Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/zAUSD7EuWuSZfnvtTfdr26w29zM.roa
File:                     zAUSD7EuWuSZfnvtTfdr26w29zM.roa (raw, json)
Hash identifier:          ERMVEiTuVrcRaYOSHcr0NknVoZGQao2HHWjRGUx7DMY=
Subject key identifier:   CC:05:12:0F:B1:2E:5A:E4:99:7E:7B:ED:4D:F7:6B:DB:AC:36:F7:33
Certificate issuer:       /CN=09e5518e68467b4290c3509268b6d6d664962c86
Certificate serial:       018CC2DB1BA8D5BADB4FA400262BC82DCFED
Authority key identifier: 09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/zAUSD7EuWuSZfnvtTfdr26w29zM.roa
Signing time:             Mon 01 Jan 2024 02:29:48 +0000
ROA not before:           Mon 01 Jan 2024 02:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31515
IP address blocks:        161.30.169.0/24 maxlen: 24
                          161.30.130.0/24 maxlen: 24
                          161.30.129.0/24 maxlen: 24
                          161.30.28.0/24 maxlen: 24
                          161.30.33.0/24 maxlen: 24
                          161.30.42.0/23 maxlen: 24
                          161.30.40.0/23 maxlen: 23
                          161.30.44.0/23 maxlen: 24
                          161.30.203.0/24 maxlen: 24
                          161.30.8.0/24 maxlen: 24
                          161.30.9.0/24 maxlen: 24
                          161.30.7.0/24 maxlen: 24
                          161.30.5.0/24 maxlen: 24
                          161.30.16.0/22 maxlen: 22
                          161.30.12.0/22 maxlen: 22
                          161.30.22.0/23 maxlen: 23
                          161.30.237.0/24 maxlen: 24
                          161.30.238.0/24 maxlen: 24
                          161.30.236.0/22 maxlen: 24
                          161.30.240.0/24 maxlen: 24
                          2a11:ae00::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 16:05:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:1b:a8:d5:ba:db:4f:a4:00:26:2b:c8:2d:cf:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09e5518e68467b4290c3509268b6d6d664962c86
        Validity
            Not Before: Jan  1 02:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc05120fb12e5ae4997e7bed4df76bdbac36f733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:aa:d4:8f:68:70:70:f9:d1:e3:4c:bb:c9:82:
                    a7:80:24:c2:2e:9b:4b:2d:62:3a:38:bd:c3:d0:e1:
                    a2:87:91:18:9d:17:fe:23:00:bf:6d:65:3a:74:08:
                    87:e1:48:9c:b2:21:08:e1:fe:e1:44:06:76:bb:f5:
                    83:1d:6e:85:cf:6c:45:e8:83:a4:9f:3f:fe:b6:5b:
                    0a:c8:8d:ef:e8:8e:0d:94:3a:5a:56:68:8e:01:e3:
                    dc:88:63:42:26:36:03:b7:0e:02:be:9c:32:33:45:
                    a3:02:fd:54:70:59:49:94:ba:b7:e8:5b:a6:b7:f9:
                    1b:02:04:44:69:d0:ae:67:ad:cb:7d:a9:ad:a8:69:
                    b0:00:88:b5:89:57:f8:11:21:3e:8e:b4:fb:b3:1a:
                    50:21:7f:02:d6:d4:71:2b:1c:60:a0:0c:76:a7:3d:
                    76:f2:61:56:b5:1c:14:2a:5b:15:3a:16:78:f0:9b:
                    d1:27:cd:97:d3:93:60:bb:32:21:ac:86:65:a7:49:
                    c3:14:80:88:b6:60:4a:6d:aa:3b:1d:4a:df:de:85:
                    f8:cc:59:c9:4e:9b:f6:81:f0:1d:17:79:75:4f:4e:
                    5c:00:1e:4d:a1:7b:24:22:40:45:66:c7:4a:d6:4f:
                    3e:11:97:51:9c:f2:cc:6b:57:46:9e:c1:bf:cd:fa:
                    b7:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:05:12:0F:B1:2E:5A:E4:99:7E:7B:ED:4D:F7:6B:DB:AC:36:F7:33
            X509v3 Authority Key Identifier:
                keyid:09:E5:51:8E:68:46:7B:42:90:C3:50:92:68:B6:D6:D6:64:96:2C:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeVRjmhGe0KQw1CSaLbW1mSWLIY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/zAUSD7EuWuSZfnvtTfdr26w29zM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/30282c-3c82-4730-b95e-e745948983ed/1/CeVRjmhGe0KQw1CSaLbW1mSWLIY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.30.5.0/24
                  161.30.7.0-161.30.9.255
                  161.30.12.0-161.30.19.255
                  161.30.22.0/23
                  161.30.28.0/24
                  161.30.33.0/24
                  161.30.40.0-161.30.45.255
                  161.30.129.0-161.30.130.255
                  161.30.169.0/24
                  161.30.203.0/24
                  161.30.236.0-161.30.240.255
                IPv6:
                  2a11:ae00::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:30:1c:38:7a:10:15:d3:dc:bc:40:b1:d3:0f:0e:3c:21:87:
         52:fa:6a:82:9c:94:10:c8:0e:98:27:dc:5c:3d:f3:82:6b:8e:
         87:4b:66:11:1e:b8:54:b9:9a:a4:d2:5e:66:7f:01:01:89:9f:
         29:93:10:6a:3c:12:f1:80:c2:a6:f2:e1:06:cf:4c:f2:0e:22:
         1c:1f:f6:0e:05:4d:cf:5a:a3:02:b8:cf:e2:b9:86:03:c7:14:
         e2:ca:bc:00:ca:db:c2:9d:30:b6:0e:43:71:ac:b7:29:6c:ab:
         8c:fd:be:3e:11:fb:f6:97:34:0f:d6:f7:39:ed:50:99:57:11:
         7e:58:9b:74:39:84:e8:30:8f:dd:f6:01:c2:63:c6:23:72:7d:
         07:23:02:fa:e7:fa:cf:ab:c7:05:21:34:ab:7c:cb:04:59:29:
         11:3a:95:9e:23:d0:80:d7:c1:e5:79:e0:93:ae:6c:05:60:03:
         aa:53:48:48:a0:01:4f:27:35:3d:45:dc:4d:70:b5:0b:bf:18:
         a5:c0:dd:bb:0b:c6:95:d8:96:c7:7e:22:22:fa:c8:6d:0a:de:
         61:19:19:31:40:64:fc:ce:80:d7:c9:23:5b:48:ff:c8:e5:8a:
         6e:ca:23:a9:89:8e:ef:7c:3c:d5:60:1e:8a:86:e5:d6:02:76:
         25:7f:d5:a4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzC2xuo1brbT6QAJivILc/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZTU1MThlNjg0NjdiNDI5MGMzNTA5MjY4YjZkNmQ2NjQ5
NjJjODYwHhcNMjQwMTAxMDIyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA1MTIwZmIxMmU1YWU0OTk3ZTdiZWQ0ZGY3NmJkYmFjMzZmNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkarUj2hwcPnR40y7yYKngCTCLptL
LWI6OL3D0OGih5EYnRf+IwC/bWU6dAiH4UicsiEI4f7hRAZ2u/WDHW6Fz2xF6IOk
nz/+tlsKyI3v6I4NlDpaVmiOAePciGNCJjYDtw4CvpwyM0WjAv1UcFlJlLq36Fum
t/kbAgREadCuZ63LfamtqGmwAIi1iVf4ESE+jrT7sxpQIX8C1tRxKxxgoAx2pz12
8mFWtRwUKlsVOhZ48JvRJ82X05NguzIhrIZlp0nDFICItmBKbao7HUrf3oX4zFnJ
Tpv2gfAdF3l1T05cAB5NoXskIkBFZsdK1k8+EZdRnPLMa1dGnsG/zfq3bwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMwFEg+xLlrkmX577U33a9usNvczMB8GA1UdIwQY
MBaAFAnlUY5oRntCkMNQkmi21tZkliyGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUt
ZTc0NTk0ODk4M2VkLzEvekFVU0Q3RXVXdVNaZm52dFRmZHIyNncyOXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8zMDI4MmMtM2M4Mi00NzMwLWI5NWUtZTc0NTk0ODk4M2Vk
LzEvQ2VWUmptaEdlMEtRdzFDU2FMYlcxbVNXTElZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGUBggrBgEFBQcBBwEB/wSBhDCBgTBwBAIAATBqAwQAoR4F
MAwDBAChHgcDBAGhHggwDAMEAqEeDAMEAqEeEAMEAaEeFgMEAKEeHAMEAKEeITAM
AwQDoR4oAwQBoR4sMAwDBAChHoEDBAChHoIDBAChHqkDBAChHsswDAMEAqEe7AME
AKEe8DANBAIAAjAHAwUAKhGuADANBgkqhkiG9w0BAQsFAAOCAQEAQzAcOHoQFdPc
vECx0w8OPCGHUvpqgpyUEMgOmCfcXD3zgmuOh0tmER64VLmapNJeZn8BAYmfKZMQ
ajwS8YDCpvLhBs9M8g4iHB/2DgVNz1qjArjP4rmGA8cU4sq8AMrbwp0wtg5Dcay3
KWyrjP2+PhH79pc0D9b3Oe1QmVcRflibdDmE6DCP3fYBwmPGI3J9ByMC+uf6z6vH
BSE0q3zLBFkpETqVniPQgNfB5Xngk65sBWADqlNISKABTyc1PUXcTXC1C78YpcDd
uwvGldiWx34iIvrIbQreYRkZMUBk/M6A18kjW0j/yOWKbsojqYmO73w81WAeiobl
1gJ2JX/VpA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:53 2024 by rpki-client on console-ams.rpki-client.org