Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iaxzFQxhaH71hjGflonyxQTrrDo.roa
File:                     iaxzFQxhaH71hjGflonyxQTrrDo.roa (raw, json)
Hash identifier:          G/yz4aMewX8DhmpDGfBtJ2/1E1K7/durTrmTk/ln7aA=
Subject key identifier:   89:AC:73:15:0C:61:68:7E:F5:86:31:9F:96:89:F2:C5:04:EB:AC:3A
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       018D6468A64CD0BBDF388C9A2CB4421A73C8
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iaxzFQxhaH71hjGflonyxQTrrDo.roa
Signing time:             Thu 01 Feb 2024 11:23:16 +0000
ROA not before:           Thu 01 Feb 2024 11:23:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        84.32.7.0/24 maxlen: 24
                          84.32.8.0/24 maxlen: 24
                          84.32.20.0/22 maxlen: 24
                          84.32.24.0/22 maxlen: 24
                          84.32.25.0/24 maxlen: 24
                          84.32.46.0/24 maxlen: 24
                          84.32.47.0/24 maxlen: 24
                          84.32.83.0/24 maxlen: 24
                          84.32.95.0/24 maxlen: 24
                          84.32.148.0/23 maxlen: 24
                          84.32.150.0/23 maxlen: 24
                          84.32.174.0/23 maxlen: 24
                          84.32.178.0/23 maxlen: 24
                          84.32.210.0/24 maxlen: 24
                          84.32.214.0/23 maxlen: 24
                          84.32.220.0/24 maxlen: 24
                          84.32.244.0/23 maxlen: 24
                          84.32.246.0/23 maxlen: 24
                          88.216.22.0/23 maxlen: 24
                          88.216.44.0/24 maxlen: 24
                          88.216.45.0/24 maxlen: 24
                          88.216.93.0/24 maxlen: 24
                          88.216.130.0/23 maxlen: 24
                          88.216.132.0/24 maxlen: 24
                          88.216.134.0/23 maxlen: 24
                          88.216.180.0/24 maxlen: 24
                          88.216.188.0/24 maxlen: 24
                          88.216.189.0/24 maxlen: 24
                          88.216.190.0/24 maxlen: 24
                          88.216.191.0/24 maxlen: 24
                          88.216.212.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Mon 05 Feb 2024 06:30:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:64:68:a6:4c:d0:bb:df:38:8c:9a:2c:b4:42:1a:73:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Feb  1 11:23:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=89ac73150c61687ef586319f9689f2c504ebac3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:de:18:60:df:e3:a9:c7:bb:b3:35:41:00:bc:
                    16:3c:04:a2:f3:86:89:dd:94:85:5f:36:0c:d2:1f:
                    42:c0:b5:d8:81:a9:2a:4b:c7:ff:a3:67:58:79:31:
                    ad:4f:97:8c:84:d3:05:48:1a:22:22:51:d2:9c:d7:
                    05:f0:57:01:c4:e5:95:98:23:f3:27:27:ba:6e:d3:
                    5c:2a:b2:05:cf:fe:0e:1f:81:0d:05:68:af:ea:1b:
                    e4:d9:76:ac:a2:36:6d:38:eb:3d:7f:3b:d0:30:6f:
                    60:5c:35:ad:c0:fb:4c:4f:22:10:8c:46:02:a0:94:
                    33:a7:86:b2:89:4d:e6:95:f2:34:f8:2e:c1:32:61:
                    db:b1:08:1f:e5:18:b8:f3:ab:81:01:4f:71:a6:c6:
                    17:cb:6c:06:3b:2d:31:cc:5c:0a:05:62:25:e2:89:
                    ba:83:65:9d:cd:ff:86:ab:a0:46:77:ed:c6:f6:13:
                    27:88:46:51:66:87:cb:35:c1:9c:35:33:53:55:85:
                    34:81:e9:c8:ef:f1:e3:84:1d:7e:e4:bc:08:0b:aa:
                    57:35:79:95:c7:8b:9d:19:b9:c4:c0:4e:5f:0b:11:
