Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/Uj8LBxpebFCItw7SLR2XwrEx0e8.roa
File:                     Uj8LBxpebFCItw7SLR2XwrEx0e8.roa (raw, json)
Hash identifier:          JqApFxzxfojQ8WVKb5Md5/wBYpE75wB3W7FR8jg+hjw=
Subject key identifier:   52:3F:0B:07:1A:5E:6C:50:88:B7:0E:D2:2D:1D:97:C2:B1:31:D1:EF
Certificate issuer:       /CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
Certificate serial:       01894EDF1A65DB33114BF09717523D43DABF
Authority key identifier: 0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/Uj8LBxpebFCItw7SLR2XwrEx0e8.roa
Signing time:             Thu 13 Jul 2023 10:49:51 +0000
ROA not before:           Thu 13 Jul 2023 10:49:51 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21277
IP address blocks:        109.127.107.0/24 maxlen: 24
                          109.127.64.0/20 maxlen: 20
                          109.127.64.0/21 maxlen: 21
                          109.127.64.0/18 maxlen: 18
                          109.127.72.0/21 maxlen: 21
                          109.127.80.0/24 maxlen: 24
                          109.127.91.0/24 maxlen: 24
                          109.127.90.0/24 maxlen: 24
                          109.127.89.0/24 maxlen: 24
                          109.127.88.0/24 maxlen: 24
                          109.127.86.0/24 maxlen: 24
                          130.193.240.0/20 maxlen: 20
                          130.193.176.0/20 maxlen: 20
                          130.193.176.0/21 maxlen: 21
                          130.193.184.0/21 maxlen: 21
                          130.193.192.0/20 maxlen: 20
                          130.193.208.0/20 maxlen: 20
                          130.193.224.0/20 maxlen: 20
                          95.170.192.0/24 maxlen: 24
                          95.170.192.0/19 maxlen: 19
                          95.170.193.0/24 maxlen: 24
                          95.170.196.0/24 maxlen: 24
                          95.170.194.0/24 maxlen: 24
                          95.170.199.0/24 maxlen: 24
                          95.170.203.0/24 maxlen: 24
                          95.170.202.0/24 maxlen: 24
                          95.170.201.0/24 maxlen: 24
                          95.170.206.0/24 maxlen: 24
                          95.170.205.0/24 maxlen: 24
                          95.170.204.0/24 maxlen: 24
                          95.170.200.0/24 maxlen: 24
                          95.170.208.0/24 maxlen: 24
                          95.170.207.0/24 maxlen: 24
                          95.170.217.0/24 maxlen: 24
                          95.170.216.0/24 maxlen: 24
                          95.170.215.0/24 maxlen: 24
                          95.170.214.0/24 maxlen: 24
                          95.170.219.0/24 maxlen: 24
                          95.170.218.0/24 maxlen: 24
                          95.170.220.0/24 maxlen: 24
                          95.170.222.0/24 maxlen: 24
                          95.170.221.0/24 maxlen: 24
                          93.91.204.0/24 maxlen: 24
                          93.91.201.0/24 maxlen: 24
                          93.91.200.0/24 maxlen: 24
                          130.193.128.0/19 maxlen: 19
                          130.193.131.0/24 maxlen: 24
                          130.193.132.0/22 maxlen: 22
                          130.193.128.0/17 maxlen: 17
                          130.193.145.0/24 maxlen: 24
                          130.193.144.0/24 maxlen: 24
                          130.193.150.0/24 maxlen: 24
                          130.193.150.0/23 maxlen: 23
                          130.193.149.0/24 maxlen: 24
                          130.193.151.0/24 maxlen: 24
                          130.193.166.0/24 maxlen: 24
                          130.193.165.0/24 maxlen: 24
                          130.193.160.0/24 maxlen: 24
                          130.193.160.0/20 maxlen: 20
                          93.91.192.0/24 maxlen: 24
                          93.91.192.0/20 maxlen: 20
                          93.91.193.0/24 maxlen: 24
                          93.91.197.0/24 maxlen: 24
                          93.91.196.0/24 maxlen: 24
                          2a04:a040::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 28 Nov 2023 06:25:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:4e:df:1a:65:db:33:11:4b:f0:97:17:52:3d:43:da:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c0f7a04dd7249a5d14b7de0542a4197380006cc
        Validity
