Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/kBqLhuQHXJVP4kkMrf6PkJBAhiA.roa
File:                     kBqLhuQHXJVP4kkMrf6PkJBAhiA.roa (raw, json)
Hash identifier:          IVamx3Qk21Y5jrmwbuOFqSYDjLvc/tLLYlvXVgT1SmA=
Subject key identifier:   90:1A:8B:86:E4:07:5C:95:4F:E2:49:0C:AD:FE:8F:90:90:40:86:20
Certificate issuer:       /CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
Certificate serial:       018CC6B7BDA19AA30D9A99B8A961399ADD6E
Authority key identifier: 86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/kBqLhuQHXJVP4kkMrf6PkJBAhiA.roa
Signing time:             Mon 01 Jan 2024 20:29:39 +0000
ROA not before:           Mon 01 Jan 2024 20:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8312
IP address blocks:        77.74.48.0/21 maxlen: 21
                          77.74.48.0/22 maxlen: 22
                          193.189.149.0/24 maxlen: 24
                          185.58.56.0/22 maxlen: 22
                          77.74.52.0/22 maxlen: 22
                          195.210.56.0/23 maxlen: 23
                          185.58.59.0/24 maxlen: 24
                          193.16.154.0/24 maxlen: 24
                          2a01:310::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 10 Jul 2024 09:20:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:bd:a1:9a:a3:0d:9a:99:b8:a9:61:39:9a:dd:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
        Validity
            Not Before: Jan  1 20:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=901a8b86e4075c954fe2490cadfe8f9090408620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:bf:bc:b3:14:5f:90:9c:90:c4:66:45:94:b0:
                    01:b6:39:8e:e8:1d:f7:af:23:74:18:df:40:5e:2a:
                    15:c3:2c:3e:5b:17:8c:22:86:23:d4:ca:b7:ec:ee:
                    fa:f4:99:92:6c:20:1d:3c:a5:b5:54:b3:d5:c4:aa:
                    2b:1b:ff:d2:22:df:5d:0c:86:fb:28:36:ca:b9:ea:
                    cd:31:0a:78:7f:66:0c:99:98:ac:c1:d6:5f:45:5d:
                    5b:a1:70:84:1d:e6:2e:a8:c7:0a:1f:9b:ce:d0:e1:
                    46:f1:93:6d:af:f7:da:6a:ce:ee:d1:89:ca:49:e0:
                    56:bd:0f:fb:29:47:a4:1d:fc:31:52:43:85:62:43:
                    05:5e:ae:7d:f1:13:97:be:18:a5:af:87:1b:3c:c4:
                    7c:e1:90:be:9f:cd:0d:59:de:55:b1:a5:43:ac:42:
                    72:f0:21:89:3c:3d:03:01:9d:c5:e2:9e:c0:35:02:
                    0c:1b:c9:96:54:2d:20:bf:62:79:12:1d:93:15:fb:
                    f7:0c:57:9d:19:d6:d3:72:66:1d:6e:f4:a1:4e:fb:
                    bd:d2:b4:68:0a:d4:e9:b7:bb:05:e1:3c:d5:12:94:
                    57:45:2d:5c:3d:7d:a6:c1:c4:57:1c:32:0c:e5:90:
                    b0:9a:db:e2:1e:14:c3:80:00:ad:13:87:e6:b0:1b:
                    7f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1A:8B:86:E4:07:5C:95:4F:E2:49:0C:AD:FE:8F:90:90:40:86:20
            X509v3 Authority Key Identifier:
                keyid:86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/kBqLhuQHXJVP4kkMrf6PkJBAhiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/hksOE88nr_Zr5zC-zpjgSwD9-54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.48.0/21
