Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lopqIL0qbeIaslQSXcGUa3pVtVw.roa
File:                     lopqIL0qbeIaslQSXcGUa3pVtVw.roa (raw, json)
Hash identifier:          MtURwp+3vwLv04r/I7FIxgUkP5fp4Wuo3CEjapKS6V4=
Subject key identifier:   96:8A:6A:20:BD:2A:6D:E2:1A:B2:54:12:5D:C1:94:6B:7A:55:B5:5C
Certificate issuer:       /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
Certificate serial:       01876EBCD8D0A1745C0510DEE602846C96A5
Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lopqIL0qbeIaslQSXcGUa3pVtVw.roa
Signing time:             Tue 11 Apr 2023 05:14:42 +0000
ROA not before:           Tue 11 Apr 2023 05:14:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     834
IP address blocks:        84.32.214.0/23 maxlen: 24
                          84.32.218.0/24 maxlen: 24
                          84.32.221.0/24 maxlen: 24
                          84.32.223.0/24 maxlen: 24
                          84.32.224.0/24 maxlen: 24
                          84.32.232.0/24 maxlen: 24
                          84.32.239.0/24 maxlen: 24
                          84.32.240.0/24 maxlen: 24
                          84.32.244.0/23 maxlen: 24
                          84.32.242.0/24 maxlen: 24
                          84.32.243.0/24 maxlen: 24
                          84.32.252.0/23 maxlen: 24
                          84.32.250.0/24 maxlen: 24
                          84.32.251.0/24 maxlen: 24
                          84.32.57.0/24 maxlen: 24
                          84.32.60.0/24 maxlen: 24
                          84.32.70.0/24 maxlen: 24
                          84.32.67.0/24 maxlen: 24
                          84.32.77.0/24 maxlen: 24
                          84.32.79.0/24 maxlen: 24
                          84.32.89.0/24 maxlen: 24
                          84.32.88.0/24 maxlen: 24
                          84.32.8.0/24 maxlen: 24
                          84.32.24.0/22 maxlen: 24
                          84.32.24.0/24 maxlen: 24
                          84.32.30.0/24 maxlen: 24
                          84.32.40.0/24 maxlen: 24
                          84.32.46.0/24 maxlen: 24
                          84.32.174.0/24 maxlen: 24
                          84.32.175.0/24 maxlen: 24
                          84.32.177.0/24 maxlen: 24
                          84.32.178.0/24 maxlen: 24
                          84.32.179.0/24 maxlen: 24
                          84.32.212.0/24 maxlen: 24
                          84.32.108.0/23 maxlen: 24
                          84.32.106.0/24 maxlen: 24
                          84.32.148.0/23 maxlen: 24
                          84.32.150.0/23 maxlen: 24
                          84.32.157.0/24 maxlen: 24
                          88.216.189.0/24 maxlen: 24
                          88.216.212.0/22 maxlen: 24
                          88.216.212.0/24 maxlen: 24
                          88.216.128.0/24 maxlen: 24
                          88.216.132.0/24 maxlen: 24
                          88.216.130.0/23 maxlen: 24
                          88.216.215.0/24 maxlen: 24
                          88.216.220.0/24 maxlen: 24
                          88.216.232.0/22 maxlen: 24