            Not Before: Jul 13 10:49:51 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=523f0b071a5e6c5088b70ed22d1d97c2b131d1ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:49:33:6f:05:65:7a:8d:99:5b:0d:c4:65:0f:
                    d0:a1:34:a7:18:10:e1:64:1e:19:80:12:49:fa:28:
                    f0:17:d8:84:ca:03:63:6e:63:a3:94:19:92:75:96:
                    37:c3:9a:9b:71:52:51:d9:e6:2b:cc:2d:ca:2c:a6:
                    39:bf:d3:4c:91:40:0f:02:a0:de:79:f2:89:11:25:
                    80:37:7b:37:8a:b4:7b:25:ec:6c:28:0e:e1:f5:40:
                    34:29:cb:02:83:83:14:6b:b3:9c:87:e6:b7:01:90:
                    bb:88:82:20:15:8a:9e:94:97:ea:d5:2e:ac:5e:14:
                    0a:25:3a:e2:dc:82:98:91:41:64:40:96:2f:9a:93:
                    c4:c8:a9:16:0c:ff:a5:f1:cf:5b:86:13:a5:65:bc:
                    7d:6b:69:3a:fa:17:f8:95:d4:eb:af:d5:fa:31:c8:
                    96:ee:6c:63:d1:db:af:81:e2:bb:6d:1e:96:55:fe:
                    f6:52:83:71:ec:d0:1e:66:f0:03:aa:8b:b3:1e:63:
                    7c:87:a9:3d:26:88:df:47:98:8b:e0:f6:5b:64:35:
                    0d:f4:fd:79:5c:62:07:f2:69:ca:60:d9:92:33:f1:
                    23:1e:cd:b9:ff:aa:d6:29:40:2a:d6:11:31:66:95:
                    f0:18:9c:cc:e4:32:38:3e:16:19:68:22:19:08:b4:
                    15:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3F:0B:07:1A:5E:6C:50:88:B7:0E:D2:2D:1D:97:C2:B1:31:D1:EF
            X509v3 Authority Key Identifier:
                keyid:0C:0F:7A:04:DD:72:49:A5:D1:4B:7D:E0:54:2A:41:97:38:00:06:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DA96BN1ySaXRS33gVCpBlzgABsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/Uj8LBxpebFCItw7SLR2XwrEx0e8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/11db14-e845-4e4f-a692-a3cbefff7777/1/DA96BN1ySaXRS33gVCpBlzgABsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.192.0/20
                  95.170.192.0/19
                  109.127.64.0/18
                  130.193.128.0/17
                IPv6:
                  2a04:a040::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:2e:cb:2d:97:7f:e3:0c:21:9f:c2:52:e8:54:7e:ea:e7:fc:
         a0:f0:06:61:26:88:c8:cf:4c:5b:81:ae:48:e4:02:cc:72:78:
         88:c4:90:d3:1d:ff:51:3f:86:55:b2:6a:60:c7:b2:19:f2:b4:
         7e:f4:27:bf:28:71:c7:1b:79:fa:61:cc:c4:61:c2:20:71:94:
         9b:2b:e5:b5:1c:c4:fa:a3:b1:19:bb:7b:9a:11:05:c1:9b:a4:
         04:c4:45:37:2a:0e:82:b5:89:26:a9:0b:23:95:3b:25:86:1e:
         72:ed:5a:e5:49:ad:e7:1b:ea:4b:a9:fb:60:ff:12:39:e2:5e:
         9f:30:14:ae:59:40:58:f1:22:70:18:90:70:a7:46:77:e8:d9:
         8e:49:ba:ce:1a:3d:00:d3:8a:87:8c:52:dd:47:25:73:29:34:
         9b:15:c5:1b:76:99:89:73:63:73:3e:ca:9f:3f:c7:9c:77:86:
         8f:eb:3d:8f:87:f9:7d:8c:57:9b:53:ad:25:7b:ae:20:1f:ac:
         04:af:9a:1d:16:3e:cb:a6:31:83:27:5d:d4:d7:30:bb:b4:17:
         94:46:1c:b0:f8:42:0a:1d:9f:44:67:ae:fa:fd:ce:32:45:ad:
         40:4b:d1:b5:d8:14:91:58:85:1b:27:39:98:94:2f:c5:48:fd:
         a6:38:be:97
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYlO3xpl2zMRS/CXF1I9Q9q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMGY3YTA0ZGQ3MjQ5YTVkMTRiN2RlMDU0MmE0MTk3Mzgw
MDA2Y2MwHhcNMjMwNzEzMTA0OTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNmMGIwNzFhNWU2YzUwODhiNzBlZDIyZDFkOTdjMmIxMzFkMWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoEkzbwVleo2ZWw3EZQ/QoTSnGBDh
ZB4ZgBJJ+ijwF9iEygNjbmOjlBmSdZY3w5qbcVJR2eYrzC3KLKY5v9NMkUAPAqDe
efKJESWAN3s3irR7JexsKA7h9UA0KcsCg4MUa7Och+a3AZC7iIIgFYqelJfq1S6s
XhQKJTri3IKYkUFkQJYvmpPEyKkWDP+l8c9bhhOlZbx9a2k6+hf4ldTrr9X6MciW
7mxj0duvgeK7bR6WVf72UoNx7NAeZvADqouzHmN8h6k9JojfR5iL4PZbZDUN9P15
XGIH8mnKYNmSM/EjHs25/6rWKUAq1hExZpXwGJzM5DI4PhYZaCIZCLQVLQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFFI/CwcaXmxQiLcO0i0dl8KxMdHvMB8GA1UdIwQY
MBaAFAwPegTdckml0Ut94FQqQZc4AAbMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTIt
YTNjYmVmZmY3Nzc3LzEvVWo4TEJ4cGViRkNJdHc3U0xSMlh3ckV4MGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8xMWRiMTQtZTg0NS00ZTRmLWE2OTItYTNjYmVmZmY3Nzc3
LzEvREE5NkJOMXlTYVhSUzMzZ1ZDcEJsemdBQnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXVvAAwQF
X6rAAwQGbX9AAwQHgsGAMA0EAgACMAcDBQMqBKBAMA0GCSqGSIb3DQEBCwUAA4IB
AQB5Lsstl3/jDCGfwlLoVH7q5/yg8AZhJojIz0xbga5I5ALMcniIxJDTHf9RP4ZV
smpgx7IZ8rR+9Ce/KHHHG3n6YczEYcIgcZSbK+W1HMT6o7EZu3uaEQXBm6QExEU3
Kg6CtYkmqQsjlTslhh5y7VrlSa3nG+pLqftg/xI54l6fMBSuWUBY8SJwGJBwp0Z3
6NmOSbrOGj0A04qHjFLdRyVzKTSbFcUbdpmJc2NzPsqfP8ecd4aP6z2Ph/l9jFeb
U60le64gH6wEr5odFj7LpjGDJ13U1zC7tBeURhyw+EIKHZ9EZ676/c4yRa1AS9G1
2BSRWIUbJzmYlC/FSP2mOL6X
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:01 2024 by rpki-client on console-fra.rpki-client.org