Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/hDKO6AiPyx81kcJ0mWw7rTei5c4.roa
File:                     hDKO6AiPyx81kcJ0mWw7rTei5c4.roa (raw, json)
Hash identifier:          OPG4IAC36pf3lK9Zlq6a2vhE83Ywie0C+jJ+Fn2OE/I=
Subject key identifier:   84:32:8E:E8:08:8F:CB:1F:35:91:C2:74:99:6C:3B:AD:37:A2:E5:CE
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       018ED2F665411E90D5974B78214B52D447E2
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/hDKO6AiPyx81kcJ0mWw7rTei5c4.roa
Signing time:             Fri 12 Apr 2024 15:39:06 +0000
ROA not before:           Fri 12 Apr 2024 15:39:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        5.159.208.0/21 maxlen: 24
                          5.181.72.0/22 maxlen: 24
                          31.192.96.0/21 maxlen: 24
                          45.8.100.0/22 maxlen: 24
                          45.132.108.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          80.74.240.0/21 maxlen: 24
                          80.74.248.0/21 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          85.95.96.0/19 maxlen: 24
                          92.42.120.0/21 maxlen: 24
                          95.129.64.0/21 maxlen: 24
                          176.58.0.0/21 maxlen: 24
                          185.79.184.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.94.204.0/22 maxlen: 24
                          185.99.76.0/22 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          185.178.216.0/22 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.204.212.0/22 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          188.94.16.0/21 maxlen: 24
                          193.24.3.0/24 maxlen: 24
                          193.24.6.0/24 maxlen: 24
                          193.24.13.0/24 maxlen: 24
                          193.24.31.0/24 maxlen: 24
                          195.26.32.0/19 maxlen: 24
                          195.88.8.0/23 maxlen: 24
                          212.11.68.0/22 maxlen: 24
                          212.11.72.0/22 maxlen: 24
                          217.145.128.0/20 maxlen: 24
                          2a00:f1c0::/32 maxlen: 32
                          2a04:e9c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 08:08:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:f6:65:41:1e:90:d5:97:4b:78:21:4b:52:d4:47:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Apr 12 15:39:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84328ee8088fcb1f3591c274996c3bad37a2e5ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:60:3c:67:bb:49:27:4b:45:1b:cd:7e:06:a3:
                    3a:cb:28:5d:9c:e2:3f:8c:24:2a:98:32:cc:e7:42:
                    1f:9d:00:75:04:82:52:31:5c:25:c3:21:05:28:49:
                    78:2e:c6:70:57:3a:98:2f:89:63:61:e0:ab:cd:49:
                    65:f5:9d:90:30:f5:7e:72:7c:0b:3d:20:f7:25:b1:
                    fc:6e:b2:c7:47:f8:12:c4:ec:a5:dc:67:b8:e0:4b:
                    19:aa:60:2e:4b:65:94:80:8e:4b:c8:b6:2a:45:37:
                    ef:81:c7:01:d6:bd:5c:61:07:15:30:6e:8f:bf:c5:
                    60:ce:be:4f:1c:ae:c7:d7:fe:ea:93:f4:03:3b:c9:
                    7f:f6:0a:80:e6:2b:76:eb:38:30:e6:72:8d:8c:a3:
                    ca:04:e4:83:ce:77:46:00:f0:d3:db:8b:56:16:a2:
                    42:3d:cc:e2:9c:dc:0b:f4:e7:1f:6d:7c:32:16:0f:
                    34:7f:78:09:32:c6:d6:af:d1:66:e7:d9:bd:ce:cc:
                    3e:f8:75:5b:3e:07:0a:ba:ed:35:58:f2:eb:0e:63:
                    dc:4c:1a:56:59:65:9b:55:6f:99:f4:96:2c:c2:d3:
                    02:39:db:2c:9f:c0:7b:78:48:52:15:72:01:b8:dd:
                    8c:f8:08:f7:45:91:70:ba:c4:18:5a:34:c1:0b:1b:
                    85:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:32:8E:E8:08:8F:CB:1F:35:91:C2:74:99:6C:3B:AD:37:A2:E5:CE
