Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/HeTwtc2cZXl0iiezR2k9DhhKd2A.roa
File:                     HeTwtc2cZXl0iiezR2k9DhhKd2A.roa (raw, json)
Hash identifier:          JpVGbHy72OlmIemYFwdS2BrMhen2dhb0KhrH3nwPlIY=
Subject key identifier:   1D:E4:F0:B5:CD:9C:65:79:74:8A:27:B3:47:69:3D:0E:18:4A:77:60
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       018CC2DB589DCA1E49E1D663B8BC02DB9070
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/HeTwtc2cZXl0iiezR2k9DhhKd2A.roa
Signing time:             Mon 01 Jan 2024 02:30:03 +0000
ROA not before:           Mon 01 Jan 2024 02:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34164
IP address blocks:        92.122.120.0/23 maxlen: 23
                          95.101.12.0/24 maxlen: 24
                          2.21.237.0/24 maxlen: 24
                          2.21.236.0/24 maxlen: 24
                          2.16.49.0/24 maxlen: 24
                          92.122.191.0/24 maxlen: 24
                          92.122.204.0/23 maxlen: 23
                          193.108.152.0/24 maxlen: 24
                          2.20.48.0/24 maxlen: 24
                          2.18.25.0/24 maxlen: 24
                          95.101.121.0/24 maxlen: 24
                          195.245.126.0/24 maxlen: 24
                          92.122.152.0/24 maxlen: 24
                          2a02:26f0:5400::/48 maxlen: 48
                          2a02:26f0:33::/48 maxlen: 48
                          2a02:26f0:1d::/48 maxlen: 48
                          2a02:26f0:36::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 13:29:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:58:9d:ca:1e:49:e1:d6:63:b8:bc:02:db:90:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Jan  1 02:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1de4f0b5cd9c6579748a27b347693d0e184a7760
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bb:eb:4b:5f:29:df:f6:fa:ad:69:d5:63:19:
                    e0:c8:ff:9d:49:ee:f1:da:c8:7c:05:78:ed:ab:f6:
                    37:88:bb:7e:6e:88:91:9a:ec:dd:b7:6b:62:f1:2e:
                    a0:20:60:56:84:9d:8a:73:d8:32:e0:e5:22:d8:0c:
                    88:c6:b8:2d:dd:0e:0b:aa:22:27:0b:da:61:fa:13:
                    4b:cb:7d:66:98:81:b0:39:7c:45:69:ca:e1:99:99:
                    fa:34:c7:3e:fd:04:b3:06:3c:12:76:54:14:e8:4c:
                    92:b7:83:23:15:3c:c8:ac:a5:89:fd:fa:c1:7b:53:
                    31:3f:5b:81:7a:e3:52:4c:4e:19:80:45:f4:96:81:
                    be:d4:ae:15:25:e7:ea:36:d0:26:69:3f:b2:82:a2:
                    ac:81:cc:64:d8:b9:10:87:59:42:80:4a:cc:2a:03:
                    81:cc:5b:d1:11:b2:81:bc:a9:7e:11:97:7b:bc:40:
                    a9:5e:e0:be:8b:10:f0:11:3b:d2:39:b0:d9:ce:ab:
                    d6:0a:d1:54:d0:ca:99:08:af:85:f2:8c:ac:57:b7:
                    34:26:60:e6:2f:6f:1d:ae:cd:6e:b6:8a:e4:8f:b3:
                    c6:c7:9b:89:7e:e6:88:7a:41:6d:e2:b2:57:4c:cc:
                    8a:26:2f:cf:ff:84:98:be:20:92:fb:cd:8b:19:40:
                    b5:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:E4:F0:B5:CD:9C:65:79:74:8A:27:B3:47:69:3D:0E:18:4A:77:60
