Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/odiTOpy8_CNcMJtjA9oLQ1wbi8Q.roa
File:                     odiTOpy8_CNcMJtjA9oLQ1wbi8Q.roa (raw, json)
Hash identifier:          YJ/XX0+/tM+NwYRkzW1EuszABMHMgEUT1901b92tmr0=
Subject key identifier:   A1:D8:93:3A:9C:BC:FC:23:5C:30:9B:63:03:DA:0B:43:5C:1B:8B:C4
Certificate issuer:       /CN=5cf4501b755002d9143e8fa6736815e9f0f93695
Certificate serial:       018CEDB21749617FCCCCF6EA693BA4184887
Authority key identifier: 5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/odiTOpy8_CNcMJtjA9oLQ1wbi8Q.roa
Signing time:             Tue 09 Jan 2024 10:08:40 +0000
ROA not before:           Tue 09 Jan 2024 10:08:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13037
IP address blocks:        212.23.0.0/19 maxlen: 19
                          82.71.240.0/20 maxlen: 20
                          88.97.64.0/19 maxlen: 19
                          88.98.160.0/21 maxlen: 21
                          88.98.172.0/22 maxlen: 22
                          88.98.170.0/23 maxlen: 23
                          88.98.176.0/20 maxlen: 20
                          88.97.0.0/18 maxlen: 18
                          51.148.0.0/16 maxlen: 16
                          88.97.128.0/17 maxlen: 17
                          62.3.64.0/18 maxlen: 18
                          51.170.0.0/16 maxlen: 18
                          88.97.96.0/20 maxlen: 20
                          88.98.0.0/20 maxlen: 20
                          88.98.16.0/23 maxlen: 23
                          88.98.24.0/21 maxlen: 21
                          88.98.22.0/23 maxlen: 23
                          88.98.21.0/24 maxlen: 24
                          88.98.18.0/24 maxlen: 24
                          88.96.0.0/16 maxlen: 16
                          217.155.0.0/16 maxlen: 16
                          51.155.0.0/16 maxlen: 16
                          77.104.128.0/18 maxlen: 18
                          82.68.0.0/14 maxlen: 14
                          88.98.128.0/19 maxlen: 19
                          88.98.32.0/19 maxlen: 19
                          88.98.64.0/19 maxlen: 19
                          146.66.64.0/18 maxlen: 18
                          2a02:8010::/29 maxlen: 29

Validation:               Failed, certificate revoked on Tue 23 Jan 2024 14:11:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:b2:17:49:61:7f:cc:cc:f6:ea:69:3b:a4:18:48:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf4501b755002d9143e8fa6736815e9f0f93695
        Validity
            Not Before: Jan  9 10:08:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1d8933a9cbcfc235c309b6303da0b435c1b8bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0c:86:5f:8f:d2:b2:8c:7b:d1:4c:6b:a1:6c:
                    84:f2:5d:50:7e:65:a7:5f:5f:2f:68:8a:45:9e:2d:
                    23:f5:9a:0a:76:c8:a2:38:db:83:13:87:8b:df:5d:
                    78:39:72:76:70:d6:67:53:07:6f:68:7e:ec:31:42:
                    c0:4c:69:19:4d:cc:74:37:80:7c:7d:61:1a:60:66:
                    89:e3:0a:69:bd:b8:cb:b6:69:43:a9:18:19:36:ea:
                    af:4d:fc:74:77:5d:fd:84:68:3e:43:73:cc:66:c4:
                    0e:3a:91:49:3d:6c:cc:2e:d0:0c:5a:dc:d8:a1:fa:
                    5d:38:68:e3:c4:e3:0b:17:63:3a:fd:9b:1c:c6:89:
                    d2:dd:2b:86:ab:41:c8:e2:52:8f:d8:3a:1f:77:de:
                    33:a8:e8:ed:60:b0:7e:b2:a4:07:47:3b:b8:9e:e7:
                    d3:2e:a9:5d:f9:d4:96:ec:3e:b2:02:68:0c:f1:70:
                    c8:99:e2:78:7c:1d:ad:ba:5d:1b:ac:38:87:2e:fe:
                    58:98:2d:c8:de:e0:a2:3e:d8:63:a1:5e:9d:2f:a1:
                    ae:34:5d:68:ba:0f:4e:fb:b3:87:89:e5:3a:c5:8a:
                    ae:6e:b8:58:b3:ba:00:49:16:cd:6a:8d:78:dc:2a:
                    fa:ee:c6:da:08:e4:46:62:d0:f2:ca:6f:f9:a5:65:
                    73:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:D8:93:3A:9C:BC:FC:23:5C:30:9B:63:03:DA:0B:43:5C:1B:8B:C4
            X509v3 Authority Key Identifier:
                keyid:5C:F4:50:1B:75:50:02:D9:14:3E:8F:A6:73:68:15:E9:F0:F9:36:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRQG3VQAtkUPo-mc2gV6fD5NpU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/odiTOpy8_CNcMJtjA9oLQ1wbi8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1ca07-9658-4446-8cb5-60cf9ab1b13e/1/XPRQG3VQAtkUPo-mc2gV6fD5NpU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.148.0.0/16
                  51.155.0.0/16
                  51.170.0.0/16
                  62.3.64.0/18
                  77.104.128.0/18
                  82.68.0.0/14
                  88.96.0.0-88.97.111.255
                  88.97.128.0-88.98.18.255
                  88.98.21.0-88.98.95.255
                  88.98.128.0-88.98.167.255
                  88.98.170.0-88.98.191.255
                  146.66.64.0/18
                  212.23.0.0/19
                  217.155.0.0/16
                IPv6:
                  2a02:8010::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:86:51:b9:29:fa:1c:7f:bb:7d:04:9b:79:27:c5:8f:cb:e5:
         2c:90:ed:46:50:87:48:9e:e3:27:e8:fd:6f:e2:28:ba:d2:92:
         a2:59:f1:93:05:68:6c:00:a7:0c:20:28:2a:ad:51:6b:23:1e:
         71:52:a4:33:b5:2d:81:01:ad:3a:0a:e4:30:1c:bc:02:78:d5:
         62:0a:08:c9:8e:8e:11:60:28:14:3b:b6:c5:88:ec:a1:03:4a:
         00:30:24:04:e3:21:11:5d:0b:8f:ee:0d:5e:d7:46:45:4a:db:
         42:6d:42:5e:18:dc:4b:db:c3:8a:d5:41:f7:ac:49:8f:16:62:
         cd:98:3c:fc:06:f6:e5:e6:15:aa:7f:49:f3:79:5a:bd:a1:4c:
         ff:b1:ed:0a:1f:1b:c4:74:9c:b9:c6:72:db:ac:35:26:06:76:
         13:ed:14:b0:a5:ae:ef:9a:84:da:bc:65:44:3d:51:69:48:be:
         e5:e8:15:7c:1e:c5:84:e3:0e:2b:7d:81:92:ee:df:18:f1:02:
         a5:7b:ad:d5:ff:f9:e6:e4:81:74:37:26:84:ff:b7:44:67:c5:
         8a:11:20:42:14:6a:85:cd:61:18:da:9b:43:a7:1e:70:11:c7:
         28:27:7c:2a:95:18:e6:95:3d:da:1f:34:bf:cd:ba:3c:d1:84:
         a4:11:0a:4a
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgISAYztshdJYX/MzPbqaTukGEiHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1MDFiNzU1MDAyZDkxNDNlOGZhNjczNjgxNWU5ZjBm
OTM2OTUwHhcNMjQwMTA5MTAwODQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWQ4OTMzYTljYmNmYzIzNWMzMDliNjMwM2RhMGI0MzVjMWI4YmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AyGX4/Ssox70UxroWyE8l1QfmWn
X18vaIpFni0j9ZoKdsiiONuDE4eL3114OXJ2cNZnUwdvaH7sMULATGkZTcx0N4B8
fWEaYGaJ4wppvbjLtmlDqRgZNuqvTfx0d139hGg+Q3PMZsQOOpFJPWzMLtAMWtzY
ofpdOGjjxOMLF2M6/ZscxonS3SuGq0HI4lKP2Dofd94zqOjtYLB+sqQHRzu4nufT
Lqld+dSW7D6yAmgM8XDImeJ4fB2tul0brDiHLv5YmC3I3uCiPthjoV6dL6GuNF1o
ug9O+7OHieU6xYqubrhYs7oASRbNao143Cr67sbaCORGYtDyym/5pWVz7wIDAQAB
o4ICizCCAocwHQYDVR0OBBYEFKHYkzqcvPwjXDCbYwPaC0NcG4vEMB8GA1UdIwQY
MBaAFFz0UBt1UALZFD6PpnNoFenw+TaVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUt
NjBjZjlhYjFiMTNlLzEvb2RpVE9weThfQ05jTUp0akE5b0xRMXdiaThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWNhMDctOTY1OC00NDQ2LThjYjUtNjBjZjlhYjFiMTNl
LzEvWFBSUUczVlFBdGtVUG8tbWMyZ1Y2ZkQ1TnBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGgBggrBgEFBQcBBwEB/wSBkDCBjTB8BAIAATB2AwMAM5QD
AwAzmwMDADOqAwQGPgNAAwQGTWiAAwMCUkQwCwMDBVhgAwQEWGFgMAwDBAdYYYAD
BABYYhIwDAMEAFhiFQMEBVhiQDAMAwQHWGKAAwQDWGKgMAwDBAFYYqoDBAZYYoAD
BAaSQkADBAXUFwADAwDZmzANBAIAAjAHAwUDKgKAEDANBgkqhkiG9w0BAQsFAAOC
AQEAFIZRuSn6HH+7fQSbeSfFj8vlLJDtRlCHSJ7jJ+j9b+IoutKSolnxkwVobACn
DCAoKq1RayMecVKkM7UtgQGtOgrkMBy8AnjVYgoIyY6OEWAoFDu2xYjsoQNKADAk
BOMhEV0Lj+4NXtdGRUrbQm1CXhjcS9vDitVB96xJjxZizZg8/Ab25eYVqn9J83la
vaFM/7HtCh8bxHScucZy26w1JgZ2E+0UsKWu75qE2rxlRD1RaUi+5egVfB7FhOMO
K32Bku7fGPECpXut1f/55uSBdDcmhP+3RGfFihEgQhRqhc1hGNqbQ6cecBHHKCd8
KpUY5pU92h80v826PNGEpBEKSg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:15 2024 by rpki-client on console-fra.rpki-client.org