Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/hYi4rSLym-_twwDckjdcAj0NCgw.roa
File:                     hYi4rSLym-_twwDckjdcAj0NCgw.roa (raw, json)
Hash identifier:          YFd8We5MMNLM+1SuWdXy+6R/nUH5GDKNhZwDyYQzrtM=
Subject key identifier:   85:88:B8:AD:22:F2:9B:EF:ED:C3:00:DC:92:37:5C:02:3D:0D:0A:0C
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       018CC7277277D84253FD305F6A63BD66D15D
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/hYi4rSLym-_twwDckjdcAj0NCgw.roa
Signing time:             Mon 01 Jan 2024 22:31:40 +0000
ROA not before:           Mon 01 Jan 2024 22:31:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200532
IP address blocks:        89.33.41.0/24 maxlen: 24
                          185.129.48.0/24 maxlen: 24
                          185.129.49.0/24 maxlen: 24
                          185.129.50.0/24 maxlen: 24
                          185.129.51.0/24 maxlen: 24
                          185.100.64.0/24 maxlen: 24
                          185.100.67.0/24 maxlen: 24
                          185.100.65.0/24 maxlen: 24
                          185.100.66.0/24 maxlen: 24
                          188.241.216.0/24 maxlen: 24
                          188.241.217.0/24 maxlen: 24
                          185.111.104.0/22 maxlen: 22
                          185.111.104.0/24 maxlen: 24
                          185.111.105.0/24 maxlen: 24
                          185.111.106.0/24 maxlen: 24
                          185.111.107.0/24 maxlen: 24
                          185.98.4.0/24 maxlen: 24
                          185.98.5.0/24 maxlen: 24
                          185.98.6.0/24 maxlen: 24
                          185.98.7.0/24 maxlen: 24
                          185.121.80.0/24 maxlen: 24
                          185.121.80.0/22 maxlen: 22
                          185.121.81.0/24 maxlen: 24
                          185.121.82.0/24 maxlen: 24
                          185.121.83.0/24 maxlen: 24
                          89.35.124.0/24 maxlen: 24
                          89.35.125.0/24 maxlen: 24
                          31.14.27.0/24 maxlen: 24
                          185.113.132.0/22 maxlen: 22
                          185.113.132.0/24 maxlen: 24
                          89.46.33.0/24 maxlen: 24
                          185.113.133.0/24 maxlen: 24
                          185.113.134.0/24 maxlen: 24
                          185.113.135.0/24 maxlen: 24
                          185.125.88.0/24 maxlen: 24
                          185.125.89.0/24 maxlen: 24
                          185.125.90.0/24 maxlen: 24
                          185.125.91.0/24 maxlen: 24
                          185.116.192.0/24 maxlen: 24
                          185.116.192.0/22 maxlen: 22
                          185.116.193.0/24 maxlen: 24
                          185.116.194.0/24 maxlen: 24
                          185.116.195.0/24 maxlen: 24
                          2a06:940::/56 maxlen: 56
                          2a06:942::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 22 Jan 2024 03:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:72:77:d8:42:53:fd:30:5f:6a:63:bd:66:d1:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  1 22:31:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8588b8ad22f29befedc300dc92375c023d0d0a0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:75:5a:29:41:ee:fa:bc:44:5c:ec:a3:2f:70:
                    02:15:bf:07:60:30:c6:79:ab:f5:78:dc:e8:5c:c4:
                    81:54:cf:6a:4f:28:60:50:d0:aa:18:33:ee:66:d2:
                    50:d2:35:52:c4:28:23:84:69:f3:2e:1e:a3:d5:a1:
                    06:a7:2c:2a:58:ce:28:92:ab:84:a6:fb:47:07:b3:
                    7f:8c:64:04:11:35:4f:42:05:1c:05:a6:96:74:2c:
                    c9:81:77:69:b4:93:9a:2f:bc:36:8e:5d:17:b9:78:
                    ee:af:99:93:02:c1:4a:ea:2f:5e:09:bc:59:bb:6c:
                    9d:51:d8:37:f8:e6:48:46:7d:e7:3d:ba:2d:51:4a:
                    b8:38:15:0a:b4:c8:08:48:55:a0:9b:bc:bd:34:2e:
                    f1:c7:fd:54:21:c4:16:f2:72:5f:f3:97:6d:8c:40:
                    dd:b6:8e:1f:b2:98:a8:99:3d:31:8f:64:d0:70:f6:
                    87:ca:b3:3f:70:e9:c8:66:ec:17:06:f9:a9:02:2b:
                    aa:76:87:07:ee:a8:20:f0:eb:32:45:54:f3:e0:b8:
                    88:89:54:a2:d0:e3:f0:cf:e6:a2:80:81:16:56:1a:
                    12:87:ac:3b:3e:b3:21:b6:4f:f5:10:aa:a7:4d:76:
                    2f:7a:e6:78:4a:01:c7:a3:bf:1b:e7:0e:24:a6:99:
                    b3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:88:B8:AD:22:F2:9B:EF:ED:C3:00:DC:92:37:5C:02:3D:0D:0A:0C
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/hYi4rSLym-_twwDckjdcAj0NCgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.27.0/24
                  89.33.41.0/24
                  89.35.124.0/23
                  89.46.33.0/24
                  185.98.4.0/22
                  185.100.64.0/22
                  185.111.104.0/22
                  185.113.132.0/22
                  185.116.192.0/22
                  185.121.80.0/22
                  185.125.88.0/22
                  185.129.48.0/22
                  188.241.216.0/23
                IPv6:
                  2a06:940::/56
                  2a06:942::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:93:c7:75:e2:ac:3c:31:22:71:b2:0f:e7:77:19:18:bc:02:
         94:fb:fb:88:fc:3b:2d:ec:aa:a9:88:60:58:34:00:98:72:dd:
         47:fb:2e:34:e0:b1:d7:5c:64:c6:dd:00:e4:5e:b9:5e:d7:c4:
         61:38:44:e2:18:2f:9f:dc:6c:a6:c9:fb:69:95:14:fa:28:fc:
         31:e7:83:20:06:84:8a:94:7a:12:8b:ea:52:e8:34:bb:03:47:
         72:86:c7:d5:2b:f4:4a:d0:46:1f:1b:d9:f6:aa:86:73:8a:5f:
         c5:d2:8f:67:8f:3a:e4:7e:04:01:65:e4:a6:80:b2:f4:7e:69:
         ee:4f:96:ff:fe:3a:83:0f:44:19:ac:58:26:45:9a:31:ac:ce:
         fc:62:26:11:83:86:aa:44:a3:3b:db:20:42:3e:cb:92:35:ae:
         76:88:34:37:09:f6:c0:f9:a4:b3:37:a0:c2:9c:52:c1:fa:c6:
         84:45:f9:0b:3e:93:85:62:44:b5:eb:d6:dd:51:16:91:ed:b8:
         5d:9c:f4:28:09:f4:02:d2:37:53:71:cc:2a:03:ec:2b:ba:b0:
         4f:82:68:e0:71:69:29:d3:58:5c:a4:c1:7b:28:20:ca:3d:d8:
         1c:15:27:f9:00:16:4b:4e:b3:29:40:2b:62:f4:34:74:89:fd:
         99:3c:d9:90
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYzHJ3J32EJT/TBfamO9ZtFdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjQwMTAxMjIzMTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg4YjhhZDIyZjI5YmVmZWRjMzAwZGM5MjM3NWMwMjNkMGQwYTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy3VaKUHu+rxEXOyjL3ACFb8HYDDG
eav1eNzoXMSBVM9qTyhgUNCqGDPuZtJQ0jVSxCgjhGnzLh6j1aEGpywqWM4okquE
pvtHB7N/jGQEETVPQgUcBaaWdCzJgXdptJOaL7w2jl0XuXjur5mTAsFK6i9eCbxZ
u2ydUdg3+OZIRn3nPbotUUq4OBUKtMgISFWgm7y9NC7xx/1UIcQW8nJf85dtjEDd
to4fspiomT0xj2TQcPaHyrM/cOnIZuwXBvmpAiuqdocH7qgg8OsyRVTz4LiIiVSi
0OPwz+aigIEWVhoSh6w7PrMhtk/1EKqnTXYveuZ4SgHHo78b5w4kppmz9QIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFIWIuK0i8pvv7cMA3JI3XAI9DQoMMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvaFlpNHJTTHltLV90d3dEY2tqZGNBajBOQ2d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwVAQCAAEwTgMEAB8OGwME
AFkhKQMEAVkjfAMEAFkuIQMEArliBAMEArlkQAMEArlvaAMEArlxhAMEArl0wAME
Arl5UAMEArl9WAMEArmBMAMEAbzx2DAZBAIAAjATAwgAKgYJQAAAAAMHACoGCUIA
ADANBgkqhkiG9w0BAQsFAAOCAQEAjZPHdeKsPDEicbIP53cZGLwClPv7iPw7Leyq
qYhgWDQAmHLdR/suNOCx11xkxt0A5F65XtfEYThE4hgvn9xspsn7aZUU+ij8MeeD
IAaEipR6EovqUug0uwNHcobH1Sv0StBGHxvZ9qqGc4pfxdKPZ4865H4EAWXkpoCy
9H5p7k+W//46gw9EGaxYJkWaMazO/GImEYOGqkSjO9sgQj7LkjWudog0Nwn2wPmk
szegwpxSwfrGhEX5Cz6ThWJEtevW3VEWke24XZz0KAn0AtI3U3HMKgPsK7qwT4Jo
4HFpKdNYXKTBeyggyj3YHBUn+QAWS06zKUArYvQ0dIn9mTzZkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:23 2024 by rpki-client on console-fra.rpki-client.org