Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/uxVssA_TVME4dfLI1dHRc-6xOw8.roa
File:                     uxVssA_TVME4dfLI1dHRc-6xOw8.roa (raw, json)
Hash identifier:          51jSH+zQ56tdsjdtvlSdhatyzbwkGY4SfMAYl6X83Tg=
Subject key identifier:   BB:15:6C:B0:0F:D3:54:C1:38:75:F2:C8:D5:D1:D1:73:EE:B1:3B:0F
Certificate issuer:       /CN=66df7742890173927935206a28efbf48123e787c
Certificate serial:       018ED2F666436C712227E76BA4FFA1F7A7EE
Authority key identifier: 66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/uxVssA_TVME4dfLI1dHRc-6xOw8.roa
Signing time:             Fri 12 Apr 2024 15:39:07 +0000
ROA not before:           Fri 12 Apr 2024 15:39:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21267
IP address blocks:        5.159.208.0/21 maxlen: 24
                          5.181.72.0/22 maxlen: 24
                          31.192.96.0/21 maxlen: 24
                          45.8.100.0/22 maxlen: 24
                          45.132.108.0/22 maxlen: 24
                          45.137.44.0/22 maxlen: 24
                          80.74.240.0/21 maxlen: 24
                          80.74.248.0/21 maxlen: 24
                          83.150.252.0/22 maxlen: 24
                          85.95.96.0/19 maxlen: 24
                          92.42.120.0/21 maxlen: 24
                          95.129.64.0/21 maxlen: 24
                          176.58.0.0/21 maxlen: 24
                          185.79.184.0/22 maxlen: 24
                          185.90.0.0/22 maxlen: 24
                          185.94.204.0/22 maxlen: 24
                          185.99.76.0/22 maxlen: 24
                          185.145.88.0/22 maxlen: 24
                          185.178.216.0/22 maxlen: 24
                          185.182.200.0/23 maxlen: 24
                          185.204.212.0/22 maxlen: 24
                          185.229.4.0/22 maxlen: 24
                          185.246.132.0/22 maxlen: 24
                          185.247.200.0/22 maxlen: 24
                          185.248.252.0/24 maxlen: 24
                          185.248.254.0/24 maxlen: 24
                          188.94.16.0/21 maxlen: 24
                          193.24.3.0/24 maxlen: 24
                          193.24.6.0/24 maxlen: 24
                          193.24.13.0/24 maxlen: 24
                          193.24.31.0/24 maxlen: 24
                          195.26.32.0/19 maxlen: 24
                          195.88.8.0/23 maxlen: 24
                          212.11.68.0/22 maxlen: 24
                          212.11.72.0/22 maxlen: 24
                          217.145.128.0/20 maxlen: 24
                          2a00:f1c0::/32 maxlen: 32
                          2a04:e9c0::/29 maxlen: 29

Validation:               Failed, certificate revoked on Mon 15 Apr 2024 08:08:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:d2:f6:66:43:6c:71:22:27:e7:6b:a4:ff:a1:f7:a7:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66df7742890173927935206a28efbf48123e787c
