Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/kH0tPEKWqXmoasM5maNWDncd5G4.roa
File:                     kH0tPEKWqXmoasM5maNWDncd5G4.roa (raw, json)
Hash identifier:          I/ew2JGBXuMs+/HE/Uz6VwQRnosiSsH0u9c/CP6qLf8=
Subject key identifier:   90:7D:2D:3C:42:96:A9:79:A8:6A:C3:39:99:A3:56:0E:77:1D:E4:6E
Certificate issuer:       /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial:       01870934A91058AE851E54106643E4C45EE3
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/kH0tPEKWqXmoasM5maNWDncd5G4.roa
Signing time:             Wed 22 Mar 2023 12:04:18 +0000
ROA not before:           Wed 22 Mar 2023 12:04:18 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     28716
IP address blocks:        78.159.216.0/21 maxlen: 24
                          77.95.136.0/21 maxlen: 24
                          185.61.12.0/22 maxlen: 24
                          45.89.180.0/22 maxlen: 24
                          185.41.212.0/22 maxlen: 22
                          80.94.116.0/24 maxlen: 24
                          80.94.112.0/20 maxlen: 24
                          78.159.192.0/21 maxlen: 24
                          217.19.144.0/20 maxlen: 24
                          46.243.32.0/21 maxlen: 24
                          2001:1bd0::/29 maxlen: 48
                          2a01:5d20::/29 maxlen: 48

Validation:               Failed, certificate revoked on Wed 14 Jun 2023 21:59:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:09:34:a9:10:58:ae:85:1e:54:10:66:43:e4:c4:5e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
        Validity
            Not Before: Mar 22 12:04:18 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=907d2d3c4296a979a86ac33999a3560e771de46e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:26:cd:c3:1b:f8:45:94:b5:cb:9c:b2:56:f6:
                    f6:79:ee:5d:24:0d:46:e4:7f:fc:7f:66:21:cf:a1:
                    93:3e:60:b2:fd:38:dc:16:38:23:8e:38:73:ac:68:
                    c3:3b:47:cc:8e:9d:e3:ff:bc:06:50:f4:ed:2c:b5:
                    dc:4d:e2:3d:52:52:1c:da:3c:a4:3c:aa:99:4a:49:
                    c1:11:7d:57:7b:b4:31:d8:6f:0e:57:ae:11:f6:93:
                    5e:27:1a:6f:88:79:30:14:7b:97:22:d2:6b:3d:07:
                    c5:15:cf:e4:e9:48:01:30:d9:35:6f:b4:be:51:4c:
                    df:c4:65:13:b0:b0:f6:47:0f:cf:16:8d:a3:76:14:
                    01:ef:63:cc:b4:69:80:9d:dc:fc:29:bb:62:6d:38:
                    aa:c1:c1:67:66:95:77:ae:33:20:37:c1:0f:3c:67:
                    9e:fc:0d:0c:5c:f6:1c:c2:93:3f:dd:ae:58:f5:ca:
                    10:04:b9:1b:89:ab:6a:49:d5:d4:8e:b0:1e:99:02:
                    18:25:67:9c:a1:68:eb:a5:d4:ec:4c:f5:5b:c9:9e:
                    23:fd:45:f7:c4:4a:16:85:1e:fe:13:53:a7:b6:cc:
                    e4:eb:e1:47:9e:6a:11:50:85:76:ce:ff:81:a0:6f:
                    06:f6:40:2d:1d:f0:eb:5b:c5:2e:bb:34:15:74:82:
                    b3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:7D:2D:3C:42:96:A9:79:A8:6A:C3:39:99:A3:56:0E:77:1D:E4:6E
