL0nFivpojLMfC7URp41kdLBBRlKe/e+DGU+hS
xKINETizhI+ZGFECa/pJ8wspEKluH6lPyjz3Qe5ieerfKlGHhC3QGPG+AfWelbIF
yv5Y4n1t2z66Jmq2ZCNfL+9Q5CP6AC/8VbZqut/Zn+nqPFrehSEiXGVY4aFdh8JU
nu0He+vSnJ6KblQzq8ukrjCIJj2whz8SeoEDc+SxiwKK7XMc3WfyBHxhTwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFDymw9KwfGtac/UzzN0rAxVGiIE6MB8GA1UdIwQY
MBaAFAwPegTdckml0Ut94FQqQZc4AAbMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTIt
YTNjYmVmZmY3Nzc3LzEvUEtiRDByQjhhMXB6OVRQTTNTc0RGVWFJZ1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTItYTNjYmVmZmY3Nzc3
LzEvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXVvAAwQF
X6rAAwQGbX9AAwQHgsGAMA0EAgACMAcDBQMqBKBAMA0GCSqGSIb3DQEBCwUAA4IB
AQAp8KxdNfAWjIpjM5T3w9ObUMCGSiF6WlkCAzl/Z6IIus+Yy/EHNG/bi/ImVJmj
Pii7jn2QoY8jAL9fYCtqMaVhzdzvNDGc6L3aYYI9j+7yXgMvfFhHJQobqxPT3Trn
6BjM1Qd3NLGTzCbt0yptff7tRDhVdLO+VeAGNn4qEcxyGr+ZbXZoh3Vh9o56ghSq
phqQ7bW/Hlgpr5Dzgw6cAeNeZN2wIKXkrEpaVXA9/D/nKVpuOi2mRz8iZZAUGifc
CQRA6HWTK0Y3oEf7z2PqRjct6e/rx5God9Aozd1fMjHXQKjddAmg7OV63LXqWE4g
Ita//9F0mTqWrLO84i2nphj6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:49 2024 by rpki-client on console-ams.rpki-client.org