Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/hkq4u6UwPqR1jN_7ka7BjDcgdW8.roa
File:                     hkq4u6UwPqR1jN_7ka7BjDcgdW8.roa (raw, json)
Hash identifier:          0YF+pHh/ij1XBlF3pW4e3IA0f7PaNENJ+tNryl4TWac=
Subject key identifier:   86:4A:B8:BB:A5:30:3E:A4:75:8C:DF:FB:91:AE:C1:8C:37:20:75:6F
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018C0FA3CBD6223AC18424680D88619E4498
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/hkq4u6UwPqR1jN_7ka7BjDcgdW8.roa
Signing time:             Mon 27 Nov 2023 07:17:21 +0000
ROA not before:           Mon 27 Nov 2023 07:17:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     9009
IP address blocks:        84.32.219.0/24 maxlen: 24
                          84.32.221.0/24 maxlen: 24
                          84.32.222.0/24 maxlen: 24
                          84.32.224.0/24 maxlen: 24
                          84.32.226.0/24 maxlen: 24
                          84.32.228.0/24 maxlen: 24
                          84.32.229.0/24 maxlen: 24
                          84.32.232.0/24 maxlen: 24
                          84.32.233.0/24 maxlen: 24
                          84.32.234.0/24 maxlen: 24
                          84.32.235.0/24 maxlen: 24
                          84.32.237.0/24 maxlen: 24
                          84.32.238.0/24 maxlen: 24
                          84.32.239.0/24 maxlen: 24
                          84.32.240.0/24 maxlen: 24
                          84.32.241.0/24 maxlen: 24
                          84.32.242.0/24 maxlen: 24
                          84.32.243.0/24 maxlen: 24
                          84.32.245.0/24 maxlen: 24
                          84.32.246.0/24 maxlen: 24
                          84.32.247.0/24 maxlen: 24
                          84.32.250.0/24 maxlen: 24
                          84.32.251.0/24 maxlen: 24
                          84.32.252.0/24 maxlen: 24
                          84.32.253.0/24 maxlen: 24
                          84.32.254.0/24 maxlen: 24
                          84.32.255.0/24 maxlen: 24
                          84.32.62.0/24 maxlen: 24
                          84.32.65.0/24 maxlen: 24
                          84.32.68.0/24 maxlen: 24
                          84.32.76.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          84.32.79.0/24 maxlen: 24
                          84.32.85.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          84.32.89.0/24 maxlen: 24
                          84.32.90.0/24 maxlen: 24
                          84.32.94.0/24 maxlen: 24
                          84.32.92.0/24 maxlen: 24
                          84.32.93.0/24 maxlen: 24
                          84.32.105.0/24 maxlen: 24
                          84.32.4.0/24 maxlen: 24
                          84.32.11.0/24 maxlen: 24
                          84.32.14.0/24 maxlen: 24
                          84.32.27.0/24 maxlen: 24
                          84.32.28.0/24 maxlen: 24
                          84.32.29.0/24 maxlen: 24
                          84.32.30.0/24 maxlen: 24
                          84.32.31.0/24 maxlen: 24
                          84.32.42.0/24 maxlen: 24
                          84.32.43.0/24 maxlen: 24
                          84.32.172.0/24 maxlen: 24
                          84.32.174.0/24 maxlen: 24
                          84.32.175.0/24 maxlen: 24
                          84.32.211.0/24 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          84.32.213.0/24 maxlen: 24
                          84.32.150.0/24 maxlen: 24
                          84.32.153.0/24 maxlen: 24
                          84.32.155.0/24 maxlen: 24
                          84.32.157.0/24 maxlen: 24
                          84.32.158.0/24 maxlen: 24
                          84.32.159.0/24 maxlen: 24