            X509v3 Authority Key Identifier:
                keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/kH0tPEKWqXmoasM5maNWDncd5G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.180.0/22
                  46.243.32.0/21
                  77.95.136.0/21
                  78.159.192.0/21
                  78.159.216.0/21
                  80.94.112.0/20
                  185.41.212.0/22
                  185.61.12.0/22
                  217.19.144.0/20
                IPv6:
                  2001:1bd0::/29
                  2a01:5d20::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:1d:16:9f:bd:f6:12:6c:8f:d5:b9:e5:2d:2c:fb:ca:1c:87:
         d3:9f:49:73:66:13:75:08:57:59:6f:e2:78:8e:ac:f6:c7:9b:
         14:98:9b:3d:4e:ad:40:8b:bc:8e:b1:1e:86:1a:14:57:5e:c5:
         d0:c7:28:ae:9f:95:19:76:42:f9:8a:23:9e:a8:78:9e:96:22:
         3a:40:80:ce:32:27:07:ed:f3:32:c6:65:94:34:17:d2:78:95:
         8b:53:1a:bf:5c:43:ae:35:8d:ce:89:e0:aa:cc:ff:5e:ef:72:
         e5:1f:6e:f5:23:26:2c:35:bb:4c:26:a4:99:07:5e:fa:3b:bd:
         f9:64:6c:af:4b:f9:58:ae:e9:f0:17:29:5e:b8:d3:2d:72:63:
         fb:6c:c8:91:88:17:b8:d0:b4:e2:05:e3:ca:77:fa:38:f6:31:
         1c:1b:d7:12:2b:57:79:ba:25:d9:ce:72:6a:26:fb:4c:a9:ea:
         2f:cf:63:96:41:d1:53:06:7c:e8:0d:e3:47:ff:48:51:0a:e4:
         b0:8d:b8:45:2f:f8:56:e4:84:f7:38:7a:1d:b0:53:1e:cf:ca:
         87:bf:2e:7c:be:8e:27:01:66:8f:60:16:dd:a2:3b:2b:c8:59:
         21:cd:ba:11:fe:e9:c3:fc:7b:a8:6b:fb:9f:6b:8d:b4:89:40:
         d9:42:52:9e
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYcJNKkQWK6FHlQQZkPkxF7jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjMwMzIyMTIwNDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDdkMmQzYzQyOTZhOTc5YTg2YWMzMzk5OWEzNTYwZTc3MWRlNDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhibNwxv4RZS1y5yyVvb2ee5dJA1G
5H/8f2Yhz6GTPmCy/TjcFjgjjjhzrGjDO0fMjp3j/7wGUPTtLLXcTeI9UlIc2jyk
PKqZSknBEX1Xe7Qx2G8OV64R9pNeJxpviHkwFHuXItJrPQfFFc/k6UgBMNk1b7S+
UUzfxGUTsLD2Rw/PFo2jdhQB72PMtGmAndz8KbtibTiqwcFnZpV3rjMgN8EPPGee
/A0MXPYcwpM/3a5Y9coQBLkbiatqSdXUjrAemQIYJWecoWjrpdTsTPVbyZ4j/UX3
xEoWhR7+E1Ontszk6+FHnmoRUIV2zv+BoG8G9kAtHfDrW8UuuzQVdIKzAQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJB9LTxClql5qGrDOZmjVg53HeRuMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEva0gwdFBFS1dxWG1vYXNNNW1hTldEbmNkNUc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQCLVm0AwQD
LvMgAwQDTV+IAwQDTp/AAwQDTp/YAwQEUF5wAwQCuSnUAwQCuT0MAwQE2ROQMBQE
AgACMA4DBQMgARvQAwUDKgFdIDANBgkqhkiG9w0BAQsFAAOCAQEAOB0Wn732EmyP
1bnlLSz7yhyH059Jc2YTdQhXWW/ieI6s9sebFJibPU6tQIu8jrEehhoUV17F0Mco
rp+VGXZC+Yojnqh4npYiOkCAzjInB+3zMsZllDQX0niVi1Mav1xDrjWNzongqsz/
Xu9y5R9u9SMmLDW7TCakmQde+ju9+WRsr0v5WK7p8BcpXrjTLXJj+2zIkYgXuNC0
4gXjynf6OPYxHBvXEitXebol2c5yaib7TKnqL89jlkHRUwZ86A3jR/9IUQrksI24
RS/4VuSE9zh6HbBTHs/Kh78ufL6OJwFmj2AW3aI7K8hZIc26Ef7pw/x7qGv7n2uN
tIlA2UJSng==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:30:14 2024 by rpki-client on console-fra.rpki-client.org