                    c8:1d:a8:d3:cc:69:6c:23:81:aa:4e:53:f4:7f:61:
                    65:10:f6:18:63:55:bf:e2:5b:c4:79:d2:98:22:0d:
                    7b:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:AC:73:15:0C:61:68:7E:F5:86:31:9F:96:89:F2:C5:04:EB:AC:3A
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/iaxzFQxhaH71hjGflonyxQTrrDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.7.0-84.32.8.255
                  84.32.20.0-84.32.27.255
                  84.32.46.0/23
                  84.32.83.0/24
                  84.32.95.0/24
                  84.32.148.0/22
                  84.32.174.0/23
                  84.32.178.0/23
                  84.32.210.0/24
                  84.32.214.0/23
                  84.32.220.0/24
                  84.32.244.0/22
                  88.216.22.0/23
                  88.216.44.0/23
                  88.216.93.0/24
                  88.216.130.0-88.216.132.255
                  88.216.134.0/23
                  88.216.180.0/24
                  88.216.188.0/22
                  88.216.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:95:60:cc:42:82:07:e6:ed:e5:92:fc:2c:3c:51:65:8d:11:
         10:ad:db:86:a1:8c:d6:a7:43:87:a2:ed:11:a5:55:66:80:73:
         b0:fb:18:f0:7d:54:83:a0:6e:6b:66:c9:4b:1a:d2:a2:f6:31:
         10:a6:8e:32:40:d1:72:b4:7f:8f:aa:f1:29:07:a5:6e:a7:23:
         d1:7e:17:3b:b8:a3:35:a3:bd:ea:6c:0a:e5:5f:05:c7:ff:ae:
         4b:f2:1d:ad:c2:50:13:d4:a9:cc:03:99:db:79:63:21:4d:87:
         f3:9b:c0:ef:18:52:3e:37:d1:4d:fb:9c:2f:6c:55:86:b2:0e:
         1f:f7:d1:3a:20:f1:3b:f9:64:4f:02:22:47:6a:dc:1c:b2:59:
         b2:7c:b9:31:b0:db:6c:6c:93:c4:3a:d8:5c:01:46:30:44:00:
         09:b0:a9:c3:9d:cd:68:60:fb:37:34:51:95:0d:6c:b2:b6:68:
         e3:55:c5:51:83:01:b8:65:79:6b:f7:52:d3:b2:ee:37:cd:7c:
         ee:ef:88:08:aa:d8:1a:32:b7:01:f6:ac:40:3d:32:29:2f:41:
         3a:94:3c:18:fa:48:1c:f7:7c:7a:9c:3f:c5:a6:ea:68:53:79:
         dc:67:d4:cc:a5:ad:36:aa:40:f9:cf:c0:36:10:24:1b:02:58:
         34:5d:c3:ab
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgISAY1kaKZM0LvfOIyaLLRCGnPIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjQwMjAxMTEyMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWFjNzMxNTBjNjE2ODdlZjU4NjMxOWY5Njg5ZjJjNTA0ZWJhYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt4YYN/jqce7szVBALwWPASi84aJ
3ZSFXzYM0h9CwLXYgakqS8f/o2dYeTGtT5eMhNMFSBoiIlHSnNcF8FcBxOWVmCPz
Jye6btNcKrIFz/4OH4ENBWiv6hvk2XasojZtOOs9fzvQMG9gXDWtwPtMTyIQjEYC
oJQzp4ayiU3mlfI0+C7BMmHbsQgf5Ri486uBAU9xpsYXy2wGOy0xzFwKBWIl4om6
g2Wdzf+Gq6BGd+3G9hMniEZRZofLNcGcNTNTVYU0genI7/HjhB1+5LwIC6pXNXmV
x4udGbnEwE5fCxHIHajTzGlsI4GqTlP0f2FlEPYYY1W/4lvEedKYIg17nQIDAQAB
o4ICmDCCApQwHQYDVR0OBBYEFImscxUMYWh+9YYxn5aJ8sUE66w6MB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvaWF4ekZReGhhSDcxaGpHZmxvbnl4UVRyckRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGtBggrBgEFBQcBBwEB/wSBnTCBmjCBlwQCAAEwgZAwDAME
AFQgBwMEAFQgCDAMAwQCVCAUAwQCVCAYAwQBVCAuAwQAVCBTAwQAVCBfAwQCVCCU
AwQBVCCuAwQBVCCyAwQAVCDSAwQBVCDWAwQAVCDcAwQCVCD0AwQBWNgWAwQBWNgs
AwQAWNhdMAwDBAFY2IIDBABY2IQDBAFY2IYDBABY2LQDBAJY2LwDBAJY2NQwDQYJ
KoZIhvcNAQELBQADggEBAD6VYMxCggfm7eWS/Cw8UWWNERCt24ahjNanQ4ei7RGl
VWaAc7D7GPB9VIOgbmtmyUsa0qL2MRCmjjJA0XK0f4+q8SkHpW6nI9F+Fzu4ozWj
vepsCuVfBcf/rkvyHa3CUBPUqcwDmdt5YyFNh/ObwO8YUj430U37nC9sVYayDh/3
0Tog8Tv5ZE8CIkdq3ByyWbJ8uTGw22xsk8Q62FwBRjBEAAmwqcOdzWhg+zc0UZUN
bLK2aONVxVGDAbhleWv3UtOy7jfNfO7viAiq2BoytwH2rEA9MikvQTqUPBj6SBz3
fHqcP8Wm6mhTedxn1MylrTaqQPnPwDYQJBsCWDRdw6s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:34 2024 by rpki-client on console-fra.rpki-client.org