                          88.216.106.0/24 maxlen: 24
                          88.216.107.0/24 maxlen: 24
                          88.216.109.0/24 maxlen: 24
                          88.216.110.0/24 maxlen: 24
                          88.216.111.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.58.0/24 maxlen: 24
                          88.216.64.0/24 maxlen: 24
                          88.216.65.0/24 maxlen: 24
                          88.216.94.0/24 maxlen: 24
                          88.216.95.0/24 maxlen: 24
                          88.216.97.0/24 maxlen: 24
                          88.216.101.0/24 maxlen: 24
                          88.216.102.0/24 maxlen: 24
                          88.216.104.0/24 maxlen: 24
                          88.216.105.0/24 maxlen: 24
                          88.216.1.0/24 maxlen: 24
                          88.216.3.0/24 maxlen: 24
                          88.216.0.0/24 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.18.0/24 maxlen: 24
                          88.216.22.0/24 maxlen: 24
                          88.216.23.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.33.0/24 maxlen: 24
                          88.216.35.0/24 maxlen: 24
                          88.216.38.0/24 maxlen: 24
                          88.216.40.0/24 maxlen: 24
                          88.216.42.0/24 maxlen: 24
                          88.216.47.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 12:30:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:0f:a3:cb:d6:22:3a:c1:84:24:68:0d:88:61:9e:44:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Nov 27 07:17:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=864ab8bba5303ea4758cdffb91aec18c3720756f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ce:0e:0a:f8:b6:55:89:5a:da:13:5d:f9:3d:
                    3c:81:b0:8d:59:d4:5c:ae:eb:4d:78:94:95:f1:73:
                    dc:09:53:50:d7:4d:b2:ce:8d:59:0d:e1:68:e4:73:
                    eb:36:03:1f:72:34:a9:1c:2d:49:cf:b4:12:d2:7c:
                    c3:00:db:3d:e6:3c:d6:64:3c:c1:29:4d:83:6a:d7:
                    6d:50:25:78:a1:3f:7a:52:c2:f7:c6:b7:1c:a4:f3:
                    cc:c7:90:8f:1f:60:09:98:2e:4d:14:0d:16:c4:8c:
                    d5:df:ce:ef:cb:7d:17:60:49:01:ed:dc:09:2a:7d:
                    bb:61:8d:c0:7b:4c:1e:5b:d4:b4:da:c4:4c:b0:c1:
                    1a:1f:00:29:cd:32:d4:85:b5:2c:2a:5e:aa:0a:9b:
                    58:01:db:d8:eb:70:72:d9:ce:eb:47:11:61:b4:77:
                    6b:82:b9:f7:37:77:df:ba:77:51:55:cc:b8:ec:3c:
                    f7:29:aa:ee:d2:ef:28:89:b0:2d:8c:b7:3d:8f:99:
                    19:0d:da:50:1b:fe:2e:eb:0d:06:3c:b0:e8:48:c4:
                    dc:67:2b:ca:80:12:4e:a6:65:92:23:37:d6:e4:84:
                    73:00:c8:79:9f:03:a5:9f:b3:12:ad:68:55:0a:50:
                    ac:5b:99:b1:97:cb:11:72:05:da:6b:fa:35:af:72:
                    80:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4A:B8:BB:A5:30:3E:A4:75:8C:DF:FB:91:AE:C1:8C:37:20:75:6F
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/hkq4u6UwPqR1jN_7ka7BjDcgdW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.4.0/24
                  84.32.11.0/24
                  84.32.14.0/24
                  84.32.27.0-84.32.31.255
                  84.32.42.0/23
                  84.32.62.0/24
                  84.32.65.0/24
                  84.32.68.0/24
                  84.32.76.0/23
                  84.32.79.0/24
                  84.32.85.0/24
                  84.32.88.0-84.32.90.255
                  84.32.92.0-84.32.94.255
                  84.32.105.0/24
                  84.32.150.0/24
                  84.32.153.0/24
                  84.32.155.0/24
                  84.32.157.0-84.32.159.255
                  84.32.172.0/24
                  84.32.174.0/23
                  84.32.211.0-84.32.213.255
