Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/l0CODZ6lra4wSGY2wFPQphDpcs0.roa
File:                     l0CODZ6lra4wSGY2wFPQphDpcs0.roa (raw, json)
Hash identifier:          a/rOsERDhsPNxdGW2YgQSWJ6stTmfZyU17Hq0DRZO0I=
Subject key identifier:   97:40:8E:0D:9E:A5:AD:AE:30:48:66:36:C0:53:D0:A6:10:E9:72:CD
Certificate issuer:       /CN=87db71f6919b0ef98eefc9964928a87510236a03
Certificate serial:       0186DA3684F848CE836DE784EC01A32D4F13
Authority key identifier: 87:DB:71:F6:91:9B:0E:F9:8E:EF:C9:96:49:28:A8:75:10:23:6A:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h9tx9pGbDvmO78mWSSiodRAjagM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/l0CODZ6lra4wSGY2wFPQphDpcs0.roa
Signing time:             Mon 13 Mar 2023 09:04:11 +0000
ROA not before:           Mon 13 Mar 2023 09:04:11 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     24951
IP address blocks:        185.154.36.0/22 maxlen: 22
                          185.154.38.0/24 maxlen: 24
                          195.144.7.0/24 maxlen: 24
                          212.71.96.0/20 maxlen: 20
                          217.71.93.0/24 maxlen: 24
                          212.71.102.0/24 maxlen: 24
                          212.71.112.0/22 maxlen: 22
                          212.71.107.0/24 maxlen: 24
                          212.71.116.0/24 maxlen: 24
                          212.71.118.0/24 maxlen: 24
                          212.71.117.0/24 maxlen: 24
                          212.71.119.0/24 maxlen: 24
                          212.71.120.0/21 maxlen: 21
                          217.20.192.0/24 maxlen: 24
                          217.20.192.0/20 maxlen: 20
                          217.71.80.0/20 maxlen: 20
                          217.71.85.0/24 maxlen: 24
                          217.71.88.0/24 maxlen: 24
                          217.71.89.0/24 maxlen: 24
                          217.71.87.0/24 maxlen: 24
                          2a00:fb00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 24 Apr 2023 06:30:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:da:36:84:f8:48:ce:83:6d:e7:84:ec:01:a3:2d:4f:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87db71f6919b0ef98eefc9964928a87510236a03
        Validity
            Not Before: Mar 13 09:04:11 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=97408e0d9ea5adae30486636c053d0a610e972cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:50:46:1d:1f:8f:75:6d:d9:e0:88:a0:5b:19:
                    55:ed:5f:51:65:d8:80:94:1b:f1:70:b0:24:b3:d1:
                    3d:e0:4f:6a:2e:eb:90:57:13:0b:71:dd:1d:08:02:
                    00:7d:c1:bb:df:9c:55:3e:fd:a7:da:28:09:8a:82:
                    35:f2:a2:9e:e0:3b:18:ff:c9:6b:8e:e1:62:91:da:
                    93:f8:15:8a:7c:7c:60:ee:aa:84:ba:04:4e:2c:fa:
                    3d:84:db:6e:46:bf:a9:5d:0b:af:8f:9f:2c:7e:5a:
                    79:bb:e0:d7:9b:b9:1d:dd:4e:ff:e3:67:00:9c:63:
                    c1:76:56:cd:3a:1b:61:af:83:b3:8c:80:50:97:4c:
                    fc:dd:7b:f4:54:a4:a8:94:bd:f1:09:cf:5f:a6:6d:
                    d0:40:62:a9:94:5e:18:62:47:5d:c0:de:06:94:66:
                    b8:41:0e:41:7f:f4:af:15:ab:68:fb:7a:c8:61:54:
                    a8:d5:10:9f:70:8e:3c:f7:d6:09:9b:1e:50:e6:5a:
                    e1:06:7e:62:fe:f8:78:3e:af:64:2f:00:a4:0d:21:
                    7e:b0:3c:45:d2:d0:8f:fc:e2:2b:1f:71:c2:ab:24:
                    c9:2d:7d:9f:80:5e:de:81:d0:5d:9a:7f:5a:91:df:
                    da:61:04:02:3f:10:8e:81:9d:f0:8f:7f:4d:07:67:
