Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Kiqz4-Y9G4Th_PHMV-4Strc8yXg.roa
File:                     Kiqz4-Y9G4Th_PHMV-4Strc8yXg.roa (raw, json)
Hash identifier:          p/DNgcJABlaa9QJhgprLzxGDqCJRbZ0Kpse/GFZW4yU=
Subject key identifier:   2A:2A:B3:E3:E6:3D:1B:84:E1:FC:F1:CC:57:EE:12:B6:B7:3C:C9:78
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018ED305F5C2C4E7C94B710BD47C1C319E93
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Kiqz4-Y9G4Th_PHMV-4Strc8yXg.roa
Signing time:             Fri 12 Apr 2024 15:56:06 +0000
ROA not before:           Fri 12 Apr 2024 15:56:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8342
IP address blocks:        147.45.38.0/24 maxlen: 24
                          147.45.39.0/24 maxlen: 24
                          147.45.61.0/24 maxlen: 24
                          147.45.62.0/24 maxlen: 24
                          147.45.63.0/24 maxlen: 24
                          147.45.88.0/21 maxlen: 21
                          147.45.117.0/24 maxlen: 24
                          147.45.118.0/24 maxlen: 24
                          147.45.119.0/24 maxlen: 24
                          147.45.120.0/22 maxlen: 22
                          147.45.127.0/24 maxlen: 24
                          147.45.205.0/24 maxlen: 24
                          193.233.60.0/24 maxlen: 24
                          193.233.62.0/24 maxlen: 24
                          193.233.124.0/22 maxlen: 22
                          193.233.170.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 21 Apr 2024 13:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d3:05:f5:c2:c4:e7:c9:4b:71:0b:d4:7c:1c:31:9e:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr 12 15:56:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a2ab3e3e63d1b84e1fcf1cc57ee12b6b73cc978
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:98:67:49:45:9e:b0:14:46:46:d9:43:9c:0e:
                    cb:2e:b8:76:0c:14:59:fd:3f:e9:4c:f7:45:30:b4:
                    e8:85:b3:4a:fe:c5:8a:34:f0:85:52:74:ea:73:d8:
                    eb:61:ac:b8:ea:01:51:b9:c5:fb:1e:e0:de:94:9f:
                    89:65:6e:1f:84:ff:68:63:7b:90:ba:12:dd:4a:d6:
                    41:28:9b:29:fe:38:d2:bb:2b:f8:c7:ea:00:4e:ed:
                    ac:ff:0a:01:6b:c2:d0:44:1f:2c:35:f5:e9:a4:23:
                    82:c2:cc:67:73:3f:da:a1:fe:bb:cb:06:e6:7c:f3:
                    f6:ac:5a:ec:e5:92:b0:2b:73:e3:33:7d:c1:94:74:
                    41:51:a4:2c:25:11:e9:da:80:c1:30:6c:b5:c0:ae:
                    b7:b9:d7:86:78:2f:c6:36:37:5a:b5:f2:b4:f4:ba:
                    9e:bc:55:93:de:fa:b4:79:c9:1f:b2:08:bd:33:ab:
                    6f:c6:c6:18:33:b0:ed:5c:da:7f:09:a4:57:f1:00:
                    ea:e4:03:ad:70:de:62:60:04:0b:13:62:e9:9c:11:
                    1b:42:98:13:aa:ee:44:29:ab:c5:af:e2:81:b3:78:
                    1d:3d:fe:25:8d:75:aa:1f:0e:2f:f1:74:5f:24:95:
                    74:08:52:e2:08:25:1e:99:6c:37:f2:31:20:f4:0f:
                    6c:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:2A:B3:E3:E6:3D:1B:84:E1:FC:F1:CC:57:EE:12:B6:B7:3C:C9:78
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Kiqz4-Y9G4Th_PHMV-4Strc8yXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.38.0/23
                  147.45.61.0-147.45.63.255
                  147.45.88.0/21
                  147.45.117.0-147.45.123.255
                  147.45.127.0/24
                  147.45.205.0/24
                  193.233.60.0/24
                  193.233.62.0/24
                  193.233.124.0/22
                  193.233.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:a3:93:c7:44:16:f7:f4:7c:85:10:9c:5d:c7:26:c9:52:a7:
         bd:de:5b:f8:43:d9:da:25:9c:a9:21:04:bb:67:b0:41:47:ae:
         3b:47:db:3c:5e:d0:64:d8:72:a6:64:a2:fd:d0:6c:04:ed:ba:
         54:6a:a6:66:ea:91:cf:9c:32:4e:ae:b0:f7:02:83:fb:fe:c6:
         7b:04:81:ee:c5:b2:ff:7c:99:09:31:5c:4d:fa:7e:39:a6:aa:
         6a:75:18:4e:e3:e3:c6:19:ad:85:5e:40:93:84:cb:f7:17:07:
         50:72:77:c2:4c:1c:2e:b7:62:ba:71:d0:13:bc:65:b2:c1:fb:
         e4:94:44:98:34:a1:92:7e:5d:8d:31:2b:44:b1:61:70:fa:73:
         aa:2e:c0:57:b1:7c:05:9c:0f:43:31:3c:1b:3e:b8:cd:4a:ce:
         2b:95:2b:19:ca:65:a8:4e:8d:ca:e8:28:1d:82:ff:06:2f:e3:
         da:d6:6e:f1:cd:7b:34:85:26:82:d7:99:ab:17:ce:6e:bb:62:
         79:1a:b8:fa:02:51:fc:af:47:2f:6a:4d:2a:c0:4b:9a:62:d1:
         d0:ba:d3:df:6f:42:b1:41:6a:b9:19:08:8d:bb:75:5f:5f:98:
         8f:73:95:86:00:66:23:88:5d:87:7e:1f:d4:49:a6:d5:03:fe:
         f6:70:ff:b8
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAY7TBfXCxOfJS3EL1HwcMZ6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDEyMTU1NjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTJhYjNlM2U2M2QxYjg0ZTFmY2YxY2M1N2VlMTJiNmI3M2NjOTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhphnSUWesBRGRtlDnA7LLrh2DBRZ
/T/pTPdFMLTohbNK/sWKNPCFUnTqc9jrYay46gFRucX7HuDelJ+JZW4fhP9oY3uQ
uhLdStZBKJsp/jjSuyv4x+oATu2s/woBa8LQRB8sNfXppCOCwsxncz/aof67ywbm
fPP2rFrs5ZKwK3PjM33BlHRBUaQsJRHp2oDBMGy1wK63udeGeC/GNjdatfK09Lqe
vFWT3vq0eckfsgi9M6tvxsYYM7DtXNp/CaRX8QDq5AOtcN5iYAQLE2LpnBEbQpgT
qu5EKavFr+KBs3gdPf4ljXWqHw4v8XRfJJV0CFLiCCUemWw38jEg9A9snwIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFCoqs+PmPRuE4fzxzFfuEra3PMl4MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvS2lxejQtWTlHNFRoX1BITVYtNFN0cmM4eVhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBSBAIAATBMAwQBky0mMAwD
BACTLT0DBAaTLQADBAOTLVgwDAMEAJMtdQMEApMteAMEAJMtfwMEAJMtzQMEAMHp
PAMEAMHpPgMEAsHpfAMEAMHpqjANBgkqhkiG9w0BAQsFAAOCAQEAVaOTx0QW9/R8
hRCcXccmyVKnvd5b+EPZ2iWcqSEEu2ewQUeuO0fbPF7QZNhypmSi/dBsBO26VGqm
ZuqRz5wyTq6w9wKD+/7GewSB7sWy/3yZCTFcTfp+OaaqanUYTuPjxhmthV5Ak4TL
9xcHUHJ3wkwcLrdiunHQE7xlssH75JREmDShkn5djTErRLFhcPpzqi7AV7F8BZwP
QzE8Gz64zUrOK5UrGcplqE6NyugoHYL/Bi/j2tZu8c17NIUmgteZqxfObrtieRq4
+gJR/K9HL2pNKsBLmmLR0LrT329CsUFquRkIjbt1X1+Yj3OVhgBmI4hdh34f1Emm
1QP+9nD/uA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:39 2024 by rpki-client on console-fra.rpki-client.org