Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Hxf_yLpw0EhmsFHmKhunbSnY9no.roa
File:                     Hxf_yLpw0EhmsFHmKhunbSnY9no.roa (raw, json)
Hash identifier:          fmsX7O9uup1bke5Uv4MzNLIXoVyAk79d3nsuYrwtJOI=
Subject key identifier:   1F:17:FF:C8:BA:70:D0:48:66:B0:51:E6:2A:1B:A7:6D:29:D8:F6:7A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0186B70EBAF7CFDC84CF327DD1E4AD6D0012
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Hxf_yLpw0EhmsFHmKhunbSnY9no.roa
Signing time:             Mon 06 Mar 2023 13:14:01 +0000
ROA not before:           Mon 06 Mar 2023 13:14:01 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     205964
IP address blocks:        64.137.30.0/23 maxlen: 23
                          104.239.0.0/23 maxlen: 23
                          104.239.4.0/23 maxlen: 23
                          104.239.2.0/23 maxlen: 23
                          104.239.6.0/23 maxlen: 23
                          104.143.252.0/22 maxlen: 22
                          64.137.70.0/23 maxlen: 23
                          64.137.105.0/24 maxlen: 24
                          64.137.107.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 08 Mar 2023 13:55:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:86:b7:0e:ba:f7:cf:dc:84:cf:32:7d:d1:e4:ad:6d:00:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Mar  6 13:14:01 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=1f17ffc8ba70d04866b051e62a1ba76d29d8f67a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:52:c9:aa:ab:1d:9b:9c:16:2b:54:61:23:c3:
                    be:da:62:32:0d:a5:3d:bb:c5:53:02:aa:b0:ce:f0:
                    df:8e:ea:6a:b2:31:42:54:03:96:cc:97:89:09:50:
                    1f:cd:6d:7b:3e:21:ec:c0:f2:81:8e:9b:8c:df:43:
                    2b:d9:3d:4c:57:58:6b:62:53:43:5c:39:2f:7c:88:
                    43:8c:d4:fe:06:bd:79:1c:27:e9:68:ab:7f:cd:e7:
                    21:0a:64:34:30:0c:36:bc:c2:2c:97:84:ca:6b:8c:
                    d8:04:a2:19:fb:f3:4c:e6:45:b4:66:58:3d:9b:fc:
                    b5:93:dd:cb:d9:b5:8b:81:72:f1:eb:ca:4b:da:05:
                    e2:cf:49:1b:19:9d:47:32:10:13:d9:c0:be:ac:bd:
                    91:5a:1d:a2:b2:2d:ab:b2:a3:8a:27:b2:67:d6:32:
                    bf:52:cf:56:e4:b8:58:7c:be:03:ce:52:d3:2e:7c:
                    d1:ab:8b:f2:d9:56:9f:8e:9e:ef:31:67:c9:bb:7a:
                    66:6b:ae:30:89:aa:5d:30:22:e0:65:9d:f8:dd:9c:
                    93:f4:8f:ba:b9:61:f7:4f:8e:81:15:91:30:46:b0:
                    da:ec:89:ad:b2:75:1f:43:ad:12:9f:f7:56:c7:3c:
                    49:27:40:71:2e:b7:18:a7:04:6f:26:c9:3d:65:4f:
                    88:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:17:FF:C8:BA:70:D0:48:66:B0:51:E6:2A:1B:A7:6D:29:D8:F6:7A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Hxf_yLpw0EhmsFHmKhunbSnY9no.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.30.0/23
                  64.137.70.0/23
                  64.137.105.0/24
                  64.137.107.0/24
                  104.143.252.0/22
                  104.239.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:29:88:b5:59:9d:43:ed:69:7f:54:24:e1:88:b9:e6:27:31:
         a0:f3:b2:17:f3:e4:8c:50:25:40:b0:ff:e2:bf:e1:21:e8:ce:
         50:9d:2f:8c:08:84:e1:90:ae:b3:3e:92:75:04:13:ce:95:b7:
         b1:26:5a:eb:55:1c:94:3c:cf:87:b5:7c:1e:58:9b:a9:64:56:
         01:eb:10:a6:ae:da:bd:6d:9e:eb:08:53:3b:2c:40:d5:a0:08:
         66:6d:c7:34:92:e0:7a:a3:0a:1b:cd:f9:75:93:c8:54:fa:83:
         7c:35:48:a9:80:81:d9:ee:55:46:be:7b:5b:eb:62:bb:f5:a3:
         0e:12:ea:da:01:e1:c6:0a:24:d0:c9:27:fe:14:a2:65:a4:2e:
         ff:f6:ca:42:da:49:b2:c2:34:af:12:0a:28:be:fd:45:59:6c:
         a6:0c:a2:92:c2:27:6c:fe:38:ff:8c:da:4a:97:b1:f3:c0:73:
         d8:3e:87:0f:7d:2f:0f:5d:62:d0:c4:29:7e:e3:56:03:a1:39:
         e0:f5:db:20:83:0f:26:63:8b:08:0a:0b:b1:7b:cc:ba:1e:5a:
         79:3e:37:68:19:06:06:e2:00:cd:86:1a:c3:2a:84:68:d0:2f:
         4a:9f:de:19:36:2c:15:2a:f8:00:fc:23:ed:89:e7:50:c9:00:
         18:ef:0e:d1
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYa3Drr3z9yEzzJ90eStbQASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMzA2MTMxNDAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjE3ZmZjOGJhNzBkMDQ4NjZiMDUxZTYyYTFiYTc2ZDI5ZDhmNjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVLJqqsdm5wWK1RhI8O+2mIyDaU9
u8VTAqqwzvDfjupqsjFCVAOWzJeJCVAfzW17PiHswPKBjpuM30Mr2T1MV1hrYlND
XDkvfIhDjNT+Br15HCfpaKt/zechCmQ0MAw2vMIsl4TKa4zYBKIZ+/NM5kW0Zlg9
m/y1k93L2bWLgXLx68pL2gXiz0kbGZ1HMhAT2cC+rL2RWh2isi2rsqOKJ7Jn1jK/
Us9W5LhYfL4DzlLTLnzRq4vy2Vafjp7vMWfJu3pma64wiapdMCLgZZ343ZyT9I+6
uWH3T46BFZEwRrDa7ImtsnUfQ60Sn/dWxzxJJ0BxLrcYpwRvJsk9ZU+I+wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFB8X/8i6cNBIZrBR5iobp20p2PZ6MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvSHhmX3lMcHcwRWhtc0ZIbUtodW5iU25ZOW5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBQIkeAwQB
QIlGAwQAQIlpAwQAQIlrAwQCaI/8AwQDaO8AMA0GCSqGSIb3DQEBCwUAA4IBAQBv
KYi1WZ1D7Wl/VCThiLnmJzGg87IX8+SMUCVAsP/iv+Eh6M5QnS+MCIThkK6zPpJ1
BBPOlbexJlrrVRyUPM+HtXweWJupZFYB6xCmrtq9bZ7rCFM7LEDVoAhmbcc0kuB6
owobzfl1k8hU+oN8NUipgIHZ7lVGvntb62K79aMOEuraAeHGCiTQySf+FKJlpC7/
9spC2kmywjSvEgoovv1FWWymDKKSwids/jj/jNpKl7HzwHPYPocPfS8PXWLQxCl+
41YDoTng9dsggw8mY4sICguxe8y6Hlp5PjdoGQYG4gDNhhrDKoRo0C9Kn94ZNiwV
KvgA/CPtiedQyQAY7w7R
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:44 2024 by rpki-client on console-ams.rpki-client.org