Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/ZHFGpFGt78oZlpH1OmEusqYSiUM.roa
File:                     ZHFGpFGt78oZlpH1OmEusqYSiUM.roa (raw, json)
Hash identifier:          WIDwuB0Idp0QTy5UHI59SLrR6FpnSKV5H7ebZaZMNVQ=
Subject key identifier:   64:71:46:A4:51:AD:EF:CA:19:96:91:F5:3A:61:2E:B2:A6:12:89:43
Certificate issuer:       /CN=66ed3ba68c78bff2c4724400ade6348482fb4364
Certificate serial:       018DE2378EEAE18680345717D18467A876CD
Authority key identifier: 66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/ZHFGpFGt78oZlpH1OmEusqYSiUM.roa
Signing time:             Sun 25 Feb 2024 21:41:48 +0000
ROA not before:           Sun 25 Feb 2024 21:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64289
IP address blocks:        185.225.24.0/24 maxlen: 24
                          185.225.26.0/24 maxlen: 24
                          192.189.157.0/24 maxlen: 24
                          2a14:3f80:8::/45 maxlen: 45
                          2a14:3f80:10::/45 maxlen: 45
                          2a14:3f80:18::/45 maxlen: 45
                          2a14:3f80:20::/45 maxlen: 45
                          2a14:3f80:28::/45 maxlen: 45

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 09:30:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e2:37:8e:ea:e1:86:80:34:57:17:d1:84:67:a8:76:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ed3ba68c78bff2c4724400ade6348482fb4364
        Validity
            Not Before: Feb 25 21:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=647146a451adefca199691f53a612eb2a6128943
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:cc:b6:2e:95:67:bc:4d:76:8c:6c:6a:b6:be:
                    bc:ff:60:97:74:7b:c4:24:e8:a3:2a:56:3a:e6:1e:
                    36:71:85:a0:7d:2b:78:d1:eb:e1:d9:79:48:af:e8:
                    d8:3c:64:a2:cc:66:15:f7:90:09:ed:84:c9:a4:b7:
                    27:cb:10:63:0d:1e:2a:6f:87:31:12:ba:d2:c6:01:
                    cb:39:ac:f2:e0:9e:36:e9:ec:3e:b6:17:6d:d2:19:
                    75:2c:67:1d:b8:b4:3c:45:05:08:48:a0:1a:0c:37:
                    c7:2c:e3:c3:a4:7b:9d:78:cf:d0:62:6e:7f:ae:60:
                    20:be:82:53:51:73:fb:4b:f1:32:94:99:32:21:3b:
                    80:ae:1e:bf:3f:ef:08:5c:fd:d3:b6:e9:7f:90:8a:
                    c8:fd:53:45:e6:12:e7:7c:1c:f6:5f:ef:aa:49:8d:
                    ff:c5:0c:50:c0:8e:7e:88:a4:aa:94:e2:fd:1a:aa:
                    cf:90:4a:be:ae:45:e7:e8:6b:cc:ad:28:64:37:29:
                    cf:23:f6:d6:b4:7c:16:25:82:bc:8c:7d:fc:43:e4:
                    dd:e7:08:0a:f5:05:29:9c:17:1d:49:ec:b8:82:98:
                    13:a5:68:c9:ed:7d:f0:86:10:98:04:87:3c:e6:4a:
                    fd:f0:a4:3a:1e:da:37:95:a5:83:9d:a1:5b:2b:86:
                    df:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:71:46:A4:51:AD:EF:CA:19:96:91:F5:3A:61:2E:B2:A6:12:89:43
            X509v3 Authority Key Identifier:
                keyid:66:ED:3B:A6:8C:78:BF:F2:C4:72:44:00:AD:E6:34:84:82:FB:43:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zu07pox4v_LEckQAreY0hIL7Q2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/ZHFGpFGt78oZlpH1OmEusqYSiUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b79a68-5b02-4097-a2e3-0a43b7a3eb54/1/Zu07pox4v_LEckQAreY0hIL7Q2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.24.0/24
                  185.225.26.0/24
                  192.189.157.0/24
                IPv6:
                  2a14:3f80:8::-2a14:3f80:2f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         86:d9:2f:81:79:49:b6:32:7c:7c:99:d2:53:e7:6b:75:d4:71:
         f2:a9:ec:52:df:da:32:89:87:64:49:bd:c4:17:fe:0a:d1:0c:
         fa:9a:02:d0:4c:14:56:6e:b2:32:97:6d:02:dc:a7:0b:22:e2:
         43:d2:1b:11:df:5b:1c:f9:eb:54:fa:dc:ea:a3:e9:ac:f8:f2:
         7c:62:3d:24:16:e1:41:d6:9d:14:f5:51:a3:95:f5:03:96:c8:
         d5:62:18:e3:ae:65:80:a2:5c:ff:8d:c2:b0:c1:a2:3d:ea:9d:
         d3:c4:3b:ab:6e:fe:48:0c:65:94:2f:c5:c7:72:53:44:52:9f:
         40:39:0f:fc:31:88:72:ee:eb:72:59:e8:64:12:69:9b:87:e2:
         56:fa:3b:bc:08:3b:a1:21:49:9e:77:a1:46:5b:2f:7a:0e:2d:
         6b:80:88:31:14:0d:43:d1:c6:7d:8a:97:e4:46:f2:59:b9:e5:
         07:ca:11:2e:05:0c:a4:64:aa:e4:21:50:5c:82:75:c4:34:9b:
         9f:01:96:ce:2f:42:91:52:09:0b:63:03:e3:cc:46:48:0e:9d:
         d0:c9:48:c8:b4:b8:5c:90:8c:38:e6:c4:a8:b2:dd:0e:62:d2:
         e4:e4:00:16:d4:97:bb:78:e7:80:f6:e2:36:05:dd:3e:32:fe:
         f0:40:11:7d
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY3iN47q4YaANFcX0YRnqHbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZWQzYmE2OGM3OGJmZjJjNDcyNDQwMGFkZTYzNDg0ODJm
YjQzNjQwHhcNMjQwMjI1MjE0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDcxNDZhNDUxYWRlZmNhMTk5NjkxZjUzYTYxMmViMmE2MTI4OTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMy2LpVnvE12jGxqtr68/2CXdHvE
JOijKlY65h42cYWgfSt40evh2XlIr+jYPGSizGYV95AJ7YTJpLcnyxBjDR4qb4cx
ErrSxgHLOazy4J426ew+thdt0hl1LGcduLQ8RQUISKAaDDfHLOPDpHudeM/QYm5/
rmAgvoJTUXP7S/EylJkyITuArh6/P+8IXP3Ttul/kIrI/VNF5hLnfBz2X++qSY3/
xQxQwI5+iKSqlOL9GqrPkEq+rkXn6GvMrShkNynPI/bWtHwWJYK8jH38Q+Td5wgK
9QUpnBcdSey4gpgTpWjJ7X3whhCYBIc85kr98KQ6Hto3laWDnaFbK4bf+wIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFGRxRqRRre/KGZaR9TphLrKmEolDMB8GA1UdIwQY
MBaAFGbtO6aMeL/yxHJEAK3mNISC+0NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMt
MGE0M2I3YTNlYjU0LzEvWkhGR3BGR3Q3OG9abHBIMU9tRXVzcVlTaVVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iNzlhNjgtNWIwMi00MDk3LWEyZTMtMGE0M2I3YTNlYjU0
LzEvWnUwN3BveDR2X0xFY2tRQXJlWTBoSUw3UTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAYBAIAATASAwQAueEYAwQA
ueEaAwQAwL2dMBoEAgACMBQwEgMHAyoUP4AACAMHBCoUP4AAIDANBgkqhkiG9w0B
AQsFAAOCAQEAhtkvgXlJtjJ8fJnSU+drddRx8qnsUt/aMomHZEm9xBf+CtEM+poC
0EwUVm6yMpdtAtynCyLiQ9IbEd9bHPnrVPrc6qPprPjyfGI9JBbhQdadFPVRo5X1
A5bI1WIY465lgKJc/43CsMGiPeqd08Q7q27+SAxllC/Fx3JTRFKfQDkP/DGIcu7r
clnoZBJpm4fiVvo7vAg7oSFJnnehRlsveg4ta4CIMRQNQ9HGfYqX5EbyWbnlB8oR
LgUMpGSq5CFQXIJ1xDSbnwGWzi9CkVIJC2MD48xGSA6d0MlIyLS4XJCMOObEqLLd
DmLS5OQAFtSXu3jngPbiNgXdPjL+8EARfQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:14 2024 by rpki-client on console-fra.rpki-client.org