Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/hmkk7e5Z439o8o3envPAaKRvA9M.roa
File:                     hmkk7e5Z439o8o3envPAaKRvA9M.roa (raw, json)
Hash identifier:          2tcFsZ1yHsG8/2aVWgYWE2UB8D+eoMB3Q+zuG8GImhY=
Subject key identifier:   86:69:24:ED:EE:59:E3:7F:68:F2:8D:DE:9E:F3:C0:68:A4:6F:03:D3
Certificate issuer:       /CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Certificate serial:       018CC492F9088ADFD9814D8E97CC9979AC6F
Authority key identifier: 5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/hmkk7e5Z439o8o3envPAaKRvA9M.roa
Signing time:             Mon 01 Jan 2024 10:30:15 +0000
ROA not before:           Mon 01 Jan 2024 10:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34244
IP address blocks:        94.46.136.0/22 maxlen: 22
                          178.236.65.48/29 maxlen: 29
                          178.255.112.0/22 maxlen: 22
                          178.236.73.112/29 maxlen: 29
                          178.236.73.176/29 maxlen: 29
                          193.221.219.0/24 maxlen: 24
                          178.236.72.28/30 maxlen: 30
                          193.221.120.0/24 maxlen: 24
                          193.221.123.0/24 maxlen: 24
                          178.236.72.48/28 maxlen: 28
                          178.236.72.88/29 maxlen: 29
                          178.236.74.88/29 maxlen: 29
                          185.121.44.0/22 maxlen: 22
                          45.93.232.0/22 maxlen: 22
                          128.127.184.0/21 maxlen: 21
                          94.46.240.0/22 maxlen: 22
                          81.92.220.0/22 maxlen: 22
                          178.236.73.160/29 maxlen: 29
                          178.236.73.224/29 maxlen: 29
                          185.247.236.0/22 maxlen: 22
                          92.39.32.0/20 maxlen: 20
                          31.170.28.0/22 maxlen: 22
                          31.170.26.0/23 maxlen: 23
                          81.92.196.0/22 maxlen: 22
                          45.8.152.0/22 maxlen: 22
                          155.137.24.0/21 maxlen: 21
                          178.236.73.200/29 maxlen: 29
                          193.221.93.0/24 maxlen: 24
                          37.221.104.0/22 maxlen: 22
                          185.197.224.0/22 maxlen: 22
                          188.66.48.0/22 maxlen: 22
                          45.152.172.0/22 maxlen: 22
                          178.236.73.80/29 maxlen: 29
                          141.98.236.0/22 maxlen: 22
                          185.186.32.0/22 maxlen: 22
                          185.176.28.0/22 maxlen: 22
                          185.216.152.0/22 maxlen: 22
                          5.180.0.0/22 maxlen: 22
                          185.223.236.0/22 maxlen: 22
                          185.240.208.0/22 maxlen: 22
                          31.170.24.0/21 maxlen: 21
                          195.210.52.0/23 maxlen: 23
                          178.236.73.128/29 maxlen: 29
                          45.131.188.0/22 maxlen: 22
                          85.30.128.0/18 maxlen: 18