                  185.58.56.0/22
                  193.16.154.0/24
                  193.189.149.0/24
                  195.210.56.0/23
                IPv6:
                  2a01:310::/32

    Signature Algorithm: sha256WithRSAEncryption
         78:b8:cd:0c:b5:06:81:ca:50:92:9e:01:b5:53:0a:2c:0c:bd:
         7e:bb:de:12:45:93:39:8f:25:b5:9c:96:dc:cb:ab:90:8f:05:
         34:56:9e:e0:66:49:af:5d:69:76:70:0a:40:5c:4a:31:6a:40:
         6b:e7:15:25:d8:6f:12:2f:25:b8:c8:3b:b2:f8:0b:d7:c9:fb:
         56:58:2a:f4:ea:bb:24:6f:46:fd:b0:38:d7:d7:44:19:da:bb:
         d1:1d:4b:f6:60:d0:78:df:d5:fa:b8:58:8d:b7:81:c7:3b:3f:
         27:7d:27:35:c3:35:2a:5e:62:42:2d:7a:dd:8d:a7:97:b2:b9:
         46:b2:e0:15:61:2c:1f:9b:28:7d:2f:75:a4:15:88:01:28:92:
         00:69:75:a5:d0:0f:bf:01:f7:54:9a:7e:7f:c0:24:c4:dd:08:
         86:11:88:45:41:ff:a7:d1:66:e1:89:08:b8:14:60:cb:0f:c4:
         6c:8f:d1:db:f3:41:9c:66:e3:e0:d9:5d:9b:08:9f:28:5c:4a:
         b4:d2:fe:7c:5d:f9:73:63:67:3c:bd:65:38:29:a2:26:7c:11:
         4d:24:9e:94:5c:96:6b:0d:09:1d:8e:36:76:5f:f4:fd:43:88:
         f3:ae:59:b5:ad:f2:ae:e8:ff:f9:fb:41:92:09:f8:7a:6a:7e:
         26:88:7c:1f
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzGt72hmqMNmpm4qWE5mt1uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGIwZTEzY2YyN2FmZjY2YmU3MzBiZWNlOThlMDRiMDBm
ZGZiOWUwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFhOGI4NmU0MDc1Yzk1NGZlMjQ5MGNhZGZlOGY5MDkwNDA4NjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg7+8sxRfkJyQxGZFlLABtjmO6B33
ryN0GN9AXioVwyw+WxeMIoYj1Mq37O769JmSbCAdPKW1VLPVxKorG//SIt9dDIb7
KDbKuerNMQp4f2YMmZiswdZfRV1boXCEHeYuqMcKH5vO0OFG8ZNtr/faas7u0YnK
SeBWvQ/7KUekHfwxUkOFYkMFXq598ROXvhilr4cbPMR84ZC+n80NWd5VsaVDrEJy
8CGJPD0DAZ3F4p7ANQIMG8mWVC0gv2J5Eh2TFfv3DFedGdbTcmYdbvShTvu90rRo
CtTpt7sF4TzVEpRXRS1cPX2mwcRXHDIM5ZCwmtviHhTDgACtE4fmsBt/2wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJAai4bkB1yVT+JJDK3+j5CQQIYgMB8GA1UdIwQY
MBaAFIZLDhPPJ6/2a+cwvs6Y4EsA/fueMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtzT0U4OG5yX1pyNXpDLXpwamdTd0Q5LTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8zMDI4NjMtNTY4OS00M2ZjLTg3MmYt
ZmM0NGE4YWNlMzcwLzEva0JxTGh1UUhYSlZQNGtrTXJmNlBrSkJBaGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8zMDI4NjMtNTY4OS00M2ZjLTg3MmYtZmM0NGE4YWNlMzcw
LzEvaGtzT0U4OG5yX1pyNXpDLXpwamdTd0Q5LTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDTUowAwQC
uTo4AwQAwRCaAwQAwb2VAwQBw9I4MA0EAgACMAcDBQAqAQMQMA0GCSqGSIb3DQEB
CwUAA4IBAQB4uM0MtQaBylCSngG1UwosDL1+u94SRZM5jyW1nJbcy6uQjwU0Vp7g
ZkmvXWl2cApAXEoxakBr5xUl2G8SLyW4yDuy+AvXyftWWCr06rskb0b9sDjX10QZ
2rvRHUv2YNB439X6uFiNt4HHOz8nfSc1wzUqXmJCLXrdjaeXsrlGsuAVYSwfmyh9
L3WkFYgBKJIAaXWl0A+/AfdUmn5/wCTE3QiGEYhFQf+n0WbhiQi4FGDLD8Rsj9Hb
80GcZuPg2V2bCJ8oXEq00v58XflzY2c8vWU4KaImfBFNJJ6UXJZrDQkdjjZ2X/T9
Q4jzrlm1rfKu6P/5+0GSCfh6an4miHwf
-----END CERTIFICATE-----
Generated at Wed Jul 10 10:34:12 2024 by rpki-client on console-ams.rpki-client.org