                    db:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:40:8E:0D:9E:A5:AD:AE:30:48:66:36:C0:53:D0:A6:10:E9:72:CD
            X509v3 Authority Key Identifier:
                keyid:87:DB:71:F6:91:9B:0E:F9:8E:EF:C9:96:49:28:A8:75:10:23:6A:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h9tx9pGbDvmO78mWSSiodRAjagM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/l0CODZ6lra4wSGY2wFPQphDpcs0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/ef6277-70b5-4348-a582-904a08031a9f/1/h9tx9pGbDvmO78mWSSiodRAjagM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.36.0/22
                  195.144.7.0/24
                  212.71.96.0/19
                  217.20.192.0/20
                  217.71.80.0/20
                IPv6:
                  2a00:fb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:e2:d1:f5:cb:c2:db:b1:d2:d6:b1:2e:07:5b:e9:2c:c8:8b:
         43:e1:62:c8:7e:a2:db:69:c2:99:63:02:4c:bd:61:f2:55:25:
         e0:98:62:28:4f:b3:d0:f7:e3:67:a2:46:86:ab:70:25:3f:c1:
         8d:78:d8:86:aa:cb:9f:4c:42:e0:36:a9:81:90:87:1f:90:02:
         31:76:d3:e0:1b:ed:23:21:88:a0:36:62:c0:fe:c5:4f:b3:5d:
         e4:cb:c4:f4:46:ec:55:a4:1f:a8:da:61:ac:c9:36:a1:a5:90:
         81:f7:db:f3:a4:a9:f1:0b:e1:1b:e1:2b:1c:4e:50:ac:b5:15:
         e2:7e:16:ba:e7:74:88:d5:a6:e4:df:4a:5c:53:43:71:f8:16:
         90:ea:77:7a:2b:af:e9:0c:54:d8:f3:43:21:e7:0d:3e:17:1b:
         5a:df:13:ad:fa:a2:cc:5e:94:dd:a6:7a:16:84:a7:10:bd:dc:
         2d:f4:b0:b5:9e:05:fd:bb:2a:5e:7d:c0:a7:dc:58:e2:05:99:
         72:d5:07:16:47:c7:3f:45:99:12:66:d1:12:89:cb:3b:e6:76:
         aa:d1:d4:a1:18:32:00:5d:1d:58:28:55:23:d6:ee:ab:9f:ee:
         55:c0:f7:b0:62:49:2d:4c:9e:2d:4b:32:8f:5b:90:41:91:20:
         6b:bd:0e:bb
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYbaNoT4SM6DbeeE7AGjLU8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3ZGI3MWY2OTE5YjBlZjk4ZWVmYzk5NjQ5MjhhODc1MTAy
MzZhMDMwHhcNMjMwMzEzMDkwNDExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzQwOGUwZDllYTVhZGFlMzA0ODY2MzZjMDUzZDBhNjEwZTk3MmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFBGHR+PdW3Z4IigWxlV7V9RZdiA
lBvxcLAks9E94E9qLuuQVxMLcd0dCAIAfcG735xVPv2n2igJioI18qKe4DsY/8lr
juFikdqT+BWKfHxg7qqEugROLPo9hNtuRr+pXQuvj58sflp5u+DXm7kd3U7/42cA
nGPBdlbNOhthr4OzjIBQl0z83Xv0VKSolL3xCc9fpm3QQGKplF4YYkddwN4GlGa4
QQ5Bf/SvFato+3rIYVSo1RCfcI4899YJmx5Q5lrhBn5i/vh4Pq9kLwCkDSF+sDxF
0tCP/OIrH3HCqyTJLX2fgF7egdBdmn9akd/aYQQCPxCOgZ3wj39NB2fbrQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJdAjg2epa2uMEhmNsBT0KYQ6XLNMB8GA1UdIwQY
MBaAFIfbcfaRmw75ju/JlkkoqHUQI2oDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDl0eDlwR2JEdm1PNzhtV1NTaW9kUkFqYWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9lZjYyNzctNzBiNS00MzQ4LWE1ODIt
OTA0YTA4MDMxYTlmLzEvbDBDT0RaNmxyYTR3U0dZMndGUFFwaERwY3MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9lZjYyNzctNzBiNS00MzQ4LWE1ODItOTA0YTA4MDMxYTlm
LzEvaDl0eDlwR2JEdm1PNzhtV1NTaW9kUkFqYWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCuZokAwQA
w5AHAwQF1EdgAwQE2RTAAwQE2UdQMA0EAgACMAcDBQMqAPsAMA0GCSqGSIb3DQEB
CwUAA4IBAQAX4tH1y8LbsdLWsS4HW+ksyItD4WLIfqLbacKZYwJMvWHyVSXgmGIo
T7PQ9+NnokaGq3AlP8GNeNiGqsufTELgNqmBkIcfkAIxdtPgG+0jIYigNmLA/sVP
s13ky8T0RuxVpB+o2mGsyTahpZCB99vzpKnxC+Eb4SscTlCstRXifha653SI1abk
30pcU0Nx+BaQ6nd6K6/pDFTY80Mh5w0+Fxta3xOt+qLMXpTdpnoWhKcQvdwt9LC1
ngX9uypefcCn3FjiBZly1QcWR8c/RZkSZtESics75naq0dShGDIAXR1YKFUj1u6r
n+5VwPewYkktTJ4tSzKPW5BBkSBrvQ67
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:55 2024 by rpki-client on console-ams.rpki-client.org