Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/NHEQo7o7Lz6_bNIecg84lOK0JQ0.roa
File:                     NHEQo7o7Lz6_bNIecg84lOK0JQ0.roa (raw, json)
Hash identifier:          5tAur8kDFDdVI9wzzqGNmdCYDsjDJtFvoGE2730D2kg=
Subject key identifier:   34:71:10:A3:BA:3B:2F:3E:BF:6C:D2:1E:72:0F:38:94:E2:B4:25:0D
Certificate issuer:       /CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
Certificate serial:       01856C0A66E3521148C97CB3CC1694F657A7
Authority key identifier: 12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/NHEQo7o7Lz6_bNIecg84lOK0JQ0.roa
Signing time:             Sun 01 Jan 2023 06:34:59 +0000
ROA not before:           Sun 01 Jan 2023 06:34:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     19905
IP address blocks:        160.61.208.0/24 maxlen: 24
                          86.117.18.0/23 maxlen: 23
                          86.117.18.0/24 maxlen: 24
                          86.117.19.0/24 maxlen: 24
                          86.117.47.0/24 maxlen: 24
                          160.61.170.0/23 maxlen: 23
                          160.61.171.0/24 maxlen: 24
                          160.61.168.0/23 maxlen: 23
                          160.61.168.0/24 maxlen: 24
                          160.61.169.0/24 maxlen: 24
                          160.61.170.0/24 maxlen: 24
                          86.117.140.0/24 maxlen: 24
                          86.117.141.0/24 maxlen: 24
                          86.117.140.0/23 maxlen: 23
                          160.62.1.0/24 maxlen: 24
                          160.62.2.0/24 maxlen: 24
                          160.62.3.0/24 maxlen: 24
                          160.62.4.0/24 maxlen: 24
                          160.62.0.0/24 maxlen: 24
                          160.62.0.0/23 maxlen: 23
                          160.62.5.0/24 maxlen: 24
                          160.62.6.0/24 maxlen: 24
                          160.62.7.0/24 maxlen: 24
                          160.62.12.0/24 maxlen: 24
                          160.62.13.0/24 maxlen: 24
                          160.62.14.0/24 maxlen: 24
                          160.62.15.0/24 maxlen: 24
                          160.62.21.0/24 maxlen: 24
                          160.62.22.0/24 maxlen: 24
                          160.62.141.0/24 maxlen: 24
                          160.62.140.0/24 maxlen: 24
                          160.62.140.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Sun 02 Jul 2023 20:57:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6c:0a:66:e3:52:11:48:c9:7c:b3:cc:16:94:f6:57:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1224e5eff1abc0e6d8bf029e4f732e0ab71bc16a
        Validity
            Not Before: Jan  1 06:34:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=347110a3ba3b2f3ebf6cd21e720f3894e2b4250d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:69:0c:5e:26:62:1a:33:28:af:80:3a:6c:f5:
                    e5:ea:53:fc:81:8e:89:72:62:3e:1a:c9:6a:cc:42:
                    83:8d:b1:7e:42:1f:59:ef:34:41:b9:70:bf:8c:1b:
                    8b:a1:03:53:7b:74:e0:8f:5a:ce:5a:ed:44:15:72:
                    d9:18:c9:9b:cb:8a:42:57:5f:0c:39:8d:b4:a8:1e:
                    c2:51:d6:e1:01:79:eb:25:38:32:df:76:30:17:73:
                    65:30:24:c7:0d:42:9a:0a:ac:54:df:dc:b8:e8:8b:
                    c2:8d:3b:7d:8e:e7:06:67:f4:a6:ba:c9:c2:22:fa:
                    23:9f:94:4d:1d:88:be:dd:79:0a:81:db:d9:13:b3:
                    c7:12:6b:65:da:5a:12:39:11:3a:4f:77:8d:83:3f:
                    65:35:a5:23:1a:18:d0:a8:f9:4b:86:47:bb:d6:1b:
                    6d:50:4b:57:26:6e:02:02:55:36:21:0b:ff:87:64:
                    0e:9f:cd:1c:16:97:96:c3:cf:e9:21:93:8b:79:7d:
                    06:fa:eb:2e:2a:03:a2:b3:14:15:6d:51:cf:99:56:
                    84:32:c1:a0:5f:ba:ec:df:2f:31:25:63:2d:47:a9:
                    34:37:36:9d:2e:ae:67:21:40:77:3e:a4:e3:41:c9:
                    06:04:46:92:1a:2d:85:7e:15:07:7b:d6:5c:a5:0d:
                    2a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:71:10:A3:BA:3B:2F:3E:BF:6C:D2:1E:72:0F:38:94:E2:B4:25:0D
            X509v3 Authority Key Identifier:
                keyid:12:24:E5:EF:F1:AB:C0:E6:D8:BF:02:9E:4F:73:2E:0A:B7:1B:C1:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EiTl7_GrwObYvwKeT3MuCrcbwWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/NHEQo7o7Lz6_bNIecg84lOK0JQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/11be23-3be6-4881-a3d1-5386b1d963bc/1/EiTl7_GrwObYvwKeT3MuCrcbwWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.117.18.0/23
                  86.117.47.0/24
                  86.117.140.0/23
                  160.61.168.0/22
                  160.61.208.0/24
                  160.62.0.0/21
                  160.62.12.0/22
                  160.62.21.0-160.62.22.255
                  160.62.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:7d:12:94:f6:2a:a0:8d:5b:5b:b0:e4:2a:35:e2:4d:62:e3:
         57:1b:3e:c1:af:73:37:56:fe:ec:c5:49:b8:91:a7:dd:6b:35:
         b2:92:0c:68:27:22:ac:c5:e5:3d:5d:13:99:a2:5a:e3:9a:33:
         8b:da:4b:51:23:d6:c6:64:13:dc:eb:bf:af:63:f3:18:67:74:
         59:e0:ae:39:a4:3f:80:5b:b9:19:39:8d:92:af:e0:75:c1:0a:
         ee:23:8a:56:4d:16:20:11:8b:3f:c8:9f:a2:d7:b8:7d:6c:de:
         ee:54:f2:5c:b5:70:bb:50:2a:4f:ae:a5:5f:a1:db:2e:21:df:
         f1:d9:54:68:25:ed:75:92:5c:8a:2d:39:0a:d7:f3:b2:9f:85:
         8e:0e:c1:88:93:db:c0:29:1f:93:4a:b3:c1:5d:e3:e9:02:38:
         77:bf:8a:1d:95:e2:30:a7:48:3e:16:4d:69:13:8d:b1:9a:e7:
         39:4e:cf:d5:bf:af:99:b1:a0:46:cf:e8:72:ce:a6:ca:ad:d7:
         74:9c:1f:8c:b4:72:e2:e0:fd:1b:ec:a8:52:f8:53:4f:d2:cc:
         ed:ab:f3:10:08:4c:23:97:24:91:4c:8c:54:df:2d:5a:54:6d:
         88:29:1c:22:07:61:17:72:cc:73:69:13:1d:9a:a8:0b:af:5c:
         91:92:3b:a9
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVsCmbjUhFIyXyzzBaU9lenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMjRlNWVmZjFhYmMwZTZkOGJmMDI5ZTRmNzMyZTBhYjcx
YmMxNmEwHhcNMjMwMTAxMDYzNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDcxMTBhM2JhM2IyZjNlYmY2Y2QyMWU3MjBmMzg5NGUyYjQyNTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5WkMXiZiGjMor4A6bPXl6lP8gY6J
cmI+GslqzEKDjbF+Qh9Z7zRBuXC/jBuLoQNTe3Tgj1rOWu1EFXLZGMmby4pCV18M
OY20qB7CUdbhAXnrJTgy33YwF3NlMCTHDUKaCqxU39y46IvCjTt9jucGZ/SmusnC
Ivojn5RNHYi+3XkKgdvZE7PHEmtl2loSORE6T3eNgz9lNaUjGhjQqPlLhke71htt
UEtXJm4CAlU2IQv/h2QOn80cFpeWw8/pIZOLeX0G+usuKgOisxQVbVHPmVaEMsGg
X7rs3y8xJWMtR6k0NzadLq5nIUB3PqTjQckGBEaSGi2FfhUHe9ZcpQ0qZQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFDRxEKO6Oy8+v2zSHnIPOJTitCUNMB8GA1UdIwQY
MBaAFBIk5e/xq8Dm2L8Cnk9zLgq3G8FqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEt
NTM4NmIxZDk2M2JjLzEvTkhFUW83bzdMejZfYk5JZWNnODRsT0swSlEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8xMWJlMjMtM2JlNi00ODgxLWEzZDEtNTM4NmIxZDk2M2Jj
LzEvRWlUbDdfR3J3T2JZdndLZVQzTXVDcmNid1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQBVnUSAwQA
VnUvAwQBVnWMAwQCoD2oAwQAoD3QAwQDoD4AAwQCoD4MMAwDBACgPhUDBACgPhYD
BAGgPowwDQYJKoZIhvcNAQELBQADggEBAJp9EpT2KqCNW1uw5Co14k1i41cbPsGv
czdW/uzFSbiRp91rNbKSDGgnIqzF5T1dE5miWuOaM4vaS1Ej1sZkE9zrv69j8xhn
dFngrjmkP4BbuRk5jZKv4HXBCu4jilZNFiARiz/In6LXuH1s3u5U8ly1cLtQKk+u
pV+h2y4h3/HZVGgl7XWSXIotOQrX87KfhY4OwYiT28ApH5NKs8Fd4+kCOHe/ih2V
4jCnSD4WTWkTjbGa5zlOz9W/r5mxoEbP6HLOpsqt13ScH4y0cuLg/RvsqFL4U0/S
zO2r8xAITCOXJJFMjFTfLVpUbYgpHCIHYRdyzHNpEx2aqAuvXJGSO6k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:28 2024 by rpki-client on console-fra.rpki-client.org