Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/hJQnLmOCVZwL5Gs-PRd15xekgNE.roa
File:                     hJQnLmOCVZwL5Gs-PRd15xekgNE.roa (raw, json)
Hash identifier:          k/85X+CML7GdswBZj5Dx5lCyYJbDSja9w3Z3WFNI6WA=
Subject key identifier:   84:94:27:2E:63:82:55:9C:0B:E4:6B:3E:3D:17:75:E7:17:A4:80:D1
Certificate issuer:       /CN=9a3ce5c5a730cd8e2ff1f55d180f1a81b3000cc8
Certificate serial:       01856F0B4DD01B3DC9696E73C517164B9EA1
Authority key identifier: 9A:3C:E5:C5:A7:30:CD:8E:2F:F1:F5:5D:18:0F:1A:81:B3:00:0C:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/hJQnLmOCVZwL5Gs-PRd15xekgNE.roa
Signing time:             Sun 01 Jan 2023 20:34:49 +0000
ROA not before:           Sun 01 Jan 2023 20:34:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     6774
IP address blocks:        213.137.128.0/21 maxlen: 21
                          213.137.135.0/24 maxlen: 24
                          213.137.134.0/24 maxlen: 24
                          213.137.137.0/24 maxlen: 24
                          213.137.136.0/24 maxlen: 24
                          213.137.138.0/24 maxlen: 24
                          213.137.139.0/24 maxlen: 24
                          213.137.158.0/24 maxlen: 24
                          80.84.16.0/20 maxlen: 20
                          80.84.31.0/24 maxlen: 24
                          80.84.30.0/24 maxlen: 24
                          94.102.160.0/20 maxlen: 20
                          80.84.29.0/24 maxlen: 24
                          94.102.175.0/24 maxlen: 24
                          195.234.24.0/24 maxlen: 24
                          2001:9b8::/32 maxlen: 32
                          2001:9b8:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 02:29:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6f:0b:4d:d0:1b:3d:c9:69:6e:73:c5:17:16:4b:9e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a3ce5c5a730cd8e2ff1f55d180f1a81b3000cc8
        Validity
            Not Before: Jan  1 20:34:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=8494272e6382559c0be46b3e3d1775e717a480d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8f:8b:45:6c:28:4b:43:8e:0c:3c:2e:69:f0:
                    91:6a:d9:1d:cc:8c:c3:5e:55:63:ab:81:c2:c4:e5:
                    98:af:21:a5:c3:dc:a7:07:da:e4:fc:e1:44:4d:8a:
                    df:3f:f0:36:e5:c9:b6:fc:0c:75:d2:79:ab:8f:7e:
                    05:97:cd:77:d0:ba:b4:d3:a4:f9:ce:ef:d6:d5:ed:
                    e7:08:ec:78:fd:18:51:98:bd:a6:e7:78:9b:0b:d4:
                    88:57:10:6e:c4:d3:c0:d6:01:a7:3d:d7:ba:2e:1b:
                    25:87:d9:50:c5:b8:29:e6:9a:b4:16:87:56:3d:e9:
                    03:e2:3f:ad:1b:2b:2f:5e:a4:ae:4d:70:50:92:1b:
                    de:e1:c4:db:c8:47:cf:5e:2d:eb:dd:7d:a2:f4:03:
                    23:10:71:c8:86:18:1e:21:c0:9a:34:7f:fe:7e:df:
                    44:5c:d4:9d:c7:05:85:74:d4:80:1d:8e:fd:9f:6f:
                    b9:97:a3:69:83:58:0b:63:f7:68:c7:c6:92:9a:a9:
                    73:0e:07:54:c5:39:0f:6b:7b:dd:30:5d:dd:0d:90:
                    55:5c:f0:a1:2a:0e:f8:4b:a2:d7:a7:ba:14:39:dc:
                    a6:48:59:ff:26:fd:81:2d:7b:0f:2d:c6:4a:64:1c:
                    b5:6c:a6:ae:a4:f9:a9:03:1f:da:c9:87:f7:90:0d:
                    04:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:94:27:2E:63:82:55:9C:0B:E4:6B:3E:3D:17:75:E7:17:A4:80:D1
            X509v3 Authority Key Identifier:
                keyid:9A:3C:E5:C5:A7:30:CD:8E:2F:F1:F5:5D:18:0F:1A:81:B3:00:0C:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mjzlxacwzY4v8fVdGA8agbMADMg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/hJQnLmOCVZwL5Gs-PRd15xekgNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/0580b2-f6a4-4de6-9103-a01d729b0a21/1/mjzlxacwzY4v8fVdGA8agbMADMg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.84.16.0/20
                  94.102.160.0/20
                  195.234.24.0/24
                  213.137.128.0-213.137.139.255
                  213.137.158.0/24
                IPv6:
                  2001:9b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:e7:f3:b9:b4:96:74:66:1b:42:d4:80:5a:e0:b9:5c:99:0d:
         eb:cc:a9:06:29:b8:7e:67:84:63:04:6f:f1:dc:8f:f6:d6:18:
         db:38:f3:d2:d2:f5:a3:89:44:e6:a6:c4:19:7f:33:c6:ee:07:
         1b:a9:4d:94:27:30:5c:33:35:ed:5c:ea:42:3e:f4:d2:2e:f3:
         76:b7:cf:c2:70:ff:4f:85:94:89:6f:f2:11:54:2b:d2:43:2c:
         6e:0f:d8:09:22:bc:f9:f4:cc:96:91:94:18:16:40:fc:a5:95:
         32:93:26:92:0a:54:92:5d:f5:d3:3a:0d:17:2b:50:04:00:71:
         ab:af:09:62:af:9a:d6:3f:cc:f8:c9:a2:85:35:b9:a0:62:84:
         1d:c6:08:81:04:99:a3:26:c2:76:24:f7:7a:b9:c3:66:45:56:
         89:62:81:89:84:57:96:af:eb:a0:a3:47:9d:4e:f3:3e:8b:4a:
         9b:74:60:52:ed:7c:ed:23:fd:67:ad:09:31:0c:f1:f1:94:60:
         1a:78:2c:15:62:9a:c6:0b:a2:f8:e4:2e:c6:17:11:f4:57:44:
         8a:c2:e0:f7:f4:8d:fa:78:b2:88:39:73:2c:65:59:f5:9a:db:
         07:94:9a:19:d6:c2:87:fe:f8:7e:f1:99:5e:fc:d4:53:e1:78:
         47:1e:4e:be
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYVvC03QGz3JaW5zxRcWS56hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhM2NlNWM1YTczMGNkOGUyZmYxZjU1ZDE4MGYxYTgxYjMw
MDBjYzgwHhcNMjMwMTAxMjAzNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDk0MjcyZTYzODI1NTljMGJlNDZiM2UzZDE3NzVlNzE3YTQ4MGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno+LRWwoS0OODDwuafCRatkdzIzD
XlVjq4HCxOWYryGlw9ynB9rk/OFETYrfP/A25cm2/Ax10nmrj34Fl8130Lq006T5
zu/W1e3nCOx4/RhRmL2m53ibC9SIVxBuxNPA1gGnPde6Lhslh9lQxbgp5pq0FodW
PekD4j+tGysvXqSuTXBQkhve4cTbyEfPXi3r3X2i9AMjEHHIhhgeIcCaNH/+ft9E
XNSdxwWFdNSAHY79n2+5l6Npg1gLY/dox8aSmqlzDgdUxTkPa3vdMF3dDZBVXPCh
Kg74S6LXp7oUOdymSFn/Jv2BLXsPLcZKZBy1bKaupPmpAx/ayYf3kA0ESQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFISUJy5jglWcC+RrPj0XdecXpIDRMB8GA1UdIwQY
MBaAFJo85cWnMM2OL/H1XRgPGoGzAAzIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWp6bHhhY3d6WTR2OGZWZEdBOGFnYk1BRE1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8wNTgwYjItZjZhNC00ZGU2LTkxMDMt
YTAxZDcyOWIwYTIxLzEvaEpRbkxtT0NWWndMNUdzLVBSZDE1eGVrZ05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8wNTgwYjItZjZhNC00ZGU2LTkxMDMtYTAxZDcyOWIwYTIx
LzEvbWp6bHhhY3d6WTR2OGZWZEdBOGFnYk1BRE1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQEUFQQAwQE
XmagAwQAw+oYMAwDBAfViYADBALViYgDBADViZ4wDQQCAAIwBwMFACABCbgwDQYJ
KoZIhvcNAQELBQADggEBAKbn87m0lnRmG0LUgFrguVyZDevMqQYpuH5nhGMEb/Hc
j/bWGNs489LS9aOJROamxBl/M8buBxupTZQnMFwzNe1c6kI+9NIu83a3z8Jw/0+F
lIlv8hFUK9JDLG4P2AkivPn0zJaRlBgWQPyllTKTJpIKVJJd9dM6DRcrUAQAcauv
CWKvmtY/zPjJooU1uaBihB3GCIEEmaMmwnYk93q5w2ZFVoligYmEV5av66CjR51O
8z6LSpt0YFLtfO0j/WetCTEM8fGUYBp4LBVimsYLovjkLsYXEfRXRIrC4Pf0jfp4
sog5cyxlWfWa2weUmhnWwof++H7xmV781FPheEceTr4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:08 2024 by rpki-client on console-ams.rpki-client.org