Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/hKHT_rhh7OCDjL_UXC124phW-S4.roa
File:                     hKHT_rhh7OCDjL_UXC124phW-S4.roa (raw, json)
Hash identifier:          zfMBb4VxzOryYq31uyWlSS88EZNLyEwJLK2dlXC/SG8=
Subject key identifier:   84:A1:D3:FE:B8:61:EC:E0:83:8C:BF:D4:5C:2D:76:E2:98:56:F9:2E
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       018FA18338AC892EC52A476C76D5173ABCA8
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/hKHT_rhh7OCDjL_UXC124phW-S4.roa
Signing time:             Wed 22 May 2024 18:14:42 +0000
ROA not before:           Wed 22 May 2024 18:14:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        79.175.95.0/24 maxlen: 24
                          79.175.96.0/24 maxlen: 24
                          109.121.0.0/19 maxlen: 24
                          109.121.33.0/24 maxlen: 24
                          109.121.36.0/24 maxlen: 24
                          109.121.37.0/24 maxlen: 24
                          109.121.38.0/24 maxlen: 24
                          109.121.39.0/24 maxlen: 24
                          109.121.40.0/24 maxlen: 24
                          109.121.42.0/24 maxlen: 24
                          109.121.43.0/24 maxlen: 24
                          109.121.45.0/24 maxlen: 24
                          109.121.47.0/24 maxlen: 24
                          109.233.184.0/24 maxlen: 24
                          109.233.185.0/24 maxlen: 24
                          178.253.237.0/24 maxlen: 24
                          188.255.212.0/24 maxlen: 24
                          212.69.11.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 08 Jul 2024 10:34:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a1:83:38:ac:89:2e:c5:2a:47:6c:76:d5:17:3a:bc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: May 22 18:14:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=84a1d3feb861ece0838cbfd45c2d76e29856f92e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:6c:02:f3:da:00:f0:63:c7:d7:59:84:de:33:
                    94:f5:b7:ac:af:38:05:a6:21:f9:4d:7a:e5:50:9e:
                    97:d8:4c:66:c5:3c:dc:5b:e4:a1:28:43:28:98:98:
                    67:cd:a2:9e:20:eb:df:36:6d:04:46:55:b1:e4:41:
                    ad:53:ca:b7:66:22:71:f2:ac:3a:82:e5:9b:1e:cf:
                    15:18:60:02:e0:bb:53:b8:40:f4:16:6d:1a:92:26:
                    e5:4d:45:8a:f6:2a:7c:eb:f2:e9:ee:55:9f:c0:b9:
                    1f:57:db:09:5b:16:dd:b9:3f:bc:aa:3d:5a:29:9a:
                    25:dc:ca:25:5c:37:c9:09:5b:ed:97:75:13:be:d1:
                    d9:84:f2:c1:0e:be:76:88:a3:a3:b2:22:ee:34:72:
                    4d:3b:4e:7c:fe:7a:a6:c1:22:2e:fa:22:3a:7b:60:
                    b6:38:7f:2a:3c:4d:c1:5e:84:e7:21:27:8d:d0:7f:
                    33:4e:21:1e:28:00:63:93:70:8a:96:af:c7:2c:24:
                    29:97:06:38:45:78:58:67:c9:63:58:99:fb:0a:4f:
                    f4:fa:0d:45:b1:da:2a:59:0b:27:7e:7d:f2:df:19:
                    db:8e:cd:a0:57:75:e0:e0:80:ed:a4:c0:7a:90:be:
                    c6:0a:37:81:bc:9e:5a:c1:ea:39:58:b3:aa:b0:32:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:A1:D3:FE:B8:61:EC:E0:83:8C:BF:D4:5C:2D:76:E2:98:56:F9:2E
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/hKHT_rhh7OCDjL_UXC124phW-S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.175.95.0-79.175.96.255
                  109.121.0.0/19
                  109.121.33.0/24
                  109.121.36.0-109.121.40.255
                  109.121.42.0/23
                  109.121.45.0/24
                  109.121.47.0/24
                  109.233.184.0/23
                  178.253.237.0/24
                  188.255.212.0/24
                  212.69.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:d6:7d:86:7a:2e:fc:f6:b7:86:35:3f:15:d0:1d:4f:8b:fe:
         0b:9e:02:ef:09:08:ce:7e:7b:ab:89:11:f1:7c:72:86:43:77:
         81:26:7c:66:29:0e:fc:98:f5:f5:01:32:98:0f:66:f3:c5:f8:
         0a:64:b4:1a:16:a6:22:07:a6:de:d4:31:de:31:d0:85:6c:ab:
         8c:9a:a8:f2:8c:b0:86:e5:fb:b3:03:b1:93:db:7c:d7:6b:31:
         e3:d5:52:95:9c:be:16:bf:e0:c0:cb:27:ef:c0:5e:c3:dc:68:
         32:72:a6:4d:63:e2:ae:35:48:46:30:b8:de:f7:cc:83:6e:27:
         12:c5:79:4b:01:a0:7c:31:be:a8:66:9c:18:53:6d:58:60:a1:
         12:44:4e:eb:ee:c0:c0:b0:39:a8:0d:af:f1:e7:bf:12:e3:9b:
         07:c4:29:52:e2:1b:58:78:50:14:ae:93:94:34:16:da:e5:64:
         70:7f:44:a5:82:3e:85:ae:17:23:2e:0a:7d:fa:ad:62:ea:4a:
         2d:5a:b8:46:05:c4:af:f6:2f:dc:f9:33:b0:98:58:c9:0a:b4:
         b8:f5:6c:33:7e:2d:b9:77:51:99:22:1b:8f:57:30:3f:dc:0b:
         fc:94:77:ea:7f:fd:5b:cc:bd:ae:15:47:08:f6:a8:05:45:81:
         d4:52:a3:a8
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgISAY+hgzisiS7FKkdsdtUXOryoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjQwNTIyMTgxNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGExZDNmZWI4NjFlY2UwODM4Y2JmZDQ1YzJkNzZlMjk4NTZmOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mwC89oA8GPH11mE3jOU9besrzgF
piH5TXrlUJ6X2ExmxTzcW+ShKEMomJhnzaKeIOvfNm0ERlWx5EGtU8q3ZiJx8qw6
guWbHs8VGGAC4LtTuED0Fm0akiblTUWK9ip86/Lp7lWfwLkfV9sJWxbduT+8qj1a
KZol3MolXDfJCVvtl3UTvtHZhPLBDr52iKOjsiLuNHJNO058/nqmwSIu+iI6e2C2
OH8qPE3BXoTnISeN0H8zTiEeKABjk3CKlq/HLCQplwY4RXhYZ8ljWJn7Ck/0+g1F
sdoqWQsnfn3y3xnbjs2gV3Xg4IDtpMB6kL7GCjeBvJ5aweo5WLOqsDL7XQIDAQAB
o4ICVTCCAlEwHQYDVR0OBBYEFISh0/64Yezgg4y/1FwtduKYVvkuMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvaEtIVF9yaGg3T0NEakxfVVhDMTI0cGhXLVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGsGCCsGAQUFBwEHAQH/BFwwWjBYBAIAATBSMAwDBABPr18D
BABPr2ADBAVteQADBABteSEwDAMEAm15JAMEAG15KAMEAW15KgMEAG15LQMEAG15
LwMEAW3puAMEALL97QMEALz/1AMEANRFCzANBgkqhkiG9w0BAQsFAAOCAQEAVtZ9
hnou/Pa3hjU/FdAdT4v+C54C7wkIzn57q4kR8XxyhkN3gSZ8ZikO/Jj19QEymA9m
88X4CmS0GhamIgem3tQx3jHQhWyrjJqo8oywhuX7swOxk9t812sx49VSlZy+Fr/g
wMsn78Bew9xoMnKmTWPirjVIRjC43vfMg24nEsV5SwGgfDG+qGacGFNtWGChEkRO
6+7AwLA5qA2v8ee/EuObB8QpUuIbWHhQFK6TlDQW2uVkcH9EpYI+ha4XIy4Kffqt
YupKLVq4RgXEr/Yv3PkzsJhYyQq0uPVsM34tuXdRmSIbj1cwP9wL/JR36n/9W8y9
rhVHCPaoBUWB1FKjqA==
-----END CERTIFICATE-----