Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/h-P4nLgmTDZKiVpk8Vw9Hp2lMzs.roa
File:                     h-P4nLgmTDZKiVpk8Vw9Hp2lMzs.roa (raw, json)
Hash identifier:          h+5t9vf/SEP6oZ1h1lXvhIsRWmXYZRYVoe5SIRcwipQ=
Subject key identifier:   87:E3:F8:9C:B8:26:4C:36:4A:89:5A:64:F1:5C:3D:1E:9D:A5:33:3B
Certificate issuer:       /CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
Certificate serial:       018A98A22F20012A71D2C8780CD45490431C
Authority key identifier: 0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/h-P4nLgmTDZKiVpk8Vw9Hp2lMzs.roa
Signing time:             Fri 15 Sep 2023 11:38:00 +0000
ROA not before:           Fri 15 Sep 2023 11:38:00 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        217.25.12.0/24 maxlen: 24
                          87.254.2.0/24 maxlen: 24
                          87.254.10.0/24 maxlen: 24
                          185.210.168.0/23 maxlen: 24
                          185.210.170.0/23 maxlen: 24
                          87.254.17.0/24 maxlen: 24
                          217.25.3.0/24 maxlen: 24
                          87.254.22.0/24 maxlen: 24
                          87.254.18.0/24 maxlen: 24
                          87.254.19.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Sep 2023 16:40:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:98:a2:2f:20:01:2a:71:d2:c8:78:0c:d4:54:90:43:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ff80cbdfe18354a3cfdba2fe079aa2ebc58dcd4
        Validity
            Not Before: Sep 15 11:38:00 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=87e3f89cb8264c364a895a64f15c3d1e9da5333b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:39:d3:be:f6:d7:87:36:e6:6c:3f:9f:cd:35:
                    ab:e1:e3:59:43:b4:02:e2:22:c3:24:57:b5:31:90:
                    a9:f7:bf:bb:26:7b:0a:02:4e:7c:f3:fc:ce:26:83:
                    80:aa:d7:06:0b:3b:e0:6e:57:da:49:fd:e6:b2:fb:
                    cd:58:97:1e:0e:3d:08:37:e5:04:46:4a:43:f6:81:
                    b5:b9:f6:2e:49:b5:6a:fd:b8:79:49:80:a1:e5:35:
                    fa:79:35:ce:78:ba:37:0e:12:3f:a6:74:5f:fe:e9:
                    89:cf:aa:f2:f0:d4:15:2e:3b:2c:46:c5:46:41:98:
                    b9:e9:de:1c:58:5b:ac:2e:43:ba:03:73:85:fa:08:
                    e4:8d:48:39:8d:ea:c4:02:49:e5:b7:64:75:47:32:
                    53:00:0c:6c:86:c2:b9:59:f9:2b:34:46:24:62:31:
                    b3:3b:a6:7e:f7:03:04:01:91:30:a9:e8:62:d0:ec:
                    ce:ec:d0:1a:0d:34:dd:3e:29:ba:39:2d:46:30:c2:
                    ab:01:db:eb:51:9c:68:7f:1d:05:83:6b:f0:6c:3b:
                    ad:bc:a8:42:49:67:a2:c0:2a:34:b8:4d:1e:d8:2d:
                    2f:04:79:e5:8d:c3:dd:b6:68:c8:46:4e:ea:b7:55:
                    cd:5f:6c:2d:00:1c:fb:54:2d:c9:8a:e5:58:69:80:
                    f4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:E3:F8:9C:B8:26:4C:36:4A:89:5A:64:F1:5C:3D:1E:9D:A5:33:3B
            X509v3 Authority Key Identifier:
                keyid:0F:F8:0C:BD:FE:18:35:4A:3C:FD:BA:2F:E0:79:AA:2E:BC:58:DC:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D_gMvf4YNUo8_bov4HmqLrxY3NQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/h-P4nLgmTDZKiVpk8Vw9Hp2lMzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/129564-f1db-4dc5-8906-6fcdcd5ab660/1/D_gMvf4YNUo8_bov4HmqLrxY3NQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.2.0/24
                  87.254.10.0/24
                  87.254.17.0-87.254.19.255
                  87.254.22.0/24
                  185.210.168.0/22
                  217.25.3.0/24
                  217.25.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ef:bc:6a:46:5c:b7:d7:36:e5:cd:64:fa:86:a8:33:16:68:
         d3:9d:e0:6e:14:0a:32:91:a4:b5:3b:5a:c4:82:77:58:40:c2:
         5b:32:fd:c5:0d:53:69:c6:ba:af:10:91:5f:24:a1:51:11:4d:
         22:9e:a9:02:3d:76:8a:bc:12:6a:06:58:0f:c4:eb:02:7b:a6:
         04:a2:cd:d6:40:97:bc:a7:99:c6:34:1f:38:5c:3c:d9:a4:eb:
         3f:73:d6:20:30:df:29:c0:e8:53:b4:93:83:f4:93:90:61:28:
         ce:ee:46:89:2e:ae:08:7d:27:ea:03:8e:88:0b:f1:34:cd:23:
         36:54:65:67:49:d8:6b:19:c6:18:b1:f1:21:5d:ee:1a:66:7b:
         68:0c:e2:94:72:11:c1:8b:78:7c:3c:54:06:b0:d3:b6:08:38:
         6e:a7:26:45:a7:02:cc:07:4f:07:96:14:98:d0:e2:e5:fd:68:
         fd:d7:57:7d:68:90:16:6a:da:e1:d4:4b:67:99:ae:15:a8:b6:
         f4:e3:c6:59:db:77:29:57:bc:03:f7:16:f6:73:d7:bb:d4:5f:
         9b:cc:89:8b:cf:f3:29:c4:a4:fd:60:5d:2d:0b:25:b5:f2:21:
         2a:12:d1:8c:8d:36:13:9c:ee:8b:86:a6:80:19:80:30:92:cc:
         7d:4d:e9:56
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYqYoi8gASpx0sh4DNRUkEMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZjgwY2JkZmUxODM1NGEzY2ZkYmEyZmUwNzlhYTJlYmM1
OGRjZDQwHhcNMjMwOTE1MTEzODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2UzZjg5Y2I4MjY0YzM2NGE4OTVhNjRmMTVjM2QxZTlkYTUzMzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDnTvvbXhzbmbD+fzTWr4eNZQ7QC
4iLDJFe1MZCp97+7JnsKAk588/zOJoOAqtcGCzvgblfaSf3msvvNWJceDj0IN+UE
RkpD9oG1ufYuSbVq/bh5SYCh5TX6eTXOeLo3DhI/pnRf/umJz6ry8NQVLjssRsVG
QZi56d4cWFusLkO6A3OF+gjkjUg5jerEAknlt2R1RzJTAAxshsK5WfkrNEYkYjGz
O6Z+9wMEAZEwqehi0OzO7NAaDTTdPim6OS1GMMKrAdvrUZxofx0Fg2vwbDutvKhC
SWeiwCo0uE0e2C0vBHnljcPdtmjIRk7qt1XNX2wtABz7VC3JiuVYaYD0UwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFIfj+Jy4Jkw2SolaZPFcPR6dpTM7MB8GA1UdIwQY
MBaAFA/4DL3+GDVKPP26L+B5qi68WNzUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYt
NmZjZGNkNWFiNjYwLzEvaC1QNG5MZ21URFpLaVZwazhWdzlIcDJsTXpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xMjk1NjQtZjFkYi00ZGM1LTg5MDYtNmZjZGNkNWFiNjYw
LzEvRF9nTXZmNFlOVW84X2JvdjRIbXFMcnhZM05RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAV/4CAwQA
V/4KMAwDBABX/hEDBAJX/hADBABX/hYDBAK50qgDBADZGQMDBADZGQwwDQYJKoZI
hvcNAQELBQADggEBABzvvGpGXLfXNuXNZPqGqDMWaNOd4G4UCjKRpLU7WsSCd1hA
wlsy/cUNU2nGuq8QkV8koVERTSKeqQI9doq8EmoGWA/E6wJ7pgSizdZAl7ynmcY0
HzhcPNmk6z9z1iAw3ynA6FO0k4P0k5BhKM7uRokurgh9J+oDjogL8TTNIzZUZWdJ
2GsZxhix8SFd7hpme2gM4pRyEcGLeHw8VAaw07YIOG6nJkWnAswHTweWFJjQ4uX9
aP3XV31okBZq2uHUS2eZrhWotvTjxlnbdylXvAP3FvZz17vUX5vMiYvP8ynEpP1g
XS0LJbXyISoS0YyNNhOc7ouGpoAZgDCSzH1N6VY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:22 2024 by rpki-client on console-ams.rpki-client.org