                          88.216.93.0/24 maxlen: 24
                          88.216.3.0/24 maxlen: 24
                          88.216.1.0/24 maxlen: 24
                          88.216.16.0/24 maxlen: 24
                          88.216.21.0/24 maxlen: 24
                          88.216.32.0/24 maxlen: 24
                          88.216.44.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 12 Apr 2023 07:36:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:6e:bc:d8:d0:a1:74:5c:05:10:de:e6:02:84:6c:96:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5
        Validity
            Not Before: Apr 11 05:14:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=968a6a20bd2a6de21ab254125dc1946b7a55b55c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:2d:2c:f0:2d:96:e5:08:86:d3:fc:2c:4d:de:
                    86:0c:e6:96:46:a8:0f:cf:5a:3b:f5:b8:71:d1:ca:
                    b3:26:e9:06:41:12:bb:bf:d9:72:62:a8:1a:91:1a:
                    5a:98:13:8d:7d:dc:bd:e1:48:b0:8d:58:b3:a7:70:
                    43:b1:3a:50:9d:b4:96:6d:7a:f8:dc:2b:38:84:cc:
                    2a:b2:e8:ca:35:29:70:93:67:eb:0a:fc:a8:2e:c8:
                    81:bc:34:f0:72:d6:16:08:ad:f0:98:41:c3:e0:8a:
                    ad:f6:2c:3d:b0:72:26:02:22:f3:10:b8:f6:ca:1a:
                    eb:4b:af:10:2f:53:0a:ae:1b:77:ea:05:d4:97:a9:
                    f2:22:73:2e:47:6b:34:95:32:34:43:ec:4e:54:68:
                    5c:d7:90:d7:5f:a9:85:ce:ba:da:92:0c:c1:73:30:
                    18:fd:70:ed:0e:53:f7:d6:cb:2c:97:28:de:e3:9c:
                    58:53:9d:7b:06:ce:e9:67:83:d6:96:af:92:da:1a:
                    72:f0:3d:c8:c9:4d:ea:ef:6f:92:dc:dd:ae:9d:f7:
                    7e:87:e1:fc:d9:cb:c0:b3:2c:71:eb:93:88:82:65:
                    a3:51:29:66:f5:24:37:9b:8d:4f:71:c6:62:0e:75:
                    d8:49:f3:44:a6:dc:7c:d5:bd:bd:b3:05:04:07:ae:
                    87:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8A:6A:20:BD:2A:6D:E2:1A:B2:54:12:5D:C1:94:6B:7A:55:B5:5C
            X509v3 Authority Key Identifier:
                keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/lopqIL0qbeIaslQSXcGUa3pVtVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.32.8.0/24
                  84.32.24.0/22
                  84.32.30.0/24
                  84.32.40.0/24
                  84.32.46.0/24
                  84.32.57.0/24
                  84.32.60.0/24
                  84.32.67.0/24
                  84.32.70.0/24
                  84.32.77.0/24
                  84.32.79.0/24
                  84.32.88.0/23
                  84.32.106.0/24
                  84.32.108.0/23
                  84.32.148.0/22
                  84.32.157.0/24
                  84.32.174.0/23
                  84.32.177.0-84.32.179.255
                  84.32.212.0/24
                  84.32.214.0/23
                  84.32.218.0/24
                  84.32.221.0/24
                  84.32.223.0-84.32.224.255
                  84.32.232.0/24
                  84.32.239.0-84.32.240.255
                  84.32.242.0-84.32.245.255
                  84.32.250.0-84.32.253.255
                  88.216.1.0/24
                  88.216.3.0/24