        Validity
            Not Before: Apr 12 15:39:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb156cb00fd354c13875f2c8d5d1d173eeb13b0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:30:2a:ec:73:57:83:6b:d1:b7:f7:ee:60:cd:
                    fa:57:fb:d2:23:c8:9c:19:e6:9a:b5:25:70:8a:8d:
                    2f:1f:4e:53:f5:ff:43:0d:44:7b:bb:ba:de:5d:72:
                    cb:ae:f6:4a:d9:94:d8:67:0a:cd:46:20:fe:a6:52:
                    70:0a:a2:da:1e:d9:25:10:f1:9e:eb:46:7f:10:48:
                    12:c7:a7:d2:e1:3a:21:8c:f8:f0:28:4d:12:d2:99:
                    f6:fb:cf:c3:8a:c5:0a:80:ef:b8:46:2c:59:e8:aa:
                    40:c5:ef:58:93:f7:44:ab:2e:33:69:0b:27:98:dc:
                    f1:90:50:59:88:6d:59:e8:42:3c:3b:89:28:f5:47:
                    39:82:ca:79:cd:f8:f4:d1:e9:f9:43:36:ef:bb:af:
                    42:dc:76:c3:75:db:f1:bb:d5:76:4c:8c:9a:47:97:
                    78:2f:38:a9:b9:39:48:e3:7f:2b:b1:d3:30:19:07:
                    78:f6:1f:50:1d:7d:df:e3:cc:2c:ae:c3:6c:bf:6e:
                    aa:33:43:4d:af:a5:da:cf:68:1e:c4:bc:e3:16:16:
                    0d:7a:b1:bd:00:1e:2b:33:50:ba:3a:8c:a4:9a:64:
                    fa:f5:9a:ae:3a:dc:16:6c:6a:cd:79:63:f2:69:3d:
                    ba:02:75:b5:12:19:e3:1a:5c:d3:68:14:f4:de:43:
                    b8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:15:6C:B0:0F:D3:54:C1:38:75:F2:C8:D5:D1:D1:73:EE:B1:3B:0F
            X509v3 Authority Key Identifier:
                keyid:66:DF:77:42:89:01:73:92:79:35:20:6A:28:EF:BF:48:12:3E:78:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt93QokBc5J5NSBqKO-_SBI-eHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/uxVssA_TVME4dfLI1dHRc-6xOw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/e84340-128a-4497-946f-09787f152ade/1/Zt93QokBc5J5NSBqKO-_SBI-eHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.159.208.0/21
                  5.181.72.0/22
                  31.192.96.0/21
                  45.8.100.0/22
                  45.132.108.0/22
                  45.137.44.0/22
                  80.74.240.0/20
                  83.150.252.0/22
                  85.95.96.0/19
                  92.42.120.0/21
                  95.129.64.0/21
                  176.58.0.0/21
                  185.79.184.0/22
                  185.90.0.0/22
                  185.94.204.0/22
                  185.99.76.0/22
                  185.145.88.0/22
                  185.178.216.0/22
                  185.182.200.0/23
                  185.204.212.0/22
                  185.229.4.0/22
                  185.246.132.0/22
                  185.247.200.0/22
                  185.248.252.0/24
                  185.248.254.0/24
                  188.94.16.0/21
                  193.24.3.0/24
                  193.24.6.0/24
                  193.24.13.0/24
                  193.24.31.0/24
                  195.26.32.0/19
                  195.88.8.0/23
                  212.11.68.0-212.11.75.255
                  217.145.128.0/20