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/hDKO6AiPyx81kcJ0mWw7rTei5c4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.208.0/21
                  5.181.72.0/22
                  31.192.96.0/21
                  45.8.100.0/22
                  45.132.108.0/22
                  45.137.44.0/22
                  80.74.240.0/20
                  83.150.252.0/22
                  85.95.96.0/19
                  92.42.120.0/21
                  95.129.64.0/21
                  176.58.0.0/21
                  185.79.184.0/22
                  185.90.0.0/22
                  185.94.204.0/22
                  185.99.76.0/22
                  185.145.88.0/22
                  185.178.216.0/22
                  185.182.200.0/23
                  185.204.212.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/24
                  185.248.254.0/24
                  188.94.16.0/21
                  193.24.3.0/24
                  193.24.6.0/24
                  193.24.13.0/24
                  193.24.31.0/24
                  195.26.32.0/19
                  195.88.8.0/23
                  212.11.68.0-212.11.75.255
                  217.145.128.0/20
                IPv6:
                  2a00:f1c0::/32
                  2a04:e9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:bf:52:ad:99:9f:08:ef:96:b5:ad:01:b3:e5:f6:88:33:01:
         28:e2:33:0f:f5:5d:8e:01:f8:93:40:bc:de:f4:c1:d3:62:17:
         e0:7e:b3:3b:7f:f8:00:c8:b9:38:78:eb:7c:5b:2f:4d:ff:f1:
         3d:b1:b0:da:0f:6b:23:ed:37:b3:a0:ac:26:e4:58:d8:06:47:
         d9:64:d2:13:13:fc:7e:8d:d9:eb:5e:98:eb:29:19:75:38:0f:
         a4:85:78:fa:a2:41:6d:1e:3b:a5:cc:22:99:c4:a7:82:f3:88:
         30:dc:ab:d4:43:a7:9c:c1:79:91:5c:8c:f4:ee:8e:10:9e:0b:
         7c:c6:44:2f:01:08:99:9b:34:ff:4b:78:ca:37:af:c8:a8:99:
         57:f0:d4:83:38:30:d9:65:ba:04:be:3b:ca:e2:46:59:aa:28:
         74:66:ea:e0:b3:05:ac:b7:61:91:82:e8:25:9b:05:2b:d0:55:
         87:c6:8a:db:4e:a9:8e:6f:08:74:af:03:00:73:13:bd:55:41:
         78:b4:ae:56:90:0c:81:e5:3f:a5:23:6b:9c:2f:29:72:81:9f:
         2e:fc:76:42:07:bf:a8:f9:f2:83:ae:d3:e0:d4:87:ec:ad:d9:
         8a:9b:83:cd:b1:c1:6f:22:fa:13:57:26:cc:48:9f:8f:ce:4a:
         bb:17:80:f1
-----BEGIN CERTIFICATE-----
MIIF5zCCBM+gAwIBAgISAY7S9mVBHpDVl0t4IUtS1EfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwNDEyMTUzOTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDMyOGVlODA4OGZjYjFmMzU5MWMyNzQ5OTZjM2JhZDM3YTJlNWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2A8Z7tJJ0tFG81+BqM6yyhdnOI/
jCQqmDLM50IfnQB1BIJSMVwlwyEFKEl4LsZwVzqYL4ljYeCrzUll9Z2QMPV+cnwL
PSD3JbH8brLHR/gSxOyl3Ge44EsZqmAuS2WUgI5LyLYqRTfvgccB1r1cYQcVMG6P
v8Vgzr5PHK7H1/7qk/QDO8l/9gqA5it26zgw5nKNjKPKBOSDzndGAPDT24tWFqJC
PczinNwL9OcfbXwyFg80f3gJMsbWr9Fm59m9zsw++HVbPgcKuu01WPLrDmPcTBpW
WWWbVW+Z9JYswtMCOdssn8B7eEhSFXIBuN2M+Aj3RZFwusQYWjTBCxuFSQIDAQAB
o4IC8zCCAu8wHQYDVR0OBBYEFIQyjugIj8sfNZHCdJlsO603ouXOMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvaERLTzZBaVB5eDgxa2NKMG1XdzdyVGVpNWM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBwYIKwYBBQUHAQcBAf8EgfcwgfQwgdsEAgABMIHUAwQD
BZ/QAwQCBbVIAwQDH8BgAwQCLQhkAwQCLYRsAwQCLYksAwQEUErwAwQCU5b8AwQF
VV9gAwQDXCp4AwQDX4FAAwQDsDoAAwQCuU+4AwQCuVoAAwQCuV7MAwQCuWNMAwQC
uZFYAwQCubLYAwQBubbIAwQCuczUAwQCueUEAwQCufaEAwQCuffIAwQAufj8AwQA
ufj+AwQDvF4QAwQAwRgDAwQAwRgGAwQAwRgNAwQAwRgfAwQFwxogAwQBw1gIMAwD
BALUC0QDBALUC0gDBATZkYAwFAQCAAIwDgMFACoA8cADBQMqBOnAMA0GCSqGSIb3
DQEBCwUAA4IBAQB0v1KtmZ8I75a1rQGz5faIMwEo4jMP9V2OAfiTQLze9MHTYhfg
frM7f/gAyLk4eOt8Wy9N//E9sbDaD2sj7TezoKwm5FjYBkfZZNITE/x+jdnrXpjr
KRl1OA+khXj6okFtHjulzCKZxKeC84gw3KvUQ6ecwXmRXIz07o4Qngt8xkQvAQiZ
mzT/S3jKN6/IqJlX8NSDODDZZboEvjvK4kZZqih0ZurgswWst2GRguglmwUr0FWH
xorbTqmObwh0rwMAcxO9VUF4tK5WkAyB5T+lI2ucLylygZ8u/HZCB7+o+fKDrtPg
1IfsrdmKm4PNscFvIvoTVybMSJ+Pzkq7F4Dx
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:55 2024 by rpki-client on console-ams.rpki-client.org