Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/NaHnPWOGxINCQTYNuKyzBDd82qY.roa
File:                     NaHnPWOGxINCQTYNuKyzBDd82qY.roa (raw, json)
Hash identifier:          eyRNUkkhq2Gov9rceJQdo0XiymGwafmsov/Q9OFIL5o=
Subject key identifier:   35:A1:E7:3D:63:86:C4:83:42:41:36:0D:B8:AC:B3:04:37:7C:DA:A6
Certificate issuer:       /CN=e916dc9db4e49de71b2fd0819dae853aeb053b06
Certificate serial:       018D2931461873E53C32A09BD34DF54D0640
Authority key identifier: E9:16:DC:9D:B4:E4:9D:E7:1B:2F:D0:81:9D:AE:85:3A:EB:05:3B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/NaHnPWOGxINCQTYNuKyzBDd82qY.roa
Signing time:             Sat 20 Jan 2024 23:25:11 +0000
ROA not before:           Sat 20 Jan 2024 23:25:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216129
IP address blocks:        107.161.154.0/24 maxlen: 24
                          199.83.103.0/24 maxlen: 24
                          202.181.188.0/24 maxlen: 24
                          2a13:d200::/29 maxlen: 29
                          2a13:d200:6::/48 maxlen: 48
                          2a13:d200:7::/48 maxlen: 48
                          2a13:d200:8::/48 maxlen: 48
                          2a13:d200:9::/48 maxlen: 48
                          2a13:d200:10::/48 maxlen: 48
                          2a13:d200:11::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 26 Mar 2024 22:52:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:29:31:46:18:73:e5:3c:32:a0:9b:d3:4d:f5:4d:06:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e916dc9db4e49de71b2fd0819dae853aeb053b06
        Validity
            Not Before: Jan 20 23:25:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=35a1e73d6386c4834241360db8acb304377cdaa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:20:53:8a:d2:38:ac:3b:2d:04:56:2a:40:c0:
                    65:47:a1:43:d4:43:c4:37:fd:e0:d4:62:71:fe:fc:
                    57:61:cd:b0:8b:6e:b3:73:41:37:59:88:ed:05:c3:
                    25:a6:01:2d:4a:59:02:4d:e4:32:54:b3:ae:af:bc:
                    52:54:84:71:10:02:1f:42:d4:b1:85:8a:8e:b1:dc:
                    5b:42:2a:13:fa:92:7e:6f:69:c7:a6:07:92:ae:c8:
                    c5:79:61:78:1a:f0:31:50:1b:3f:ce:1a:1f:91:00:
                    6e:21:a3:81:90:c5:d7:09:7f:fb:10:fc:be:5c:ab:
                    93:15:2f:eb:40:f5:cf:5f:30:00:29:e4:e0:fa:01:
                    2d:39:b5:e9:8d:d6:a3:7c:1a:5e:59:c6:04:5c:44:
                    37:bc:93:71:f2:5d:1d:c8:7f:d2:13:9a:06:05:d3:
                    d2:14:f6:94:5c:77:a0:9f:c3:58:07:22:10:5a:44:
                    ed:90:8c:e1:a6:c8:87:b4:3c:61:39:b2:3f:c1:f1:
                    20:43:9a:bb:ce:e3:a9:db:c5:03:7f:9d:6d:07:cb:
                    46:50:4b:dc:2f:44:2b:aa:eb:e3:a2:8f:36:7c:30:
                    82:85:ca:a9:c3:ec:34:1f:60:22:1e:48:cf:82:53:
                    69:5d:85:76:bc:d8:e1:ae:eb:49:01:00:d4:73:23:
                    3e:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:A1:E7:3D:63:86:C4:83:42:41:36:0D:B8:AC:B3:04:37:7C:DA:A6
            X509v3 Authority Key Identifier:
                keyid:E9:16:DC:9D:B4:E4:9D:E7:1B:2F:D0:81:9D:AE:85:3A:EB:05:3B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/NaHnPWOGxINCQTYNuKyzBDd82qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/6RbcnbTknecbL9CBna6FOusFOwY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  107.161.154.0/24
                  199.83.103.0/24
                  202.181.188.0/24
                IPv6:
                  2a13:d200::/29

    Signature Algorithm: sha256WithRSAEncryption
         32:09:a8:e1:a6:ea:d2:0d:72:9d:3f:49:1a:21:86:d4:e6:1f:
         d5:5d:2c:8c:d2:b4:f8:df:47:73:ed:d8:b7:12:af:62:c3:61:
         fa:39:03:29:60:57:4d:28:a2:19:da:61:5b:77:21:78:c6:6e:
         72:25:27:1e:c3:a8:e1:cd:90:5f:e0:d1:aa:80:45:c5:65:fb:
         50:80:2c:df:77:49:3c:f9:14:3d:61:b5:bc:b4:4c:10:54:0e:
         ed:6f:cd:80:0c:15:60:07:0c:f8:2b:96:d1:be:78:1c:cb:36:
         47:d1:5c:e3:55:9a:3f:76:e5:d1:77:75:a1:29:fe:c0:fa:80:
         2a:a0:56:70:ab:55:80:8a:d6:c9:13:33:82:0a:72:e9:75:e7:
         a1:6c:18:03:f9:d7:52:ea:c6:60:51:06:3e:79:05:7c:34:df:
         9f:7a:bd:7e:48:70:f0:02:60:d9:ba:ad:1c:47:c3:20:71:a7:
         13:a0:b0:30:67:f2:81:fb:d7:ac:d6:4e:27:a5:f8:1a:b7:67:
         de:b0:49:7d:95:8f:34:97:c9:7f:1e:be:5e:69:57:ab:81:34:
         d8:39:f4:b0:1d:33:fb:12:4c:43:5f:1d:b3:a4:65:e3:70:93:
         eb:63:d8:59:48:3f:89:9d:f0:6a:19:3e:97:d2:00:2c:68:9a:
         1a:1d:d3:f4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY0pMUYYc+U8MqCb0031TQZAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MTZkYzlkYjRlNDlkZTcxYjJmZDA4MTlkYWU4NTNhZWIw
NTNiMDYwHhcNMjQwMTIwMjMyNTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWExZTczZDYzODZjNDgzNDI0MTM2MGRiOGFjYjMwNDM3N2NkYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyBTitI4rDstBFYqQMBlR6FD1EPE
N/3g1GJx/vxXYc2wi26zc0E3WYjtBcMlpgEtSlkCTeQyVLOur7xSVIRxEAIfQtSx
hYqOsdxbQioT+pJ+b2nHpgeSrsjFeWF4GvAxUBs/zhofkQBuIaOBkMXXCX/7EPy+
XKuTFS/rQPXPXzAAKeTg+gEtObXpjdajfBpeWcYEXEQ3vJNx8l0dyH/SE5oGBdPS
FPaUXHegn8NYByIQWkTtkIzhpsiHtDxhObI/wfEgQ5q7zuOp28UDf51tB8tGUEvc
L0Qrquvjoo82fDCChcqpw+w0H2AiHkjPglNpXYV2vNjhrutJAQDUcyM+iQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDWh5z1jhsSDQkE2DbisswQ3fNqmMB8GA1UdIwQY
MBaAFOkW3J205J3nGy/QgZ2uhTrrBTsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlJiY25iVGtuZWNiTDlDQm5hNkZPdXNGT3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8xYWY0YTUtMGQ2Yy00Nzc2LWJlNWMt
YmU4NTJmNjQ0MjAxLzEvTmFIblBXT0d4SU5DUVRZTnVLeXpCRGQ4MnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8xYWY0YTUtMGQ2Yy00Nzc2LWJlNWMtYmU4NTJmNjQ0MjAx
LzEvNlJiY25iVGtuZWNiTDlDQm5hNkZPdXNGT3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAa6GaAwQA
x1NnAwQAyrW8MA0EAgACMAcDBQMqE9IAMA0GCSqGSIb3DQEBCwUAA4IBAQAyCajh
purSDXKdP0kaIYbU5h/VXSyM0rT430dz7di3Eq9iw2H6OQMpYFdNKKIZ2mFbdyF4
xm5yJScew6jhzZBf4NGqgEXFZftQgCzfd0k8+RQ9YbW8tEwQVA7tb82ADBVgBwz4
K5bRvngcyzZH0VzjVZo/duXRd3WhKf7A+oAqoFZwq1WAitbJEzOCCnLpdeehbBgD
+ddS6sZgUQY+eQV8NN+fer1+SHDwAmDZuq0cR8MgcacToLAwZ/KB+9es1k4npfga
t2fesEl9lY80l8l/Hr5eaVergTTYOfSwHTP7EkxDXx2zpGXjcJPrY9hZSD+JnfBq
GT6X0gAsaJoaHdP0
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:12 2024 by rpki-client on console-fra.rpki-client.org