                          185.4.8.0/22 maxlen: 22
                          178.236.64.0/20 maxlen: 24
                          45.14.4.0/22 maxlen: 22
                          2a02:80::/32 maxlen: 32
                          2a02:1610::/32 maxlen: 32
                          2a02:80::/29 maxlen: 29

Validation:               Failed, certificate revoked on Wed 24 Jan 2024 15:24:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f9:08:8a:df:d9:81:4d:8e:97:cc:99:79:ac:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
        Validity
            Not Before: Jan  1 10:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=866924edee59e37f68f28dde9ef3c068a46f03d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:0e:43:e0:5b:e4:8d:4c:c6:50:68:b9:c1:4a:
                    74:d7:39:ea:27:32:e5:82:b9:09:0f:71:33:7f:c8:
                    01:fc:16:ab:ff:e2:0c:d0:f4:15:1a:b5:65:f2:1a:
                    a7:aa:48:8c:26:90:42:8b:ad:84:83:5b:05:d7:6d:
                    c0:6b:a3:ac:bc:a9:ca:14:81:74:50:17:7e:3e:f8:
                    97:e2:71:5a:e8:1d:44:a6:db:6c:8d:d9:bb:81:a8:
                    b0:69:ca:e3:54:71:15:ab:19:96:07:c5:e5:b9:55:
                    d8:12:3a:84:de:85:c6:da:e1:1c:8c:96:67:14:ec:
                    1b:43:43:b6:a5:31:2a:8d:20:05:e2:d3:50:a6:fe:
                    ed:75:88:05:e8:48:3c:2f:3d:0c:5f:9d:ec:ed:c7:
                    d9:f9:f7:fc:1e:52:8b:44:a7:48:11:22:5c:c9:5a:
                    9e:b4:44:8c:79:b6:b6:f2:ce:d7:ee:c8:51:88:4b:
                    1d:8d:41:dd:3c:94:ca:2e:e8:a7:d4:46:a8:b7:43:
                    ad:b7:6f:b3:f2:38:01:3e:a4:09:aa:05:f4:3d:f1:
                    96:b9:7c:08:3a:eb:c9:b7:bd:8b:79:74:e8:2d:cb:
                    df:23:3e:49:ba:93:73:d7:5d:d4:40:9d:2f:f8:2f:
                    af:31:70:9a:10:23:d5:6a:59:55:db:72:1a:18:45:
                    00:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:69:24:ED:EE:59:E3:7F:68:F2:8D:DE:9E:F3:C0:68:A4:6F:03:D3
            X509v3 Authority Key Identifier:
                keyid:5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/hmkk7e5Z439o8o3envPAaKRvA9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.0.0/22
                  31.170.24.0/21
                  37.221.104.0/22
                  45.8.152.0/22
                  45.14.4.0/22
                  45.93.232.0/22
                  45.131.188.0/22
                  45.152.172.0/22
                  81.92.196.0/22
                  81.92.220.0/22
                  85.30.128.0/18
                  92.39.32.0/20
                  94.46.136.0/22
                  94.46.240.0/22
                  128.127.184.0/21
                  141.98.236.0/22
                  155.137.24.0/21
                  178.236.64.0/20
                  178.255.112.0/22
                  185.4.8.0/22
                  185.121.44.0/22
                  185.176.28.0/22
                  185.186.32.0/22
                  185.197.224.0/22
                  185.216.152.0/22
                  185.223.236.0/22
                  185.240.208.0/22
                  185.247.236.0/22