                  84.32.219.0/24
                  84.32.221.0-84.32.222.255
                  84.32.224.0/24
                  84.32.226.0/24
                  84.32.228.0/23
                  84.32.232.0/22
                  84.32.237.0-84.32.243.255
                  84.32.245.0-84.32.247.255
                  84.32.250.0-84.32.255.255
                  88.216.0.0/23
                  88.216.3.0/24
                  88.216.16.0/24
                  88.216.18.0/24
                  88.216.22.0/23
                  88.216.32.0/23
                  88.216.35.0/24
                  88.216.38.0/24
                  88.216.40.0/24
                  88.216.42.0/24
                  88.216.47.0/24
                  88.216.58.0/24
                  88.216.64.0/23
                  88.216.94.0/23
                  88.216.97.0/24
                  88.216.101.0-88.216.102.255
                  88.216.104.0/22
                  88.216.109.0-88.216.111.255
                  88.216.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:d5:e2:9f:76:30:37:17:2c:2c:1b:bf:7f:00:57:a7:e1:c0:
         1d:ee:70:d7:f8:62:07:87:b0:da:b4:dc:52:08:02:10:ab:58:
         fa:ab:70:44:c8:fc:d8:f3:c8:60:85:65:8d:66:23:98:04:4e:
         66:89:d7:4e:d7:58:5e:01:7d:e3:1b:a1:cf:c2:d7:6c:e8:79:
         aa:56:7a:88:51:36:d3:40:9f:93:cb:be:02:66:a4:55:65:88:
         9a:dc:ad:1c:a7:35:90:0f:46:4b:17:20:36:bb:c6:58:73:70:
         c3:01:69:50:1a:51:21:ee:6d:63:25:1d:ac:e1:62:90:15:81:
         33:a8:14:45:5b:03:97:ce:81:ec:4d:2e:8c:f9:63:94:df:d2:
         55:ba:fa:1d:3d:d0:56:29:8e:de:f2:0e:6c:8c:3d:a1:e4:43:
         86:fe:9a:50:75:3e:42:60:5e:ad:d2:21:e5:0c:8b:33:a8:67:
         b1:86:9f:49:1c:af:79:72:91:7e:69:81:8d:9c:2a:71:f3:17:
         b2:23:14:73:7b:3e:82:11:37:3c:b1:39:03:15:c1:75:57:85:
         52:3b:66:31:aa:8f:df:90:dc:aa:a2:26:a0:32:fd:23:2d:78:
         3d:b3:61:38:c4:74:37:4a:27:51:d0:36:e4:45:2a:a5:63:ae:
         d7:eb:dc:74
-----BEGIN CERTIFICATE-----
MIIGfjCCBWagAwIBAgISAYwPo8vWIjrBhCRoDYhhnkSYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMxMTI3MDcxNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRhYjhiYmE1MzAzZWE0NzU4Y2RmZmI5MWFlYzE4YzM3MjA3NTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoM4OCvi2VYla2hNd+T08gbCNWdRc
rutNeJSV8XPcCVNQ102yzo1ZDeFo5HPrNgMfcjSpHC1Jz7QS0nzDANs95jzWZDzB
KU2DatdtUCV4oT96UsL3xrccpPPMx5CPH2AJmC5NFA0WxIzV387vy30XYEkB7dwJ
Kn27YY3Ae0weW9S02sRMsMEaHwApzTLUhbUsKl6qCptYAdvY63By2c7rRxFhtHdr
grn3N3ffundRVcy47Dz3Karu0u8oibAtjLc9j5kZDdpQG/4u6w0GPLDoSMTcZyvK
gBJOpmWSIzfW5IRzAMh5nwOln7MSrWhVClCsW5mxl8sRcgXaa/o1r3KAQwIDAQAB
o4IDijCCA4YwHQYDVR0OBBYEFIZKuLulMD6kdYzf+5GuwYw3IHVvMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvaGtxNHU2VXdQcVIxak5fN2thN0JqRGNnZFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBngYIKwYBBQUHAQcBAf8EggGNMIIBiTCCAYUEAgABMIIB
fQMEAFQgBAMEAFQgCwMEAFQgDjAMAwQAVCAbAwQFVCAAAwQBVCAqAwQAVCA+AwQA
VCBBAwQAVCBEAwQBVCBMAwQAVCBPAwQAVCBVMAwDBANUIFgDBABUIFowDAMEAlQg
XAMEAFQgXgMEAFQgaQMEAFQglgMEAFQgmQMEAFQgmzAMAwQAVCCdAwQFVCCAAwQA
VCCsAwQBVCCuMAwDBABUINMDBAFUINQDBABUINswDAMEAFQg3QMEAFQg3gMEAFQg
4AMEAFQg4gMEAVQg5AMEAlQg6DAMAwQAVCDtAwQCVCDwMAwDBABUIPUDBANUIPAw
CwMEAVQg+gMDAFQgAwQBWNgAAwQAWNgDAwQAWNgQAwQAWNgSAwQBWNgWAwQBWNgg
AwQAWNgjAwQAWNgmAwQAWNgoAwQAWNgqAwQAWNgvAwQAWNg6AwQBWNhAAwQBWNhe
AwQAWNhhMAwDBABY2GUDBABY2GYDBAJY2GgwDAMEAFjYbQMEBFjYYAMEAFjYgDAN
BgkqhkiG9w0BAQsFAAOCAQEAK9Xin3YwNxcsLBu/fwBXp+HAHe5w1/hiB4ew2rTc
UggCEKtY+qtwRMj82PPIYIVljWYjmAROZonXTtdYXgF94xuhz8LXbOh5qlZ6iFE2
00Cfk8u+AmakVWWImtytHKc1kA9GSxcgNrvGWHNwwwFpUBpRIe5tYyUdrOFikBWB
M6gURVsDl86B7E0ujPljlN/SVbr6HT3QVimO3vIObIw9oeRDhv6aUHU+QmBerdIh
5QyLM6hnsYafSRyveXKRfmmBjZwqcfMXsiMUc3s+ghE3PLE5AxXBdVeFUjtmMaqP
35DcqqImoDL9Iy14PbNhOMR0N0onUdA25EUqpWOu1+vcdA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:30 2024 by rpki-client on console-ams.rpki-client.org