                IPv6:
                  2a00:f1c0::/32
                  2a04:e9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:4e:6b:af:cf:5a:23:93:15:0c:00:e5:78:ed:71:53:c9:99:
         5e:59:8c:be:10:b7:d8:30:7c:26:a9:e1:24:14:56:91:40:bf:
         09:2f:65:b8:4d:2c:2e:69:e5:b2:1b:13:1d:96:28:d4:28:68:
         af:ce:d7:77:2d:80:6a:76:a9:b7:35:d4:81:46:cb:71:66:d9:
         6a:e6:d2:56:23:47:7c:e9:b7:8d:e2:64:69:6f:84:4b:df:af:
         e4:c0:95:15:ab:23:ac:90:02:64:2b:2c:57:90:80:d2:a7:08:
         67:97:5e:9f:fd:81:19:a6:03:ed:9f:9d:6c:41:28:d0:e4:b7:
         15:7d:24:74:6c:a7:e1:2c:a6:de:bc:17:9f:00:da:b6:7a:8f:
         c6:b6:63:23:95:a0:32:fc:bf:e2:2d:d2:45:95:57:5a:87:57:
         bd:b4:1f:86:47:2e:13:87:c0:b7:4d:e8:5a:16:c7:8e:87:e7:
         ea:7e:9e:24:45:b9:bd:00:01:90:dd:d1:d0:e6:05:9d:33:8e:
         fa:bc:26:5d:57:35:6f:d7:3a:54:72:b2:e8:23:71:f4:73:e8:
         9c:13:6c:66:a1:df:40:68:af:72:4a:d6:07:3e:1a:d2:ba:7b:
         9d:b2:75:3f:3c:42:b5:ab:b1:5f:11:06:2b:32:b6:a7:bf:3d:
         1f:fa:68:6b
-----BEGIN CERTIFICATE-----
MIIF5zCCBM+gAwIBAgISAY7S9mZDbHEiJ+drpP+h96fuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGY3NzQyODkwMTczOTI3OTM1MjA2YTI4ZWZiZjQ4MTIz
ZTc4N2MwHhcNMjQwNDEyMTUzOTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjE1NmNiMDBmZDM1NGMxMzg3NWYyYzhkNWQxZDE3M2VlYjEzYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkzAq7HNXg2vRt/fuYM36V/vSI8ic
GeaatSVwio0vH05T9f9DDUR7u7reXXLLrvZK2ZTYZwrNRiD+plJwCqLaHtklEPGe
60Z/EEgSx6fS4TohjPjwKE0S0pn2+8/DisUKgO+4RixZ6KpAxe9Yk/dEqy4zaQsn
mNzxkFBZiG1Z6EI8O4ko9Uc5gsp5zfj00en5Qzbvu69C3HbDddvxu9V2TIyaR5d4
LzipuTlI438rsdMwGQd49h9QHX3f48wsrsNsv26qM0NNr6Xaz2gexLzjFhYNerG9
AB4rM1C6OoykmmT69ZquOtwWbGrNeWPyaT26AnW1EhnjGlzTaBT03kO4aQIDAQAB
o4IC8zCCAu8wHQYDVR0OBBYEFLsVbLAP01TBOHXyyNXR0XPusTsPMB8GA1UdIwQY
MBaAFGbfd0KJAXOSeTUgaijvv0gSPnh8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYt
MDk3ODdmMTUyYWRlLzEvdXhWc3NBX1RWTUU0ZGZMSTFkSFJjLTZ4T3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS9lODQzNDAtMTI4YS00NDk3LTk0NmYtMDk3ODdmMTUyYWRl
LzEvWnQ5M1Fva0JjNUo1TlNCcUtPLV9TQkktZUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBwYIKwYBBQUHAQcBAf8EgfcwgfQwgdsEAgABMIHUAwQD
BZ/QAwQCBbVIAwQDH8BgAwQCLQhkAwQCLYRsAwQCLYksAwQEUErwAwQCU5b8AwQF
VV9gAwQDXCp4AwQDX4FAAwQDsDoAAwQCuU+4AwQCuVoAAwQCuV7MAwQCuWNMAwQC
uZFYAwQCubLYAwQBubbIAwQCuczUAwQCueUEAwQCufaEAwQCuffIAwQAufj8AwQA
ufj+AwQDvF4QAwQAwRgDAwQAwRgGAwQAwRgNAwQAwRgfAwQFwxogAwQBw1gIMAwD
BALUC0QDBALUC0gDBATZkYAwFAQCAAIwDgMFACoA8cADBQMqBOnAMA0GCSqGSIb3
DQEBCwUAA4IBAQBzTmuvz1ojkxUMAOV47XFTyZleWYy+ELfYMHwmqeEkFFaRQL8J
L2W4TSwuaeWyGxMdlijUKGivztd3LYBqdqm3NdSBRstxZtlq5tJWI0d86beN4mRp
b4RL36/kwJUVqyOskAJkKyxXkIDSpwhnl16f/YEZpgPtn51sQSjQ5LcVfSR0bKfh
LKbevBefANq2eo/GtmMjlaAy/L/iLdJFlVdah1e9tB+GRy4Th8C3TehaFseOh+fq
fp4kRbm9AAGQ3dHQ5gWdM476vCZdVzVv1zpUcrLoI3H0c+icE2xmod9AaK9yStYH
PhrSunudsnU/PEK1q7FfEQYrMranvz0f+mhr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:55 2024 by rpki-client on console-ams.rpki-client.org