                  88.216.16.0/24
                  88.216.21.0/24
                  88.216.32.0/24
                  88.216.44.0/24
                  88.216.93.0/24
                  88.216.128.0/24
                  88.216.130.0-88.216.132.255
                  88.216.189.0/24
                  88.216.212.0/22
                  88.216.220.0/24
                  88.216.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:d5:2c:85:a8:9a:d0:16:f5:cd:22:2b:5b:ae:7f:ff:b0:e0:
         1c:e1:c5:01:39:40:5f:25:0b:dc:8d:8f:50:cd:cb:47:8b:8d:
         68:a8:6e:b3:5b:57:ea:fd:5a:a8:a4:6a:e3:aa:0d:5f:c5:f7:
         cd:b8:1f:f8:2f:5b:c6:be:8b:e1:25:54:1b:89:d6:e2:02:94:
         58:09:cb:66:ed:0d:79:f3:de:ae:09:19:7e:48:64:4e:f0:54:
         5e:f9:be:2a:63:9b:7d:8c:16:d3:3b:b9:fd:4a:18:88:f4:c9:
         33:89:46:a9:bb:e6:82:c3:19:0e:a6:31:8d:ad:a1:ca:c3:87:
         39:b3:ed:f8:5d:75:c3:fe:78:d1:73:52:35:65:ea:85:28:1d:
         a5:28:2f:ad:a7:a0:ee:5d:15:1b:08:8e:9a:43:23:a1:98:07:
         f5:37:60:8a:d0:c0:92:79:a9:c3:cf:14:02:1b:ee:13:45:de:
         a2:74:eb:66:59:4c:24:9b:a8:a2:c2:45:ab:0f:c3:d8:1d:1b:
         32:4c:58:0c:6c:82:63:6d:52:bb:32:31:ca:6d:09:c0:df:5f:
         82:f9:fa:27:40:64:73:f6:9e:04:88:11:50:1d:e3:14:78:b7:
         b7:59:d8:14:bf:bb:64:47:4c:9f:4a:8c:a2:72:3e:f9:02:50:
         a3:9e:24:7c
-----BEGIN CERTIFICATE-----
MIIGITCCBQmgAwIBAgISAYduvNjQoXRcBRDe5gKEbJalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi
ZGEzYzUwHhcNMjMwNDExMDUxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjhhNmEyMGJkMmE2ZGUyMWFiMjU0MTI1ZGMxOTQ2YjdhNTViNTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnC0s8C2W5QiG0/wsTd6GDOaWRqgP
z1o79bhx0cqzJukGQRK7v9lyYqgakRpamBONfdy94UiwjVizp3BDsTpQnbSWbXr4
3Cs4hMwqsujKNSlwk2frCvyoLsiBvDTwctYWCK3wmEHD4Iqt9iw9sHImAiLzELj2
yhrrS68QL1MKrht36gXUl6nyInMuR2s0lTI0Q+xOVGhc15DXX6mFzrrakgzBczAY
/XDtDlP31ssslyje45xYU517Bs7pZ4PWlq+S2hpy8D3IyU3q72+S3N2unfd+h+H8
2cvAsyxx65OIgmWjUSlm9SQ3m41PccZiDnXYSfNEptx81b29swUEB66HKQIDAQAB
o4IDLTCCAykwHQYDVR0OBBYEFJaKaiC9Km3iGrJUEl3BlGt6VbVcMB8GA1UdIwQY
MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt
MjM0ODFiZjA5MWMzLzEvbG9wcUlMMHFiZUlhc2xRU1hjR1VhM3BWdFZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz
LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQQYIKwYBBQUHAQcBAf8EggEwMIIBLDCCASgEAgABMIIB
IAMEAFQgCAMEAlQgGAMEAFQgHgMEAFQgKAMEAFQgLgMEAFQgOQMEAFQgPAMEAFQg
QwMEAFQgRgMEAFQgTQMEAFQgTwMEAVQgWAMEAFQgagMEAVQgbAMEAlQglAMEAFQg
nQMEAVQgrjAMAwQAVCCxAwQCVCCwAwQAVCDUAwQBVCDWAwQAVCDaAwQAVCDdMAwD
BABUIN8DBABUIOADBABUIOgwDAMEAFQg7wMEAFQg8DAMAwQBVCDyAwQBVCD0MAwD
BAFUIPoDBAFUIPwDBABY2AEDBABY2AMDBABY2BADBABY2BUDBABY2CADBABY2CwD
BABY2F0DBABY2IAwDAMEAVjYggMEAFjYhAMEAFjYvQMEAljY1AMEAFjY3AMEAljY
6DANBgkqhkiG9w0BAQsFAAOCAQEAUdUshaia0Bb1zSIrW65//7DgHOHFATlAXyUL
3I2PUM3LR4uNaKhus1tX6v1aqKRq46oNX8X3zbgf+C9bxr6L4SVUG4nW4gKUWAnL
Zu0NefPergkZfkhkTvBUXvm+KmObfYwW0zu5/UoYiPTJM4lGqbvmgsMZDqYxja2h
ysOHObPt+F11w/540XNSNWXqhSgdpSgvraeg7l0VGwiOmkMjoZgH9TdgitDAknmp
w88UAhvuE0XeonTrZllMJJuoosJFqw/D2B0bMkxYDGyCY21SuzIxym0JwN9fgvn6
J0Bkc/aeBIgRUB3jFHi3t1nYFL+7ZEdMn0qMonI++QJQo54kfA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:35 2024 by rpki-client on console-fra.rpki-client.org