                  188.66.48.0/22
                  193.221.93.0/24
                  193.221.120.0/24
                  193.221.123.0/24
                  193.221.219.0/24
                  195.210.52.0/23
                IPv6:
                  2a02:80::/29
                  2a02:1610::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:b9:d5:da:49:69:e1:e9:27:f8:06:13:2f:8c:52:14:64:1f:
         5b:b5:0b:76:97:c5:f4:87:d9:85:81:c1:3f:c1:14:a2:d4:41:
         95:bf:38:95:e9:55:38:72:e1:ac:34:82:28:df:65:71:8c:98:
         b2:b6:55:3a:4f:cf:4c:cb:86:91:a3:f2:b4:86:37:f4:9a:9e:
         3a:8a:27:c7:8c:12:f0:5f:4f:93:b5:f1:44:32:80:e1:5d:e5:
         f5:fe:98:d5:5a:cc:cf:85:4d:d2:75:63:ae:30:6c:1b:64:b7:
         ac:76:db:4b:25:2b:f7:1d:0e:df:18:b6:55:0e:e1:4b:13:1f:
         87:0e:68:88:27:54:2b:2e:60:c6:c2:52:10:21:5a:b1:98:eb:
         d9:bf:ca:ad:b2:b8:a0:c1:bb:dc:39:33:04:b4:1e:95:05:df:
         d3:e8:1d:ee:b5:55:30:57:36:70:b0:25:91:09:9b:b2:e2:d1:
         e1:f2:f8:39:8b:4b:59:59:d1:a5:6f:b8:e4:d4:b9:74:30:5f:
         46:a9:f5:f2:1c:62:79:ab:17:c7:72:f3:31:59:2e:02:4f:b3:
         3a:0f:33:d7:cb:83:68:7d:08:30:40:80:ce:89:97:51:63:e3:
         47:bf:3d:3a:f2:0c:cf:29:63:71:94:42:93:d7:79:3f:bc:13:
         15:e5:ac:2c
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYzEkvkIit/ZgU2Ol8yZeaxvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWZhMDZkNWRiYWRhNDNkZTQ0ZjRlNGIxZGM5NDkyYmIy
ODdjOWQwHhcNMjQwMTAxMTAzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjY5MjRlZGVlNTllMzdmNjhmMjhkZGU5ZWYzYzA2OGE0NmYwM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAig5D4FvkjUzGUGi5wUp01znqJzLl
grkJD3Ezf8gB/Bar/+IM0PQVGrVl8hqnqkiMJpBCi62Eg1sF123Aa6OsvKnKFIF0
UBd+PviX4nFa6B1Epttsjdm7gaiwacrjVHEVqxmWB8XluVXYEjqE3oXG2uEcjJZn
FOwbQ0O2pTEqjSAF4tNQpv7tdYgF6Eg8Lz0MX53s7cfZ+ff8HlKLRKdIESJcyVqe
tESMeba28s7X7shRiEsdjUHdPJTKLuin1Eaot0Ott2+z8jgBPqQJqgX0PfGWuXwI
OuvJt72LeXToLcvfIz5JupNz113UQJ0v+C+vMXCaECPVallV23IaGEUAAQIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFIZpJO3uWeN/aPKN3p7zwGikbwPTMB8GA1UdIwQY
MBaAFF8foG1dutpD3kT05LHclJK7KHydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUt
MjU4NDZkNTlmZDYwLzEvaG1razdlNVo0MzlvOG8zZW52UEFhS1J2QTlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUtMjU4NDZkNTlmZDYw
LzEvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB0wQCAAEwgcwDBAIF
tAADBAMfqhgDBAIl3WgDBAItCJgDBAItDgQDBAItXegDBAItg7wDBAItmKwDBAJR
XMQDBAJRXNwDBAZVHoADBARcJyADBAJeLogDBAJeLvADBAOAf7gDBAKNYuwDBAOb
iRgDBASy7EADBAKy/3ADBAK5BAgDBAK5eSwDBAK5sBwDBAK5uiADBAK5xeADBAK5
2JgDBAK53+wDBAK58NADBAK59+wDBAK8QjADBADB3V0DBADB3XgDBADB3XsDBADB
3dsDBAHD0jQwFAQCAAIwDgMFAyoCAIADBQAqAhYQMA0GCSqGSIb3DQEBCwUAA4IB
AQB0udXaSWnh6Sf4BhMvjFIUZB9btQt2l8X0h9mFgcE/wRSi1EGVvziV6VU4cuGs
NIIo32VxjJiytlU6T89My4aRo/K0hjf0mp46iifHjBLwX0+TtfFEMoDhXeX1/pjV
WszPhU3SdWOuMGwbZLesdttLJSv3HQ7fGLZVDuFLEx+HDmiIJ1QrLmDGwlIQIVqx
mOvZv8qtsrigwbvcOTMEtB6VBd/T6B3utVUwVzZwsCWRCZuy4tHh8vg5i0tZWdGl
b7jk1Ll0MF9GqfXyHGJ5qxfHcvMxWS4CT7M6DzPXy4NofQgwQIDOiZdRY+NHvz06
8gzPKWNxlEKT13k/vBMV5aws
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:15 2024 by rpki-client on console-fra.rpki-client.org