Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/X3ZQ1Lu01nxF4coX9P4HdD8vtkQ.roa
File:                     X3ZQ1Lu01nxF4coX9P4HdD8vtkQ.roa (raw, json)
Hash identifier:          eXHu/xPiOR+q5ZmyYw/JBfopr/PBpmHCYwdfikMOs0U=
Subject key identifier:   5F:76:50:D4:BB:B4:D6:7C:45:E1:CA:17:F4:FE:07:74:3F:2F:B6:44
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0185725EBED5AC8D342C64F597C43308DE67
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/X3ZQ1Lu01nxF4coX9P4HdD8vtkQ.roa
Signing time:             Mon 02 Jan 2023 12:04:49 +0000
ROA not before:           Mon 02 Jan 2023 12:04:49 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     212238
IP address blocks:        64.137.74.0/24 maxlen: 24
                          64.137.73.0/24 maxlen: 24
                          64.137.78.0/24 maxlen: 24
                          64.137.77.0/24 maxlen: 24
                          64.137.80.0/22 maxlen: 22
                          64.137.89.0/24 maxlen: 24
                          64.137.96.0/22 maxlen: 22
                          64.137.94.0/23 maxlen: 23
                          64.137.92.0/23 maxlen: 23
                          64.137.100.0/23 maxlen: 23
                          104.249.29.0/24 maxlen: 24
                          216.173.87.0/24 maxlen: 24
                          104.249.36.0/24 maxlen: 24
                          216.173.111.0/24 maxlen: 24
                          104.249.55.0/24 maxlen: 24
                          64.137.14.0/23 maxlen: 23
                          64.137.18.0/23 maxlen: 23
                          104.143.232.0/21 maxlen: 21
                          64.137.42.0/23 maxlen: 23
                          104.143.240.0/22 maxlen: 22
                          64.137.48.0/23 maxlen: 23
                          64.137.58.0/23 maxlen: 23
                          104.143.248.0/21 maxlen: 24
                          64.137.60.0/22 maxlen: 22
                          104.238.0.0/22 maxlen: 22
                          104.233.0.0/21 maxlen: 21
                          138.128.151.0/24 maxlen: 24
                          64.137.10.0/23 maxlen: 23
                          138.128.153.0/24 maxlen: 24
                          64.137.8.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 25 Jan 2023 15:44:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:72:5e:be:d5:ac:8d:34:2c:64:f5:97:c4:33:08:de:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  2 12:04:49 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=5f7650d4bbb4d67c45e1ca17f4fe07743f2fb644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0e:b6:61:96:3e:9e:fb:fd:ae:17:be:4d:85:
                    e5:3c:fc:e7:7e:aa:21:67:c2:32:fd:db:95:fd:e4:
                    01:91:25:a8:58:f8:4e:f0:74:21:e1:1e:d9:e0:4c:
                    94:11:3c:5e:6d:90:c6:b1:c1:a5:e3:67:db:6d:bd:
                    cd:f3:b9:81:a2:b6:61:a6:2a:da:6b:98:39:47:80:
                    89:1e:0f:88:63:1b:b3:a4:6c:6e:99:a5:a9:08:3d:
                    4d:1c:53:50:34:f6:04:44:ef:c0:32:1c:32:b1:65:
                    af:1a:b1:e7:e7:5a:b3:96:7d:dd:f3:52:12:85:c4:
                    29:e0:0b:db:ad:da:52:34:a4:61:86:94:9d:15:19:
                    29:03:84:57:ad:fe:9e:42:98:80:b7:30:27:cd:76:
                    b0:ce:4d:a8:f9:ad:1d:fa:e2:07:bf:55:48:71:0b:
                    aa:ef:e9:2d:9e:02:bb:59:23:2d:01:17:81:8d:83:
                    da:96:b1:da:28:f9:56:8d:c6:01:65:99:1c:94:aa:
                    e2:be:33:d0:30:53:c5:1d:7a:ee:1f:6c:27:c0:31:
                    fe:f9:76:56:51:ba:3b:3b:05:85:82:7f:4e:a6:65:
                    63:d8:2b:93:bc:41:db:a4:c7:41:4d:68:22:38:01:
                    2f:59:2d:12:fc:b0:bc:32:a4:10:7b:99:b3:77:f4:
                    dc:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:76:50:D4:BB:B4:D6:7C:45:E1:CA:17:F4:FE:07:74:3F:2F:B6:44
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/X3ZQ1Lu01nxF4coX9P4HdD8vtkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.8.0/24
                  64.137.10.0/23
                  64.137.14.0/23
                  64.137.18.0/23
                  64.137.42.0/23
                  64.137.48.0/23
                  64.137.58.0-64.137.63.255
                  64.137.73.0-64.137.74.255
                  64.137.77.0-64.137.78.255
                  64.137.80.0/22
                  64.137.89.0/24
                  64.137.92.0-64.137.101.255
                  104.143.232.0-104.143.243.255
                  104.143.248.0/21
                  104.233.0.0/21
                  104.238.0.0/22
                  104.249.29.0/24
                  104.249.36.0/24
                  104.249.55.0/24
                  138.128.151.0/24
                  138.128.153.0/24
                  216.173.87.0/24
                  216.173.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:47:d2:e2:82:ef:5b:55:24:10:93:a9:a9:a5:64:d9:93:62:
         5e:03:13:cc:79:ca:e6:89:a7:4a:e6:58:05:b5:14:2c:7c:d2:
         96:14:9c:32:92:29:2e:39:13:f9:2c:5b:d8:6b:86:d6:60:e5:
         f2:d9:29:0e:a1:16:e2:63:fb:7e:cb:fb:f7:c0:98:42:cd:50:
         be:e7:54:80:78:0c:05:b9:36:03:bc:6e:18:e3:e3:26:22:da:
         b0:f5:31:c5:d1:e5:61:73:ad:9d:4d:ac:83:7d:1a:61:99:14:
         41:50:1d:67:c2:a8:6e:11:77:9a:8b:18:2e:17:71:cf:94:f0:
         4b:12:02:ca:47:92:dc:f8:64:f5:55:6f:dc:5f:fa:75:a3:0b:
         94:90:56:6c:4a:f1:cb:a5:3b:69:2c:5d:5e:82:4e:60:1a:72:
         15:e6:f8:ad:38:af:f3:60:94:ec:69:75:2b:01:3b:a3:5d:24:
         06:45:53:5c:f4:ca:e3:bd:06:9a:be:4b:18:2f:3e:59:04:7a:
         04:1d:e5:8e:db:6f:85:89:21:c1:86:b9:8d:6c:e5:41:bc:d5:
         6e:72:d9:ed:9c:57:ea:73:a3:3a:6e:b5:6f:90:04:46:32:10:
         5e:36:c7:2f:fb:90:fa:9e:c0:60:d8:91:95:ec:72:6a:36:d3:
         a5:19:7e:26
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgISAYVyXr7VrI00LGT1l8QzCN5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMTAyMTIwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Zjc2NTBkNGJiYjRkNjdjNDVlMWNhMTdmNGZlMDc3NDNmMmZiNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA62YZY+nvv9rhe+TYXlPPznfqoh
Z8Iy/duV/eQBkSWoWPhO8HQh4R7Z4EyUETxebZDGscGl42fbbb3N87mBorZhpira
a5g5R4CJHg+IYxuzpGxumaWpCD1NHFNQNPYERO/AMhwysWWvGrHn51qzln3d81IS
hcQp4AvbrdpSNKRhhpSdFRkpA4RXrf6eQpiAtzAnzXawzk2o+a0d+uIHv1VIcQuq
7+ktngK7WSMtAReBjYPalrHaKPlWjcYBZZkclKrivjPQMFPFHXruH2wnwDH++XZW
Ubo7OwWFgn9OpmVj2CuTvEHbpMdBTWgiOAEvWS0S/LC8MqQQe5mzd/TcJQIDAQAB
o4ICujCCArYwHQYDVR0OBBYEFF92UNS7tNZ8ReHKF/T+B3Q/L7ZEMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvWDNaUTFMdTAxbnhGNGNvWDlQNEhkRDh2dGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHPBggrBgEFBQcBBwEB/wSBvzCBvDCBuQQCAAEwgbIDBABA
iQgDBAFAiQoDBAFAiQ4DBAFAiRIDBAFAiSoDBAFAiTAwDAMEAUCJOgMEBkCJADAM
AwQAQIlJAwQAQIlKMAwDBABAiU0DBABAiU4DBAJAiVADBABAiVkwDAMEAkCJXAME
AUCJZDAMAwQDaI/oAwQCaI/wAwQDaI/4AwQDaOkAAwQCaO4AAwQAaPkdAwQAaPkk
AwQAaPk3AwQAioCXAwQAioCZAwQA2K1XAwQA2K1vMA0GCSqGSIb3DQEBCwUAA4IB
AQB0R9Ligu9bVSQQk6mppWTZk2JeAxPMecrmiadK5lgFtRQsfNKWFJwykikuORP5
LFvYa4bWYOXy2SkOoRbiY/t+y/v3wJhCzVC+51SAeAwFuTYDvG4Y4+MmItqw9THF
0eVhc62dTayDfRphmRRBUB1nwqhuEXeaixguF3HPlPBLEgLKR5Lc+GT1VW/cX/p1
owuUkFZsSvHLpTtpLF1egk5gGnIV5vitOK/zYJTsaXUrATujXSQGRVNc9MrjvQaa
vksYLz5ZBHoEHeWO22+FiSHBhrmNbOVBvNVuctntnFfqc6M6brVvkARGMhBeNscv
+5D6nsBg2JGV7HJqNtOlGX4m
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:03 2024 by rpki-client on console-fra.rpki-client.org