Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/27a374-c984-4b19-ac7e-de2de15f90ed/1/AzOoNm4p67Ce8kREe5h407XXWGQ.roa
File:                     AzOoNm4p67Ce8kREe5h407XXWGQ.roa (raw, json)
Hash identifier:          +4YFTG/bOcJnfPrYFt2Wb1x1an+Lx0SJVo+r0g3r1+M=
Subject key identifier:   03:33:A8:36:6E:29:EB:B0:9E:F2:44:44:7B:98:78:D3:B5:D7:58:64
Certificate issuer:       /CN=dafcb643e6a21e2fb6e21cd0653ab095e9ebef13
Certificate serial:       01856B80E6D53AD2CCCF409E1403E57D787F
Authority key identifier: DA:FC:B6:43:E6:A2:1E:2F:B6:E2:1C:D0:65:3A:B0:95:E9:EB:EF:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2vy2Q-aiHi-24hzQZTqwlenr7xM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/27a374-c984-4b19-ac7e-de2de15f90ed/1/AzOoNm4p67Ce8kREe5h407XXWGQ.roa
Signing time:             Sun 01 Jan 2023 04:04:47 +0000
ROA not before:           Sun 01 Jan 2023 04:04:47 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     21488
IP address blocks:        217.66.96.0/21 maxlen: 21
                          217.66.104.0/21 maxlen: 21
                          193.110.106.0/23 maxlen: 23
                          194.246.116.0/23 maxlen: 23
                          2a0f:c240::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 02:29:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6b:80:e6:d5:3a:d2:cc:cf:40:9e:14:03:e5:7d:78:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dafcb643e6a21e2fb6e21cd0653ab095e9ebef13
        Validity
            Not Before: Jan  1 04:04:47 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=0333a8366e29ebb09ef244447b9878d3b5d75864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:5e:4c:0b:d9:d8:43:f8:75:25:20:78:f4:63:
                    41:fd:3f:6c:71:20:12:39:93:cd:ad:99:49:4d:75:
                    6b:71:10:c4:84:7e:da:df:c3:0f:48:76:72:2f:e1:
                    9d:eb:20:3a:5e:65:39:8b:f7:75:3b:c6:34:e4:e2:
                    d8:b4:5f:e2:6a:97:b7:5d:92:b6:b4:a4:67:6f:8a:
                    9d:99:bd:71:49:25:7d:18:7c:0d:d2:da:60:a9:6f:
                    74:43:5d:41:c5:aa:e5:6b:c1:9a:f7:74:d8:16:f8:
                    15:60:1f:cc:bd:94:0f:80:e5:6e:dd:71:72:a2:df:
                    f6:50:51:9b:f7:65:f7:c5:a8:4b:3c:dd:fb:85:e3:
                    11:20:a5:d3:bc:38:d8:89:04:26:75:d1:1f:fd:7a:
                    15:94:74:83:68:0a:8f:24:17:75:4e:35:8b:d0:d5:
                    31:8c:5c:8b:27:22:5d:e4:f8:d8:02:76:f6:71:c0:
                    f7:3a:26:71:fc:e9:01:be:d7:70:b2:b6:47:0a:e9:
                    22:3a:70:f2:e9:6f:d2:ce:f7:81:bd:b9:19:bb:01:
                    37:dc:c6:52:40:fa:12:74:0f:76:89:e5:f8:31:09:
                    4a:d5:b0:be:f8:75:ab:b8:74:13:10:b9:b2:bb:5b:
                    f4:a2:d6:ca:70:df:11:f1:98:21:91:fc:a6:97:fd:
                    61:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:33:A8:36:6E:29:EB:B0:9E:F2:44:44:7B:98:78:D3:B5:D7:58:64
            X509v3 Authority Key Identifier:
                keyid:DA:FC:B6:43:E6:A2:1E:2F:B6:E2:1C:D0:65:3A:B0:95:E9:EB:EF:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vy2Q-aiHi-24hzQZTqwlenr7xM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/27a374-c984-4b19-ac7e-de2de15f90ed/1/AzOoNm4p67Ce8kREe5h407XXWGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/27a374-c984-4b19-ac7e-de2de15f90ed/1/2vy2Q-aiHi-24hzQZTqwlenr7xM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.106.0/23
                  194.246.116.0/23
                  217.66.96.0/20
                IPv6:
                  2a0f:c240::/29

    Signature Algorithm: sha256WithRSAEncryption
         90:48:b9:37:32:a6:bb:c1:69:7e:2f:32:9e:b0:e7:4a:6e:2b:
         67:33:0d:0f:0b:61:71:72:f3:7a:3f:a8:8c:64:87:b5:a9:38:
         bc:c0:0d:d8:a7:61:90:c4:40:a0:0f:fa:de:c1:43:97:c5:42:
         20:cd:dc:a1:ae:a8:fa:b6:c0:19:d4:12:1a:98:a7:f6:40:4a:
         9c:3e:5c:f3:7d:e0:a4:b3:18:66:a9:65:bd:05:99:4d:54:b0:
         c7:b2:3d:d1:78:9a:aa:02:83:de:ce:4d:b3:ab:c3:61:90:b2:
         d9:bb:fb:3f:37:c9:be:1f:5d:3c:f7:e1:84:f4:c0:e5:ce:ee:
         72:fb:6e:9f:5f:93:bb:f6:50:ac:c5:88:95:da:f5:4b:73:45:
         f6:13:d7:61:f4:ba:8c:8b:41:21:22:40:1b:7c:6f:93:0c:f8:
         92:4a:48:be:f6:f5:9e:1c:c2:7e:ff:e0:b7:9b:0a:e7:6a:82:
         47:f5:6d:dc:fc:f6:bb:65:d1:e9:3f:47:a5:43:5d:98:cc:df:
         22:7f:9e:80:75:46:38:6f:cd:db:3e:6b:fe:e6:eb:12:2f:17:
         40:a3:9c:3b:9e:7d:a6:5f:8a:19:0c:b6:a5:bb:f2:c4:f8:e9:
         57:66:53:39:ea:9a:e7:b7:e6:62:33:bf:92:31:9f:07:83:1f:
         94:16:6e:e7
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVrgObVOtLMz0CeFAPlfXh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmNiNjQzZTZhMjFlMmZiNmUyMWNkMDY1M2FiMDk1ZTll
YmVmMTMwHhcNMjMwMTAxMDQwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzMzYTgzNjZlMjllYmIwOWVmMjQ0NDQ3Yjk4NzhkM2I1ZDc1ODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjV5MC9nYQ/h1JSB49GNB/T9scSAS
OZPNrZlJTXVrcRDEhH7a38MPSHZyL+Gd6yA6XmU5i/d1O8Y05OLYtF/iape3XZK2
tKRnb4qdmb1xSSV9GHwN0tpgqW90Q11Bxarla8Ga93TYFvgVYB/MvZQPgOVu3XFy
ot/2UFGb92X3xahLPN37heMRIKXTvDjYiQQmddEf/XoVlHSDaAqPJBd1TjWL0NUx
jFyLJyJd5PjYAnb2ccD3OiZx/OkBvtdwsrZHCukiOnDy6W/SzveBvbkZuwE33MZS
QPoSdA92ieX4MQlK1bC++HWruHQTELmyu1v0otbKcN8R8Zghkfyml/1hMQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFAMzqDZuKeuwnvJERHuYeNO111hkMB8GA1UdIwQY
MBaAFNr8tkPmoh4vtuIc0GU6sJXp6+8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ5MlEtYWlIaS0yNGh6UVpUcXdsZW5yN3hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yN2EzNzQtYzk4NC00YjE5LWFjN2Ut
ZGUyZGUxNWY5MGVkLzEvQXpPb05tNHA2N0NlOGtSRWU1aDQwN1hYV0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yN2EzNzQtYzk4NC00YjE5LWFjN2UtZGUyZGUxNWY5MGVk
LzEvMnZ5MlEtYWlIaS0yNGh6UVpUcXdsZW5yN3hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBwW5qAwQB
wvZ0AwQE2UJgMA0EAgACMAcDBQMqD8JAMA0GCSqGSIb3DQEBCwUAA4IBAQCQSLk3
Mqa7wWl+LzKesOdKbitnMw0PC2FxcvN6P6iMZIe1qTi8wA3Yp2GQxECgD/rewUOX
xUIgzdyhrqj6tsAZ1BIamKf2QEqcPlzzfeCksxhmqWW9BZlNVLDHsj3ReJqqAoPe
zk2zq8NhkLLZu/s/N8m+H1089+GE9MDlzu5y+26fX5O79lCsxYiV2vVLc0X2E9dh
9LqMi0EhIkAbfG+TDPiSSki+9vWeHMJ+/+C3mwrnaoJH9W3c/Pa7ZdHpP0elQ12Y
zN8if56AdUY4b83bPmv+5usSLxdAo5w7nn2mX4oZDLalu/LE+OlXZlM56prnt+Zi
M7+SMZ8Hgx+UFm7n
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:21 2024 by rpki-client on console-ams.rpki-client.org