Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa
File:                     HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa (raw, json)
Hash identifier:          9MlA1vRyYeBqIFb2xdG5n9AqmEq6CXjjOLR0lETupaY=
Subject key identifier:   1C:58:31:DC:E7:7A:E1:0D:ED:8C:B1:D0:FF:11:05:1A:98:65:14:54
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       018EE0CC9397FB47F936E54B1EEC6059909A
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa
Signing time:             Mon 15 Apr 2024 08:08:07 +0000
ROA not before:           Mon 15 Apr 2024 08:08:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        5.159.208.0/21 maxlen: 24
                          5.181.72.0/22 maxlen: 24
                          31.192.96.0/21 maxlen: 24
                          45.8.100.0/22 maxlen: 24
                          45.132.108.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          80.74.240.0/21 maxlen: 24
                          80.74.248.0/21 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          85.95.96.0/19 maxlen: 24
                          92.42.120.0/21 maxlen: 24
                          95.129.64.0/21 maxlen: 24
                          176.58.0.0/21 maxlen: 24
                          185.79.184.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.94.204.0/22 maxlen: 24
                          185.99.76.0/22 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          185.178.216.0/22 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.204.212.0/22 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          188.94.16.0/21 maxlen: 24
                          193.24.3.0/24 maxlen: 24
                          193.24.6.0/24 maxlen: 24
                          193.24.13.0/24 maxlen: 24
                          193.24.31.0/24 maxlen: 24
                          195.26.32.0/19 maxlen: 24
                          195.88.8.0/23 maxlen: 24
                          212.11.68.0/22 maxlen: 24
                          212.11.72.0/22 maxlen: 24
                          217.145.128.0/20 maxlen: 24
                          2a00:f1c0::/32 maxlen: 32
                          2a04:e9c0::/29 maxlen: 29
                          2a0a:f480::/29 maxlen: 29
                          2a0d:7680::/29 maxlen: 29
                          2a0d:bf80::/29 maxlen: 29
                          2a0e:a1c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 28 Aug 2024 16:39:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e0:cc:93:97:fb:47:f9:36:e5:4b:1e:ec:60:59:90:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Apr 15 08:08:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1c5831dce77ae10ded8cb1d0ff11051a98651454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:09:f5:ae:72:ac:75:b4:ac:a4:c4:da:34:7c:
                    e6:1f:ed:e6:7a:23:8f:b7:8b:7b:3c:ab:e9:0a:ab:
                    f7:60:84:f8:39:2e:ed:ae:5c:f2:1c:7e:f9:0b:23:
                    4b:2f:b6:68:24:2c:df:ff:8e:49:4a:c1:9d:01:dd:
                    51:93:77:e5:2f:a8:e1:e5:97:52:6d:8d:00:6c:fd:
                    46:c4:ef:5f:cd:e6:86:b3:90:03:0b:81:8f:7e:63:
                    93:3d:ca:80:ce:f9:9c:66:8e:01:9a:99:6f:af:c0:
                    6c:ff:e0:88:c4:95:96:7d:a7:a1:2a:98:f1:9b:62:
                    7e:f8:11:6b:db:fb:68:3f:69:7a:1a:14:ea:46:ad:
                    9d:50:69:33:9b:c3:eb:54:11:e2:95:33:71:ae:90:
                    29:19:7a:f4:e2:72:8d:a9:ed:42:a0:85:b3:b0:48:
                    40:4e:82:a2:5b:88:56:0d:c0:39:ac:37:d6:65:06:
                    e2:b6:21:3f:bf:1c:2b:9a:f7:b0:3f:e4:f9:28:5b:
                    33:75:ab:fa:6b:99:97:38:b1:1f:6c:27:2e:82:a0:
                    31:f2:c5:7a:a1:d5:85:86:d3:1f:c8:d0:c6:6d:05:
                    07:f7:98:b0:85:ba:5b:5a:f8:f3:57:42:18:2c:02:
                    08:26:73:2f:f1:f6:ad:22:64:7b:58:3a:bb:dd:4f:
                    8e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:58:31:DC:E7:7A:E1:0D:ED:8C:B1:D0:FF:11:05:1A:98:65:14:54
