Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/Hf0aV7AYqSjlzTYttA1UExKTl00.roa
File:                     Hf0aV7AYqSjlzTYttA1UExKTl00.roa (raw, json)
Hash identifier:          VwYdQY2OX4yZWAtSEMAZOTmXGn8KUCW+1iZYmKdl6zo=
Subject key identifier:   1D:FD:1A:57:B0:18:A9:28:E5:CD:36:2D:B4:0D:54:13:12:93:97:4D
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       018E518836A0CA1BD679FB6C192BDC8AE840
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/Hf0aV7AYqSjlzTYttA1UExKTl00.roa
Signing time:             Mon 18 Mar 2024 12:27:45 +0000
ROA not before:           Mon 18 Mar 2024 12:27:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21412
IP address blocks:        5.20.0.0/21 maxlen: 32
                          5.20.8.0/21 maxlen: 21
                          5.20.16.0/20 maxlen: 20
                          5.20.32.0/19 maxlen: 19
                          5.20.64.0/19 maxlen: 19
                          5.20.96.0/21 maxlen: 21
                          5.20.104.0/21 maxlen: 21
                          5.20.112.0/21 maxlen: 21
                          5.20.120.0/21 maxlen: 21
                          5.20.128.0/19 maxlen: 19
                          5.20.160.0/19 maxlen: 19
                          5.20.192.0/19 maxlen: 19
                          5.20.224.0/21 maxlen: 21
                          5.20.232.0/21 maxlen: 21
                          5.20.240.0/20 maxlen: 20
                          31.209.64.0/20 maxlen: 20
                          37.157.144.0/21 maxlen: 21
                          46.251.32.0/19 maxlen: 19
                          77.87.8.0/21 maxlen: 21
                          77.221.64.0/19 maxlen: 19
                          79.133.224.0/19 maxlen: 19
                          80.240.0.0/20 maxlen: 20
                          81.29.16.0/20 maxlen: 20
                          87.239.112.0/21 maxlen: 21
                          87.247.64.0/18 maxlen: 18
                          91.187.160.0/19 maxlen: 19
                          178.16.32.0/20 maxlen: 20
                          178.250.32.0/21 maxlen: 21
                          185.26.132.0/22 maxlen: 22
                          185.54.12.0/22 maxlen: 22
                          185.198.32.0/22 maxlen: 22
                          212.52.32.0/19 maxlen: 19
                          212.117.0.0/19 maxlen: 19
                          217.17.80.0/20 maxlen: 20
                          2a00:7600::/32 maxlen: 32
                          2a01:a1c0::/32 maxlen: 32
                          2a04:ce00::/29 maxlen: 29
                          2a04:eb00::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 20 Mar 2024 15:20:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:88:36:a0:ca:1b:d6:79:fb:6c:19:2b:dc:8a:e8:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Mar 18 12:27:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1dfd1a57b018a928e5cd362db40d54131293974d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:1c:b1:02:ef:da:be:e8:62:08:1c:6e:8e:3f:
                    ce:4b:91:37:ef:29:66:4c:b8:69:81:5d:71:33:1c:
                    e7:4c:00:3a:9e:48:14:60:c3:9c:4b:3c:d5:4b:c6:
                    ac:d6:f2:c5:56:be:05:74:9c:49:f0:6a:1a:ef:99:
                    5a:d3:c8:fb:28:8f:16:2f:53:5d:08:26:8e:60:12:
                    e7:9f:b9:9b:4f:43:dc:b2:36:e6:45:6a:ef:24:48:
                    8d:c5:9e:46:89:00:ee:b0:39:a4:9c:66:22:7f:23:
                    c7:6c:e0:af:13:ca:b1:5c:d5:c1:9c:c9:ef:f7:2e:
                    d3:b4:48:2a:54:f0:b0:a6:c7:eb:5a:49:ad:9f:d5:
                    4a:b1:f5:c1:2f:16:55:f8:84:55:4e:f2:79:13:82:
                    92:90:a7:2c:c9:7c:84:76:5e:86:ea:6f:50:b5:7e:
                    ce:bb:0a:9e:5e:60:16:3e:fa:dd:22:ec:d7:f7:e1:
                    22:4c:89:96:cb:4e:fa:a2:59:5f:54:17:7a:31:a2:
                    79:9d:27:dd:53:5f:16:f6:0c:0a:b5:6f:27:4a:86:
                    95:e7:35:d8:30:b3:52:31:b6:3b:ef:96:7a:17:6b:
                    d7:75:5f:c3:e3:61:14:74:7c:b9:e5:8d:f4:d3:be:
                    93:8a:51:6e:d6:0d:1b:38:9c:1c:9e:1d:e6:91:72:
                    71:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:FD:1A:57:B0:18:A9:28:E5:CD:36:2D:B4:0D:54:13:12:93:97:4D
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/Hf0aV7AYqSjlzTYttA1UExKTl00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.20.0.0/16
                  31.209.64.0/20
                  37.157.144.0/21
                  46.251.32.0/19
                  77.87.8.0/21
                  77.221.64.0/19
                  79.133.224.0/19
                  80.240.0.0/20
                  81.29.16.0/20
                  87.239.112.0/21
                  87.247.64.0/18
                  91.187.160.0/19
                  178.16.32.0/20
                  178.250.32.0/21
                  185.26.132.0/22
                  185.54.12.0/22
                  185.198.32.0/22
                  212.52.32.0/19
                  212.117.0.0/19
                  217.17.80.0/20
                IPv6:
                  2a00:7600::/32
                  2a01:a1c0::/32
                  2a04:ce00::/29
                  2a04:eb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:1f:be:94:84:a4:8a:27:0d:8a:a9:bc:69:78:ae:a1:4f:bc:
         99:d5:3b:cd:e0:23:cd:8b:b1:23:87:10:72:8a:06:62:a3:cc:
         b1:26:59:ad:93:9c:be:db:79:6d:f8:f0:7e:83:c2:f4:cc:66:
         8c:7a:94:d8:0c:bf:81:d6:e0:2b:ff:11:d3:7b:b1:28:23:4b:
         68:d7:0c:76:6e:f0:b6:fa:0c:e9:95:b6:8e:30:82:c6:d2:99:
         3e:21:90:19:9e:ad:8b:84:12:b0:89:5c:2b:e7:cd:2a:9e:d0:
         fa:3b:12:e8:1c:2f:49:56:b0:53:17:a9:c2:4c:a9:6a:c0:6e:
         6a:55:32:e5:7d:c6:23:bb:20:1f:59:76:8b:22:c2:57:31:25:
         7d:10:a1:ec:7f:11:82:41:9c:43:91:c0:fa:de:fd:02:54:2b:
         6f:66:d4:7d:87:43:74:57:65:68:3c:6b:dc:e8:ff:51:59:78:
         78:fb:87:bf:8d:ad:ba:e2:1b:e4:15:b4:8d:b6:0b:d7:bb:5c:
         12:bf:39:7c:69:83:d9:23:87:9f:71:4b:75:6a:36:60:af:8c:
         2b:c3:16:6a:99:a0:6d:cc:06:25:c9:3c:ed:77:98:12:b6:0c:
         d9:b8:5a:a1:e8:ad:75:06:53:65:0f:ff:22:f8:fd:4c:e8:03:
         7b:a8:bc:54
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAY5RiDagyhvWeftsGSvciuhAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjQwMzE4MTIyNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGZkMWE1N2IwMThhOTI4ZTVjZDM2MmRiNDBkNTQxMzEyOTM5NzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xyxAu/avuhiCBxujj/OS5E37ylm
TLhpgV1xMxznTAA6nkgUYMOcSzzVS8as1vLFVr4FdJxJ8Goa75la08j7KI8WL1Nd
CCaOYBLnn7mbT0PcsjbmRWrvJEiNxZ5GiQDusDmknGYifyPHbOCvE8qxXNXBnMnv
9y7TtEgqVPCwpsfrWkmtn9VKsfXBLxZV+IRVTvJ5E4KSkKcsyXyEdl6G6m9QtX7O
uwqeXmAWPvrdIuzX9+EiTImWy076ollfVBd6MaJ5nSfdU18W9gwKtW8nSoaV5zXY
MLNSMbY775Z6F2vXdV/D42EUdHy55Y30076TilFu1g0bOJwcnh3mkXJxJwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFB39GlewGKko5c02LbQNVBMSk5dNMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvSGYwYVY3QVlxU2pselRZdHRBMVVFeEtUbDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG2BggrBgEFBQcBBwEB/wSBpjCBozB9BAIAATB3AwMABRQD
BAQf0UADBAMlnZADBAUu+yADBANNVwgDBAVN3UADBAVPheADBARQ8AADBARRHRAD
BANX73ADBAZX90ADBAVbu6ADBASyECADBAOy+iADBAK5GoQDBAK5NgwDBAK5xiAD
BAXUNCADBAXUdQADBATZEVAwIgQCAAIwHAMFACoAdgADBQAqAaHAAwUDKgTOAAMF
AyoE6wAwDQYJKoZIhvcNAQELBQADggEBAMAfvpSEpIonDYqpvGl4rqFPvJnVO83g
I82LsSOHEHKKBmKjzLEmWa2TnL7beW348H6DwvTMZox6lNgMv4HW4Cv/EdN7sSgj
S2jXDHZu8Lb6DOmVto4wgsbSmT4hkBmerYuEErCJXCvnzSqe0Po7EugcL0lWsFMX
qcJMqWrAbmpVMuV9xiO7IB9ZdosiwlcxJX0Qoex/EYJBnEORwPre/QJUK29m1H2H
Q3RXZWg8a9zo/1FZeHj7h7+NrbriG+QVtI22C9e7XBK/OXxpg9kjh59xS3VqNmCv
jCvDFmqZoG3MBiXJPO13mBK2DNm4WqHorXUGU2UP/yL4/UzoA3uovFQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:09 2024 by rpki-client on console-ams.rpki-client.org