Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/U9f8CwZHRmScmPcDHEjGhN0V0BY.roa
File:                     U9f8CwZHRmScmPcDHEjGhN0V0BY.roa (raw, json)
Hash identifier:          a1FqiqQuJE8yOzBcBxzWcNDruJ2Wn0NKpM93yBmoTyQ=
Subject key identifier:   53:D7:FC:0B:06:47:46:64:9C:98:F7:03:1C:48:C6:84:DD:15:D0:16
Certificate issuer:       /CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
Certificate serial:       018CC9BB06AC27A3580B62F8A26AADA534AC
Authority key identifier: E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/U9f8CwZHRmScmPcDHEjGhN0V0BY.roa
Signing time:             Tue 02 Jan 2024 10:32:06 +0000
ROA not before:           Tue 02 Jan 2024 10:32:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     36007
IP address blocks:        103.13.211.0/24 maxlen: 24
                          185.139.228.0/24 maxlen: 24
                          45.91.171.0/24 maxlen: 24
                          185.53.209.0/24 maxlen: 24
                          103.241.66.0/24 maxlen: 24
                          103.241.67.0/24 maxlen: 24
                          103.45.245.0/24 maxlen: 24
                          103.45.246.0/24 maxlen: 24
                          185.47.172.0/24 maxlen: 24
                          91.223.169.0/24 maxlen: 24
                          91.202.170.0/24 maxlen: 24
                          2a06:c5c0:1700::/48 maxlen: 48
                          2a06:c5c0:1600::/48 maxlen: 48
                          2a06:c5c0:1500::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 15 Jan 2024 15:03:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:06:ac:27:a3:58:0b:62:f8:a2:6a:ad:a5:34:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5bd7923afdbae87d07b2308dd389d9cf082ed6d
        Validity
            Not Before: Jan  2 10:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53d7fc0b064746649c98f7031c48c684dd15d016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fd:58:8e:80:45:a3:6b:03:1b:01:09:59:aa:
                    99:49:ac:25:1a:99:9e:63:34:c5:cb:5f:f2:fb:9c:
                    8f:9f:dc:77:99:ab:0c:60:cf:fc:20:0c:4c:f7:ae:
                    a9:e5:aa:f4:20:37:f4:83:95:86:ed:91:9c:ec:26:
                    60:cc:98:86:e9:de:b4:10:c6:6a:29:de:0f:05:cc:
                    74:85:1b:90:ca:8e:ed:38:1d:f6:ef:d7:20:72:5e:
                    a3:39:4e:17:57:50:81:46:df:0f:74:b6:9e:d0:e6:
                    27:f8:86:80:15:09:36:df:be:9c:3a:dd:e4:a7:b4:
                    dd:98:29:03:d4:67:4e:c9:66:3b:3c:d6:19:78:ab:
                    ec:cd:1d:07:c0:b5:02:52:c7:bd:35:eb:39:cf:a4:
                    87:fc:9b:d6:76:ac:e4:61:98:e4:20:c4:ff:6c:f0:
                    5b:f9:0b:af:17:49:10:6d:af:ea:13:8e:f8:2c:74:
                    17:76:d0:fe:86:ae:7f:a8:8f:30:be:12:c5:c7:a6:
                    c9:10:c2:96:82:fb:7c:22:c3:6e:1d:ee:f7:5c:a3:
                    62:69:8b:6d:1a:a5:ab:0a:0d:7b:71:c6:4c:f3:1a:
                    be:45:e3:76:e0:4e:b0:ca:b1:5e:0d:b5:22:d9:f0:
                    cc:c5:10:db:b8:11:6b:b6:03:8d:97:76:a5:73:06:
                    d0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D7:FC:0B:06:47:46:64:9C:98:F7:03:1C:48:C6:84:DD:15:D0:16
            X509v3 Authority Key Identifier:
                keyid:E5:BD:79:23:AF:DB:AE:87:D0:7B:23:08:DD:38:9D:9C:F0:82:ED:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b15I6_brofQeyMI3TidnPCC7W0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/U9f8CwZHRmScmPcDHEjGhN0V0BY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/269229-20eb-4f1c-a13e-26d1e54578f1/1/5b15I6_brofQeyMI3TidnPCC7W0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.171.0/24
                  91.202.170.0/24
                  91.223.169.0/24
                  103.13.211.0/24
                  103.45.245.0-103.45.246.255
                  103.241.66.0/23
                  185.47.172.0/24
                  185.53.209.0/24
                  185.139.228.0/24
                IPv6:
                  2a06:c5c0:1500::/48
                  2a06:c5c0:1600::/48
                  2a06:c5c0:1700::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:63:36:6c:da:3e:0e:79:34:4a:cb:e2:cb:05:90:4f:b4:8c:
         e1:20:29:fe:ac:23:cd:1a:ea:c1:4e:64:76:e5:be:7c:51:21:
         80:c3:da:2c:b9:a3:4a:b2:6e:59:02:c9:14:35:60:80:c9:50:
         a1:6e:93:e6:da:80:49:3f:d8:b7:75:b8:1a:8d:35:0c:cd:ec:
         ad:9b:e8:83:a7:d5:32:f1:27:c4:fb:3a:7b:4b:ee:af:e1:9d:
         bd:0f:0b:81:92:09:29:85:2a:e6:c6:5f:87:3b:0c:a8:16:70:
         e7:9b:02:1b:b1:fa:fb:ba:04:a6:b4:97:3e:e9:e1:30:de:8c:
         49:69:c3:d5:7b:06:c3:88:1d:02:e7:3b:44:41:12:53:da:46:
         fe:09:89:ee:08:87:81:bd:88:3e:1b:d2:18:ab:cc:84:69:04:
         da:fe:7f:d5:cc:68:ac:98:ad:11:c7:d7:65:d1:fd:65:22:58:
         6b:4a:f0:76:b6:ef:15:bf:be:a4:14:40:c4:0a:34:93:a1:03:
         cd:d5:0d:8d:f5:d7:a4:7f:92:92:fa:f5:1d:8c:6c:62:98:dc:
         f9:30:4f:17:a4:42:9c:3a:aa:1d:25:b4:21:5d:40:94:df:35:
         83:3a:c7:4e:87:2b:40:1f:a9:50:59:0f:5a:ca:04:a8:d8:08:
         88:85:94:4f
-----BEGIN CERTIFICATE-----
MIIFWDCCBECgAwIBAgISAYzJuwasJ6NYC2L4omqtpTSsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YmQ3OTIzYWZkYmFlODdkMDdiMjMwOGRkMzg5ZDljZjA4
MmVkNmQwHhcNMjQwMTAyMTAzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2Q3ZmMwYjA2NDc0NjY0OWM5OGY3MDMxYzQ4YzY4NGRkMTVkMDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv1YjoBFo2sDGwEJWaqZSawlGpme
YzTFy1/y+5yPn9x3masMYM/8IAxM966p5ar0IDf0g5WG7ZGc7CZgzJiG6d60EMZq
Kd4PBcx0hRuQyo7tOB3279cgcl6jOU4XV1CBRt8PdLae0OYn+IaAFQk2376cOt3k
p7TdmCkD1GdOyWY7PNYZeKvszR0HwLUCUse9Nes5z6SH/JvWdqzkYZjkIMT/bPBb
+QuvF0kQba/qE474LHQXdtD+hq5/qI8wvhLFx6bJEMKWgvt8IsNuHe73XKNiaYtt
GqWrCg17ccZM8xq+ReN24E6wyrFeDbUi2fDMxRDbuBFrtgONl3alcwbQeQIDAQAB
o4ICZDCCAmAwHQYDVR0OBBYEFFPX/AsGR0ZknJj3AxxIxoTdFdAWMB8GA1UdIwQY
MBaAFOW9eSOv266H0HsjCN04nZzwgu1tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2Ut
MjZkMWU1NDU3OGYxLzEvVTlmOEN3WkhSbVNjbVBjREhFakdoTjBWMEJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8yNjkyMjktMjBlYi00ZjFjLWExM2UtMjZkMWU1NDU3OGYx
LzEvNWIxNUk2X2Jyb2ZRZXlNSTNUaWRuUENDN1cwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHoGCCsGAQUFBwEHAQH/BGswaTBEBAIAATA+AwQALVurAwQA
W8qqAwQAW9+pAwQAZw3TMAwDBABnLfUDBABnLfYDBAFn8UIDBAC5L6wDBAC5NdED
BAC5i+QwIQQCAAIwGwMHACoGxcAVAAMHACoGxcAWAAMHACoGxcAXADANBgkqhkiG
9w0BAQsFAAOCAQEAjWM2bNo+Dnk0SsviywWQT7SM4SAp/qwjzRrqwU5kduW+fFEh
gMPaLLmjSrJuWQLJFDVggMlQoW6T5tqAST/Yt3W4Go01DM3srZvog6fVMvEnxPs6
e0vur+GdvQ8LgZIJKYUq5sZfhzsMqBZw55sCG7H6+7oEprSXPunhMN6MSWnD1XsG
w4gdAuc7REESU9pG/gmJ7giHgb2IPhvSGKvMhGkE2v5/1cxorJitEcfXZdH9ZSJY
a0rwdrbvFb++pBRAxAo0k6EDzdUNjfXXpH+Skvr1HYxsYpjc+TBPF6RCnDqqHSW0
IV1AlN81gzrHTocrQB+pUFkPWsoEqNgIiIWUTw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:36 2024 by rpki-client on console-ams.rpki-client.org