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/HFgx3Od64Q3tjLHQ_xEFGphlFFQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.208.0/21
                  5.181.72.0/22
                  31.192.96.0/21
                  45.8.100.0/22
                  45.132.108.0/22
                  45.137.44.0/22
                  80.74.240.0/20
                  83.150.252.0/22
                  85.95.96.0/19
                  92.42.120.0/21
                  95.129.64.0/21
                  176.58.0.0/21
                  185.79.184.0/22
                  185.90.0.0/22
                  185.94.204.0/22
                  185.99.76.0/22
                  185.145.88.0/22
                  185.178.216.0/22
                  185.182.200.0/23
                  185.204.212.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/24
                  185.248.254.0/24
                  188.94.16.0/21
                  193.24.3.0/24
                  193.24.6.0/24
                  193.24.13.0/24
                  193.24.31.0/24
                  195.26.32.0/19
                  195.88.8.0/23
                  212.11.68.0-212.11.75.255
                  217.145.128.0/20
                IPv6:
                  2a00:f1c0::/32
                  2a04:e9c0::/29
                  2a0a:f480::/29
                  2a0d:7680::/29
                  2a0d:bf80::/29
                  2a0e:a1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:12:e8:c3:dd:c5:3e:61:4d:b6:ab:71:c9:41:4d:de:be:8b:
         44:39:e5:f5:8b:e7:1f:92:c4:91:d7:35:d4:ae:12:2a:3c:5d:
         72:24:0f:c3:38:8a:88:40:a7:f2:03:6c:96:96:a4:a6:86:04:
         37:99:98:d9:8e:36:35:55:96:d4:03:69:80:2f:98:5f:57:82:
         35:c9:fe:65:6e:89:34:e1:61:a3:27:3f:55:24:76:46:66:ef:
         91:c1:ed:1b:b2:f6:ee:f8:70:84:06:2a:d8:de:f1:1c:1f:fc:
         f0:d8:a9:c4:fe:24:f2:00:95:32:ea:c9:d6:8e:55:df:02:d9:
         67:35:84:2a:35:aa:a5:ab:85:82:37:f2:c5:11:8d:e3:a1:d4:
         2e:f4:69:9f:1a:50:b3:b5:88:41:bd:e8:7c:e3:e7:63:0d:08:
         ee:8c:7e:3c:b5:7d:67:ef:5d:19:a4:3c:3e:93:8a:df:af:44:
         6a:1d:8c:d7:d8:a0:6d:1c:f6:dc:ae:2f:dd:cd:58:bf:b6:e5:
         ca:ab:b4:b2:ba:44:fe:1d:88:b3:a1:c7:6d:ed:69:74:75:31:
         1d:f1:4d:39:ff:9d:52:bb:a8:82:c4:10:91:09:24:58:7c:d1:
         d5:02:58:76:2e:7a:d7:4a:b9:dc:79:1c:b3:ba:2c:53:60:f0:
         fa:02:75:2a
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAY7gzJOX+0f5NuVLHuxgWZCaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwNDE1MDgwODA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzU4MzFkY2U3N2FlMTBkZWQ4Y2IxZDBmZjExMDUxYTk4NjUxNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wn1rnKsdbSspMTaNHzmH+3meiOP
t4t7PKvpCqv3YIT4OS7trlzyHH75CyNLL7ZoJCzf/45JSsGdAd1Rk3flL6jh5ZdS
bY0AbP1GxO9fzeaGs5ADC4GPfmOTPcqAzvmcZo4Bmplvr8Bs/+CIxJWWfaehKpjx
m2J++BFr2/toP2l6GhTqRq2dUGkzm8PrVBHilTNxrpApGXr04nKNqe1CoIWzsEhA
ToKiW4hWDcA5rDfWZQbitiE/vxwrmvewP+T5KFszdav6a5mXOLEfbCcugqAx8sV6
odWFhtMfyNDGbQUH95iwhbpbWvjzV0IYLAIIJnMv8fatImR7WDq73U+OKwIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFBxYMdzneuEN7Yyx0P8RBRqYZRRUMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvSEZneDNPZDY0UTN0akxIUV94RUZHcGhsRkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCB2wQCAAEwgdQD
BAMFn9ADBAIFtUgDBAMfwGADBAItCGQDBAIthGwDBAItiSwDBARQSvADBAJTlvwD
BAVVX2ADBANcKngDBANfgUADBAOwOgADBAK5T7gDBAK5WgADBAK5XswDBAK5Y0wD
BAK5kVgDBAK5stgDBAG5tsgDBAK5zNQDBAK55QQDBAK59oQDBAK598gDBAC5+PwD
BAC5+P4DBAO8XhADBADBGAMDBADBGAYDBADBGA0DBADBGB8DBAXDGiADBAHDWAgw
DAMEAtQLRAMEAtQLSAMEBNmRgDAwBAIAAjAqAwUAKgDxwAMFAyoE6cADBQMqCvSA
AwUDKg12gAMFAyoNv4ADBQMqDqHAMA0GCSqGSIb3DQEBCwUAA4IBAQAsEujD3cU+
YU22q3HJQU3evotEOeX1i+cfksSR1zXUrhIqPF1yJA/DOIqIQKfyA2yWlqSmhgQ3
mZjZjjY1VZbUA2mAL5hfV4I1yf5lbok04WGjJz9VJHZGZu+Rwe0bsvbu+HCEBirY
3vEcH/zw2KnE/iTyAJUy6snWjlXfAtlnNYQqNaqlq4WCN/LFEY3jodQu9GmfGlCz
tYhBveh84+djDQjujH48tX1n710ZpDw+k4rfr0RqHYzX2KBtHPbcri/dzVi/tuXK
q7SyukT+HYizocdt7Wl0dTEd8U05/51Su6iCxBCRCSRYfNHVAlh2LnrXSrnceRyz
uixTYPD6AnUq
-----END CERTIFICATE-----
Generated at Wed Aug 28 19:38:56 2024 by rpki-client on console-fra.rpki-client.org