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/HeTwtc2cZXl0iiezR2k9DhhKd2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.16.49.0/24
                  2.18.25.0/24
                  2.20.48.0/24
                  2.21.236.0/23
                  92.122.120.0/23
                  92.122.152.0/24
                  92.122.191.0/24
                  92.122.204.0/23
                  95.101.12.0/24
                  95.101.121.0/24
                  193.108.152.0/24
                  195.245.126.0/24
                IPv6:
                  2a02:26f0:1d::/48
                  2a02:26f0:33::/48
                  2a02:26f0:36::/48
                  2a02:26f0:5400::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:aa:ab:18:7f:f7:75:0c:b7:2f:7e:23:52:72:1f:a3:1a:cd:
         5b:eb:37:b0:05:cc:4d:39:f0:9f:af:0c:dd:99:ae:3b:ec:0b:
         bb:fc:70:d2:ae:90:66:43:06:1a:2c:6c:29:fb:ae:c1:18:42:
         16:1f:61:73:ed:60:89:1c:8f:9b:ca:c9:96:8b:fe:99:5c:72:
         1e:b1:df:9f:42:a0:b1:53:cc:0d:f6:be:55:5c:bf:03:ea:ce:
         22:4d:0d:9c:b0:29:b0:f0:84:2b:8b:b1:03:4b:55:04:46:1f:
         24:6d:dd:b9:c3:ae:f1:34:67:71:3e:60:46:0d:e0:4a:c9:b2:
         66:6a:4e:b8:ef:ab:0c:94:9e:65:1b:7c:ff:e3:d8:6d:bf:8d:
         61:33:c9:25:15:e7:b5:1b:07:c3:e7:b3:d2:d2:f3:a6:66:89:
         7d:ec:fa:3a:25:f4:67:5f:ac:2e:fe:90:69:64:51:99:d9:08:
         1b:da:f6:7d:d3:ac:99:bc:82:f6:aa:61:cb:d3:5f:be:ba:26:
         83:99:34:05:51:0b:aa:fa:a9:64:73:59:3d:5e:38:19:f2:f1:
         39:c1:36:5b:f3:7b:37:f0:dd:1c:64:ef:d7:82:27:27:4f:e0:
         dd:fe:02:45:05:b7:79:7e:96:16:a7:bb:bd:d5:63:3a:a0:f6:
         f3:27:32:c5
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYzC21idyh5J4dZjuLwC25BwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMTAxMDIzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGU0ZjBiNWNkOWM2NTc5NzQ4YTI3YjM0NzY5M2QwZTE4NGE3NzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrvrS18p3/b6rWnVYxngyP+dSe7x
2sh8BXjtq/Y3iLt+boiRmuzdt2ti8S6gIGBWhJ2Kc9gy4OUi2AyIxrgt3Q4LqiIn
C9ph+hNLy31mmIGwOXxFacrhmZn6NMc+/QSzBjwSdlQU6EySt4MjFTzIrKWJ/frB
e1MxP1uBeuNSTE4ZgEX0loG+1K4VJefqNtAmaT+ygqKsgcxk2LkQh1lCgErMKgOB
zFvREbKBvKl+EZd7vECpXuC+ixDwETvSObDZzqvWCtFU0MqZCK+F8oysV7c0JmDm
L28drs1utorkj7PGx5uJfuaIekFt4rJXTMyKJi/P/4SYviCS+82LGUC1jwIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFB3k8LXNnGV5dIons0dpPQ4YSndgMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvSGVUd3RjMmNaWGwwaWllelIyazlEaGhLZDJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwTgQCAAEwSAMEAAIQMQME
AAISGQMEAAIUMAMEAQIV7AMEAVx6eAMEAFx6mAMEAFx6vwMEAVx6zAMEAF9lDAME
AF9leQMEAMFsmAMEAMP1fjAqBAIAAjAkAwcAKgIm8AAdAwcAKgIm8AAzAwcAKgIm
8AA2AwcAKgIm8FQAMA0GCSqGSIb3DQEBCwUAA4IBAQB/qqsYf/d1DLcvfiNSch+j
Gs1b6zewBcxNOfCfrwzdma477Au7/HDSrpBmQwYaLGwp+67BGEIWH2Fz7WCJHI+b
ysmWi/6ZXHIesd+fQqCxU8wN9r5VXL8D6s4iTQ2csCmw8IQri7EDS1UERh8kbd25
w67xNGdxPmBGDeBKybJmak6476sMlJ5lG3z/49htv41hM8klFee1GwfD57PS0vOm
Zol97Po6JfRnX6wu/pBpZFGZ2Qgb2vZ906yZvIL2qmHL01++uiaDmTQFUQuq+qlk
c1k9XjgZ8vE5wTZb83s38N0cZO/XgicnT+Dd/gJFBbd5fpYWp7u91WM6oPbzJzLF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:34:32 2024 by rpki-client on console-fra.rpki-client.org