Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/dz2yTesQIe_z91wcWJI22yKGOYs.roa
File:                     dz2yTesQIe_z91wcWJI22yKGOYs.roa (raw, json)
Hash identifier:          WT9j6u2JeDY8ruivtPb5j/t4CSxxWNmbsD1EAWTt3GI=
Subject key identifier:   77:3D:B2:4D:EB:10:21:EF:F3:F7:5C:1C:58:92:36:DB:22:86:39:8B
Certificate issuer:       /CN=39247f77a3ae0af71eac03256449f5d292cffd74
Certificate serial:       018CEFDBFC0E452AEC3ACE7234AF59CAA553
Authority key identifier: 39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/dz2yTesQIe_z91wcWJI22yKGOYs.roa
Signing time:             Tue 09 Jan 2024 20:13:40 +0000
ROA not before:           Tue 09 Jan 2024 20:13:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273134
IP address blocks:        109.70.135.0/24 maxlen: 24
                          109.70.134.0/24 maxlen: 24
                          109.70.132.0/23 maxlen: 23
                          109.70.132.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Wed 28 Feb 2024 10:44:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ef:db:fc:0e:45:2a:ec:3a:ce:72:34:af:59:ca:a5:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39247f77a3ae0af71eac03256449f5d292cffd74
        Validity
            Not Before: Jan  9 20:13:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=773db24deb1021eff3f75c1c589236db2286398b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f7:a6:02:b1:37:f8:e7:e6:f9:6e:59:50:ba:
                    06:70:af:60:be:62:39:a6:df:66:db:b4:47:d7:5e:
                    2b:91:3d:34:e5:c5:a8:36:f6:bd:e3:86:3e:34:bd:
                    41:3f:d2:ea:58:80:49:77:c6:cf:1b:0a:ec:c7:6d:
                    3d:f0:9e:95:ca:42:af:85:63:35:c3:c7:ef:03:52:
                    bf:b6:54:8d:48:f2:74:bb:40:92:82:02:03:79:50:
                    dc:38:b3:1d:e4:8d:bd:fd:03:42:23:3b:39:a7:90:
                    7b:c6:7d:18:14:c5:26:93:20:3d:7b:f5:4f:ca:37:
                    00:e2:47:6f:35:3a:2a:2b:53:87:aa:d5:23:a8:7a:
                    29:66:94:f4:c5:d7:bc:ba:2d:38:c1:fe:ee:25:1a:
                    0d:8e:01:70:4a:08:21:59:fb:bb:f5:f0:ab:6e:a9:
                    a9:24:13:af:19:c6:7a:e9:b1:00:3a:c1:c2:cd:bb:
                    0c:d6:d8:a7:3b:f4:9b:8c:68:39:40:b4:a9:93:4f:
                    f1:1f:b3:48:5f:94:03:62:e6:67:1a:c9:7a:f7:d8:
                    09:5e:47:a1:ba:4d:75:23:9f:70:b9:eb:e2:1b:ff:
                    ab:e0:6d:a1:05:68:1f:c9:c5:70:36:83:10:31:ad:
                    5f:9c:ba:aa:1d:7c:ec:5e:4a:e1:26:ab:2d:0b:08:
                    d3:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3D:B2:4D:EB:10:21:EF:F3:F7:5C:1C:58:92:36:DB:22:86:39:8B
            X509v3 Authority Key Identifier:
                keyid:39:24:7F:77:A3:AE:0A:F7:1E:AC:03:25:64:49:F5:D2:92:CF:FD:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OSR_d6OuCvcerAMlZEn10pLP_XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/dz2yTesQIe_z91wcWJI22yKGOYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82ed9c-7c13-48b9-a886-cd66ad534812/1/OSR_d6OuCvcerAMlZEn10pLP_XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a3:80:9d:31:6c:0f:94:f5:67:34:f0:84:58:66:25:11:d2:d9:
         0e:f0:38:57:34:30:ca:22:8c:82:07:a0:73:1d:02:a8:57:fd:
         81:b1:e4:57:08:20:bc:5f:33:6f:f6:c4:0d:21:11:9a:e8:22:
         69:2d:94:19:d8:b6:0a:c7:ba:42:8a:50:93:a4:f8:d1:2d:2f:
         e4:bf:e6:b4:08:a8:d6:36:8f:a5:32:d3:5b:37:44:ca:63:e1:
         a5:1a:cf:c8:05:62:d3:80:ae:dc:51:3c:d1:91:a0:5e:5e:45:
         ae:eb:cd:0d:4c:99:51:09:a0:e9:9b:70:2c:4a:29:53:db:f9:
         58:01:80:74:b1:f5:b9:ea:24:46:2e:41:d2:df:ed:be:e5:11:
         be:ab:5b:f7:46:a9:f3:10:7d:f8:84:23:5d:f4:79:4c:97:6f:
         80:df:fb:44:ac:ac:ca:a4:24:00:79:e9:12:97:dc:f2:88:57:
         3f:a3:00:56:61:0d:37:ef:62:12:00:eb:2f:21:c8:73:a1:19:
         4c:6d:ef:10:ca:16:b6:e2:bf:e9:7b:80:82:a1:f5:dc:f1:bb:
         0e:d1:99:76:3e:5a:ea:84:c0:45:cf:12:66:3c:e8:ed:41:d1:
         09:96:4d:67:55:b4:63:0e:37:0d:20:93:d7:45:a7:4f:d7:29:
         e5:51:38:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzv2/wORSrsOs5yNK9ZyqVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5MjQ3Zjc3YTNhZTBhZjcxZWFjMDMyNTY0NDlmNWQyOTJj
ZmZkNzQwHhcNMjQwMTA5MjAxMzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzNkYjI0ZGViMTAyMWVmZjNmNzVjMWM1ODkyMzZkYjIyODYzOThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPemArE3+Ofm+W5ZULoGcK9gvmI5
pt9m27RH114rkT005cWoNva944Y+NL1BP9LqWIBJd8bPGwrsx2098J6VykKvhWM1
w8fvA1K/tlSNSPJ0u0CSggIDeVDcOLMd5I29/QNCIzs5p5B7xn0YFMUmkyA9e/VP
yjcA4kdvNToqK1OHqtUjqHopZpT0xde8ui04wf7uJRoNjgFwSgghWfu79fCrbqmp
JBOvGcZ66bEAOsHCzbsM1tinO/SbjGg5QLSpk0/xH7NIX5QDYuZnGsl699gJXkeh
uk11I59wueviG/+r4G2hBWgfycVwNoMQMa1fnLqqHXzsXkrhJqstCwjT7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHc9sk3rECHv8/dcHFiSNtsihjmLMB8GA1UdIwQY
MBaAFDkkf3ejrgr3HqwDJWRJ9dKSz/10MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYt
Y2Q2NmFkNTM0ODEyLzEvZHoyeVRlc1FJZV96OTF3Y1dKSTIyeUtHT1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmVkOWMtN2MxMy00OGI5LWE4ODYtY2Q2NmFkNTM0ODEy
LzEvT1NSX2Q2T3VDdmNlckFNbFpFbjEwcExQX1hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbUaEMA0G
CSqGSIb3DQEBCwUAA4IBAQCjgJ0xbA+U9Wc08IRYZiUR0tkO8DhXNDDKIoyCB6Bz
HQKoV/2BseRXCCC8XzNv9sQNIRGa6CJpLZQZ2LYKx7pCilCTpPjRLS/kv+a0CKjW
No+lMtNbN0TKY+GlGs/IBWLTgK7cUTzRkaBeXkWu680NTJlRCaDpm3AsSilT2/lY
AYB0sfW56iRGLkHS3+2+5RG+q1v3RqnzEH34hCNd9HlMl2+A3/tErKzKpCQAeekS
l9zyiFc/owBWYQ0372ISAOsvIchzoRlMbe8Qyha24r/pe4CCofXc8bsO0Zl2Plrq
hMBFzxJmPOjtQdEJlk1nVbRjDjcNIJPXRadP1ynlUTjF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:15 2024 by rpki-client on console-fra.rpki-client.org