Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/HceGIBxPj8WCWVhehRnAtMhwJyg.roa
File:                     HceGIBxPj8WCWVhehRnAtMhwJyg.roa (raw, json)
Hash identifier:          A2ZUESiHf4uSA9E7Y9yDdEHUhpPmId/cW6x308NyaUY=
Subject key identifier:   1D:C7:86:20:1C:4F:8F:C5:82:59:58:5E:85:19:C0:B4:C8:70:27:28
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       01857246FDAD7EEDF4C25774BB26C7400CCF
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/HceGIBxPj8WCWVhehRnAtMhwJyg.roa
Signing time:             Mon 02 Jan 2023 11:38:53 +0000
ROA not before:           Mon 02 Jan 2023 11:38:53 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     35277
IP address blocks:        5.189.219.0/24 maxlen: 24
                          5.189.218.0/24 maxlen: 24
                          5.189.217.0/24 maxlen: 24
                          5.189.216.0/24 maxlen: 24
                          5.188.50.0/24 maxlen: 24
                          5.101.44.0/24 maxlen: 24
                          5.101.47.0/24 maxlen: 24
                          5.101.46.0/24 maxlen: 24
                          5.101.45.0/24 maxlen: 24
                          5.188.202.0/24 maxlen: 24
                          5.188.201.0/24 maxlen: 24
                          5.188.200.0/24 maxlen: 24
                          91.243.40.0/24 maxlen: 24
                          91.243.43.0/24 maxlen: 24
                          5.189.253.0/24 maxlen: 24
                          5.189.252.0/24 maxlen: 24
                          5.189.255.0/24 maxlen: 24
                          5.8.44.0/24 maxlen: 24
                          5.8.47.0/24 maxlen: 24
                          5.8.46.0/24 maxlen: 24
                          5.8.45.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 09 May 2023 06:10:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:46:fd:ad:7e:ed:f4:c2:57:74:bb:26:c7:40:0c:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 11:38:53 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1dc786201c4f8fc58259585e8519c0b4c8702728
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fe:df:68:1a:de:78:b4:6e:35:f2:cb:03:2e:
                    06:9a:3e:ea:a2:c9:fa:77:d3:f5:28:cd:46:dc:a1:
                    62:19:a3:69:af:d9:e8:17:e8:73:94:fd:b9:e0:e2:
                    02:d8:4a:2b:27:ff:02:23:59:fd:2f:04:7f:4e:cc:
                    43:d5:55:dd:88:dc:81:dc:4f:16:a2:cf:71:a1:53:
                    98:6f:d0:22:34:bc:ee:36:82:c4:e6:5a:ab:50:ab:
                    50:40:16:fd:a4:7a:25:22:74:6b:54:56:81:98:fb:
                    1c:29:84:e6:66:6d:80:d8:9a:4d:df:32:13:fb:b8:
                    01:04:1b:62:ae:6e:ee:99:8f:e5:8d:71:76:03:d7:
                    06:55:ca:0a:d5:9f:f0:fc:98:4f:1e:73:0f:d9:df:
                    2e:98:67:4c:63:e4:e7:ce:4d:16:6e:ea:0b:3f:07:
                    a3:63:0a:c6:16:5b:3e:5a:12:4c:f4:fd:85:9a:f9:
                    44:8f:15:24:60:c9:86:03:b1:72:19:95:83:56:84:
                    c1:f5:33:9d:4f:7b:4e:8b:a1:9a:56:cc:2d:91:d5:
                    4c:ac:1e:d4:37:81:5f:29:fe:22:44:44:28:36:03:
                    9b:a5:79:01:a3:c5:4e:63:e0:15:cb:c3:b8:f4:46:
                    dc:82:d9:f9:51:ba:f1:93:c8:48:ee:0c:95:da:cd:
                    7b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C7:86:20:1C:4F:8F:C5:82:59:58:5E:85:19:C0:B4:C8:70:27:28
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/HceGIBxPj8WCWVhehRnAtMhwJyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.8.44.0/22
                  5.101.44.0/22
                  5.188.50.0/24
                  5.188.200.0-5.188.202.255
                  5.189.216.0/22
                  5.189.252.0/23
                  5.189.255.0/24
                  91.243.40.0/24
                  91.243.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:a3:81:98:b1:2f:4a:d0:29:2f:21:93:9f:57:8b:e0:3e:3b:
         6d:73:d1:42:93:dd:44:15:86:cf:59:6d:37:bb:06:2d:a9:e2:
         4d:63:6c:4e:3f:83:b3:36:f5:69:bc:1d:61:a1:49:ef:a0:27:
         f5:9e:8a:55:a9:06:30:f7:43:de:4f:64:c1:02:08:78:04:63:
         20:f5:6a:3d:67:e7:3d:7e:56:09:9e:cc:79:ba:22:d8:a1:be:
         28:7c:81:37:0d:d7:9c:5b:77:b7:f4:40:4a:f5:3a:9d:46:06:
         20:8f:6b:cf:86:9a:57:ea:48:91:e9:6a:a6:00:a2:c6:5d:cb:
         9c:3c:07:d1:ab:cd:01:48:9b:19:b7:e0:12:de:e5:aa:1f:a4:
         5d:b2:f8:b5:8e:9f:99:5a:c7:e1:e8:6b:94:f6:eb:1b:90:d5:
         ca:6e:6e:c7:61:55:a8:13:1e:e4:c0:41:ce:85:78:88:5a:92:
         a9:39:7b:9c:f0:20:20:11:22:62:d0:e3:dd:6d:47:99:3f:bf:
         c9:f1:ac:5c:29:7f:a2:79:4a:ca:43:9e:82:89:af:5c:bc:e2:
         eb:8b:eb:dc:31:7b:49:d9:b3:1c:04:40:c8:7f:d3:40:7d:c8:
         ab:f5:cb:dc:4d:a9:b7:fa:bd:4a:dd:df:a3:3e:b7:f8:c8:bc:
         b0:68:f7:86
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVyRv2tfu30wld0uybHQAzPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjMwMTAyMTEzODUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGM3ODYyMDFjNGY4ZmM1ODI1OTU4NWU4NTE5YzBiNGM4NzAyNzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsv7faBreeLRuNfLLAy4Gmj7qosn6
d9P1KM1G3KFiGaNpr9noF+hzlP254OIC2EorJ/8CI1n9LwR/TsxD1VXdiNyB3E8W
os9xoVOYb9AiNLzuNoLE5lqrUKtQQBb9pHolInRrVFaBmPscKYTmZm2A2JpN3zIT
+7gBBBtirm7umY/ljXF2A9cGVcoK1Z/w/JhPHnMP2d8umGdMY+Tnzk0WbuoLPwej
YwrGFls+WhJM9P2FmvlEjxUkYMmGA7FyGZWDVoTB9TOdT3tOi6GaVswtkdVMrB7U
N4FfKf4iREQoNgObpXkBo8VOY+AVy8O49Ebcgtn5Ubrxk8hI7gyV2s174wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFB3HhiAcT4/FgllYXoUZwLTIcCcoMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSGNlR0lCeFBqOFdDV1ZoZWhSbkF0TWh3SnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQCBQgsAwQC
BWUsAwQABbwyMAwDBAMFvMgDBAAFvMoDBAIFvdgDBAEFvfwDBAAFvf8DBABb8ygD
BABb8yswDQYJKoZIhvcNAQELBQADggEBADGjgZixL0rQKS8hk59Xi+A+O21z0UKT
3UQVhs9ZbTe7Bi2p4k1jbE4/g7M29Wm8HWGhSe+gJ/WeilWpBjD3Q95PZMECCHgE
YyD1aj1n5z1+VgmezHm6Itihvih8gTcN15xbd7f0QEr1Op1GBiCPa8+GmlfqSJHp
aqYAosZdy5w8B9GrzQFImxm34BLe5aofpF2y+LWOn5lax+Hoa5T26xuQ1cpubsdh
VagTHuTAQc6FeIhakqk5e5zwICARImLQ491tR5k/v8nxrFwpf6J5SspDnoKJr1y8
4uuL69wxe0nZsxwEQMh/00B9yKv1y9xNqbf6vUrd36M+t/jIvLBo94Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:55 2024 by rpki-client on console-ams.rpki-client.org