Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/PhyrBPa0YfWuqXbVHpVlrRI07h4.roa
File:                     PhyrBPa0YfWuqXbVHpVlrRI07h4.roa (raw, json)
Hash identifier:          94pCqcvU7HUNYs8OwWN/S1ntOT2aZtMbctij43dZEBg=
Subject key identifier:   3E:1C:AB:04:F6:B4:61:F5:AE:A9:76:D5:1E:95:65:AD:12:34:EE:1E
Certificate issuer:       /CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
Certificate serial:       018D166A2FA52D0D47224CCB90A33F5A306B
Authority key identifier: 86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/PhyrBPa0YfWuqXbVHpVlrRI07h4.roa
Signing time:             Wed 17 Jan 2024 07:54:34 +0000
ROA not before:           Wed 17 Jan 2024 07:54:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197720
IP address blocks:        31.186.2.0/24 maxlen: 24
                          31.186.3.0/24 maxlen: 24
                          31.186.4.0/24 maxlen: 24
                          31.186.5.0/24 maxlen: 24
                          31.186.7.0/24 maxlen: 24
                          31.186.9.0/24 maxlen: 24
                          31.186.10.0/24 maxlen: 24
                          31.186.11.0/24 maxlen: 24
                          31.186.12.0/24 maxlen: 24
                          31.186.13.0/24 maxlen: 24
                          31.186.14.0/24 maxlen: 24
                          31.186.15.0/24 maxlen: 24
                          31.186.16.0/24 maxlen: 24
                          31.186.17.0/24 maxlen: 24
                          31.186.18.0/24 maxlen: 24
                          31.186.19.0/24 maxlen: 24
                          31.186.20.0/24 maxlen: 24
                          31.186.21.0/24 maxlen: 24
                          31.186.23.0/24 maxlen: 24
                          31.186.28.0/24 maxlen: 24
                          31.186.29.0/24 maxlen: 24
                          31.186.30.0/24 maxlen: 24
                          31.186.31.0/24 maxlen: 24
                          2a0d:a000:0:a00::/56 maxlen: 56
                          2a0d:a000:0:b00::/56 maxlen: 56
                          2a0d:a000:0:c00::/56 maxlen: 56
                          2a0d:a000:0:d00::/56 maxlen: 56
                          2a0d:a000:0:e00::/56 maxlen: 56
                          2a0d:a000:0:f00::/56 maxlen: 56
                          2a0d:a000:0:1000::/56 maxlen: 56
                          2a0d:a000:0:1100::/56 maxlen: 56
                          2a0d:a000:0:1200::/56 maxlen: 56
                          2a0d:a000:0:1300::/56 maxlen: 56
                          2a0d:a000:0:1400::/56 maxlen: 56
                          2a0d:a000:0:1500::/56 maxlen: 56
                          2a0d:a000:0:1600::/56 maxlen: 56
                          2a0d:a000:0:1700::/56 maxlen: 56
                          2a0d:a000:0:1800::/56 maxlen: 56
                          2a0d:a000:0:1900::/56 maxlen: 56
                          2a0d:a000:0:1a00::/56 maxlen: 56

Validation:               Failed, certificate revoked on Mon 18 Mar 2024 14:55:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:16:6a:2f:a5:2d:0d:47:22:4c:cb:90:a3:3f:5a:30:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86af2c7166bb34a696fde2fbacef4001b0a8e7e2
        Validity
            Not Before: Jan 17 07:54:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3e1cab04f6b461f5aea976d51e9565ad1234ee1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8d:d5:65:4e:b4:05:c3:f6:cf:84:b0:0f:96:
                    34:88:eb:ce:73:20:82:8c:8e:0e:1c:3c:54:cd:f8:
                    4e:ad:ab:2f:11:b9:22:40:5a:e0:6c:8b:bd:02:42:
                    04:8e:f9:f0:c6:6e:5b:39:e2:a7:49:39:10:7f:4f:
                    46:d4:05:ec:4a:58:e9:5c:28:bd:9f:2d:c5:82:89:
                    ba:41:5b:b7:4a:23:55:58:cd:f6:92:f7:77:5c:ea:
                    36:81:c2:55:05:a2:66:81:df:4f:48:4d:fe:d9:b0:
                    b0:a8:3d:04:8b:96:64:73:c9:cf:92:e6:f6:dc:d5:
                    ea:f7:af:38:ec:f3:d7:de:1a:7d:70:28:d3:7e:6c:
                    c7:c4:c8:3a:b0:25:6a:57:ee:e9:d9:76:a3:a4:bb:
                    a5:de:00:ed:ef:ac:79:3e:a5:7d:ee:48:81:c5:50:
                    9c:4d:35:8c:15:77:39:84:37:45:f7:82:d0:ff:c6:
                    b7:62:0e:92:04:78:60:c9:b7:83:22:6d:56:5f:6b:
                    68:66:da:06:48:c3:9c:b6:97:d8:b0:c2:e8:2a:15:
                    fe:c6:c9:a6:b5:bf:c4:bd:da:13:6a:fa:30:c3:8e:
                    c0:d2:f8:2c:5c:9b:6f:ac:73:34:ce:c5:dd:3b:d1:
                    fb:31:99:54:57:b1:94:15:7f:8f:a1:1e:19:a4:8c:
                    02:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:1C:AB:04:F6:B4:61:F5:AE:A9:76:D5:1E:95:65:AD:12:34:EE:1E
            X509v3 Authority Key Identifier:
                keyid:86:AF:2C:71:66:BB:34:A6:96:FD:E2:FB:AC:EF:40:01:B0:A8:E7:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hq8scWa7NKaW_eL7rO9AAbCo5-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/PhyrBPa0YfWuqXbVHpVlrRI07h4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/f8f66d-8a47-4431-af51-e4f58704804e/1/hq8scWa7NKaW_eL7rO9AAbCo5-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.186.2.0-31.186.5.255
                  31.186.7.0/24
                  31.186.9.0-31.186.21.255
                  31.186.23.0/24
                  31.186.28.0/22
                IPv6:
                  2a0d:a000:0:a00::-2a0d:a000:0:1aff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         13:7c:7e:e9:35:83:0c:ef:d4:2d:b4:2a:36:78:2e:bc:41:60:
         56:bc:d8:57:04:f9:b6:df:6c:18:06:f1:49:9e:b5:fe:6c:be:
         53:24:c5:51:97:dd:81:29:b1:95:00:ed:9c:cc:af:78:0c:d1:
         2a:c4:93:1f:ef:2d:86:1b:e8:13:f1:06:03:b4:52:3a:2c:b6:
         67:9c:78:68:a6:52:56:10:e7:70:9e:e8:b2:c0:76:6c:b4:ba:
         ea:ef:1c:4c:6b:61:f3:64:f0:5e:16:04:de:d7:a2:37:e0:62:
         f3:8a:59:22:72:67:33:9e:43:67:93:8b:4f:08:d0:51:17:a5:
         f2:79:6e:2d:e8:5f:55:03:12:1b:d7:fe:a8:01:30:af:b9:64:
         28:fb:ac:4c:8f:36:02:bd:90:13:d3:14:28:c5:b1:3a:c3:75:
         a9:67:4e:e2:38:8b:4b:bd:7e:d6:06:e1:1a:97:22:db:94:66:
         56:2d:de:91:37:03:55:a5:cc:ef:ad:00:a8:dc:83:67:92:e5:
         04:8d:db:79:9d:31:6e:ab:c6:52:17:f8:aa:78:4b:49:d0:00:
         46:2c:bb:6c:65:ae:e9:5d:c7:5d:bb:7d:50:ed:81:ab:58:86:
         3b:58:ff:97:0e:e9:64:fe:ac:86:ed:ae:ee:2d:7c:55:e8:8c:
         d4:f4:d9:55
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY0Wai+lLQ1HIkzLkKM/WjBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YWYyYzcxNjZiYjM0YTY5NmZkZTJmYmFjZWY0MDAxYjBh
OGU3ZTIwHhcNMjQwMTE3MDc1NDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTFjYWIwNGY2YjQ2MWY1YWVhOTc2ZDUxZTk1NjVhZDEyMzRlZTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvo3VZU60BcP2z4SwD5Y0iOvOcyCC
jI4OHDxUzfhOrasvEbkiQFrgbIu9AkIEjvnwxm5bOeKnSTkQf09G1AXsSljpXCi9
ny3Fgom6QVu3SiNVWM32kvd3XOo2gcJVBaJmgd9PSE3+2bCwqD0Ei5Zkc8nPkub2
3NXq96847PPX3hp9cCjTfmzHxMg6sCVqV+7p2XajpLul3gDt76x5PqV97kiBxVCc
TTWMFXc5hDdF94LQ/8a3Yg6SBHhgybeDIm1WX2toZtoGSMOctpfYsMLoKhX+xsmm
tb/EvdoTavoww47A0vgsXJtvrHM0zsXdO9H7MZlUV7GUFX+PoR4ZpIwCWQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFD4cqwT2tGH1rql21R6VZa0SNO4eMB8GA1UdIwQY
MBaAFIavLHFmuzSmlv3i+6zvQAGwqOfiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEt
ZTRmNTg3MDQ4MDRlLzEvUGh5ckJQYTBZZld1cVhiVkhwVmxyUkkwN2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mOGY2NmQtOGE0Ny00NDMxLWFmNTEtZTRmNTg3MDQ4MDRl
LzEvaHE4c2NXYTdOS2FXX2VMN3JPOUFBYkNvNS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA0BAIAATAuMAwDBAEfugID
BAEfugQDBAAfugcwDAMEAB+6CQMEAR+6FAMEAB+6FwMEAh+6HDAcBAIAAjAWMBQD
CAEqDaAAAAAKAwgAKg2gAAAAGjANBgkqhkiG9w0BAQsFAAOCAQEAE3x+6TWDDO/U
LbQqNnguvEFgVrzYVwT5tt9sGAbxSZ61/my+UyTFUZfdgSmxlQDtnMyveAzRKsST
H+8thhvoE/EGA7RSOiy2Z5x4aKZSVhDncJ7ossB2bLS66u8cTGth82TwXhYE3tei
N+Bi84pZInJnM55DZ5OLTwjQURel8nluLehfVQMSG9f+qAEwr7lkKPusTI82Ar2Q
E9MUKMWxOsN1qWdO4jiLS71+1gbhGpci25RmVi3ekTcDVaXM760AqNyDZ5LlBI3b
eZ0xbqvGUhf4qnhLSdAARiy7bGWu6V3HXbt9UO2Bq1iGO1j/lw7pZP6shu2u7i18
VeiM1PTZVQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:34 2024 by rpki-client on console-fra.rpki-client.org